Data Protection

Edinburgh Napier University is, and always has been, committed to respecting your privacy and protecting your personal information. As the Data Controller of the personal data we collect, we have policies, procedures and privacy notices in place under the UK Data Protection Act 2018 and UK General Data Protection Regulation (UK-GDPR) (which together are referred to as the “Data Protection legislation” below).

For more information on what information we use and how we collect and use it, please see our Data Protection pages using the following links:

By using our Website you understand and agree to the collection and use of your information as outlined in this Privacy Policy. If this statement is changed we will post these changes on this page .

If you have any questions regarding the use of your personal data or want to know more about your rights under the legislation or how the University complies with the legislation please contact the Data Protection Officer at

Information we may collect from you

We may collect and process the following data about you:
  1. Information that you provide by filling in forms on our website (the "Website")
  2. Details of applications you make through our Website
  3. If you contact us, including via our online enquiry service, we may keep a record of that correspondence
  4. Details of your visits to our Website and the resources that you access
  5. We may ask you to complete surveys that we use for research purposes although you do not have to respond to them.

If you submit personal information to us, for example your name and email address, we may link this information with any other information we have collected about you.

If you choose to contact us by other methods e.g. email, phone, letter, etc. we will also process your personal data to respond to you and provide any services or goods in connection with your contact/enquiry/request. Please see our Privacy Notices for more specific information.

We may engage in marketing activities which use your personal data. This could include sharing data with third party operated social networks such as Meta, where this information is matched against the social network’s own databases in order to provide you with the most relevant information.  

The details you provide will not be used for advertising purposes unless you have expressly consented to having your details used in this way.

Edinburgh Napier use of visitor statistics

When you visit our website our systems automatically collects information about your computer, including where available your IP address (a unique number assigned to your computer when you are using your browser on the internet), operating system and browser type to monitor customer traffic patterns and website usage.
This statistical data does not contain any personally identifiable information about you or any of our users. It is used to enhance the design and layout of the Website making it easier to navigate.
These statistics are very much like television ratings that tell the networks how many people tuned in to a particular programme. We only use this type of data in aggregate i.e. we look at the data collectively, in summary form, rather than on an individual basis.
Some of this non-identifiable data may be passed to a third party GDPR-compliant data visualisation provider called Supermetrics. 

We use Supermetrics to integrate user engagement data from channels such as Google Analytics and Facebook. This provides us with a single report on multiple channels at once. These reports tell us which channels are the most useful and engaging for our users and help the University make decisions on which channels are the most effective to reach our audiences in the future. 

Supermetrics deals with encrypted data only that is not personally identifiable to individual users. The encrypted data is not held by them any longer than it takes to provide the data visualisation reports.
Read more about Supermetric's security and data privacy commitments.


We use cookies to collect our statistics about your visit. Cookies are small text files that are placed on your computer and are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
We will also collect any information you give to us through our submission forms, like our contact form. If you submit information to us, including a name and email address, we may link this information with the information we have automatically collected about you.

Please view the University's Statement on the Use of Cookies for detailed information on the cookies we use and the purposes for which we use them.

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the UK and European Economic Area ("EEA"). It may also be processed by staff operating outside the UK and EEA who work for us or for one of our suppliers. By submitting your personal data, you understand and agree to this transfer, storing or processing.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Usage made of the information

The information you have given us will be stored on our computer systems and used in the following ways:
  1. Marketing: In order that we may keep you informed by post, email, telephone or other electronic means of the news, events or services that may be of interest (provided you have opted-in to receive such communications). You can opt out at any time
  2. Web statistics: To improve the service to our clients and to analyse our Website's use without identifying you as an individual
  3. Market Research: From time to time we may ask you to take part in research surveys to assist us with improving our service to existing and potential students
  4. Processing applications made by you
  5. To carry out our obligations to you, such as notifying you about changes to our terms and conditions

Legal Bases for Processing

The legal bases the University relies upon primarily are:

  1. Article 6(1)(e): for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the controller, namely the University’s Statutory Instruments: “for the objects of providing education, carrying out research, and promoting teaching, research and general scholarship” and the administration and support thereof. We rely on this legal basis for dealing with enquiries and sending service messages relative to your enquiry; processing applications; using website statistics to improve our website and services; marketing research and carrying out other associated obligations.
  2. Article 6(1)(b): processing is necessary in order to take steps at the request of the data subject (prior to entering into a contract or, in this case, making an application to the University), including corresponding with you about your application and keeping you informed of further information related to your application to the University. The possible/consequences of failure to provide/process the personal data requested are that the University would be unable to provide the goods/services/information you have requested.
  3. Article 6(1)(a); the University asks for your consent to send you electronic marketing, other than service messages related to your enquiry/application. You have the option to unsubscribe from marketing messages at any time by clicking on the ‘unsubscribe’ link in the marketing message or updating your settings in your social media account. Increasingly, browsers and operating systems also allow marketing preferences to be changed or blocked.
  4. Article 6(1)(f): The University relies upon legitimate interests, as the legal basis for operating web filtering and other system scanning and protection systems and services in order to protect the University’s website and network, as it is in the legitimate interests of the Controller to protect its information systems from misuse. 
  5. Further information about the legal bases used for specific purposes can be found on our main Privacy Notice page:

Disclosure of your information

Subject to the exceptions set out below, we will not disclose your personal information to third parties including other constituents of Edinburgh Napier University unless we are allowed, or required, to by law.

We may disclose your personal information:

  1. To comply with any legal obligation e.g. search warrant, subpoena, court order.
  2. To protect the rights, property, or safety of Edinburgh Napier University or others (this includes exchanging information with companies and organisations for purposes of fraud protection and credit risk reduction).
  3. To investigate reports of users sending material using a false email address or users sending harassing, threatening, or abusive messages.
  4. To protect against misuse or unauthorised use of our Website.
  5. During emergencies, e.g. when we believe someone's physical safety is at risk.

Accepting this statement acknowledges that we will not be responsible for damages you or any others may suffer as a result of the disclosure of your personal information in accordance with the above.

Rights and access to information

The Data Protection legislation gives you certain rights, including the right to access information held about you. For further information about how to exercise your rights please see our Data Protection Rights Guide.


Even the best policy cannot protect your online privacy and security in all circumstances. Your best protection is to understand the limits to privacy on the Internet and use common sense in all of your online activities. Be aware that email is an inherently insecure form of communication. Remember that in extreme cases third parties are sometimes able to intercept your unencrypted messages.

Edinburgh Napier University is concerned about the security of your personal information particularly when using our Website. Although we have taken all reasonable security precautions, we cannot guarantee internet security and subsequently cannot guarantee that any information you input on our Website is totally secure. In addition to our online security efforts, we have taken steps to protect your personal data offline as well. All of your information is restricted to our offices. Employees are granted access on a need-to-know basis and are kept up-to-date on our security and privacy practices.

Your control over your personal information

At any time you can withdraw permission for the use of your personal information. This can be done either by ticking the OPT-OUT or UNSUBSCRIBE link contained in all Edinburgh Napier University web communications, or alternatively, by sending an email requesting this to 

Our Website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

Enquiry, application & alumni processes

If you wish to enquire or apply to Edinburgh Napier University you will be asked to submit your details into our customer databases. When you do this you will have the option to 'opt-in' to receiving e-newsletters and other communications from us. You can unsubscribe from these by clicking the unsubscribe link or by sending an email to with REMOVE in the subject line.

We also have a press news list which you can join by emailing To unsubscribe from this list email with REMOVE in the subject line.

We maintain a database of our alumni and proactively keep them engaged about our alumni services. Find out more about how the University handles alumni data here.

Events registration on externally hosted services

Please note that by registering for an event via a service such as Eventbrite (which will host your data out with the EEA) or Bookitbee (which will host your data in the EEA) you will be supplying your personal data to the company/website and as such you are accepting and consenting to the practices in their Privacy Policies.

Edinburgh Napier University is not affiliated with these companies/websites in any way and is using their services solely for the purposes of facilitating event ticketing and registration and does not accept any responsibility or liability for personal data which you have chosen to provide to such third party sites.

Further information

Privacy Notices for Students, Staff and all other ‘layered’ Privacy Notices can be accessed online here.

For further information, please see the University's Data Protection Policy Statement

How to contact us

In writing to:

Governance Services

Edinburgh Napier University

Sighthill Campus

EH11 4BN


Last updated: March 2023