Student Data Protection Statement

The University is committed to protecting the rights of students under the Data Protection Act 1998. The Act governs the collection, retention, and transmission of information held about living individuals and the rights of those individuals to see this information. Swansea University is required to collect, store, use and disclose certain data about you during your time as a student and after you graduate.

The Act establishes a framework within which information about living individuals can be legally gathered, stored, used and disseminated. At its core are eight Data Protection Principles which the University must abide by. Link to University Data Protection Policy.

What information does Swansea University hold about me?

Swansea  will collect data about you in the course of our dealings with you as a current or former student for example, when you apply, when you enrol, and as you progress through your course. We may also receive data about you from outside the University, such as information from UCAS relating to undergraduates' UCAS applications, and information supplied by referees.

Data about you will be gathered and held in both digital and paper form. Some of this information (such as your ethnic origins, medical information and information about disabilities) is classed as "sensitive" personal data under the Data Protection Act. This means that it is subject to extra legal protection, and we have to meet an additional set of conditions in order use the data fairly and lawfully. For further information about sensitive personal data, see the University's Data Protection Policy.

How will my data be used?

By commencing or enrolling as a Swansea University student, you consent to Swansea University collecting, storing, using and otherwise processing data about you for any purposes connected with your studies, your health and safety and for other legitimate reasons while you are a student. We will also use your data for certain purposes after you cease to be student.

The University will only use your data fairly and lawfully in accordance with our obligations under the Data Protection Act. This means that we will process your data in a way which respects the Data Protection Principles set down in the Act, and your rights under the Act. Any use by the University of your data must also be covered by our registration with the Information Commissioner. This is available on the Information Commissioner's Office website, and describes in a general way how we process personal data about students and other individuals.

The Data Protection Act requires us to keep your data secure. This means that your confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised disclosure. Only members of staff who need access to relevant parts or all of your data will be authorised to do so. Information about you in electronic form will be subject to password and other security restrictions, while paper files will be stored in secure areas with controlled access. 

Although it is not possible to state every purpose for which your information will be used, the following are examples of how it is likely to be used while you are a student:

  • To administer your studies and record academic achievements (e.g. your course choices, examinations and assessments, and the publication of pass lists and graduation programmes).
  • To assist in pastoral and welfare needs (e.g. the counselling service and services to students with disabilities).
  • To administer career and employability needs (e.g. accessing careers advice).
  • To administer financial aspects of your registration as a student (e.g. payment of fees, debt collection).
  • To manage University facilities, such as computing facilities and the Library.
  • To produce management statistics and to conduct research into the effectiveness of our programmes of study.
  • To monitor our equal opportunities policies.

Who receives my data?

The University will only disclose information about you with your consent, or where disclosure without your consent is required or permitted by law. This section outlines the major organisations and the most common circumstances in which we disclose data about students. Where this involves the transfer of your data outside the European Economic Area, data will only be transferred if one of the conditions set down in the Data Protection Act has been met  Your data may also be sent to different departments within Swansea University where this is necessary for our day-to-day administration.

  • Higher Education Statistics Agency (HESA) - Swansea University is required to send some of the information which we collect about students to HESA
  • Professional bodies (e.g. General Medical Council, Royal Society of British Architects, Law Society) in order to confirm your qualifications and accredit your course
  • Abertawe Bro Morgannwg Health Board (and other NHS organisations in England and Wales) when necessary for your programme
  • Work placement sites or educational partners involved in joint course provision
  • The Higher Education Funding Council Wales (HEFCW) and its agents including HESA and the Quality Assurance Agency (QAA)
  • Potential employers or providers of education whom you have approached
  • UK agencies with duties relating to prevention and detection of crime, collection of a tax or duty or safeguarding national security
  • Plagiarism detection service providers in accordance with the contract with the service provide
  • Other Higher Education Institutions if for example your programme of study involves spending a period of time at an institution outside Swansea University, including at an HEI abroad or if you have come to Swansea University as a visiting or exchange student, we may need to share information about you with the other institutions involved in the exchange (within or outside the European Economic Area). This will be done for the administration of the visit, exchange or study abroad, and so that the other institution can carry out its duties in regard to your studies. If you are involved in a visit, exchange or study abroad, you consent to Swansea University transferring data about you as necessary for purposes connected with your studies.
  • Home Office agencies - to assist in preventing immigration fraud.
  • Swansea University Students’ Union, in order to manage and monitor the engagement between Swansea University Students’ Union and their members, ensuring they experience the best possible student experience whilst at the University.

Any other disclosures that the University makes will be in accordance with the Data Protection Act and your interests will be considered.

Your rights? 

You have a right to a copy, or to object to the processing of, your personal data held by the University. Any requests or objections should be made in writing to the Information Compliance Officer (FOI/DP) and there will be a £10 fee for copies of your information.

Your responsibilities

You have a responsibility to keep your personal details up-to-date. During the course of your studies you may have access to personal information about others. You are expected to treat this in a responsible and professional manner and are legally required to do this under the Data Protection Act, as well as any professional ethics or codes of conduct. If you are made aware of personal information in confidence including regarding someone’s mental or physical health then you are expected to not tell anyone without the individual’s consent, unless there are exceptional circumstances. You should also not seek to gain others’ personal data if you are not entitled. Disciplinary action will be considered for any University member who breaches the Data Protection Act or a duty of confidence.