Advice for Applicants>Admissions Policy 2024>Personal Information and Data Protection

Personal Information and Data Protection

The University collects data on admissions from applicants in order to meet requirements for admissions which include being able to make decisions, contact applicants and provide information for meeting statutory reporting requirements. If the University does not receive this data it will mean that you will be unable to be admitted as a student.

Personal information submitted by applicants is processed under Data Protection legislation including but not limited to the General Data Protection Regulation. Information will only be accessed by those staff involved in the processing of applications and will form part of the student record if applicants accept a place and enrol at the university.

The legal requirements for processing are

  • The legitimate interests of the University and the purposes of entering into an education contract with you.
  • Undertaking processes in the public interest which include our obligation to determine suitability for courses with specific requirements e.g. education and health
  • Legal obligations
  • Consent including consent for legal obligations where applicable
  • Processing for reasons of substantial public interest
  • Processing for protecting the public against dishonesty
  • Processing in relation to employment, social security, social protection law and health or social care purposes

Data for unsuccessful applicants is kept for one year and then securely destroyed. Data for successful applicants where relevant will form part of the student file and be maintained for up to 7 years after graduation.

Under the Freedom of Information Acr individuals have a right to access their own personal information and to correct this as necessary or request his to be deleted.

More information on Cardiff Met’s data protection policy and information in relation to who can be contacted can be accessed at University Structure & Governance Data Protection (