Records Management & Information Governance
- Records Management and Information Governance
- Data Protection
- Your information
- Privacy notice - offer holder & enrolled student survey
Privacy Notice - offer holder & enrolled student survey
This privacy notice is for University of York enrolled students and offer holders who participate in research surveys related to potential new course offerings at the University of York. It sets out the ways in which the University of York gathers, uses, stores and shares your data. It also sets out how long we keep your data and what rights you have in relation to your data under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.
For the purposes of this privacy notice, University of York is the Data Controller as defined in the UK GDPR. We are registered with the Information Commissioner’s Office and our entry can be found here. Our registration number is: Z4855807.
Where do we get your data from?
We receive data directly from you when you fill in one of our surveys.
What data do we have?
Personal data including:
- your name and email address;
- views and/or opinions captured on survey completion.
What is our legal basis for processing your data?
Typically, data will be processed:
- because you have given us your consent;
- because it is necessary for the performance of a task carried out in the public interest (for information on our public task see our function as set out in our charter which can be found here).
How do we use your data?
The University needs to process personal data to better understand ways in which we can develop our course offerings.
Who do we share your data with?
The University will share your data with:
- University of York Academic Departments for the purpose of developing potential new course offerings;
- University of York Planning Department for the purpose of analysing survey data in relation to developing potential new course offerings;
- Hanover Research - The University has engaged a third party provider, Hanover Research to create the survey on the University’s behalf and summarise survey findings. Data shared will include participants' full name and email address and will be shared via a secure web link.
How do we keep your data secure?
The University maintains a high standard of information security. Access to information and systems for all users are restricted on a need-to-know basis, and security arrangements are reviewed to ensure their continued suitability. For further information see, our IT security webpages.
How do we transfer your data safely internationally?
In certain cases, your personal data will be transferred outside the UK. For these transfers, the University will always comply with UK GDPR obligations and use necessary safeguards to protect your data.
How long will we keep your data?
The University will only keep your data as long as necessary to meet legal requirements or satisfy a defined business need. Specific retention timeframes are set out in the University’s Records Retention Schedule.
What rights do you have in relation to your data?
Under the UK GDPR, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction of processing, objection or portability (in certain circumstances). You also have a right to withdraw consent, and rights relating to automated decision making. For more information see Individuals’ Rights.
Questions or concerns
If you have any queries about this privacy notice or about how your data is being processed, please contact the University’s Information Governance Team at dataprotection@york.ac.uk.
Right to complain
If you wish to make a data protection complaint, please contact the University’s Data Protection Officer at dataprotection@york.ac.uk.
If you are unhappy with the way in which the University has handled your personal data, you also have a right to complain to the Information Commissioner’s Office (ICO).
Changes to our privacy notice
We keep our privacy notice under regular review. This notice was last updated on 16 June 2026.