The University ensures that the personal information of its students and staff is managed in accordance with current data protection legislation. After May 25th 2018, the Data Protection Act 1998 (DPA) is superseded by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. You can find out more about GDPR here.
Any person who believes that the University of Nottingham is holding personal information about them can apply to the University for a copy of their information by means of a Data Subject Access Request.
Forms and Information Sheets
Frequently Asked Questions
How do I make a Data Subject Access Request?
To access the personal information held on you by the University, you should submit a Subject Access Request using our Data Subject Access Request form.
Data Subject Access Requests are free to make, however, the University is entitled to charge a reasonable fee, taking into account the administrative costs of providing the information where a request is manifestly unfounded or excessive. The University will advise you if it believes that such a fee is required. If a requested fee is not paid, the University is not required to supply the requested information. In addition, you must also enclose proof of your identity - such as a photocopy of your passport, driving licence or birth certificate.
Please return your completed Data Subject Access Request form and proof of identity to:
Information Compliance Team - Data ProtectionB16
Lenton HurstUniversity of NottinghamUniversity ParkNottinghamNG7 2RD
You can read our GDPR-compliant Data Protection Policy here.
If you wish to make a Data Subject Access Request, please remember that:
- Your Request cannot be processed unless we have received proof of your identity;
- You should describe the information you need as clearly as possible – if your request is too broad or unclear, we may need to ask you to be more specific;
- You should include your name and an address for a response;
- The Data Protection Act does not give a right of access to information that is not personal to yourself – that is covered under Freedom of Information and could be subject to exemption from disclosure;
- The University will aim to respond to your request within one calendar month;
For all other enquiries, you can email us at:
How will my request be handled?
Please see our Data Subject Access Requests Procedure
- although this is written for University staff, applicants may also find it useful for advice on how we will handle requests for information.
Will I have to pay a fee for requesting information?
Data Subject Access Requests are free to make, however the University is entitled to charge a reasonable fee, taking into account the administrative costs of providing the information where a request is manifestly unfounded or excessive. The University will advise you if it believes that such a fee is required. If a requested fee is not paid, the University is not required to supply the requested information.
What if I am unhappy with the way my request is handled?
The University has a complaints procedure should you be unhappy with the way in which your request is handled. If, having gone through the University's complaints procedure, you remain dissatisfied, you can complain to the Information Commissioner's Office. For full details, please see our information sheet Data Protection Complaints
What advice is there for staff?
There is information available on the Information Compliance pages on workspace. Additionally, the Data Subject Access Requests Procedure document gives guidance to staff on how to handle a SAR.
Will you release my information to parents, guardians or other third parties?
The University’s ‘contract’ is with the student (or applicant) and to disclose information to parents, guardians or other third parties, would in most cases be in breach of GDPR.
If we received an enquiry from a parent, or any third party, regarding one of our students, our response will be to neither confirm nor deny that they are a student. Confirming that an individual is a student at the University would be in breach of the GDPR and may, in extreme circumstances, result in placing an individual in danger.
We do understand that parents or guardians may be concerned about their child, and we would be happy to explain any policies or procedures that may be of help.
If you have major concerns about the welfare of your child and wish to leave contact details/correspondence with us, should the individual be a student here we will endeavour to pass them on and encourage the student to make contact. If the individual is not a student the details will be securely destroyed. We will not disclose to a third party whether this communication has occurred or any response.