Educational Engagement Privacy Notice

This notice explains how the University through its Educational Engagement team, Departments, Schools and Faculties will collect and use your personal data.

Please see the following information for more on the educational engagement activities covered by this notice.

Throughout this notice, 'University' 'we', 'our' and 'us' refers to the University of Leeds. 'You' and 'your' refers to external members of staff in schools, colleges and other educational providers, together with other individuals involved in educational engagement activity.

We are the data controller for personal data that we process about you.

Change in the law

Until 24 May 2018 we shall process your personal data in accordance with the Data Protection Act 1998 (DPA). From 25 May 2018, we shall process your personal data in accordance with the General Data Protection Regulations (or GDPR).

This notice complies with requirements under both DPA and GDPR.

Changes to this notice

Prior to the implementation of GDPR, we are likely to make changes to this notice. We shall inform you of any changes to this notice.

Anything you are not clear about

If there is anything you are unclear about, please contact our Data Protection Officer, who shall be happy to answer any queries you may have concerning this notice or the way in which we process your personal data.

The Data Protection Officer's contact details can be found under the heading 'concerns and contact details'.

Where does the University get your personal data from?

We obtain personal data regarding you from the following sources:

  • From when you provide contact details to us for outreach activities
  • From school, Department for Education and other websites

Categories of personal data being processed

We will collect and process personal data about you.

The data we may process includes:

  • Your title, name (including former name or alias).
  • The school, college or further education provider where you work.
  • Your contact information (address, telephone, email, social media).
  • Your business details including role, subject area and organisation.
  • Events you have been invited to and whether or not you have responded or attended.
  • A record of interactions with you for future reference and to help tailor further communications with you; as part of this, some emails sent by the University may record whether the email has been opened and whether any links have been clicked on.
  • Information that you have decided to share with us.

As with most websites certain actions you take will be recorded anonymously as cookies by the University's websites. Please see the educational engagement page for further information on cookies. A list of cookies associated with the education engagement enquiry form are available in the University's privacy and cookies notice

The purposes for which we process your personal data

In general terms, we process your personal data for the organisation and administration of outreach activities.

Additional notices and guidance/polices

The University’s Data Protection Code of Practice

The University's Data Protection Code of Practice (PDF) is presently being reviewed and updated ready for compliance with GDPR. It contains a lot of useful general information on data protection and University practices. 

Automated decision making

We do not conduct automated decision making with your data. 

Anonymised data

Your data may when anonymised, and no longer constituting personal data, be used to support alumni activities.

Due Diligence

Please note that if you wish to make a gift to the University we may process your personal data, including information from the public domain, for due diligence purposes, in accordance with our gift acceptance and naming policy. View our gift acceptance and naming policy.

Keeping your data up to date

We will update the data we hold on you from time to time. For example, if you provide us with new contact details or in response to your request for your data to be updated.

We may update your contact details by using third party sources/services.

Who can see your data?

Your data is held securely within the University. Access is strictly controlled and staff receive training on data protection.

In addition to third parties helping us keep your data up to date, in order to boost functionality and efficiency, we may employ IT experts from outside of the University to aid with the development of our systems. They may have access to information which is necessary to complete the specific task for which they are appointed. These experts will provide their services in accordance with the strict instructions of the University. In particular they must respect confidentiality and to the extent they do need to temporarily hold any data, that data must be held securely, strictly used only for the agreed purpose, kept for only as long as necessary and then destroyed.

We will not sell or share your data to third parties for their commercial purposes.


We will from time to time communicate with you by email, post and telephone. In particular we regularly communicate with people for the following purposes:

  • share news about the University (including its research and services)
  • invite you to events
  • invite you to support our fundraising activity

If, at any stage, you are concerned about the content of these communications, eg unwanted marketing information, or wish to change the method of communication we use, please unsubscribe to general email communications.

If you are unsuccessful in unsubscribing from our communications and/or remain concerned, please contact our Data Protection Officer whose contact details can be found under the heading 'concerns and contact details'.


Generally the University will retain personal data until the individual asks us to remove it from our records. We will routinely remind you of your right to have us remove your personal data.

If you are not a member of the University alumni community, any personal data held will be deleted should you not respond to our attempts to contact you, or should you state that you have no interest in forming a relationship with the University.

Your rights as a data subject

Under GDPR you have the right to:

  • Withdraw consent where that is the legal basis of our processing.
  • Access your personal data that we process.
  • Rectify inaccuracies in personal data that we hold about you.
  • Be forgotten, that is your details to be removed from systems that we use to process your personal data.
  • Restrict the processing in certain ways.
  • Obtain a copy of your data in a commonly used electronic form.
  • Object to certain processing of your personal data by us.

For further information on your rights as a data subject please see the Information Commissioner's Office (ICO) website.

You have a right to complain to the ICO about the way in which we process your personal data. To complain to the ICO please see their website.

Legal basis for processing your data under GDPR

GDPR is a new law and it has not yet been applied to circumstances similar in context to our relationship with external stakeholders. The extent of lawful grounds for processing data has yet to be fully understood. As legal views mature the University may change its views on its legal basis for processing.

Educational Engagement will process your data based upon your consent.

Concerns and contact details

If you have any concerns with regard to the way your personal data is being processed or have a query with regard to this notice, please contact our Data Protection Officer, Alice Temple.

Our data controller registration number provided by the Information Commissioner's Office is Z553814X.

Last updated: 07/11/2019