Data Protection

How the University protects personal data and upholds data subject rights.

The University processes information about individuals, for our own administrative purposes and to comply with our legal obligations. This information is called personal data.

Personal data could be as simple as your name, address, gender, staff/student ID number, or photograph. It could also include online identifiers such as an Internet Protocol (IP) address, video, voice recordings, or other factors. It is information that, either on its own or combined with other information, identifies a living individual.  

Some types of personal data are deemed more sensitive than others. This is called special category data. It requires extra safeguards when it is used. Special category data includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation.

The University of Liverpool is a registered Data Controller with the Information Commissioner's Office (ICO) under registration number Z6390975

Your rights under data protection legislation

Individuals have a range of rights with any organisation that holds personal data under the UK General Data Protection Regulation (UK GDPR). The rights are not absolute. Exemptions can be applied where appropriate.

You can read a guide to individual rights under UK GDPR on the Information Commissioners Office (ICO) website.

The most used Right is the right to ask an organisation whether it is using or storing your personal information and ask for copies of it. This is called the Right of access and is commonly known as making a Subject Access Request or SAR.

Under UK GDPR, you can also ask the University to:

  • Amend personal data that is inaccurate. (Right to rectification).
  • Erase personal data that we hold. This right is only applicable in certain situations. (Right to be forgotten).
  • Restrict how personal data is used. This right is only applicable in certain situations. (Right to restriction).
  • Object to the way we use your personal data. This right is only applicable in certain situations. (Right to objection).
  • Provide you with your personal data so you can move it to a new provider. This right is only applicable in certain situations. (Right to data portability).

To exercise any of your data subject rights please contact or write to: The Data Protection Officer, Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX. 

If you exercise a Right under UK GDPR, will keep a record of the correspondence with you. We do this to meet our legal obligations, to check compliance, and to monitor demand. See our Information Compliance Privacy Notice.

Page updated: 20 February 2024

Back to: Legal & Governance