Cranfield University Privacy Policy

Cranfield University is a specialist postgraduate institution with a worldwide reputation for excellence and expertise in Aerospace, Defence and Security, Environment and Agrifood, Energy and Power, Management, Manufacturing, Transport Systems and Water.

To find out more about Cranfield University, its commercial operations and how it will use personal information collected, please see below. Cranfield University is committed to the privacy of every individual who interacts with us. To that end, the University has established this Privacy Policy. It explains what and how we collect, store, use and protect the information gathered from you.

This policy also instructs you on what to do if you do not want your personal information collected or shared when you visit our websites, work or study with us. By using and visiting the website, you agree to this policy and the uses made of personal information as set forth herein or amended hereafter.

This policy is reviewed annually. From time to time, we may update the policy. We encourage you to review it regularly to stay informed.

Cranfield University Group includes a number of subsidiaries:

Cranfield Conference Centre Limited
Cranfield Defence and Security Services Limited
Cranfield Innovative Manufacturing
Cranfield Management Development Ltd
Cranfield Quality Services Ltd
Cranfield Regatta Limited
Cranfield Group Holdings Limited
Cranfield Airport Operations Limited
MK:U Ltd

Contacting Cranfield University about our Privacy Policy

We welcome comments and suggestions regarding the Cranfield University Privacy Policy. Please send these to

If you believe your personal information has been misused, or handled in such a manner contrary to the policy stated above, please send details to

When you are using Cranfield University websites, Cranfield University is the data controller. Our Data Protection Officer can be contacted on or at the address below:

Data Protection Officer
Cranfield University
College Road
MK43 0AL

Detailed privacy notices

This privacy policy includes general information about how Cranfield University processes your data, more specific information is available depending upon your relationship with Cranfield, please see links below.

Staff privacy notice

This notice explains how HR will collect and use, the personal data of our employees to manage the employment relationship.  The notice also covers those who have a temporary or ongoing relationship with the University. Download the Staff Privacy Notice

Student privacy notice

In order to carry out its duties as a University, Cranfield must collect and process personal and sensitive data relating to its students. Download the Student Privacy Notice

Alumni privacy notice

The privacy notice is supplementary to the University's Privacy Policy and applies specifically to information held about alumni, supporters and friends of Cranfield University. Download the full Alumni Relations & Development Privacy Notice

Job application privacy notice

Our Job Application Privacy Policy Notice explains how we will collect and use the personal data relating to our job applicants. Download the Job Applicant Privacy Notice

What personal data may Cranfield University collect

We process information about many different types of data subjects, which include staff, contractors, students, clients and the general public. We record further details on the types of data subjects we process information about and this information is available on request.

For those data subjects, we process a wide variety of categories - depending upon the purpose for the processing.

Information you voluntarily provide to us, such as your name, user name, address, phone number, email address and other contact information.

When you enter into a contract to study or work with us, we may collect financial, profile and preference information that you provide.

Cranfield University is a centre of transformational research in technology and management, and a wide range of personal data may be collected and processed for research purposes. This includes research into human behaviour and human factors and biometric data is collected through facial recognition cameras and other sensors (in particular for our research into digital aviation technologies). Facial recognition data is not used for employee performance monitoring.

When you attend a lecture or an event (either in person or virtually) we may also collect and record visual and audio images.

The University does not hold or process electronic card payments; where an electronic card payment is to be made, customers are redirected to external web payment services where personal data is collected and these are governed by their privacy policies and notices.

We may also collect information including, but not limited to, metadata including geolocation, browser type, pages visited, device type and time and date of visit. We may use cookies or similar technology to collect such information. Information gathered by cookies or similar technologies may be used for our business purposes such as analytics, research, digital advertising and operation purposes. You may set your browser to notify you when a cookie is sent or refuse cookies altogether but certain features of this site may not work without cookies. Find out more about the use of cookies on our website.

Some further examples of data we collect are given below and full information is available on request.

  • access and control lists
  • accommodation records
  • attendance records
  • complaints, incidents and accidents
  • courts, tribunals and enquiries
  • education, performance, training and achievement or award records
  • grievance, disciplinary and appeals records
  • health records
  • licences and permits held
  • information from publicly available sources
  • lifestyle and social circumstances
  • provision of university services including library, IT & room and conference facilities
  • recruitment, education and employment records
  • 亲属、监护人和同事
  • associations and professional body memberships
  • survey responses
  • vehicle details including vehicle registration and driver/ownership
  • vetting checks
  • visual images, personal appearance and behaviour

Live Chat

Cranfield Group uses Live Chat and other online web chat tools to and call back request features to facilitate and assist website visitors with any enquiries that have.

Why does Cranfield University process your data?

In summary, we process personal information to enable us to:

  • provide education and support services to our students, professional learners and alumni
  • support and manage our employees; internal support functions; corporate administration and other business-related functions of the University
  • maintain our accounts and records
  • provide commercial activities to our clients
  • undertake research
  • advertise and promote the University and the services we offer
  • publish University and alumni publications
  • undertake fundraising
  • carry out knowledge exchange activities.
  • Monitor examinations and tests either on-line or face to face

When collecting your personal data, our intention is to be clear to you which data is necessary in connection with a particular service.

All information is processed under a legal basis to comply with UK Data Protection Legislation.

We have identified appropriate lawful bases for processing personal data and a schedule 1 condition for processing special category or criminal offence data. Information on these is given in the sections below

Legal bases

Contractual obligations

In certain circumstances, we need your personal data to comply with our contractual obligations.

For example, if you study with us, we will process the information necessary for fulfilling the contract to provide a course of education in accordance with the agreed terms.

Failure to provide information requested under contract may result in you not being able to be considered to work or study with us.

Legal compliance

If the law requires us to, we may need to collect and process your data. For example, to fulfil our legal obligations in relation to tax.

Vital interest

Occasionally processing may be necessary in order to protect your vital interests. For example, should you decide to work or study with us, in the case of a medical emergency we will share your data with the emergency services.

Public task

As a University, we are required to process information to carry out our duties as a public authority. For example, we may be required to share your details with Higher Education Statistics Agency (HESA) and Office for Students (OfS).

Legitimate interest

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.

We also have a legitimate interest to visually identify and record people on campus for the purpose of security.


In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters.

We may use your personal information for marketing or research purposes. For instance, this could allow us to personalise information and increase its relevancy if we contact you, or to invite you to help us develop new products through your feedback. If you would prefer us not to contact you using the personal details you have supplied, please contact

Legal bases for special category and criminal offence data

In addition to processing your personal data we also process special category data and data concerning criminal offences.  This may include. 

  • Protected characteristics as outlined in the Equality Act 2010 and other relevant legislation
  • Occupational health records
  • Disclosure and Barring Service (DBS) records
  • Criminal convictions
  • Biometric data collected through facial recognition cameras and other sensors for research and security purposes. 

Conditions for processing special category and criminal offence data

We will only process such data in relation to you where the processing meets one or more of the conditions for processing such data, as set out in Data Protection legislation.  For example: 

  • we have a number of employment law duties and obligations, which require us to process special category and criminal conviction data, including those relating to ensuring the fair treatment of employees, and maintaining a safe and secure working environment.
  • where necessary, special category data will be processed for the purposes of preventive or occupational medicine, including in order to assess the working capacity of an employee. 
  • Certain processing may also be necessary including processing to enable the establishment, exercise or defence of legal claims, or for research and statistical purposes. 
  • We also request you to declare diversity data (protected characteristics) at the time of your application for a post and through equality monitoring exercises. Provision of this data, which is processed by us for statistical purposes, is optional.

A complete list of processing conditions we use is given below, for further details please see the privacy policy which also includes links to the staff and student privacy notices, or email .

  • Explicit consent
  • Employment, social security and social protection law
  • Vital interests
  • Not-for-profit bodies
  • Made public by the data subject
  • Legal claims and judicial acts
  • Public interest
  • Health and social care
  • Archiving, research and statistics


Who do we share your personal data with?

Where required, we share your information across the University and with our commercial subsidiaries.

The University will not sell, license or trade your personal information without your consent. We will not share your personal information with others unless they are acting under our instructions or we are required to do so by law (for example, to government bodies and law enforcement agencies, examining bodies, regulatory and investigatory authorities). As a University, Cranfield has a statutory requirement to report data to higher education funding and regulatory bodies and their designated agencies including HESA, Jisc and Graduate Outcomes.

We also sometimes share your personal data with trusted third parties. When sharing your data with third parties we require those organisations to keep your data safe and protect your privacy.  That is;

  • We provide only the information they need to perform their specific services
  • They may only use your data for the exact purposes we specify in our contract with them
  • We work closely with them to ensure that your privacy is respected and protected at all times
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Examples of the kind of third parties we work with are:

  • Suppliers, service and support providers e.g. IT companies who support our website and other business systems
  • Professional and legal advisors
  • Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our 饼干通知 for details.
  • Data insight companies to ensure your details are up-to-date and accurate
  • UKRI and other research councils and funding agents including Wellcome Trust, Royal Academy and other learned societies
  • End point assessment organisations for apprenticeship purposes
  • Ranking and accreditation agencies
  • Our partners in research and teaching activities.

We also share information with other parties at the specific request of, or consent by, the data subject.

For full information on sharing of your data please refer to the detailed privacy notice links earlier in this document,  or email

How long will we keep your personal data?

Cranfield University has reviewed our records and procedures regarding the retention of data.  For the most part, data will be kept for a standard retention period of seven years in line with statute of limitations.

There will be some exceptions to this, and data may be kept for a shorter or longer period than seven years.

For example, employment applicant data will be kept for less time, while the categories of student name and qualification will be kept for the lifetime of the University. Some further data will be kept for more than seven years where there is a legal obligation to do so (e.g. pension information).



Your rights

Under UK data protection law, you have rights including:
  • The right of access - you have the right to request the personal data we hold about you, free of charge in most cases.
  • The right to be forgotten - you have the right to request that we delete your data.
  • The right to data portability - you have the right to request that we supply a copy of your data in a commonly-used and machine-readable format for you to transfer your data to another service provider.
  • The right to be informed - you have the right to be informed about our processing of your data.
  • The right of rectification - you have the right to request the correction of your personal data when incorrect, out of date or incomplete.
  • The right to restrict processing - you can request that your data is not used for processing. Your record can remain in place, but not be used.
  • The right to object - you have the right to stop the processing of your data for direct marketing.
  • Cranfield University offers visitors to our website the opportunity to subscribe (opt in) to a number of electronic communications. You have the possibility at all times to tell us you no longer wish to subscribe to our electronic communication service (opt out). All e-communications you receive from us will provide clear instructions on how to unsubscribe from each service.
  • You also have the right to object to the processing of your data where you believe a decision has been made about you by fully automated means, which has adversely affected you.
  • The right to be notified - you have the right to be notified, without undue delay, if there has been a data breach which is likely to result in a high risk to your rights and freedoms.  .
  • The right to complain - The University is committed to ensuring that any concerns are dealt with quickly and fairly, and with due concern for the individuals involved. However, the University recognises that individuals may continue to be dissatisfied. If you wish to complain about the University’s processing of your personal data you are entitled to complain to the Data Protection Officer who will nominate a Senior Officer of the University, who has not been involved in the original enquiry, to deal with your complaint.

    Data Protection Officer,
    Cranfield University,
    MK43 0AL
    t: +44 (0) 1234 754536

    You retain the right at all times to lodge a complaint about our management of your personal data with the supervisory authority, in the UK this is the Information Commissioner’s Office (ICO). The ICO will expect you to complain to us first and give us an opportunity to resolve the matter before contacting them. The ICO contact details are given below.

    Wycliffe House,
    Water Lane,
    SK9 5AF.

    Web page
    Live chat service
    ICO helpline on +44 (0) 303 123 1113.  
Please note that the rights described above do not apply in every circumstance. If you require further clarification, please contact .

For information on handling FOI requests see this link. Freedom of Information (


Where your personal data may be processed

Your personally identifiable information will normally be processed in our own databases located in the United Kingdom, but some data may be processed elsewhere through specific contractual agreements. Cranfield University is committed to keeping secure the data you provide us and will take reasonable precautions to protect your personally identifiable information from loss, misuse or alteration.


Cranfield University has made substantial investments in security technology and security management processes. These technologies are deployed to guarantee maximum security of the information you provide us with.  For further details see the Information Security policy Policies, regulations, and information compliance (

External website links

The links are provided as a courtesy, to be used or not at the discretion of the individual user. If users decide to follow these links, Cranfield University cannot be responsible for the Privacy Policies and content of those sites. Users should contact the co-ordinator of the particular site with any questions about those sites.

Data protection notice

Please note that any information supplied via this website may be stored on our computer system for the provision of information, marketing and analysis. We may also share this information with other third parties in line with our registration with the ICO.

You can view our Data Protection Policy for more information.

We are registered with the Information Commissioners’ Office and our registration number is Z4690919.

For details of Cranfield subsidiary organisations registration please contact

Send to a friend

Users can choose to electronically forward a variety of articles, abstracts, research papers and course details to someone else. Users must provide their email address as well as that of the recipient. The information is only used in the case of transmission errors and to let the recipient know who sent the email. The information is not used for any other purpose.


Cranfield University is a postgraduate institution and therefore will only process children’s personal data under very specific circumstances. For example, events supporting science-based projects in schools, attendees at the on-site pre-school and ‘Bring Your Child to Work Day’.

Where there is a need to collect information from a person under 16, then the University will need consent from a parent or guardian in order to process any data. In these circumstances, an email or postal address of this person will be needed so that we can write to them to collect this.

Publish and review date

This version is dated August 2022, next review date July 2023.