Data Management (GDPR)

Data Protection

Queens' College Data Protection Policy


The Data Protection Act 2018

The Data Protection Act 1998 sets out rules for processing personal information. It applies to some paper records as well as those held on computer. The Act gives individuals certain rights, and also imposes obligations on those who record and use personal information to be open about how information is used and to follow eight data protection principles.

Personal data must be processed following these principles, so that data is:

  • processed fairly and lawfully, and only if certain conditions are met
  • obtained for specified and lawful purposes
  • adequate, relevant, and not excessive
  • accurate and, where necessary, kept up-to-date
  • not kept for longer than necessary
  • processed in accordance with the subject's rights
  • kept secure
  • not transferred abroad without adequate protection

Admissions and Student Records

The College processes personal data to assist in the admissions process, to enable the provision of education and welfare services to its students, to facilitate the administration of student accommodation, to provide up-to-date academic records, to assist in the administration and collection of fees and charges, to comply with legal and other obligations (e.g. health and safety), to facilitate communications and mailings, to enable the provision of references, to assist with fund-raising by the College and the University, for alumni activities, and for research and archive processes.

Information is provided by the applicants and students themselves (by way of application forms and other means), and also by third parties such as schools, local authorities, and examination boards.

In order to ensure the proper functioning of the College as an institution in the higher education sector, the College may, from time to time, consider it appropriate to disclose relevant personal data about applicants and students within the College to other members of staff, committees and organisations (such as the JCR and MCR), and also to various external bodies, including the College Visitor (see Troubleshooting), appropriate members of staff of the University of Cambridge, other Cambridge Colleges, inter-collegiate bodies, other educational institutions, employers and potential employers, professional bodies, funding bodies, local authorities, and other government and regulatory bodies. The College may or may not seek further consent to specific disclosures, depending upon the intended disclosure.

University of Cambridge Policy

Data Protection Officer

Queens’ Data Protection Lead is the Domestic Bursar, who will answer any questions you may have about data protection issues in Queens’ -

Access to Personal Data (Subject Access Requests)

If you wish to access personal data the College may have on record, please complete the Access to Personal Data request form.