The University of Glasgow (the University) will be what’s known as the ‘Data Controller’ of your personal data processed in order to facilitate your interaction with the University. This Privacy Notice will explain how the University will process your personal data.

Changes to this notice

The University may update this notice at any time and may also provide you with furthermore detailed notices on specific occasions where we collect and process personal data about you. These additional privacy notices are supplemental to this main Privacy Notice. You should check this Notice regularly to be aware of any changes. However, where any change affects your rights and interests, we will bring this to your attention and clearly explain what this means for you.

Your personal data and why we need it

The University will process your personal data to provide you with the communications you have subscribed to.

If you consent to receive these communications, we will retain and use only the information which is necessary to communicate with you. This may include:

  • Your name and contact details (including your address, email address and telephone number(s));
  • Details of specific degree programmes or research areas of interest (if relevant)
  • Your job title and role (if relevant);
  • Details of University events you have attended (if relevant).

The communications we send you will be tailored to any preferences you have expressed.

We will only collect data that we need in order to provide and oversee these services to you.

Enquirers – We are collecting your personal data such as name, country of residence, areas of interest, fee status in order to manage your enquiry.

Applicants – Throughout the application process we will send you additional communications covering areas we believe to be of interest and importance to you while making your decision to study at the University of Glasgow.

We will only collect data that we need in order to provide and oversee these services to you.

Event Registrations – Your name will appear on a registration list accessed only by authorised persons of the University of Glasgow and used only for the purpose of checking you in to the event. This list will not be retained and will be destroyed following the event.

Why we process your personal data

Generally, we process your personal data in order to facilitate, administer, support and manage your time as a student with the University, this includes but is not limited to

  • Administrative purposes, including the administration of fees, management of funding, facilities administration, timetabling purposes, provision of services
  • Provision of pastoral care/duty of care responsibilities including health and safety and safeguarding requirements and related legal obligations
  • Academic purposes, providing you with learning and teaching and support services, academic, advisory and supervisory, in person and remotely online, and other optional services e.g. Library, Careers Service, in order to carry out required examination and assessment of knowledge, record academic progression and confer awards
  • Security, safety and prevention and detection of crime
  • Legal and statutory reporting
  • Archiving and research purposes, including research and statistical analysis into learning analytics
  • Promotion of the University (only with your consent)


Legal basis for processing your personal data

We must have a legal basis for processing all personal data.

Consent – We process your personal information for the purposes above based on your consent. You will be able to withdraw consent and unsubscribe to the communication you receive at any point by following the instruction provided on each communication we send you. Alternatively, you can contact us at


It is recognised that some of the above grounds may overlap and that the University may rely on multiple grounds when justifying its lawful basis for processing.

Who we share it with and why

There may be instances that require the University to share your personal data with third parties, including:

We may provide access to such information (including copies of the documents provided by you) to our external auditors when relevant.

We currently use third party services to provide our managed email communications.

  • We use Dotdigital to supply our bulk email service for communications. Dotdigital is a private company (data processor) used to provide a bulk email service to the University. Your personal information will be held in the EU however there may be occasions where the sub-processors access the data (amounting to a transfer) in order to provide elements of their services for support. For further details, refer to Dotdigital’s privacy policy.
  • If you would prefer that your data is not stored in Dotdigital, you can opt out of communications at any point. You can also email Recruitment Marketing directly

You may be sent information about events or resources at the University where this would be relevant to any future study on this basis, but only if you have requested it. If you decide to receive this information, you can opt out at any point by using the Unsubscribe link in any of our communications.

  • Partner institutions, student exchanges, joint/collaborative agreements
  • Student sponsors e.g. the UKRI
  • Authorised staff for the purpose of verifying the registration status
  • Relevant Government Departments to whom the University has a statutory obligation to release information, for example UK Visas and immigration
  • Local authorities, for council tax purposes,
  • Provision of systems and services facilitated by third party IT providers
  • Law enforcement agencies or other bodies with regulatory powers
  • Work placement sites, for example, those students studying medicine, dentistry, education and veterinary medicine or other educational partners, involved in joint/collaborative course or student exchange provision
  • Potential employers or providers of education who have been approached by students, for reference provision purposes
  • In emergency situations, the University may provide emergency contact details and other appropriate information to those relevant authorities dealing with the emergency

 How long do we keep it for?

We will continue to keep your data until you withdraw your consent or unsubscribe from receiving a specific communication.  We will delete your details if we become aware that your contact details are out of date or incorrect.

Keeping your personal data safe

The University has a series of technical and organisational measures in place to ensure that your personal data is protected and safeguarded. Please see the University’s Information Security webpages for more information. 

What are your rights?*

You can request access to the information we process about you at any time. If at any point you believe that the information we process relating to you is incorrect you can request to see this information and may in some instances have it restricted, corrected or, erased. You may also have the right to object to the processing of data and the right to data portability.

Where we have relied upon your consent to process your data, you also have the right to withdraw your consent at any time.

If you wish to exercise any of these rights, please contact

*please note that the ability to exercise these rights will depend on the legal basis on which the processing is being carried out.



If you wish to raise a complaint on how we have handled your personal data, you can contact the University Data Protection Officer who will investigate the matter.

Our Data Protection Officer can be contacted at

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO)

For further information 

If you are unsure about anything within the Privacy Notice, then please contact the University’s Data Protection Officer at

For further information on data protection, please see the University’s webpages and the Information Commissioner’s Office website


Amendments to this privacy policy

This privacy statement will be reviewed and updated on a regular basis. It was last updated on 13 March 2019.

[i] Personal data is defined as any information relating to an identified or identifiable individual, who can identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

[ii] Processing of special category data is defined as the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data for the purpose of uniquely identifying an individual, data relating to an individual’s sex life or sexual orientation.

Updated December 2021