Can I have my data deleted?
Can I delete my Hub Account?
If you have a UCAS Hub Account and would like your account to be deleted, please call our Customer Experience Centre (using the relevant phone number from this page: How to contact UCAS by phone, social media, or post). Our Customer Experience Centre can log your request and submit the request for you which will then need to be reviewed. This may take a few days, but confirmation will be sent to you when your account has been deleted.
Can I delete my Application after it has been submitted?
UCAS is unable to delete your application if you have submitted it (used it to apply to a higher education provider) as we have an ongoing use for it.
We use application data to report to organisations with responsibilities for higher education and provide analysis and research about the sector. You may recall this as part of the UCAS Declaration you signed up to when you submitted your application, and it can also be found within our Privacy Policy on UCAS.com.
Our primary retention requirement relates to this long-term retention of personal data to support our analysis and research purposes.
Can I delete my Application if it hasn’t been submitted yet?
If your application has been drafted but not yet submitted, you can request for it to be obfuscated. This means that the application will still be held on UCAS systems, but your personal data would be removed and replaced with random details. You can make this request by calling our Customer Experience Centre using the relevant number on this page How to contact UCAS by phone, social media, or post.
Can I opt-out of Direct Marketing?
You can remove or amend what marketing you receive from UCAS by reviewing and changing your preference selections within your UCAS Hub Account. These preferences can be found by hovering over your account icon on UCAS.com, and selecting the ‘Preferences’ option.
This section will allow you to review what type of communications and marketing you get from us.
I would like you to delete a different piece of my data
If you would like UCAS to delete the data we hold on you that is not a Hub Account or part of a submitted application, please email your query to datagovernance@ucas.ac.uk. Please include within the email the data you would like deleted, e.g. survey submissions, job applications etc.
How long does UCAS keep data and why?
Data Retention
UCAS has a data retention policy and schedule that it abides by. Our schedule outlines the different retention periods for our different records.
For applicant data, we retain this information in accordance with the UK GDPR, which obliges us to keep it only for as long as is necessary. If we do not have any requirement to retain personal information for business, regulatory, or legal reasons, we will delete it.
Our primary long-term retention requirement is to support the analysis and research UCAS undertakes in respect of admissions to higher education, for the public benefit. This wide-ranging research includes monitoring trends relating to access to higher education, as well as providing analysis to Government and policy accountable stakeholders to measure the success of policies that support access to higher education.
Our current retention policy in respect of personal data retained for the purposes of supporting this research in the public benefit, is that this is subject to long-term retention for a minimum period of 15 years and that continued retention will be reviewed at an appropriate period.
If you apply through one of our admissions schemes, Article 89 (1) of the UK GDPR allows us to retain personal information for statistical and research purposes in the public interest.
Can you keep my data but anonymise it?
Data cannot be anonymised or depersonalised as being able to identify specific individuals is necessary for our research.
For example, UCAS previously matched applicants from our postgraduate UCAS Teacher Training Scheme to our Undergraduate Scheme to gain a better understanding of the progression from undergraduate courses to postgraduate teacher training programmes. The published research was based on individual data matched back to 2006 and included application and entry rates from disadvantaged areas. The aggregate results of this research, to which disclosure controls had been applied, was published on UCAS.com.
Data may also be linked to other data sets that UCAS has access to, such as the National Pupil Database, over historic admissions cycles to produce reports on equality in higher education admissions. Which again provides new insights into the higher education sector, and which, at an aggregate level, is used in support of Government policy which requires universities to encourage and keep under review participation in higher education across different social groups, and to measure the success of their interventions on their admissions processes; this is known as ‘Widening Participation’.
For example, to satisfy these requirements, many Universities operate programmes, such as summer schools, specifically designed to increase participation from these under-represented groups. Universities looking to measure the success of these interventions on their admissions process may provide UCAS with the details of individuals who have attended these programmes. UCAS would subsequently provide statistical analysis regarding their success or otherwise, but not in a manner that would allow anyone to be identified.
We also have operational requirements to retain personal data, primarily to support operational processes, for example a process referred to as ‘de-duplication’. This process involves matching new applications against previous ones to ensure that providers have confidence that a single, unique record exists in respect of a specific individual. This is to support operational processes such as decision making, accommodation applications, student loan applications and visa applications (not an exhaustive list). In cases where an applicant has applied during a previous admissions cycle, any new application is merged with the existing record.
The examples above are not the only reasons we cannot anonymise the data, but all require personal data to be kept in a way that allows specific individuals to be identified, because anonymised personal data would not support these purposes. They also need personal data from historic admissions cycles to be kept.
Which Lawful Basis does UCAS rely on for the Admissions Service?
The table below explains the personal data we collect as part of our admissions process and on which lawful basis we collect it as part of the application process.
| Category of personal data | Lawful basis |
| Application data: Information submitted on your application form. | Collected on the UK GDPR lawful basis for processing – Article 6(1)(b) Contract |
Equality monitoring ‘Special category’ personal information: Information relating to ethnicity, sexual orientation, and religious beliefs
| UK GDPR basis for processing – Article 9 2 (g) where the use of personal information ‘is in substantial public interest’, which the Data Protection Act 2018 clarifies can include keeping under review the existence or absence of equality of opportunity or treatment between different groups of people, including differences based on ethnicity, religious beliefs, and sexual orientation. |
| Disability Assistance: Information to allow providers to arrange additional support and make necessary arrangement for applicants with specific needs | GDPR basis for processing – Article 9 2 (b) where the use of personal information is necessary for carrying out obligations in the field of social protection law.
|
| Criminal Convictions: When applying to courses leading to professions or occupations exempt from the Rehabilitation of Offenders Act (1974), applicants are required to declare whether they have any criminal convictions, including spent convictions. This enables universities and colleges to identify potential issues at an early stage and undertake ‘fitness to practice’ assessments to identify if an applicant is suitable for a course. | Data Protection Act 2018 – basis for processing: Schedule 1, part 2, paragraph 11 – protecting the public against dishonesty. Schedule 1, part 1, paragraph 1 – necessary for the purposes of performing obligations under the law relating to social protection. Schedule 1, part 1, paragraph 2 – necessary for health and social care purposes. |
If you have any questions on the UCAS retention of data, please contact datagovernance@ucas.ac.uk with details of your queries. These will be received and reviewed by the Information Governance Team.