This portal does not support the use of Internet Explorer, and some content may not appear or may appear incorrectly as a result. For a better browsing experience, please use Google Chrome, Firefox, Microsoft Edge or Safari.
3 March 2026
This Privacy Notice applies to Bath Spa University Students, Learners, Graduates, Alumni and Third Parties. Bath Spa University (the University) is a public university with its main campus at Newton Park, Newton St Loe, Bath, BA2 9BN.
We are committed to safeguarding the privacy of our Students, Learners, Graduates, Alumni and Third Parties; this Notice sets out how we will treat your personal information when you register to use the MyCertificate portal. We are the data controller which means we are responsible for deciding how we collect and use your personal information.
Please see the policy section of our website to access our full Data Protection Policy, Privacy Statement and further privacy notices, including privacy information for our website users and Applicants and Students.
We collect and process identification and contact details, academic record, communications, online and transactional information from you for the purposes of managing, sharing and distributing digital degree certificates and other related documents. This includes:
We also receive personal information indirectly, from the following sources in the following scenarios:
Students may enter an employer’s details (name and email address) to enable a link to be sent to the employer to access the certificates and vice versa.
The legal bases we are relying on for collecting and processing the information for each of the purposes are as follows:
We do not need any special category personal data to provide the MyCertificate service. However, the portal includes a free-text biography field, but you should not use this to share sensitive information such as details about your health, ethnicity, religious beliefs or sexual orientation. If you choose to add this type of information, you do so by choice, and it will be processed on that basis (UK GDPR Article 9(2)(e)).
Your personal data will only be shared internally or with third parties who have been appointed by the University to provide a specific service on behalf of the University.
We will share your personal data with third parties where required by law, where it is necessary to administer the University's relationship with you in connection with the provision of digital degree certificates and related documents or where we have another lawful basis or legitimate interest in doing so.
We may also share your personal data with third parties if we have a legal obligation to do so or for the purposes of requirements by the Office for Students or external audit purposes.
We may share your personal data with third party service providers who act on our behalf such as IT services providers and our professional advisers. Where it is necessary to do so, we may need to share your information with them, so that they can carry out the services we have requested.
We will also share your data where you have provided consent by enabling third parties to access your data through the MyCertificate portal.
Occasionally the University may be required to share your personal data with organisations either based in the UK/European Union (EU), or in countries outside the EU that have equivalent levels of protection. These transfers of data are usually necessary in order to meet contractual responsibilities with you and would only happen once we were assured that the appropriate safeguards were in place.
Your personal data is collected and stored in line with relevant Data Protection and is stored securely using processes and systems that comply with the University's strict information security and Data Protection principles.
We will only keep the information that you provide for as long as is necessary for the purpose for which it is processed and in accordance with relevant legislation. This means we will retain your digital degree certificates and associated records for the lifetime of the MyCertificate service, as these documents form part of your academic record and may be required throughout your life.
Information collected will not be used for automated decision-making or profiling individuals.
You have various rights in relation to your information, including:
Please note that some of these rights may not apply to the information that we hold about you, and we may need to collect some form of proof of identity before acting on your request.
Where we have relied upon your consent to process your information, you also have the right to withdraw your consent at any time.
If you would like to exercise any of these rights, or have any other questions about this Notice, please contact the University's Information Compliance Team at data-protection@bathspa.ac.uk.
You also have the right to make a complaint to the Information Commissioner’s Office about how we use your information, although we would ask that you get in touch with us first in order that we can try to put things right. How to contact the Information Commissioner's Office can be found at https://ico.org.uk/concerns/.