Privacy and DPA statement

The Data Protection Act (DPA)

The Data Protection Act (DPA) gives individuals the right to know what information is held about them (as the ‘Data Subject’), and provides a framework to ensure that personal information is handled properly with regards to what data can be collected, how it is processed and to whom it can be disclosed.

The University is committed to the eight Data Protection Principles set out in the Act and to ensuring that specific procedures, processes and mechanisms are in place and reviewed periodically so that these principles are complied with. The Principles make sure that personal information is:

  1. Fairly and lawfully processed;
  2. Processed for limited purposes;
  3. Adequate, relevant and not excessive;
  4. Accurate and up to date;
  5. Not kept for longer than is necessary;
  6. Processed in line with the rights of individuals;
  7. Secure; and
  8. Not transferred to other countries without adequate protection.

Making a request for your personal information (Subject access request)

We recognise the right of individuals to access information held about them by the University.

To request to access your personal information you should submit a written request to:

Ian Hanahoe
Contracts & Compliance Information Officer
Legal & Compliance Services, Office of the Vice-Chancellor
University of Hertfordshire
AL10 9AB

or email

It is usually University policy to charge £10 (cheques made payable to ‘University of Hertfordshire) for each Subject Access Request made and to ask for photographic ID (or a signature of consent) for verification of identity.

The University aims to comply with all requests for access to personal information as quickly as possible within the statutory 40-day limit unless there is good reason for delay. The University reserves the right not to release any information, and the 40-day deadline period does not commence, until the University has received payment, has received adequate information to identify the individual requesting the information, and is satisfied that the request is a genuine one made by or with the knowledge and consent of the Data Subject.

Data Subjects are always informed about the progress of their request, including any decision not to release any data or any reason(s) for delaying a response.

For further information on how the University manages and deals with Data Protection please see the policy and guidance below. This guidance will also be updated and added to over time.

HESA Information

The University of Hertfordshire will collect data from applicants and student which will be used for a number of government returns. One agency which the University will return data to is HESA (Higher Education Statistics Agency).

More about data protection and the HESA records.

Please email if you require further information about how the University will manage your data.

General Data Protection Regulation

Please note that, following the coming into force of the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") in May 2018, an amended data protection regime will apply in the UK. This page will therefore be updated, in due course, to reflect the new regulation. Please re-visit this page for further information.

Sharing Information with Third Parties

The University of Hertfordshire may hold the following information about you:

  • Account details so that you to login easily to different University systems
  • Basic contact details, such as: your name, email address, phone number and postal address so that you do not need to provide the information multiple times
  • Personal data, such as: date of birth, gender, ethnicity, etc. which we need to use to report to various government bodies
  • Course details, such as: your programme and modules, which systems need in order to deliver your course and provide appropriate resources
  • Financial information, which we use to administer your registration and manage your fees and account

The University of Hertfordshire may share the information we hold about you with:

  • Systems hosted on campus in our secure data centres
  • Systems securely hosted by our suppliers and partners who deliver services that support your education
  • External agencies who receive your data in order to provide you with a service
  • External agencies who we are legally obliged to provide your data to

For a full list of third parties and use of your information, please see the Sharing Information with Third Parties document.