Record of Processing Activity 2022/23


Kingston University recognises its responsibility to document our processing activities. This document describes our personal data processing at a high level and refers to detailed documents of processing activity, privacy notices and relevant policies.

Contact details

Our registered address is Kingston University, River House, 53–57 High Street, Kingston upon Thames, Surrey KT1 1LQ.

Any questions relating to data protection or how the University is processing personal data can be addressed to our Data Protection Officer by email at

Purposes of processing

We process personal data in order to:

  • Meet legal and statutory obligations, such as compliance with tax and immigration laws
  • Deliver on employment contracts, such as making salary payments and enable staff to undertake their roles in teaching, research and administration
  • Deliver on student contracts, such as providing access to University services and facilities
  • Maintain relationships with alumni, affiliates, donors and friends
  • Carry out research

Categories of personal data

We hold personal data on:

  • Job applicants, employees and workers, ex-employees and workers
  • Study enquirers, applicants, students, alumni
  • Affiliates including contractors, collaborative partner staff, honorary staff
  • Donors and friends
  • Prospective and current business customers
  • Suppliers
  • Media contacts
  • Relatives, guardians and emergency contacts
  • Visitors, travel guests and members of the public
  • Placement providers and degree apprenticeship employers
  • Community groups, businesses, local governments, charities, members of parliament
  • Landlords
  • School/college teachers
  • Referees

The types of personal data include:

  • Personal and contact information
  • Identity documentation e.g. passport
  • Education and employment history and qualifications
  • Course and award
  • Appeals, mitigating circumstances, complaints, conduct, queries, counselling records
  • Submitted work, feedback and grades
  • Contract information
  • Case history, absence, performance, compensation and benefits, learning and development
  • Survey responses
  • Financial information, bank account, payment card
  • Travel and accommodation
  • Loan, debt, mitigating circumstances
  • Salaries, benefits, advances, expenses
  • Supplier payments
  • SEN and care status
  • Work for publication
  • Career profile
  • Photos/images
  • Special category data
  • Criminal offence data


Personal data may be shared with:

  • Employers and agents
  • Higher Education Statistics Agency, Education and Skills Funding Agency, Office for Students, AdvanceHE
  • Research England/UKRI, funding bodies and collaborators
  • Student Loans Company
  • Enquirers, financial institutions, tenancy agents, courts
  • Telemarketers
  • Suppliers, accommodation providers, consultancies, delivery partners, survey companies, external learning providers
  • Collaborative partner organisations, training partnership organisations, placement providers, project creators, partner institutions
  • General public, media, journalists and researchers
  • Central and local government, HMRC
  • Police forces and emergency services, Health & Safety Executive
  • Legal company
  • Insurers
  • Stakeholders
  • Debt collection and tracing agency, financial institutions, purchasing consortium
  • Auditors
  • Benefits providers
  • Tenancy agents
  • Courts
  • British Library

International transfers

Kingston University has relationships with institutions and agencies outside the UK which encourage and facilitate international learning and research. Where we transfer personal data outside the UK as part of these relationships, we have contracts and other safeguards in place to govern this processing.


Personal data is held only as long as is necessary to fulfil the stated purpose. The majority of student and employee personal data is held for six years after the end of study or employment.

For more information, see the retention schedule under the Information Regulations section of the University website.


Data security is a priority for the University. The University will use appropriate technical and organisational measures in accordance with the University's IT policies and related Codes of Practice to process and safeguard personal data, and in particular to protect against unlawful or unauthorised access, processing and against accidental loss, damage, or destruction.

Further information

Further detail on the personal data that we process can be found in our Record of Processing Activity.

The Information Regulations section of the University website provides links to privacy notices, retention schedules and relevant policies.