The General Data Protection Regulation (GDPR) protects the rights of individuals by setting out certain rules as to what organisations can and cannot do with information about people. A key element to this is the principle to process individuals’ data lawfully and fairly. In order to meet the fairness part of this we need to provide information on how we process personal data.
The University takes its obligations under the GDPR very seriously and will always ensure personal data is collected, handled, stored and shared in a secure manner. Please read the our Data Protection Policy for more information.
The following statement will outline what personal data we collect from prospective students (individuals who have made an enquiry or application to study a course with us but who have not yet enrolled), how we use it and who we share it with. It will also provide guidance on your individual rights and how to make a complaint to the Information Commissioner’s Office, the regulator for data protection in the UK.
If you have any requests concerning your personal information or any queries with regard to this policy please email our Data Protection Officer or call +44 (0)20 8411 5000.
When you express an interest in attending Middlesex University, we use your personal data in order to resolve any queries you have and to provide you information about the University and the course(s) you are interested in. This allows you to make an informed choice about whether you wish to apply and enrol with us.
When you contact us with an enquiry, we create a record in our enquiry management system so that you don’t need to repeat details from previous communications if you have a further query. This also means we can improve the information we provide you.
We use information collected to tailor our communications with you, and ensure they are as personalised and targeted as possible, so you find them relevant and beneficial. These communications raise awareness of the areas which may impact your choice of university, such as our courses, facilities and services and of logistical steps you need to take when applying to us. We also use digital tracking tools to monitor the impact of these communications and allow further improvements – for example email tracking to record when an email we send to you has been opened, or you have clicked a particular link.
We use tracking cookies and conversion pixels to show you information about Middlesex over the Google Content Network and via social networks. This means you may see an advert for us as a result of visiting our website. We also use custom audiences based on the email addresses of prospective and current students.
This allows us to present information about studying at Middlesex to you through Facebook and Instagram, and to identify people with similar interests who may also find it useful. Your personally identifiable information is not used by any re-marketing service other than to present you relevant and targeted information about us. Further details on this are provided in our cookies policy.
We undertake statistical analysis and market research using the information we collect. This enables us to understand the effectiveness of the activities we undertake at all stages of the prospective student journey, services we provide, and to improve the products Middlesex University offers. This may include qualitative market research and surveys. We also use external website analytics services to analyse how users are engaging with our website, allowing us to further optimise the site and the information provided on it.
The University collects personal information from you both directly and indirectly.
The University collects personal data from you at two stages. The volume and nature of the personal data collected is outlined below:
The University collects and uses your personal information to operate and deliver any services you have requested. The University may share data with contracted partners to ensure we can provide these services. The companies with which we work are committed to ensuring information is managed in line with the requirements of data protection law. The personal data that is actually shared will always be limited precisely to what the other organisation needs to meet its requirements or deliver its services.
The University may disclose personal information in the following circumstances:
The University takes its obligations under the GDPR seriously in terms of not holding on to personal data for any longer than is necessary. The University has a retention schedule in place for the different categories of data it holds.
We will hold your data for a maximum of two years from the month you intended to start your course. For example: if you told us you wanted to start in September 2018 and then did not update your details with us, we would delete your data in September 2020.
We will hold your data for a maximum of three years from the month you intended to start your course. For example: if you applied to start in September 2018 and then did not enrol, we would delete your data in September 2021.
Under the GDPR you have the following rights:
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
To exercise any of the above rights please get in contact with the University’s Data Protection Officer using the contact details provided at the start of this notice.
You also have the right to complain to the UK Regulator the Information Commissioner’s Office (ICO) if you believe you request has not been dealt with properly or you have a complaint to raise against the University for any other data protection related issue. A complaint can be raised via the ICO’s website.
You also have the right to withdraw consent from the processing of your personal data by the University at any time, if your consent was sought initially to use your personal data.