Data Protection Policies

The University for the Creative Arts takes its obligations with regard to data protection seriously. As such, we are providing you with the following Data Protection Notices so that you have information about how we collect and use your Personal Data in accordance with applicable data protection law, including, the General Data Protection Regulation 2016/679 (“GDPR”).

Data Protection Policy

The University for the Creative Arts Data Protection Policy.

Marketing Privacy Notices

Privacy Notices that explain our data usage for the Marketing, Student Recruitment & Engagement department.

Accommodation Privacy Notices

View information about the data we collect, how it is used and when it might be shared during your time as a student with us.

Alumni Privacy Notice

For individuals who have graduated from the University for the Creative Arts view information about the data we collect, how it is used and when it might be shared during your time as a student with us.

Applicant Privacy Notice

View information about the data we collect, how it is used and when it might be shared during the application process.

Student Privacy Notice

View information about the data we collect, how it is used and when it might be shared while you are a student with us.

Staff Privacy Notice

View information about the data we collect, how it is used and when it might be shared whilst you work with us.

Data Subject Access Request Guidance

Internal guidance for UCA staff to respond to a Data Subject Access request (DSAR).

Data Processing Agreement

A Data Processing Agreement is a legal document between the controller and the processor in writing or electronic form. It regulates aspects of data processing such as scope and purpose and the relationship between controller and processor.

Data Audit Template

The Data Audit template enables the University to identify where personal data is collected, who collects it, why it is collected and how it is stored and processed across the whole institution.

Privacy Impact Assessment and Guidance

A Privacy Impact Assessment (PIA) is a process which helps to identify and mitigate potential risks to privacy and compliance with data protection law when processing personal data.

Report a Breach

The process to follow if you need to report a data breach and form to complete.

CCTV policy

To ensure the CCTV system is operated in compliance with the law relating to data protection and to ensure compliance with privacy law.