11.21 Data Protection, GDPR and Freedom of Information

1. Personal information will be held by the University in accordance with the terms of the Data Protection Act 2018, and other associated legislation. Personal information concerning applicants, or submitted by applicants, will only be accessed by those immediately involved in the processing of the application for postgraduate study.

2. Access to the Aberystwyth electronic admissions system (including Aberystwyth Student Records and Admissions System (AStRA)) is strictly controlled and only accessible to staff with approved authorisation.

3. Under the Data Protection Act 2018 and GDPR, and in certain circumstances, the Freedom of Information Act, all individuals have a right to access to their own personal data as held by AU, and to correct this as necessary or to request ‘to be forgotten’.

4. Data Access Requests and all enquiries relating to the University’s data protection and GDPR policies should be directed to the Data Protection Manager (e-mail: infocompliance@aber.ac.uk)