Cranfield University is a specialist postgraduate institution with a worldwide reputation for excellence and expertise in Aerospace, Defence and Security, Environment and Agrifood, Energy and Power, Management, Manufacturing, Transport Systems and Water.
This policy also instructs you on what to do if you do not want your personal information collected or shared when you visit our websites. By using and visiting the website, you agree to this policy and the uses made of personal information as set forth herein or amended hereafter.
This policy was updated in May 2018 as part of the University’s General Data Protection Regulation (GDPR) compliance programme and is reviewed annually. From time to time, we may update the policy. We encourage you to review it regularly to stay informed.
Cranfield University Group includes a number of subsidiaries:
Cranfield Aerospace Solutions Limited
Cranfield Conference Centre Limited
Cranfield Engineering Innovations Limited
Cranfield Innovative Manufacturing
Cranfield Management Development Ltd
Cranfield Quality Services Ltd
Cranfield Regatta Limited
Cranfield Group Holdings Limited
Cranfield Airport Operations Limited
If you believe your personal information has been misused, or handled in such a manner contrary to the policy stated above, please send details to GDPR@Cranfield.ac.uk.
When you are using Cranfield University websites, Cranfield University is the data controller. Our Data Protection Officer can be contacted on GDPR@Cranfield.ac.uk or at the address below:
Data Protection Officer
The information we collect
When you visit our website, work or study with us, we may collect the following types of information:
Information you voluntarily provide to us, such as your name, user name, address, phone number, email address and other contact information.
When you enter into a contract with us to study or work we may collect financial, profile and preference information that you provide.
The University does not hold or process electronic card payments; these transactions, including all personal data, are transferred to external web payment services and are governed by their privacy policies and notices.
The University also collects data from publically available sources.
Cranfield Group uses Live Chat to facilitate and assist website visitors with any enquiries that they may have.
Explaining the legal reasons we rely on
In summary, we process personal information to enable us to:
- provide education and support services to our students, professional learners and alumni
- support and manage our employees; internal support functions; corporate administration and other business-related functions of the University
- maintain our accounts and records
- provide commercial activities to our clients
- undertake research
- advertise and promote the University and the services we offer
- publish University and alumni publications
- undertake fundraising.
All information is processed under a legal basis to comply with the General Data Protection Regulation. Information on these legal bases is given below.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, if you study with us, we will process the information necessary for fulfilling the contract to provide a course of education in accordance with the agreed terms.
Failure to provide information requested under contract may result in you not being able to be considered to work or study with us.
If the law requires us to, we may need to collect and process your data.
For example, to fulfil our legal obligations in relation to tax.
Occasionally processing may be necessary in order to protect your vital interests.
For example, should you decide to work or study with us, in the case of a medical emergency we will share your data with the emergency services.
As a University, we are required to process information to carry out our duties as a public authority.
For example, we may be required to share your details with Higher Education Statistics Agency (HESA) and Office for Students (OfS).
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we may use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you
We also have a legitimate interest to visually identify and record people on campus for the purpose of security.
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters.
We also process special category and sensitive classes of information that may include:
- personal data including protected characteristics as outlined in the Equality Act 2010 and other relevant legislation.
- occupational health records
- DBS records
- criminal convictions.
When collecting your personal data, our intention is to be clear to you which data is necessary in connection with a particular service.
We may use your personal information for marketing or research purposes. For instance, this could allow us to personalise information and increase its relevancy if we contact you, or to invite you to help us develop new products through your feedback. If you would prefer us not to contact you using the personal details you have supplied, please contact GDPR@cranfield.ac.uk
What personal data may Cranfield University collect?
We process information about many different types of data subjects, which include staff, contractors, students, clients and the general public. We record further details on the types of data subjects we process information about and this information is available on request.
For those data subjects, we process a wide variety of categories - depending upon the purpose for the processing. Some examples are given below and full information is available on request.
We process information about data subjects – in relation to the reasons/purposes above - including:
- access and control lists
- accommodation records
- attendance records
- complaints, incidents and accidents
- contact information
- courts, tribunals and enquiries
- customers, potential clients and clients
- education, performance, training and achievement or award records
- financial information including loans, sponsorship, credit history and pension
- goods or services provided
- grievance, disciplinary and appeals records
- health records
- information held in order to publish University publications
- licences and permits held
- lifestyle and social circumstances
- promotional material including audio visual
- provision of university services including library, IT & room and conference facilities
- recruitment, education and employment records
- relatives, guardians and associates
- specific identifiable characteristics including unique identifiers; date of birth, name
- associations and professional body memberships
- survey responses
- vehicle details including vehicle registration and driver/ownership
- vetting checks
- visual images, personal appearance and behaviour
Who do we share your personal data with?
Where required, we share your information across the University and with our commercial subsidiaries.
The University will not sell, license or trade your personal information without your consent. We will not share your personal information with others unless they are acting under our instructions or we are required to do so by law (for example, to government bodies and law enforcement agencies, examining bodies, regulatory and investigatory authorities.)
We also sometimes share your personal data with trusted third parties. Here’s the notice we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services
- They may only use your data for the exact purposes we specify in our contract with them
- We work closely with them to ensure that your privacy is respected and protected at all times
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
- Suppliers, service and support providers e.g. IT companies who support our website and other business systems
- Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice for details.
- Data insight companies to ensure your details are up-to-date and accurate
- Ranking and accreditation agencies.
We also share information with other parties at the specific request of, or consent by, the data subject.
How long will we keep your personal data?
Cranfield University is currently in the process of revising our procedures regarding the retention of data. For the most part, data will be kept for a standard retention period of seven years in line with statute of limitations.
There will be some exceptions to this, and data may be kept for a shorter or longer period than seven years.
For example, employment applicant data will be kept for less time, while the categories of student name and qualification will be kept for the lifetime of the University. Some further data will be kept for more than seven years where there is a legal obligation to do so (eg pension information).
Under the GDPR, you have the following rights:
- The right of access - you have the right to request the personal data we hold about you, free of charge in most cases.
- The right to be forgotten - you have the right to request that we delete your data.
- The right to data portability - you have the right to request that we supply a copy of your data in a commonly-used and machine-readable format for you to transfer your data to another service provider.
- The right to be informed - you have the right to be informed about our processing of your data.
- The right of rectification - you have the right to request the correction of your personal data when incorrect, out of date or incomplete.
- The right to restrict processing - you can request that your data is not used for processing. Your record can remain in place, but not be used.
- The right to object - you have the right to stop the processing of your data for direct marketing.
- Email newsletters/communications (electronic communications).
- Cranfield University offers visitors to our website the opportunity to subscribe (opt in) to a number of electronic communications. You have the possibility at all times to tell us you no longer wish to subscribe to our electronic communication service (opt out). All e-communications you receive from us will provide clear instructions on how to unsubscribe from each service.
- You also have the right to object to the processing of your data where you believe a decision has been made about you by fully automated means, which has adversely affected you.
- The right to be notified - you have the right to be notified if there has been a data breach which compromises your personal data, within 72 hours of Cranfield University having become aware of the breach.
- Right to complain to the supervisory authority - you have the right to complain to the supervisory authority; in the UK, this is the Information Commissioner's Office (ICO) - see the ICO website for further information.
Please note that the rights described above do not apply in every circumstance. If you require further clarification, please contact GDPR@cranfield.ac.uk.
Where your personal data may be processed
Your personally identifiable information will normally be processed in our own databases located in the United Kingdom, but some data may be processed elsewhere through specific contractual agreements. Cranfield University is committed to keeping secure the data you provide us and will take reasonable precautions to protect your personally identifiable information from loss, misuse or alteration.
Some transfers of personal information to third-party recipients have been explained above. Data is kept in European Economic Area (“EEA”) and, if not, there are contractual clauses in place.
Cranfield University has made substantial investments in security technology and security management processes. These technologies are deployed to guarantee maximum security of the information you provide us with.
This policy is limited to the information that Cranfield University (and our associated websites) collects from our website users about themselves and others via our websites. Our sites contain links to other sites. The links are provided as a courtesy, to be used or not at the discretion of the individual user. If users decide to follow these links, Cranfield University cannot be responsible for the Privacy Policies and content of those sites. Users should contact the co-ordinator of the particular site with any questions about those sites.
Data protection notice
Please note that any information supplied via this website may be stored on our computer system for the provision of information, marketing and analysis. We may also share this information with other third parties in line with our registration with the ICO.
We are registered with the Information Commissioners’ Office and our registration number is Z4690919. Our other associated companies are also registered for data protection.
Alumni Relations and Development Privacy Notice
Cranfield University Alumni Relations & Development Office (ARD) exists to maintain and grow a lifelong, mutually beneficial relationship between the University and its alumni, supporters and friends.
This privacy notice, which can be downloaded using the link below, sets out how we manage and use your data to enable us to keep you informed about the University and provide opportunities for you to continue to be involved in the life and activities of the University. This includes providing you with services you have requested, for administration purposes, and to further our charitable and educational aims including fundraising, volunteering and other activities. Your data is stored securely and in accordance with the General Data Protection Regulation. We will not sell, licence or trade your information without your consent.
You may opt out of receiving AR&D communications at any time by contacting firstname.lastname@example.org.
Send to a friend
Users can choose to electronically forward a variety of articles, abstracts, research papers and course details to someone else. Users must provide their email address as well as that of the recipient. The information is only used in the case of transmission errors and to let the recipient know who sent the email. The information is not used for any other purpose.
Cranfield University is a postgraduate institution and therefore will only process children’s personal data under very specific circumstances. For example, events supporting science-based projects in schools, attendees at the on-site pre-school and ‘Bring Your Child to Work Day’.
Where there is a need to collect information from a person under 13, then the University will need consent from a parent or guardian in order to process any data. In these circumstances, an email or postal address of this person will be needed so that we can write to them to collect this.
Job applicant data
Our job applicant privacy notice explains how we will collect and use the personal data relating to our job applicants.