Privacy Statement



1. The data controller


The data controller is:

Universities UK
The Director of Operations, Universities UK on behalf of the All-Party Parliamentary University Group has responsibility for data protection, and can be contacted by:

Post  Woburn House, 20 Tavistock Square, London, WC1H 9HQ
Phone 020 7419 4111 (office hours only)

2. The personal data we are collecting

This privacy notice applies to information we collect about:

Visitors to our website
Users that contact us via 

3. How we collect personal data

We collect personal data through:

We do not collect personally identifiable information through our website but we do use Google Analytics to collect standard internet log information and details of visitor behaviour patterns.

4. How we source data

We will find contact data from several sources, for example on institution websites for individuals, other online resources, Companies House and we will also be given contact details from an individual’s colleagues to add to our mailing lists.

5.The purpose for collecting data

We use the data to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.

6.Your rights as an individual 

Subject access requests

If an individual makes a subject access request, Universities UK (UUK) on behalf of the All-Party Parliamentary University Group will tell him/her:

  • whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual;
  • to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;
  • for how long his/her personal data is stored (or how that period is decided);
  • his/her rights to rectification or erasure of data, or to restrict or object to processing;
  • his/her right to complain to the Information Commissioner if he/she thinks UUK has failed to comply with his/her data protection rights; and
  • whether or not UUK carries out automated decision-making and the logic involved in any such decision-making.

UUK will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise. This will be provided within one month of the request being made to meet GDPR requirements.

To make a subject access request, the individual should send the request to In some cases, UUK may need to ask for proof of identification before the request can be processed. UUK will inform the individual if it needs to verify his/her identity and the documents it requires.

If a subject access request is manifestly unfounded or excessive, UUK is not obliged to comply with it. Alternatively, UUK can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which UUK has already responded. If an individual submits a request that is unfounded or excessive, UUK will notify him/her that this is the case and whether or not it will respond to it.

Other rights

Individuals have a number of other rights in relation to their personal data. They can require UUK to:

  • rectify inaccurate data;
  • stop processing or erase data that is no longer necessary for the purposes of processing;
  • stop processing or erase data if the individual's interests override UUK's legitimate grounds for processing data (where UUK relies on its legitimate interests as a reason for processing data);
  • stop processing or erase data if processing is unlawful; and
  • stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual's interests override UUK's legitimate grounds for processing data.
  • To ask UUK to take any of these steps, the individual should send the request to

7. If you have a complaint

The supervisory authority is the Information Commissioner’s Office. Individuals can lodge a complaint directly with them.
Details of how to report concerns are on the ICO website.  The helpline telephone number is 0303 123 1113.

8.The legal basis we are relying on

UUK will use legitimate interest for contacts and communications for the following groups:

  • HE sector and members
  • Policy, political, business and media contacts

For these groups the data held will be:

Full name
Postal address (business address)
Contact details including address, telephone number and email (business contact details)
Universities UK believes that:

There is a genuine business reason (the legitimate interest) for processing this data, the purpose of UUK is:

  • To formulate policies on any matters affecting or relevant to the university sector of higher education in the UK
  • To provide information, advice and assistance to universities within the UK, or any of their representatives, on any aspect of educational affairs, including administrative and financial matters relating to or connected with education
  • To represent the university sector of higher education in the UK and to conduct dealings and to liaise with the Government, any local, national or other institutions, authorities, agencies, bodies or persons, wheresoever in the world situated
  • To promote and provide facilities for discussion and consultation between representatives of university institutions in the UK, on any matters affecting or relevant to the university sector of higher education in the UK.
  • And has considered the necessity test:
  • Processing individual’s data for the purposes of communicating with members, HE sector contacts, political, media, business and policy contacts is necessary to effectively service the needs and represent our members’ interests fully.

UUK considers the impact on the individual to be low (the balancing test):

We believe there is value in individuals hearing about developments and opportunities in the sector
Providing opportunities for networking with peers.
The individuals have already expressed an interest in our work through signing up for regular newsletter, using the facilities or attending an event.

  • Users can opt out of communications
  • We are not using any special categories of data
  • We will not transfer the data to third parties.

There are safeguards in place:

Opportunity for all contacts to unsubscribe from mailings
Email ( ) for individuals to practice their rights (see section 6).
The amount of data held on individuals is restricted to only what is necessary, and kept no longer than necessary
Data will not be shared with third parties, without making individuals aware and having a clear data sharing agreement
Access to data is restricted to only staff who need it for the performance of their roles
IT systems are secure, with regular security testing programme in place.
Data protection training is done by all staff as part of their probation.

9. Where our data is stored

Data is stored on premise in offices in London.  Where cloud hosted systems are in use, the data is stored in the EEA.