Privacy notice - Access and Outreach widening participation activities

We collect information about you/your child/ward when applying to participate in, or registering your interest in, one of our programmes or events. This information is collected directly from application forms submitted online (and in some instances paper applications) and is handled by the Access and Outreach Team at the University of York. We may also collect information when you complete questionnaires, evaluation forms, reflection logs or research projects specifically related to your participation in one of our programmes or events. We may also receive your personal information from partner institutions where a data sharing agreement is in place.

At key points we receive information from your school/college to provide us with information about you (e.g. family background and/or childhood experiences) to help us better understand and support you throughout your participation in our events and programmes. We also collect information from yourself or your school/college regarding your circumstances and eligible criteria for participation such as; your attainment at school/college, whether you have/are receiving free school meals, if you require any access support and information relating to safeguarding concerns.

Information collected from forms submitted as part of a travel expenses reimbursement claim. 

We may also receive personal information for staff members at schools/colleges via third parties such as; UniTasterDay for the purpose of registering for an event.

Personal data such as name, date of birth, home address, email address, telephone number, details of your qualifications, emergency contact details, bank details (as part of a travel expense reimbursement claim) and parent/guardian education background.

Special category data such as information about disability, health, ethnicity and racial origin.

Typically, data will be processed: 

• on the grounds of contractual requirement or to take steps to enter into a contract e.g. to deliver our widening participation programme
• because it is necessary for the performance of a task carried out in the public interest (i.e. to advance learning and knowledge by teaching and research, and to enable people to obtain the advantages of university education)
• because you have given your consent or, in the case of special category data, your explicit consent
• because we have a legitimate interest to do so e.g. to better understand the effectiveness of our widening participation programmes and events
• to allow us to comply with our legal obligations
• to protect your or another person’s vital interests
• to monitor equality and diversity.

We will use personal data (and special category data) for the following purposes:

• to assess eligibility to participate in a programme or event, assist shortlisting and selection for programmes and events. For further information see Working with schools and colleges;
• to deliver and facilitate involvement in the programme or event;
• to contact you in relation to the programme by email, phone, text message and post;
• to enable effective communication with you regarding additional opportunities to attend University events (for example Open Days) and other Access and Outreach initiatives (for example extensions of projects, progression to other programmes and invitations to useful events);
• to better understand the effectiveness of our widening participation activities and improve offerings accordingly;
• track academic attainment and future employment choices;
• for health, safety and wellbeing during the course of the programme or event;
• to provide disability support or special access arrangements;
• to record attendance at, and engagement in, all events associated with the programme ;
• for research, monitoring and evaluation purposes;
• to monitor equal opportunities;
• to reimburse you with travel costs; 
• to compile statistical returns which the University may be required to publish or pass to government bodies or the Higher Educational Statistical Agency (HESA).

The information provided will be used by the University of York for the purposes outlined above.  It will also be shared with the following third parties:

• Your/your child/ward’s school/college for assessment of eligibility and to verify application information;
• University of York finance department (for the purpose of reimbursing you with travels costs);
• The Office for Students (OfS);
• The Department for Education (DfE);
• The University and College Admissions Service (UCAS);
• The Higher Education Access Tracker (HEAT). Please visit Heat for more information about how data is stored.  We will continue to retain any data we share with HEAT, in line with the University’s Records Retention Schedule;
• Third parties that process data on behalf of the University to support it in fulfilling its obligations and responsibilities to and relationships with you (e.g. software and system providers) including: Qualtrics, Formstack, Microsoft Dynamics 365, ClickDimensions, Clickatell, DotDigital, Pubble, Brightside, Zoom, Blackboard Collaborate, Kahoot, The Access Platform, Amazon Web Services (for the purpose of sending a text message), Agiito (for the purpose of booking travel to any of our events). 

There may be occasions where we need to share and return information with the local authority, police and schools/colleges, if a safeguarding matter arises. This will be actioned in line with our University of York Safeguarding Policy and Procedure.

The University maintains a high standard of information security. Access to information and systems for all users are restricted on a need-to-know basis, and security arrangements are reviewed to ensure their continued suitability. For further information see, our IT security webpages.

In certain cases, your personal data will be transferred outside the UK. For these transfers, the University will always comply with UK GDPR obligations and use necessary safeguards to protect your data.

The University will only keep your data as long as necessary to meet legal requirements or satisfy a defined business need. Specific retention timeframes are set out in the University’s Records Retention Schedule.

Under the UK GDPR, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction of processing, objection or portability (in certain circumstances). You also have a right to withdraw consent, and rights relating to automated decision making. For more information see Individuals’ Rights.

If you have any queries about this privacy notice or about how your data is being processed, please contact the University’s Information Governance Team at dataprotection@york.ac.uk.

If you wish to make a data protection complaint, please contact the University’s Data Protection Officer at dataprotection@york.ac.uk.

If you are unhappy with the way in which the University has handled your personal data, you also have a right to complain to the Information Commissioner’s Office (ICO).

We keep our privacy notice under regular review. This notice was last updated on 16 June 2026.