Data Protection, Privacy and Cookies

Here at the University of Salford we work hard to ensure that you get the very best experience, whether you are a visitor, a student, a staff-member, alumni or partner, without having to worry if your information is safe.

Outlined below is how and why we collect, use, and share your personal information, and your rights in relation to that data.

We know that there’s lots of information here, but we want you to be fully informed – we hope the following sections will answer any questions you have but if not, please do get in touch with us.

A bit about us

The University of Salford is the 'Data Controller' of your personal data and is subject to the data protection legislation and to the Data Protection Act 2018. We are registered with the Information Commissioner’s Office (ICO) registration number Z469563X and our Data Protection Officer is Melanie Earp.


We appreciate an individual’s right to privacy and in all situations we strive to achieve a balance between protecting that right and confirming that we have the correct information to ensure we can provide an exceptional experience for all.

Under the Data Protection Act 2018, a number of new principles mean that individuals have greater rights concerning their information and how it is used (see Data Subject Rights). We have detailed an overview of these principles below and included the privacy statements for all groups of people who the University of Salford interact with.


Lawful Bases

The law on data protection sets out a number of different reasons for which an organisation may collect and process your personal data, including:

Public task

To ensure that we meet and carry out our role as an institute of higher education and provide our students with required level of service, we need to collect and process relevant personal data.

For example, when we record your academic results and validate with your previous further education provider.


In specific situations, we can collect and process your data with your consent.

For example, if you are a graduate and you tick a box to receive email enquiring if you wish to become a donor.


In certain circumstances, we need your personal data to comply with our contractual obligations.

For example, when you accept a place at the University we need to capture certain information in order to provide you with the place and service.

Legal compliance

If the law requires us to, we may need to collect and process your data.

For example, certain government departments need us to collect and pass on statistical data.

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running the University which does not materially impact your rights, freedom or interests.

For example, after you graduate, we will send you email newsletters updating you on what is happening here at the University.

When collecting your personal data, we’ll always make clear which data is necessary in connection with a particular service.

When do we collect data?

Here are some examples of when we collect your information, for further details please take a look at the relevant Privacy Policy.

  • When you visit our website
  • When you engage with us on social media
  • If you join us as a student or staff member we need to capture data in order to enter into a contract with you
  • If your image is captured on the CCTV that we deploy across our sites for safety and security
  • When a donation or a purchase is made
  • When an individual attends a clinic run by the University

What sort of data do we collect?

Under the Data Protection Act 2018, we are only permitted to collect the minimum amount of information needed to carry out a specific purpose, therefore depending on your relationship with us we collect different amounts of data.

Example, if you are making a decision about university choices and want some information sending to you, we would only take your name and contact details (address and email) but if you are joining us as a member of staff we would need more information, such as date of birth, gender, financial details.

If your relationship with us changes, we remove all unnecessary information that we hold on you. The University has produced a retention schedule to ensure that we only retain details that enable us to perform to perform our duties.

View our Records Retention Schedule.

How do we use your information?

Different information is processed for different purposes, some of it is used to improve experience, such as cookies on the website and other information helps us track performance, comply with legislation or help keep you informed of what is happening here at the University of Salford.

Detailed information about how we use information for different purposes can be found in the relevant privacy policies, but here are some examples:

  • Website cookies tell us which pages you find useful, and therefore how we can improve your experience online
  • We collect and report upon sensitive personal data, such as gender, ethic origin and disability data in order to undertake equal opportunity monitoring
  • We require financial data to administer financial activity, such as fees, scholarships and bursaries
  • We take photographs in order to issue access passes
  • Information captured during research projects will be processed in order to develop our programmes and insight

How long do we keep your data for?

Data is retained for as long as it is required to perform its purpose, or for as long as is required by law. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

View our Records Retention Schedule.

Who do we share your information with?

Sometimes we share your personal data with trusted third parties, in order to meet our contractual needs or to improve our services.

Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:

  • We provide only the information they need to perform their specific services
  • They may only use your data for the exact purposes we specify in our contract with them
  • We work closely with them to ensure that your privacy is respected and protected at all times
  • If we stop using their services, all of your data held by them will either be deleted or rendered anonymous

Examples of the kind of third parties we work with are:

  • IT companies who support our website and other business systems.
  • Operational companies such as the Students Loan Company
  • Direct marketing companies who help us manage our electronic communications with you
  • Google Analytics to understand our website usage, this is subject to acceptance of cookies on our websites. See our cookies notice below for details
  • Clinical practices providing health and wellbeing services
  • HEAT (Higher Education Access Tracker) privacy notice

How can you stop us using your data?

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

In cases where we are processing your personal data on the basis of our contract with you, public task or for a legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have an overriding reason to continue processing your personal data, if this is the case we will advise you of the reason.

Our privacy statements

Here are all our privacy statements, detailing how we collect and use your personal data depending on your relationship with the University of Salford. If you have any questions regarding the statements please get in touch with the person/department listed in the relevant notice.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under a privacy notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

More information on how the University collects and uses personal information can be found in the Notification made to the ICO or in the relevant privacy notice.

Data protection

The Data Protection Act 2018, building on previous data protection legislation, gives people the right to know what information is held about them and requires the University to ensure that personal information relating to living individuals is handled properly, held in confidence and is protected from inappropriate disclosure to third parties.

It provides a comprehensive and modern framework for data protection in the UK and will give people more control over use of their data, provide new rights to move or delete personal data and impose stronger sanctions for malpractice.

Everyone who collects and manages personal information at the University of Salford must do so in a way that complies with our Data Protection Policy, the six principles, and the new individual rights under the Data Protection Act 2018.

Data protection

Data subject rights

This section details the rights that every individual has in relation to their personal data that the University of Salford holds.

The Data Protection Act 2018 provides the following rights for individuals:

Your right of access to personal information

Under Article 15 of the Data Protection Act 2018, individuals have a right of access to their own personal data held by the University. A request for all such information is called a Subject Access Request or SAR.

Under the Data Protection Act 2018 the individual is entitled to:

  • A description of the data
  • The recipients of the data shared
  • Information about any automated decisions that have been made
  • A copy of the data on request

All the above must be returned to the requesting individual within one month and at no cost. If you would like to exercise your right of access please submit a request using the SAR form. If you wish to exercise any of your other rights then please email us at:


The university uses various cookies across the website to help navigate the website. The university uses a mix of session, persistent and third-party cookies.  

What is a cookie?

A cookie is a small text file that contains small amounts of information, often including a unique identifier, that is downloaded onto a computer or smartphone when you access a website – if your browser preferences allow it. Cookies are created when you (using a browser) visit a website that uses cookies to keep track of the movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customisation functions.

Please note that cookies can't harm your computer. We don't store personally identifiable information in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. For example, they help us to identify and resolve errors, or to determine the most visited pages.


Types of cookies

Session cookies are cookies that expire at the end of a browser session. They allow users to be recognised within the website so that any changes or item or data selection is remembered from page to page. The cookie is then automatically deleted when the user leaves the website.

Persistent cookies help websites remember user’s information and settings for when a user visits them in the future, thereby speeding up or enhancing a user’s experience of the services or functions offered.

When you visit our websites you may notice some cookies that aren't related to the University. If you go on to a web page that contains embedded content, for example from YouTube, you may be sent cookies from these websites. We don't control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.

How to manage my cookies

You can use your website browser to:

  • Delete all cookies
  • Block all cookies
  • Allow all cookies
  • Block third-party cookies
  • Clear all cookies when you close the browser
  • Open a 'private browsing' / 'incognito' session (allows you to browse the internet without storing local data)
  • Install add-ons and plug-ins to extend browser functionality, for example Google have created a Google Analytics Opt-Out Browser Add-On for Chrome.

Select your chosen browser below for instructions and guidance on how to manage your cookies via your browser. Please be aware that restricting cookies may impact on the functionality of our site.

If you use another browser, you can visit the browser developer website for guidance and instructions on managing cookies.

Further guidance and information

More information can be found on the ICOAbout Cookies and All About Cookies websites.


How to get in touch with us

Advice and guidance on aspects of data protection within the University of Salford is available from the Information Governance Team, they can be contacted email at:

Our postal address is:

Data Protection Manager
Legal and Governance Directorate
Maxwell 5th Floor
University of Salford
M5 4WT

If you have a complaint

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, please get in touch with the contact listed in the relevant privacy notice. If you wish to escalate any issue or complaint further contact:

Data Protection Manager
Legal and Governance Directorate
Maxwell 6th Floor
University of Salford
M5 4WT

Additionally, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can contact them by calling +44 (0)303 123 1113 or on the ICO website (note, we are not responsible for the content of external websites).

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.