Market Research Privacy Notice
This document sets out our privacy policy for the purposes of market research among Canterbury Christ Church students (past and present), staff and general public aged 16+ years old.
- Introduction
- What personal information do we collect about you?
- How do we collect your information?
- How do we use your personal data?
- The lawful basis we use to process your data
- Who do we share your personal data with
- How do we protect and store your personal information
- Who do we share your personal data with
- How long do we keep your personal data
Introduction
This Privacy Notice outlines how Canterbury Christ Church University (the Data Controller) collects, uses, and protects personal data for the purpose of market research & market insight. It applies to all University students (including prospective, offer holding, current and alumni), friends, relatives and advisors of prospective university students and staff.
We are committed to handling your personal data responsibly and transparently, in accordance with the Data Protection Act 2018 and UK GDPR and any other relevant legislation. This notice is intended to ensure you are fully informed about how your personal information is used and the rights you have in relation to it.
You can access our Data Protection Policy here.
What personal information do we collect about you?
When you engage with the University to express an interest in the services we offer, we collect and retain relevant personal data. This information is used for the purposes set out in Section 3 of this Privacy Notice.
We may process the following categories of personal data about you:
- Gender
- Ethnic and geodemographic information
- Information regarding your educational journey: any enquiries made; applications submitted, offers received from us; details of your current and previous study centres; courses and subjects you have studied and are interested in and your opinion of it.
- Recruitment events and activities you have taken part in, and your opinion of it
- Information about your attitudes, preferences, and behaviours when seeking information to support your educational and career decision-making
- Your opinions of other universities, their communication style, campuses and facilities, and overall educational offerings
- Personal email address if taking part in one of our surveys prize draw
How do we collect your information?
The University may collect your personal data through a range of methods and sources, depending on your relationship with us and the nature of our interaction. We may collect your personal information:
- Directly from you – verbal of written contact with you such as when you are filling a questionnaire; when you participate in one of our interviews; or when you interact with us through social media.
- Through automated technologies – such as when you interact with our website (e.g. cookies, and website analytics).
- From third parties – such as when information is shared by UCAS with us.
How do we use your personal data?
The University may process your personal data for the following purposes:
- To collect and analyse data to generate market insights and conduct market research that help us improve our products, services, information provisions, application which support recruitment and student experience.
- To comply with statutory and regulatory requirements, including those under the Data Protection Act 2018 and UK GDPR.
The lawful basis we use to process your data
Data protection law sets out reasons for collecting and processing your personal data. In this section, we outline the legal bases the University uses.
We will be processing your data under:
- Article 6(1)(a) Consent "the data subject has given consent to the processing of his or her personal data for one or more specific purposes" For example, when you consent to take part in one of our surveys. You may withdraw your consent at any time. You need not give a reason. To withdraw your consent, contact: marketresearch@canterbury.ac.uk
- Article 6(1)(e) Public Task "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller"
- Article 6(1) (f) Legitimate Interests "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child" For example, when promoting our courses, campuses and advertising our University to you.
Who do we share your personal data with
We may share your personal data with trusted third-party service providers who act as data processors on our behalf. One of these partners is SurveyMonkey and others are independent third-party market research agencies which support with the delivery and operation of interviews on our behalf. We may also use independent data analysis consultants who support with trends analysis for our University. All third parties are required to handle your data securely and in accordance with data protection legislation
We may also disclose your personal data where necessary to meet our legal or statutory obligations under the Data Protection Act 2018 and UK GDPR or, for example, if you are the recipient of a survey price draw we will share that information with our colleagues in the Finance department to send you the voucher and also to meet our obligations under financial regulations. Furthermore we may share information with government departments, regulatory bodies, funding agencies, or law enforcement authorities where disclosure is legally required.
Whoever we share your information with, we will only share what is relevant and necessary to perform the specific task or to meet our legal obligations.
How do we protect and store your personal information
We are committed to safeguarding the personal data we process and have robust internal policies and controls to prevent unauthorised access, accidental loss, destruction, misuse, or disclosure of personal data. Access to personal information is strictly limited to authorised University personnel who require it for the performance of their duties in connection with carrying out market research and trend analysis.
We are Cyber Essentials accredited, demonstrating our commitment to implementing industry-recognised cybersecurity practices to protect against common online threats and ensure a secure IT environment.
- Where personal data is shared with third-party processors, such parties are contractually required to act solely on our instructions, implement appropriate technical and organisational safeguards, and comply fully with the requirements of the Data Protection Act 2018 and UK GDPR.
The data controller and further information
Canterbury Christ Church University is the Data Controller for this personal data.
Please click the link below to access further information regarding:
- The Data Controller
- The name and contact details of the University Data Protection Officer
- Where to make a complaint
- Your Rights as a Data Subject
- How to contact the Regulator
Version Control
| Title: | Privacy Notice - Market Research |
| Applicable to: | Applicants, Students, Employees, General Public |
| Process Owner: | Marketing |
| Date approved: | 25 May 2018 |
| Date of review: | 12 June 2027 |
| Date last amended: | 12 June 2025 |