Your Rights

Chapter 3 of the GDPR outlines the rights of Data Subjects and the University will ensure that personal data is processed in accordance with those rights.  An individual has the right to:

  • receive certain information about the University’s processing activities in a Privacy Notice 
  • request access to their personal data that the University holds, via a subject access request
  • ask the University to erase personal data if it is no longer necessary in relation to the purposes for which it was collected or processed
  • rectify inaccurate data or to complete incomplete data
  • restrict processing in specific circumstances
  • in limited circumstances, receive or ask for their personal data to be transferred to a Third Party in a structured, commonly used and machine-readable format
  • withdraw Consent to Processing at any time
  • prevent the University’s use of their personal data for direct marketing purposes
  • to challenge processing which has been justified on the basis of the University’s legitimate interests or in the public interest
  • request a copy of an agreement under which personal data is transferred outside of the EU 
  • object to decisions based solely on automated processing, which produces legal effects or significantly affects an individual
  • prevent processing that is likely to cause damage or distress to the individual or anyone else
  • be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedom
  • make a complaint to the supervisory authority.

 

All rights must, by and large, be responded to within one month. All requests (including ID) can be emailed to dataprotection@swansea.ac.uk (please note the University cannot guarantee secure transfer over email so attaching a password protected document containing your request and ID is advised) or it can be posted to the following address:-

The University Compliance Officer (FOI/DP)

Vice-Chancellor’s Office

Swansea University

Singleton Park

Swansea

SA2 8PP