This privacy notice is for individuals applying to study at the University of York and Hull York Medical School (HYMS). It sets out the ways in which the University of York gathers, uses, stores and shares your data. It also sets out how long we keep your data and what rights you have in relation to your data under the General Data Protection Regulation (GDPR).
For the purposes of this privacy notice, University of York is the Data Controller as defined in the General Data Protection Regulation. We are registered with the Information Commissioner’s Office and our entry can be found here. Our registration number is: Z4855807.
The organisation collects information about you in a variety of ways. These include:
Personal data including:
Special category data including information about disability, health, gender identity, ethnicity and racial origin.
Criminal conviction and offences data including information about any relevant criminal convictions.
Note if you are required to provide information in relation to a fee status assessment you may be required to submit documents from you and/or your parent/guardian including:
The University needs to process personal data during the admissions process and keep records of that process. Processing data from applicants allows the organisation to manage the admissions process, assess and confirm an applicant's suitability for a program of study and decide to whom to
offer a program of study. The organisation may also need to process data from an admissions application to respond to and defend against legal claims.
Typically, data will be processed:
The University may process your personal data (including special category data) for the following purposes:
Criminal conviction and offences data will be processed to:
The University may share your data with:
The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information please see, https://www.york.ac.uk/it-services/security/.
In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers, the University will comply with our obligations under the GDPR and ensure an adequate level of protection for all transferred data.
The University will retain your data in line with legal requirements or where there is a business need. Retention timeframes will be determined in line with the University’s Records Retention Schedule.
Under the General Data Protection Regulation, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent. If you would like to exercise any of these rights, for Undergraduate Admissions please contact email@example.com, for Postgraduate Admissions please contact firstname.lastname@example.org and for Partnership Admissions please contact email@example.com. For all other requests, please see https://www.york.ac.uk/records-management/dp/individualsrights/.
If you have any questions about this privacy notice or concerns about how your data is being processed, please contact the University’s Data Protection Officer at firstname.lastname@example.org.
If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office, please see www.ico.org.uk/concerns.