Privacy

As part of our legal obligations to comply with the UK General Data Protection Regulation (UK GDPR) we have published Staff, Student and General Privacy notices. Where required local privacy notices will be issued to inform individuals about what personal data is gathered, how it is used, stored and retained.

UCL also has a Data Protection Policy that sets out our commitment to the safeguarding of personal data processed by its staff and students and our stances on compliance with data protection legislation. This policy describes how UCL will discharge its duties in order to ensure compliance with the data protection principles and rights of individuals. 

You can find further information about the UK GDPR from the Information Commissioner's Office (ICO). The ICO is the UK regulator who oversees compliance with data protection legislation. Information Commissioner's Office Guide to the UKGDPR.

General UCL Privacy Notices

• General Privacy Notice
• Staff Privacy Notice
• Student Privacy Notice
• Prospective students privacy notice
• UCL general research participant privacy notice
• UCL General Privacy Notice for Participants and Researchers in Health and Care Research Studies
• UCL Visitors Privacy Notice

Links to other UCL Privacy Notices

• Student Support and Wellbeing Privacy Notice
• Alumni Privacy Notice
• UCL Library Services Privacy Notice: External Users
• UCL Workplace Health privacy notice

Further guidance on writing a privacy notice, and template children's privacy notice

• Further guidance on writing a privacy notice.
• Template children's privacy notice (under 13 years)

There may be instances where local privacy notices are used to provide additional information about a UCL service. Please check these as you engage with them.

UCL Statement on the use of 'Public Task' as a lawful basis for processing

Where UCL processes personal data in connection with the carrying out of tasks in the public interest in its capacity as a public authority, UCL may rely on the 'public task' ground as its lawful basis for processing that personal data.

Where the processing of personal data by UCL is separate from UCL's tasks as a public authority, a separate basis for processing that personal data will be established.

Please note that where UCL processes 'special categories of personal data' or criminal convictions data in its capacity as a public authority then a legal basis for processing that personal data will need to be found in line with the GDPR in addition to the 'public task' ground.

For more details on UCLs use of ‘Public Task’ please see the document:

• UCL statement of tasks in the public interest August 2018

UCL Privacy Policy and Appropriate Policy Document

• UCL Data Protection Policy
• UCL Appropriate Policy document