Student information privacy notice

The University of Leicester is the Data Controller for your personal information and is subject to the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR).

This privacy notice explains how the University uses and shares your personal data and outlines your rights in relation to the personal data we hold.

What information are you collecting?

The University of Leicester may obtain, hold and process data of applicants and students including personal details, family and social circumstances, education and training records, employment information and financial details.  It may obtain, hold and process special category data of students including racial or ethnic origin, religious or philosophical beliefs, biometric data, and disability data, whether regarding physical or mental health or specific learning difficulty.

Personal data and special category data held by the University relating to students is obtained directly from the student or applicant, or in some cases from a third party organisation involved in the services provided by the University (e.g. UCAS and our recruitment agents, or bodies which award funding or loans such as Student Finance England, the National Health Service or Research Councils).

Why are you collecting my data?

The University of Leicester holds the personal data and special category data of its applicants and students in order to manage our processes and services. The University also has a statutory obligation to report data on its activities to the UK government and funding councils. Only information required for these purposes is obtained and processed, and without it the University may not be able to provide its services to you or meet its statutory obligations.  Information is utilised by various sections of the University as is necessary and proportionate for our operational purposes.

How will you use this information?

The University of Leicester will use personal data (including special category data) to administer your degree programme, deliver services, and meet statutory obligations including:

  • recruitment and admissions (including for filtering purposes to ensure the information we send is relevant to you);
  • provision of academic services in relation to your degree programme, including:
    • student registration;
    • management of assessment (including examinations);
    • management of academic progression (including mitigating circumstances);
    • monitoring of attendance;
    • investigations into academic misconduct;
    • graduation;
    • certification;
    • provision of references;
  • maintenance of student records;
  • timetabling;
  • financial assessments (e.g. fee status assessments, eligibility for bursaries and scholarships etc.)
  • non-academic functions, including:
    • providing student support services (e.g. AccessAbility Centre, Welfare, Careers Development Service, Counselling and Wellbeing, and Personal Tutoring);
    • providing library and IT services;
    • safeguarding and promoting student welfare;
    • monitoring equality of opportunity and eliminating unlawful discrimination;
    • ensuring safety and security;
    • managing accommodation and other ancillary services (e.g. student ID cards);
    • car parking;
    • during COVID-19, supporting students who have been shielding or have concerns about being impacted by COVID-19;
  • financial administration (e.g. tuition fees, scholarships, bursaries, student hardship etc.);
  • statutory reporting to the Higher Education Statistics Agency (see HESA below)
  • managing access to buildings and resources, including online resources
  • submission, publication and permanent preservation of PhD theses in line with legal requirement/copyright transfer agreement

We may also use your data for other administrative purposes, for example: to undertake statistical analysis, carry out compliance audits, promote services, detect or prevent crime, and to deal with grievances, disciplinary action, complaints or enquiries.

In some cases we may undertake automated decision-making using personal data in our recruitment and admissions processes. When this has a negative impact we will ensure this decision is checked by a member of staff before processing.

Graduation and degree information

Your personal data, including your full name and course information will be published in the degree programme, which is given to all graduands, unless you ask us to omit your details from the programme when you register. 

We also share information relating to the graduation ceremony with third parties involved in the ceremonies, including photographers and videographers. 

Graduation ceremonies are streamed live on the internet and are also made available online afterwards.

Footage may be used by the University for media publications and advertising. All graduands and guests should be aware that they may feature in footage of the degree ceremony.

By registering to take part in your graduation ceremony and by requesting guest tickets, you are giving permission for your image to be recorded.

For PhD and other Doctoral graduands who attend a ceremony, your thesis title will be read out when your name is announced in your ceremony. By registering to take part in your graduation ceremony you are giving permission for your thesis title to be read out.

All students automatically become members of the University’s Alumni Association upon graduation.


The University has a statutory obligation to report data on its activities to the Higher Education Statistics Agency. Data about you will be supplied to HESA for the purposes set out in the HESA Collection Notices.

Your contact details will be passed to HESA and/or an organisation contracted to undertake a graduate outcomes survey. The survey contractor will only use your contact details for the survey and will delete them when the survey is closed.  Your responses to the survey of graduate outcomes will be made available to the University. If you do not wish to take part in any of these surveys then you will have the opportunity to opt out when you are invited to participate (around 15 months after you graduate).

Viewing and maintaining personal data

Our current students are able to view and maintain personal data via our online MyStudentRecord service. Please advise us promptly of any changes to your details. If you have any questions about the data we hold please contact your School/Department in the first instance.

What is the legal basis for processing the data?

Student personal data is collected and processed by the University as necessary for the performance of a contract under which the University provides services to applicants and students.  Some processing activities may also be carried out under a legal obligation (for example, disclosing personal data and special category data to external parties under statutory powers), where it is necessary to protect the vital interests of the student or another party (for example, disclosures to  external parties to ensure the safety and wellbeing of individuals), where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (for example, collecting or disclosing information in order to meet regulatory or statutory requirements).

Where special category data is processed the legal bases for doing so will include explicit consent, protecting the vital interests of the data subject and where processing is necessary for the establishment, exercise or defence of legal claims.

The University may disclose student’s personal data and special category data to external agencies to which it has a legal obligation; for example for council tax, electoral registration, and visa and immigration purposes, and to other arms of central or local government, to the Higher Education Funding Council for England, Higher Education Statistics Agency, Student Loans Company, Office of the Independent Adjudicator for Higher Education, Research Councils, and potentially other such organisations for defined purposes.  It may also disclose information to examining bodies, legal representatives, Police or security agencies, suppliers or service providers, survey and research organisations engaged by the University, and regulatory authorities.

If you are sharing my data with others, who are you sharing it with?

For purposes referred to in this privacy notice we may share your personal data with certain third parties. Students are given the opportunity to opt-out of some data sharing arrangements, but we encourage students to think carefully about the impact of doing so. Where an opt-out is not in place, we will disclose relevant personal data to third parties, including:

  • our employees, partners, agents and contractors, where there is a legitimate reason for receiving information (e.g departmental staff, providers of student accommodation, software providers – such as Turnitin plagiarism detection service, auditors etc.) plagiarism detection service, auditors etc.)
  • the University of Leicester Students’ Union;
  • student sponsors in relation to registration and/or attendance and progress (e.g. Students Loans Company, Research Councils, NHS, US Department of Education and other third party sponsors);
  • third party education providers (e.g. in relation to exchange programmes or placement opportunities);
  • providers of financial services engaged by the University, for example for the payment of fees, refunds, loans and similar services;
  • professional and regulatory bodies in relation to the accreditation of our programmes,  confirmation of qualifications and professional registration (e.g. Health Care and Professions Council, British Psychological Society, Bar Standards Board etc.);
  • government departments or agencies where the University has a statutory obligation to provide information (e.g. the Office for Students (OfS), the Higher Education Statistics Agency (HESA), the Home Office (e.g. UK Visas and Immigration), relevant local authorities (for Council Tax liability and Electoral Registration purposes);
  • agencies involved in the prevention and detection of crime (e.g. the Police);
  • parents, guardians and next of kin (where there is a legitimate reason for disclosure);
  • third parties conducting surveys (e.g. the National Student Survey);
  • third parties supporting the production of documentation (e.g. the Higher Education Achievement Report);
  • third parties supporting the collection of debt;

Cookie-like technology examples

Our third-party CRM provider "Azorus" may use cookie-like technologies from time to time, like web beacons, SDKs, pixels (or “clear gifs”) and other tracking technologies. They automatically place single pixel gifs, also known as web beacons, in every email sent from Azorus. These are tiny graphic files that contain unique identifiers that enable the University of Leicester and Azorus to recognise when our Contacts have opened an email or clicked certain links. These technologies record each Contact’s email address, IP address, date, and time associated with each open and click for a campaign. Azorus use this data to create reports for the University of Leicester about how an email campaign performed and what actions Contacts took.

How long will you retain my data?

A summary academic record for individual students will be kept permanently by the University, with detailed records kept for defined periods.  Details of our retention periods can be found in the University’s Retention Schedule.

What are my rights and how can I enforce them?

  • The right to be informed about which data is collected and how it will be used.
  • The right to request access to your personal data held by the University.
  • The right to have incomplete or inaccurate data rectified.
  • The right to restrict the processing of personal data – individuals have the right to block the processing of their personal data by the University in specific situations.
  • The right to data portability – students have the right to request provision of some elements of their information in digital form in order to provide it to other organisations.
  • In the first instance, please contact the University’s Information Assurance Services if you would like to discuss any aspect of your rights in relation to your personal data.

How can I raise concerns about the processing of my personal data?

If you have any feedback or concerns in relation to the processing of your personal data please contact the University’s Information Assurance Services. If attempts to resolve a concern or complaint informally are not successful and you feel you have reason to complain, you may submit a formal complaint via the University’s Complaints Procedure.

External advice is available from the Information Commissioner who can be contacted via:

  • Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • 0303 123 1113
  • ICO website

Internal advice is available from Student Services:

Back to top