Skip to main content
Information Governance

Data Protection and Privacy

Data Protection

Teesside University is a registered Data Controller and is subject to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA); two pieces of legislation that control the way organisations use personal data in order to protect the privacy of individuals. The legislation balances an individual's right to privacy with the need of organisations to use information about an individual for legitimate purposes.

Teesside University aims to process all personal data in accordance with the requirements and safeguards of Data Protection legislation. The University's approach to Data Protection is set out in our Data Protection Policy and Code of Practice . This Policy and Code of Practice contains links to other key Information Governance Policies, including Information Security which deals with how the University keeps your data safe.


The University has a wide range of functions and services which necessitate the processing of personal data. The University processes personal data of students, staff, alumni, research participants, visitors and individuals who work with the University.

We are committed to be open and transparent about how we deal with your information. You may have been given privacy information (in the form of privacy notices or fair processing notices) at various points in your contact with the University. The privacy notices below provide general privacy information for specific groups of individuals.

Request a copy of your personal data

Data Protection legislation provides individuals (Data Subjects) with a number of rights with regard to their personal data. These are explained in our privacy notices and include a right to receive a copy of the personal data being processed.

To make a request, free of charge, you can complete our subject access request form.

Web request form

To ensure compliance with legislation, and to maintain confidentiality, we may require proof of your identity. We may also require additional information from you to assist us in undertaking targeted searches for the information you require. Once in receipt of this information, we will normally respond to you within one calendar month. However, where your request is particularly complex or extensive, we may inform you that we need to extend the period for us to respond by up to two months (this will mean responding within a total of three months).

The right of subject access only applies to personal data relating to the data subject. As such, information relating to third parties or any information that does not relate to the data subject may be redacted (removed) from the information that is disclosed.

If you wish to make a subject access request or enact any of your data protection rights, please provide the details of your request, including information to assist us in identifying you, to the contact details below.

Data Protection Officer

The University has appointed a Data Protection Officer (DPO) in compliance with Article 37 of the GDPR.

Our DPO can be contacted by email at by telephone on 01642 342093 or in writing to the following postal address:

The Data Protection Officer
Legal & Governance Services
Teesside University

Go to top menu