Privacy Policy

Universitas 21 is strongly committed to protecting the privacy of personal data.

The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. Please read this policy carefully. If you do not agree to the following, you may wish to cease viewing / using this website or contact Universitas 21 for further clarification via

Policy key definitions:

  • "I", "our", "us", or "we" refer to the business, [Universitas 21, c/o Strathcona 109, University of Birmingham, Edgbaston, Birmingham, B15 2TT, UK.
  • "you", "the user" refer to the person(s) using this website.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner's Office.
  • Cookies mean small files stored on a user’s computer or device.

Who we are?

This privacy policy notice is for this website [] and is served by Universitas 21 [registered at Mont Crevelt House, Bulwer Avenue, St Sampson, Guernsey GY1 3US and based at Strathcona 109, University of Birmingham, Edgbaston, Birmingham, B15 2TT, UK] and governs the privacy of those who use it. All queries about Data Protection should be directed to Jade Bressington, Director of Operations via   

What information do we collect?

Based on your interactions with this website or through other channels (for example, by communicating with us or attending one of our events), we may collect the following information:

  • Your personal details (name and email address) when completing our ‘contact us’ or event registration forms;
  • Your personal details including job title, institution, travel information and special requirements when completing event registration forms. Information collected for U21 events is currently collected through HubSpot. HubSpot complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. This data is only available to Universitas 21 and is stored in accordance with HubSpot's privacy policy.
  • Data about how you have used this website.

How do we use personal information?

We require this information to understand your needs, manage our events / initiatives, answer any queries and provide all stakeholders with an exceptional service. Universitas 21 only processes personal data for core business purposes, which include some or all of the following:

  • personalisation of content, business information or user experience;
  • account set up and administration;
  • delivering marketing and events communication;
  • carrying out polls and surveys;
  • internal research and development purposes;
  • providing projects, programmes and services;
  • legal obligations (eg prevention of fraud);
  • meeting internal audit requirements.

What legal basis do we have for processing your personal data?

Under the GDPR (General Data Protection Regulation), we control and / or process any personal information about you electronically using the following lawful bases:

1. Consent for Email marketing messages & subscription

Under the GDPR, we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in "what information do we collect” section above. Any email marketing messages we send are processed through 'HubSpot' a Customer Relationship Management platform (CRM). Further details on how HubSpot processes personal data can be found within their own privacy policy.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.

If you have indicated that you are happy to receive marketing messages from us, we will hold the following information about you within our CRM system:

  • Email address
  • I.P address
  • Subscription time & date
  • Job title and institution
  • Other information provided at the time of ‘opt in’.

We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists. If you have previously agreed to us using your personal information for direct mailing purposes, you may change your mind at any time by writing to or emailing us at  

You can manage your communication subscription preferences here.

2. Legitimate interest for core business processes

We process personal information on individuals based within or affiliated with our member institutions for legitimate business purposes, which include some or all of the following:

  • where the processing enables us to enhance, modify, personalise or otherwise improve our services / communications for the benefit of our customers ;
  • to identify and prevent fraud;
  • to determine the success of our projects, programmes and initiatives;
  • to enhance the security of our network and information systems;
  • to better understand how people interact with our websites;
  • to provide business communications that we think will be of interest to you;
  • to determine the effectiveness of promotional campaigns and advertising.

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

Please note, we are exempt from registration in the ICO Data Protection Register as Universitas 21 only processes personal data for core business purposes as outlined above.

When do we share personal data?

We take personal data confidentiality very seriously and will not share, sell or lease your personal information to third parties unless we have your permission or are required by law to do so. Please note that when managing and administering U21 events, projects and initiatives, we reserve the right to share personal data (i.e. your name, job title, institution and email address) with U21 member institutions responsible for delivering U21 core business. Data will only be shared when it is imperative to the success of core U21 business; all data storage and transfer methods meet the GDPR compliance requirement.

How do we store and secure personal data?

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement. Should you require further details on the technologies employed, please email

Use of cookies and other technologies

A cookie is a small file, which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites / third party content

Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website or its content. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and this privacy statement does not govern such sites. You should exercise caution and look at the privacy statement applicable to the website in question.

Your rights in relation to personal data

Under the GDPR your rights are as follows. You can read more about your rights in details here;

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO [] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR however, please note that on occasion data subject rights may be limited by legal exemptions e.g. if fulfilling a data subject request may expose personal data about another person or covers data that the company is required to keep by law etc.

If you have questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint, please write to or email us as soon as possible via Universitas 21, c/o Strathcona 109, University of Birmingham, Edgbaston, Birmingham, B15 2TT, UK or

Universitas 21 reserve the right to change this policy. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 4 June 2024.