Privacy notice - student enquirers

The University collects information about you in a variety of ways. These include:

• information collected through University online registration and enquiry web forms;
• information collected through virtual online events; 
• information collected at UK external events;
• information collected at overseas recruitment events (including educational agent run events);
• information collected at Universities and Colleges Admissions Service (UCAS) events;
• information collected through York’s online application form that has not been officially submitted;
• information collected through any correspondence (phone, email, post)  with an enquirer during the enquiry process; 
• information collected from forms submitted as part of a travel expense reimbursement claim;
• information provided to us by third parties, such as  Higher Ed Partnerships (HEP) , International Pathway College (IPC), Kaplan, Hull York Medical School (HYMS)  EAB: Education Technology, Services and Research, educational agents, Unibuddy and Net Natives for the purpose of assisting with marketing activities; 
• QS Enrolment Solutions (QSES)for the purposes of providing support to enquirers. This includes the QSES CRM, Acoustic and Twilio software; 
• information collected through University online request form for school/college visit requests to campus or to visit your school/college.

Personal data including:

• For student enquirers, we collect your name, address, date of birth, contact details including email address and telephone number, school and bank details (as part of a travel expense reimbursement claim);
• For teacher/college enquirers, we collect your name, professional contact details (including email address and phone number) and name of your school/college.

Special category data e.g. if you require additional support  at an event e.g. wheelchair access or communication support.

If you commence a postgraduate online application form and do not officially submit it, we may also hold personal data including:

• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and education providers;  
• information about your entitlement to study in the UK, if you are required to provide it;
• previous immigration history, including copy of passport and copies of previous visas, if you are required to provide it;
• proof of identity documents.

Special category data including information about disability, health, gender identity, ethnicity and racial origin.  

The University needs to process personal data during the enquiry process and keep records of that correspondence. Processing data from enquirers allows the organisation to manage the registration of University events (either on campus or virtual)  and provide information to enquirer’s regarding the admissions process, suitability for a program of study and to decide to whom to offer a program of study. 

Typically, data will be processed:

• on the grounds of contractual requirement or to take steps to enter into a contract with you e.g. to offer you a place on a programme of study at the University or a place at a University open day;

• because it is necessary for the performance of a task carried out in the public interest (for information on our public task see our function as set out in our charter.

• because it is necessary for our or a third party's legitimate interests. 

The University may process your personal data for the following purposes:

• to enable effective communication with you regarding your enquiry (including prospectus requests and follow up calls after attending a UK or overseas recruitment event) or to arrange a school/college visit; 
• to enable effective communication with you if you have registered to attend a University event (e.g. an open day, campus tour);
• to ensure effective general recruitment administration, including the analysis of enquiry numbers and trends to improve our administrative processes; 
• for conversion activity for offer holders, using social media platforms e.g. Instagram or Facebook; 
• to tell you about the University, the city and the experience of studying here and to make you aware of relevant upcoming events; 
• to reimburse you with travels costs;
• to conduct market research;
• to respond to and defend against legal claims.

The University may share your data with:

• Hull York Medical School (HYMS), Higher Ed Partners (HEP), EAB: Education Technology, Services and Research and educational agents;
• University of York finance department (for the purpose of reimbursing you with travels costs);
• QS Enrolment Solutions (QSES) for the purposes of enquiry management. This includes the QSES CRM, Acoustic and Twilio software;
• third parties that process data on behalf of the University to support it in fulfilling its obligations and responsibilities to and relationship with you (e.g. software and system providers) including; Qualtrics, Formstack, Dynamics 365, ClickDimensions, Clickatell, DotDigital, Tableau, Alteryx and Net Natives. 

The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability.  For further information please see our IT Security webpages.

In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the UK a. In respect of such transfers, the University will comply with our obligations under UK GDPR and ensure an adequate level of protection for all transferred data.

The University will retain your data in line with legal requirements or where there is a business need. Retention timeframes will be determined in line with the University’s Records Retention Schedule.

Under the UK GDPR, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent. If you would like to exercise any of these rights, for admissions queries please contact admissions-liaison@york.ac.uk, for international questions please contact international@york.ac.uk and for EU questions please contact eu-enquiries@york.ac.uk. For further information see our guidance on your rights under UK GDPR.

If you have any questions about this privacy notice or concerns about how your data is being processed, please contact the University’s Data Protection Officer at dataprotection@york.ac.uk.

If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office, see their complaints guidance.  

We keep our privacy notice under regular review. This notice was last updated on 20th September 2023.