The University is committed to looking after any information that is made available to us when you visit our website in accordance with data protection law.
This is the privacy notice for the Manchester Metropolitan University website. Other University websites, for example those operated by faculties or departments, may carry their own specific privacy notice information or provide additional information relating to their activities, which will supersede or supplement this notice.
This notice explains who we are, how and why we collect personal information about you when you visit our website, what personal data is collected, our purposes and lawful bases for processing, and how you can exercise your privacy rights.
Please do read this notice to understand our practices and if you have any questions please contact us using the contact details provided below. Other privacy notices relating to our specific activities are available from our Privacy Notices section of the website.
Who we are
Throughout this notice, “University”, “we”, “our” and “us” refer to the Manchester Metropolitan University, an exempt charity under Schedule 2 to the Charities Act 1993 (amended by the Charities Act 2011). We are a higher education institution which provides teaching, education, research and associated services. The University is the Controller in respect of any personal data which is collected during your engagement with the University website.
The University is registered as a Controller with the Information Commissioner’s Office (ICO). We manage your personal information in accordance with the General Data Protection Regulation (GDPR) and the University’s Data Protection Policy.
The personal data we process
Information collected via our forms
The majority of the personal information we collect about you when you engage with the University website will be obtained via our forms or if you contact us by e-mail. We may ask for some personal details if you wish to access some of our services or ask us to respond to your requests, for example:
This information which is collected directly from you. It is likely to include the following:
We may also collect and store bank card details. The University is PCI DSS compliant. We do not store credit/debit card details after authorisation and till receipts are always masked.
When you provide us with your contact details you will be asked whether you wish to receive any further communications from us.
We will ensure that all personal information you supply is held in accordance with data protection law. We do not sell or otherwise transfer personal data to any third parties unless you have consented to this or this is permitted by law.
For further information about your engagement with the website:
The purposes of the processing
Your information will enable us to:
Cookie information - We process your information for purposes arising from your use of the website, for example, to ensure that we understand who uses our site and how our site is used and to improve our site and ensure it is secure. This processing occurs because it is necessary to meet our legitimate interests in operating and improving the website, analysing its use, and ensuring its security.
Lawful basis: This processing occurs because it is necessary to meet our legitimate interests in operating and improving the website, analysing its use, and ensuring its security. We also rely upon your consent collected when you accept use of our cookies.
Information collected via our forms – We process your personal information collected via our website forms primarily to service your request of the University. For example, to facilitate your attendance at a University event, or service and respond to your request to receive information from us.
We may also ask you whether you wish to receive our marketing and promotional communications about the services, events and benefits we can offer you as a prospective, current student or member of our alumni. Accordingly we will send you communications about:
Lawful basis: Where we are servicing or responding to a request which you have made of the University via one of our forms we rely upon the legitimate interests lawful basis in order to respond to your request. We rely upon your consent to send you our promotional and marketing communications, such as our newsletters.
The recipients or categories of recipients of the personal data
We may share your data with third parties who provide services on our behalf, such as those who help us to operate the website or service requests you have made of the University, e.g. requests to receive a printed prospectus. All our third-party service providers are bound by the terms of a contract and are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
Where your data is shared with third parties, we will seek to share the minimum amount necessary.
The right to withdraw consent
If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. Please use unsubscribe links within our communications or refer to the specific privacy notice information which was provided when the University collected your consent for the most appropriate contact information. You are also able to use the firstname.lastname@example.org e-mail address.
Your rights in respect of the processing
The GDPR provides data subjects with the following data subject rights:
Please note, that these rights apply in certain circumstances, for example according to the lawful basis utilised by the University. The right of access to personal information held about you exists in order to be aware of, and verify, the lawfulness of the processing. For further information about your data subject rights please see our specific: Data Subject Rights Page.
Our Data Protection Officer can also be contacted using email@example.com, by calling 0161 247 3884 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO. Please contact: firstname.lastname@example.org or telephone: 0303 123 1113. For any further contact information please see: https://ico.org.uk/global/contact-us/.
Updates to this privacy notice
We may update this privacy notice from time to time in response to changing legal, technical or business developments. When we update our privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
Privacy notice updated on: 16.10.19