This privacy page sets out how Fashion Society (FS) uses and protects any personal information that you give us when you use this website. FS is committed to ensuring that your privacy is protected.

Who we are

Fashion Society (FS) is recognised as a data controller under the General Data Protection Regulation and the Data Protection Act 2020.

Your rights

Under GDPR, you have:

  • The right to be informed of how your data will be used and protected
  • The right to access your information and obtain a copy
  • The right to make changes to your personal data
  • The right to delete your data in certain circumstances, or otherwise to restrict processing
  • The right to data portability
  • The right to object to direct marketing and other processing
  • Rights in relation to automated decision making and profiling
  • For more information visit the Information Commissioner’s Office (ICO) website.

You have the right to request access to information, subject to certain restrictions.

To make a Subject Access Request for your personal data, report a breach or to request the sharing of personal data outside of normal processes, please email

To request a correction, restriction of processing, the deletion of personal data or the review of an automated decision please contact the relevant department directly (e.g. HR for staff, Academic Registry for students).


Data processing

Information on how we process personal data in specific circumstances is found on individual Privacy Notices at or near the point of collection.

The personal data we collect or create

Data we collect or create may include:

  • Identity and contact details
  • Data relating to academic or employment performance (including records of attendance, disciplinary records etc)
  • Family details
  • Complaints or enquiries made by or about you
  • Records of counselling or other support requested or given
  • Survey data
  • Records of goods or services provided
  • Photographs
  • Scans of identity documents
  • Accident forms
  • Financial details

What we do with your personal data (our legitimate interests as a data controller)

Among other things we process personal information to enable us to:

  • Provide education and support services to our students and staff
  • Advertise and promote the university and the services we offer
  • Conduct surveys
  • Manage alumni relations and fundraising
  • Undertake research
  • Manage our accounts
  • Provide commercial activities to our clients.

Legal bases for processing

Under GDPR and the Data Protection Act 2018, we will process personal data under the following bases.

Legal basis under GDPR: 6(1)(b) necessary for the performance of a contract.

Purpose: To support applications and provide education and support to students; to support applications, employ, manage and support the work of staff; to provide accommodation and other commercial services governed by contract.

Personal data of governors and senior management

Legal basis under GDPR: 6(1)(e) in the exercise of official authority.

Purpose: To provide oversight of University activity and transparency to the public.

Legal basis under GDPR: 6(1)(f) legitimate interests.

Purpose: To provide additional services, to develop and maintain enquirer, alumni, commercial and donor relationships; to protect University assets.

Sensitive personal data

Legal basis under GDPR: 9(2)(a) explicit consent, (but if provided, shared with HESA for statistical purposes under basis 9(2)(j). Where consent would not be practical, safeguarding and counselling may rely on 9(2)(g) substantial public interest, as further defined by the Data Protection Act 2018.

Purpose: To adhere to statutory requirements to monitor and report on diversity, provide reasonable adjustments, provide counselling and support services, record sickness absence and accidents, safeguarding activities, counselling.

Who the information may be shared with

We will share personal data with our subsidiaries and third parties who are engaged as data processors on our behalf, including course tutors or support staff working through their own company, IT service providers.

Any personal data may be shared with UK law enforcement or tax collection officials on request if they provide a court order or otherwise can demonstrate the specified information is necessary for the prevention or detection of crime of the collection of taxes. We will also share personal data with health professionals if necessary to protect the ‘vital interests’ of the data subject, and with others if necessary to safeguard children and adults at risk, or any other similar situation that meets the definition of ‘substantial public interest’ under the Data Protection Act 2018.

Unless otherwise specified in a relevant Privacy Notice or to comply with a specific legal obligation under the law of the United Kingdom, we will only share personal data with others with the explicit consent of the individual.

Personal data will not normally be transferred outside the EEA. Where this is necessary, it will be the consent of the individual or otherwise with appropriate safeguards as prescribed by GDPR. Full information will be provided in detailed Privacy Notices at the point of data collection or sharing.