Skip navigation

    Can I have my data deleted?

    What's on this page?

    Can I delete my Hub account?

    If you have a UCAS Hub account and would like your account to be deleted, please call our Customer Experience Centre. Our Customer Experience Centre who will be able to help you.

    Can I delete my application if it hasn’t been submitted yet?

    If your application has been drafted but not yet submitted, please contact our Customer Experience Centre.

    How long does UCAS keep data and why?

    In compliance with the UK GDPR, we only keep personal data for as long as is necessary. If we do not have any requirement to retain personal information for business, regulatory, or legal reasons, we will delete it.     

    Can I delete my application after it has been submitted?

    Article 89 (1) of the GDPR allows us to retain personal information for statistical and research purposes in the public interest. If you apply through one of our admissions schemes, we’ll retain and use this, in combination with other information we hold, to produce statistical analysis and research in respect of the higher education sector, for public benefit.

    Some of the public benefit research we undertake means we must retain this information in a way that allows individuals to be identified. Examples of such research include:

    • universities wanting to measure the success of their ‘widening participation’ schemes. This is government policy, and requires them to encourage and review participation in higher education across different social groups, and to measure the success of their interventions on admissions to higher education in respect of named individuals
    • data from our admissions schemes over historic cycles, which we link to other datasets, such as the national pupil database. This contains details of pupils in England and Wales, over historic admissions cycle, to help produce reports on equality in higher education admissions

    Our retention policy in respect of personal data retained for the purposes of supporting this research in the public benefit, is that this is subject to long-term retention for a minimum period of 15 years and continued retention will be reviewed at an appropriate period.  

    You may recall this as part of the UCAS declaration you signed up to when you submitted your application, and it can also be found within our privacy policy.  

    Where possible, we also deploy additional security measures encouraged by the GDPR. This includes using personal information held in a format that does not directly identify specific individuals, without the use of a separately stored code or key that allows identification. This is referred to in the GDPR as ‘pseudonymised data’.

    Can you keep my data but anonymise it?

    Data cannot be anonymised or depersonalised as being able to identify specific individuals is necessary for our research.  

    For example, UCAS previously matched applicants from our postgraduate UCAS Teacher Training Scheme to our Undergraduate Scheme to gain a better understanding of the progression from undergraduate courses to postgraduate teacher training programmes. The published research was based on individual data matched back to 2006 and included application and entry rates from disadvantaged areas. The aggregate results of this research, to which disclosure controls had been applied, was published on ucas.com

    Data may also be linked to other data sets that UCAS has access to, such as the National Pupil Database, over historic admissions cycles to produce reports on equality in higher education admissions. Which again provides new insights into the higher education sector, and which, at an aggregate level, is used in support of Government policy which requires universities to encourage and keep under review participation in higher education across different social groups, and to measure the success of their interventions on their admissions processes; this is known as ‘Widening Participation’. 

    For example, to satisfy these requirements, many Universities operate programmes, such as summer schools, specifically designed to increase participation from these under-represented groups. Universities looking to measure the success of these interventions on their admissions process may provide UCAS with the details of individuals who have attended these programmes. UCAS would subsequently provide statistical analysis regarding their success or otherwise, but not in a manner that would allow anyone to be identified.  

    We also have operational requirements to retain personal data, primarily to support operational processes, for example a process referred to as ‘de-duplication’. This process involves matching new applications against previous ones to ensure that providers have confidence that a single, unique record exists in respect of a specific individual. This is to support operational processes such as decision making, accommodation applications, student loan applications and visa applications (not an exhaustive list). In cases where an applicant has applied during a previous admissions cycle, any new application is merged with the existing record.  

    As described within the examples above, personal data is required to be kept in a way that allows specific individuals to be identified, because anonymised personal data would not support these purposes.  This also included data from historic admissions cycles. 

    Where possible, we also deploy additional security measures encouraged by the UK GDPR. This includes using personal information held in a format that does not directly identify specific individuals, without the use of a separately stored code or key that allows identification. This is referred to in the UK GDPR as ‘pseudonymised data’. 

    Which lawful basis does UCAS rely on for the admissions service?

    The table below explains the personal data we collect as part of our admissions process and on which lawful basis we collect it as part of the application process. 

    Category of personal dataLawful basis
    Application data: Information submitted on your application form.Collected on the UK GDPR lawful basis for processing – Article 6(1)(b) Contract.
    Equality monitoring ‘Special category’ personal information: Information relating to ethnicity, sexual orientation, and religious beliefs.UK GDPR basis for processing – Article 9 2 (g) where the use of personal information ‘is in substantial public interest’, which the Data Protection Act 2018 clarifies can include keeping under review the existence or absence of equality of opportunity or treatment between different groups of people, including differences based on ethnicity, religious beliefs, and sexual orientation.
    Disability assistance: Information to allow providers to arrange additional support and make necessary arrangement for applicants with specific needs.GDPR basis for processing – Article 9 2 (b) where the use of personal information is necessary for carrying out obligations in the field of social protection law.
    Criminal convictions: When applying to courses leading to professions or occupations exempt from the Rehabilitation of Offenders Act (1974), applicants are required to declare whether they have any criminal convictions, including spent convictions. This enables universities and colleges to identify potential issues at an early stage and undertake ‘fitness to practice’ assessments to identify if an applicant is suitable for a course.
    Data Protection Act 2018 – basis for processing:
     
    • Schedule 1, part 2, paragraph 11 – protecting the public against dishonesty.
    • Schedule 1, part 1, paragraph 1 – necessary for the purposes of performing obligations under the law relating to social protection.
    • Schedule 1, part 1, paragraph 2 – necessary for health and social care purposes.

    Can I opt-out of email communications/direct marketing?

    You can opt out of marketing communications you receive from UCAS by:

    1. Clicking the ‘Unsubscribe’ option at the end of each email. 

    2. Visit your Hub account, hover over your account icon in the top right-hand corner and select ‘Preferences’.

    I have a different request

    If you would like UCAS to delete the data we hold about you that is not a Hub account or part of a submitted application, please email your query to datagovernance@ucas.ac.uk. Please include within the email the data you would like deleted, e.g. survey submissions, job applications.