Privacy Policy

This Notice tells you how the University of Leeds (University) will collect and use your personal data when you access this website. The University is a 'controller' of this personal data for the purposes of the data protection legislation.
Note that additional information will be provided where you are requested to enter personal information and this will vary between our various websites. (Information will be provided through the relevant privacy notice for that website).

It is important that you read this Notice together with any other privacy notice we provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.  This Notice supplements the other notices and is not intended to override them.

This is specifically for online landing pages hosted on the domain online.leeds.ac.uk. A separate consent banner is used for the main University of Leeds website on leeds.ac.uk. 

We keep the information provided in this Notice under review. This Notice may be updated from time to time. If we make any substantial updates, we will draw these to your attention.

We will not use your personal data in any manner that is incompatible with the purpose for which the data were collected originally, unless we have obtained your consent to that additional use. 

If there is anything you are unclear about, please contact our Data Protection Officer, who will be happy to answer any queries you may have concerning this Notice or the way in which we process your personal data.

The Data Protection Officer's contact details are provided at the end of this Notice.

Where we request personal data from you on our website you will be informed at that time of the purpose for which the data will be processed and how it will be processed, its legal basis for processing. 

When you access our online.leeds.ac.uk landing pages certain information your browser provides, including your IP address at the time, browser type, and potentially the address of the page you last visited, will be automatically recorded by the University and by the HubSpot CRM used by the Marketing department. This data may be used to aid detection in the event of a security breach. The legal basis for this processing is a necessity to pursue our legitimate interests to keep our website secure. The University retains this data in a form from which you may be identifiable for a period of up to one month.

The personal data that you have provided will not routinely be sent to third parties. The CRM system used to track performance, analytics and behaviour on any of our online.leeds.ac.uk sites is performed by HubSpot, a third party marketing tool.

100% Exception for Online Distant Learning Courses

The University works with third party partners (Boundless Learning and Coursera) who handle admissions enquiries and recruitment for some of our 100% online distance learning postgraduate courses.

If you submit an enquiry through the online form published on the associated course pages, our partner organisation will use your personal data to respond to your enquiry, and provide you with information on relation opportunities, if you opt-in to receive them. If you choose to apply for the course, your data will be entered into the University’s application system so we can consider your application. These partners are only allowed to use your data in accordance with the strict instructions of the University. Neither partner will use your data in any other way nor will they share it with any other organisation.

The University’s policies on retaining data for prospective and current students, staff and job applicants are detailed in our Data Retention Schedule.

In other cases, for example, if you subscribe to news or events, any retention of data will be made clear at the point of collection.

You can use the cookie settings pop-up — the ‘review cooking settings’ button on this page — to manage your cookies.

Cookies are small text files that are placed on your device by websites that you visit.

We use cookies for the following purposes:

• Necessary: To help our website function
• Analytical: To improve user experience
• Functional: To track visits
• Marketing: To inform targeted advertising

The list of necessary cookies used on this specific domain. These are essential cookies that do not require consent.

__cfruid

This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session. Learn more about Cloudflare cookies. 

__cfuvid

This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session. Learn more about Cloudflare cookies. 

__cf_bm

This cookie is set by HubSpot's CDN provider and is a necessary cookie for bot protection. It expires in 30 minutes. Learn more about Cloudflare cookies. 

__hs_opt_out

• This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again.
• This cookie is set when you give visitors the choice to opt out of cookies.
• It contains the string "yes" or "no".
• It expires in 6 months.

__hs_do_not_track

• This cookie can be set to prevent the tracking code from sending any information to HubSpot.
• It contains the string "yes".
• It expires in 6 months.

__hs_initial_opt_in

• This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode.
• It contains the string "yes" or "no".
• It expires in seven days.

__hs_cookie_cat_pref

• This cookie is used to record the categories a visitor consented to.
• It contains data on the consented categories.
• It expires in 6 months.

__hs_gpc_banner_dismiss

• This cookie is used when the Global Privacy Control banner is dismissed.
• It contains the string "yes" or "no".
• It expires in 180 days.

__hs_notify_banner_dismiss

• This cookie is used when the website uses a Notify consent banner type.
• It contains a boolean value of True.
• It expires in 180 days.

hs_ab_test

• This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.
• It contains the id of the A/B test page and the id of the variation that was chosen for the visitor.
• It expires at the end of the session.

__hsmem

• This cookie is set when visitors log in to a HubSpot-hosted site.
• It contains encrypted data that identifies the membership user when they are currently logged in.
• It expires in seven days. 

hs-membership-csrf

• This cookie is used to ensure that content membership logins cannot be forged.
• It contains a random string of letters and numbers used to verify that a membership login is authentic.
• It expires at the end of the session.

hs.superstore.laboratory.<id>

• It contains an offline cache of cohorts that a user got assigned for HubSpot Product experiments.
• It doesn't contain personal identifiable information or information that can identify your device or hardware
• HubSpot experiments are anonymous and aren't attached to user sessions. However, if tracking consent is given, specific experiments might be tied to identifiable user sessions.
• The individual contents of this storage entry expire automatically upon specific dates determined by HubSpot Product. Often, these are 48 hours.
• It can't be manually removed and is automatically created whenever conditions are met.

<id>_key

• When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again.
• The cookie name is unique for each password-protected page.
• It contains an encrypted version of the password so future visits to the page will not require the password again.
• It expires in 14 days.

Click here to visit the full University of Leeds website domain leeds.ac.uk privacy policy. Under the GDPR, in certain circumstances, you have the right to:

• withdraw your consent to our processing of your personal data where that is the legal basis for such processing
• access any of your personal data which we hold
• have your personal data which we hold corrected if it is inaccurate
• have any of your personal data which we hold erased
• restrict the ways in which we process your personal data
• object to our processing of your personal data
• receive a copy of any of your personal data which we hold in a structured and commonly used machine-readable format
• in certain cases not be subject to a decision based solely on automated decision making
• lodge a complaint with a supervisory authority.

If you have any queries or concerns relating to this privacy notice or the way your data is being processed through this website then please contact the University’s Data Protection Officer, Rebecca Messenger-Clark.

• Phone: +44 (0) 113 2431751
•  Email the Data Protection Officer: dpo@leeds.ac.uk
• Address: University of Leeds, 11.72 EC Stoner Building, Leeds LS2 9JT, UK.

The UK’s regulator for the Data Protection Act (DPA) and GDPR is the Information Commissioner’s Office (ICO). The University is registered as a Data Controller with the ICO.

Should you be dissatisfied with our handling of your concerns you have the right to complain to a supervisory authority. In the case of the UK this is the Information Commissioner’s Office.