Continued privacy notice

This is the second, generic half of every University privacy notice. General information for individuals the University of Edinburgh collects, shares or processes personal information about.

Data controller and contact details

For data collected under this privacy notice, the University of Edinburgh (the “University”) is the Data Controller (as that term is defined in the UK General Data Protection Regulation and the Data Protection Act 2018), registered with the Information Commissioner’s Office, Registration Number Z6426984.

The University's Data Protection Officer can be contacted at:

Our data protection policy is on our website.

University data protection policy

Data sharing

In addition to the primary purposes, we are also legally obliged to share certain data with other public bodies such as HMRC and will do so where the law requires this; we will also generally comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and proportionate. 

Your rights

You have the right to request access to, copies of and rectification or (in some cases) erasure of personal data held by the University and can request that we restrict processing or object to processing as well as (in some cases) the right to data portability (i.e. the right to ask us to put your data into a format that it can be transferred easily to a different organisation). If you wish to make use of one of these rights, please email your local contact.

If we have asked for your consent in order to process your personal data you can withdraw this consent in whole or part at any time. To withdraw consent, please email your local contact, who will explain the consequences of doing so in any particular case and initiate proceedings for withdrawing consent. 

Complaints

If you are unhappy with the way we have processed your personal data you have the right to complain to the Information Commissioner’s Office (ICO), but we ask that you please raise the issue with our Data Protection Officer first.

For information about reporting a concern to the ICO see their website:

ICO guidance on reporting a data protection concern