top of page

Privacy Policy

University of Bristol
Online Programmes Privacy Notice


The University of Bristol is committed to protecting your privacy and handling your personal data transparently and securely.
This Privacy Notice explains how your personal data will be collected, used, stored and shared in relation to enquiries, applications and study on University of Bristol online programmes.
This notice may be updated from time to time. Please check this page periodically to ensure you are happy with any changes.

1. Introduction

This Privacy Notice applies to individuals engaging with the University of Bristol’s online postgraduate programmes.
The University of Bristol (the “University”) is the Data Controller and is responsible for, and controls, the processing of your personal data.
The University is registered with the Information Commissioner’s Office (ICO).
In delivering certain aspects of its online provision, the University may engage external service providers (for example, technology platforms, marketing platforms or student support systems). Where this occurs, such organisations act as Data Processors and process your data only under the University’s instruction.

The University processes personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)

  • The Data Protection Act 2018

  • The Privacy and Electronic Communications Regulations (PECR)
     

This Privacy Notice explains how and why your personal data will be used. It should be read alongside the University’s main Data Protection Policy and wider Privacy Statement available on the University website.
If you have any questions regarding this Privacy Notice, you may contact the University’s Data Protection Officer at:
data-protection@bristol.ac.uk

2. How your personal data will be used

Your personal data will only be processed where there is a lawful basis under UK GDPR.
Most information processed about you will be provided directly by you when you:

  • Submit a request information form

  • Enquire about a programme

  • Attend a webinar or event

  • Submit an application

  • Enrol as a student

Below is an outline of the main processing activities.

2.1 Enquiries and Prospective Students

When you request information or make an enquiry about an online programme, the personal data you provide will be used to respond to your request.
Purpose of processing:

  • Identify you

  • Respond to your enquiry

  • Provide programme information

  • Communicate with you regarding events or next steps

Personal data processed may include:

  • Name

  • Email address

  • Telephone number

  • Programme of interest

  • Country of residence

  • Professional background

  • Any information voluntarily provided

Lawful basis:
Article 6(1)(b) UK GDPR
Processing is necessary to take steps at your request prior to entering into a contract.
Where you consent to be contacted by specific channels such as email, SMS or WhatsApp, Article 6(1)(a) UK GDPR (consent) will apply.

2.2 Applications

If you apply for an online programme, your application data will be processed to assess your suitability for admission.
Purpose of processing:

  • Process and assess your application

  • Verify qualifications and references

  • Communicate admissions decisions

  • Prepare enrolment documentation

Personal data processed may include:

  • Name

  • Date of birth

  • Contact details

  • Nationality and residency information

  • Educational history

  • Employment history

  • Personal statement

  • References

  • Passport information (where applicable)

  • Disability information (where disclosed)

Lawful basis:
Article 6(1)(b) UK GDPR
Processing is necessary to take steps prior to entering into a contract of study.

2.3 Students

If you enrol as a student, your personal data will be processed for the delivery and administration of your programme.
Purpose of processing:

  • Register you as a student

  • Deliver your programme of study

  • Record academic performance

  • Manage assessments and examinations

  • Provide academic and pastoral support

  • Process tuition payments

  • Comply with regulatory reporting obligations

Personal data processed may include:

  • Contact details

  • Student ID and academic records

  • Assessment results

  • Attendance data

  • Payment information

  • Welfare or support-related information

Lawful basis:
Article 6(1)(b) UK GDPR – performance of a contract
Article 6(1)(c) UK GDPR – compliance with legal obligations
The University is required to submit statutory returns to bodies such as the Higher Education Statistics Agency (HESA) and other regulators.
Special Category Data
In certain circumstances, the University may process special category personal data, including:

  • Health information

  • Disability information

  • Ethnicity

  • Religious belief

  • Sexual orientation

This will only occur where:

  • Explicit consent is provided (Article 9(2)(a)), or

  • It is necessary for equality monitoring, safeguarding or legal obligations (Article 9(2)(g) or (h)).

Access to such data is strictly controlled.

2.4 Marketing

If you have opted in, your personal data may be used to provide information about:

  • Online programmes

  • Events and webinars

  • Updates and news

  • Alumni engagement
     

You may withdraw your consent at any time by using the unsubscribe link in communications.
Electronic marketing will only be sent where consent has been given in accordance with PECR.

3. Sharing your information

Your personal data may be shared with:

  • Technology service providers (e.g., CRM systems, virtual learning environments)

  • Payment processors

  • Regulatory bodies

  • Academic partners

  • External student support services
     

Data sharing will only occur where:

  • Required by law

  • Necessary for performance of your contract

  • Legitimate interests apply

  • You have provided consent
     

Appropriate data processing agreements are in place with third-party providers.

4. International data transfers

Where personal data is transferred outside the UK, the University ensures appropriate safeguards are in place, such as:

  • UK adequacy regulations

  • Standard contractual clauses

  • Binding corporate rules
     

5. Data security

The University implements appropriate technical and organisational measures to protect your personal data against:

  • Unauthorised access

  • Accidental loss

  • Alteration or destruction

Access is restricted to authorised personnel only.

6. Data retention

Personal data is retained only for as long as necessary for:

  • Delivery of education

  • Legal or regulatory requirements

  • Financial reporting

  • Alumni engagement

Retention periods are governed by the University’s official Records Retention Schedule.

7. Your rights

Under UK GDPR, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate data

  • Request erasure (where applicable)

  • Object to processing

  • Request restriction of processing

  • Request data portability
     

To exercise your rights, contact:
data-protection@bristol.ac.uk
 
8. Complaints
 
If you are dissatisfied with how your data has been handled, you may contact the University in the first instance.
You also have the right to lodge a complaint with the Information Commissioner’s Office:
www.ico.org.uk

9. Cookies and third-party tools

This website may use cookies and similar technologies for:

  • Essential functionality

  • Analytics

  • Marketing

  • Social media integrations
     

Where cookies are non-essential, you will be asked for consent.
 
Embedded content (e.g., YouTube, Vimeo, social media platforms) may set their own cookies in accordance with their own privacy policies.

bottom of page