Components

The University is committed to looking after any information that is made available to us when you visit our website in accordance with data protection law.

This is the privacy notice for the Manchester Metropolitan University website. Other University websites, for example those operated by faculties or departments, may carry their own specific privacy notice information or provide additional information relating to their activities, which will supersede or supplement this notice.

This notice explains who we are, how and why we collect personal information about you when you visit our website, what personal data is collected, our purposes and lawful bases for processing, and how you can exercise your privacy rights.

Please do read this notice to understand our practices and if you have any questions please contact us using the contact details provided below. Other privacy notices relating to our specific activities are available from our Privacy Notices section of the website. 

Who we are

Throughout this notice, “University”, “we”, “our” and “us” refer to the Manchester Metropolitan University, an exempt charity under Schedule 2 to the Charities Act 1993 (amended by the Charities Act 2011). We are a higher education institution which provides teaching, education, research and associated services. The University is the Controller in respect of any personal data which is collected during your engagement with the University website.   

The University is registered as a Controller with the Information Commissioner’s Office (ICO). We manage your personal information in accordance with the General Data Protection Regulation (GDPR) and the University’s Data Protection Policy.

The personal data we process

Cookie information

We will automatically collect, store, and use the following categories of information when you browse and search our site, if you have consented to our use of cookies:

  • Technical information, for example, the type of device (and its unique device identifier) you use to access our site, the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, mobile network information and platform; and
  • Information about your visit to our site including the full Uniform Resource Locators (URL), clickstream to, through and from the website (including date and time), pages you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Further information about our use of cookies is seen within our Cookie Policy.

Information collected via our forms

The majority of the personal information we collect about you when you engage with the University website will be obtained via our forms or if you contact us by e-mail. We may ask for some personal details if you wish to access some of our services or ask us to respond to your requests, for example:

  • to register for open days and our University events.
  • to order a publication such as a printed prospectus;
  • to subscribe to e-mail marketing communications and online newsletters.

This information which is collected directly from you. It is likely to include the following:

  • biographical information consisting of your name, title, birth date, age and gender;
  • your contact details including address, email address and phone number;
  • information about your time at the University;
  • your professional activities;
  • current interests and preferences;
  • records of communications sent to you by the University or received from you;
  • attendance at University events.

We may also collect and store bank card details. The University is PCI DSS compliant. We do not store credit/debit card details after authorisation and till receipts are always masked.

When you provide us with your contact details you will be asked whether you wish to receive any further communications from us.

We will ensure that all personal information you supply is held in accordance with data protection law. We do not sell or otherwise transfer personal data to any third parties unless you have consented to this or this is permitted by law.

For further information about your engagement with the website:

The purposes of the processing

Your information will enable us to:

Cookie information - We process your information for purposes arising from your use of the website, for example, to ensure that we understand who uses our site and how our site is used and to improve our site and ensure it is secure. This processing occurs because it is necessary to meet our legitimate interests in operating and improving the website, analysing its use, and ensuring its security.

Lawful basis: This processing occurs because it is necessary to meet our legitimate interests in operating and improving the website, analysing its use, and ensuring its security. We also rely upon your consent collected when you accept use of our cookies.

Information collected via our forms – We process your personal information collected via our website forms primarily to service your request of the University. For example, to facilitate your attendance at a University event, or service and respond to your request to receive information from us.

We may also ask you whether you wish to receive our marketing and promotional communications about the services, events and benefits we can offer you as a prospective, current student or member of our alumni. Accordingly we will send you communications about:

  • University publications
  • Promotion of our services
  • Notify you of upcoming events
  • Promotions, discounts and opportunities.

Lawful basis: Where we are servicing or responding to a request which you have made of the University via one of our forms we rely upon the legitimate interests lawful basis in order to respond to your request. We rely upon your consent to send you our promotional and marketing communications, such as our newsletters.

The recipients or categories of recipients of the personal data

We may share your data with third parties who provide services on our behalf, such as those who help us to operate the website or service requests you have made of the University, e.g. requests to receive a printed prospectus. All our third-party service providers are bound by the terms of a contract and are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.

We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our site terms of use or to protect the rights, property or safety of our site, our users, and others.

Where your data is shared with third parties, we will seek to share the minimum amount necessary.

The right to withdraw consent

If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. Please use unsubscribe links within our communications or refer to the specific privacy notice information which was provided when the University collected your consent for the most appropriate contact information. You are also able to use the manmetuni@mmu.ac.uk e-mail address.

Your rights in respect of the processing

The GDPR provides data subjects with the following data subject rights:

  • The right to be informed – this privacy notice assists with fulfilling these obligations.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing
  • The right to data portability
  • The right to object

Please note, that these rights apply in certain circumstances, for example according to the lawful basis utilised by the University. The right of access to personal information held about you exists in order to be aware of, and verify, the lawfulness of the processing. For further information about your data subject rights please see our specific: Data Subject Rights Page.

Contacting us

Our Data Protection Officer can also be contacted using dataprotection@mmu.ac.uk, by calling 0161 247 3884 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.

Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO. Please contact: casework@ico.org.uk or telephone: 0303 123 1113. For any further contact information please see: https://ico.org.uk/global/contact-us/.

Updates to this privacy notice

We may update this privacy notice from time to time in response to changing legal, technical or business developments. When we update our privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

Privacy notice updated on: 16.10.19