H Data Protection Policy

H website on iPad
The Royal College of Music is committed to protecting your privacy. On this page we set out why we collect information, what we do with information and what your rights are. Personal information or data is any information that can be used to identify you as an individual.

Data controller

The Royal College of Music (H) is the data controller and has overall control for all of the data it processes.

Personal information

The General Data Protection Regulations (GDPR) defines personal data as information relating to a person which can identify that person. The regulations require us to ensure that data shall be:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Why we need your data

We need to know your personal data in order to provide you with the services we offer. We will not collect any personal data from you that we do not need.

Privacy statements

The Royal College of Music has created a series of core privacy statements which describe fully how we manage and process data. Select a link below for the specific details of each privacy statement.

What do we do with your data?

All the data you provide will only be processed by H staff and stored on our secure servers.

Subject access request

If you wish to make a formal access request to see the data the H holds about you, please complete our online form.

Your rights and how to make a complaint

If you believe that the information we hold on you is incorrect, you may request to see it and have it amended or deleted. If you wish to make a complaint about how your data has been handled you may do so by contacting the H’s Data Protection Officer.

Data Protection Officer

Data handling complaints and Freedom of Information requests


If you are not satisfied with the response you receive, or you believe your data is not being processed in accordance with the law, you should contact the office of the .


The H will never provide data to third parties unless one of the following conditions applies:

  • When you have given your permission to do so
  • When we are required to do so by law, by a court order or by a governmental department or authority
  • When we need to protect our own rights, property or safety, employees and students

Full details of how and when data may be exchanged with third parties are given in the core privacy policies listed below.

In the event of computer misuse data may be passed to computer security staff external to the H to aid in their investigations.

The H will never sell data to a third party.

Data & cookies on the H website

Most websites, including rcm.ac.uk will put small text files onto your computer or similar device, which are known as cookies. A cookie is a small piece of information placed in your web browser or hard drive that can be used to identify website visitors and to analyse website traffic. We are also able to gather limited device-specific information about your visit, including the kind of device and browser you have used, as well as your IP address (if available), which can provide information about the country, region or city where you are based. This allows us to understand how people use our website and to improve visitors' experiences.

For more information on what we do with cookies, please see our cookie policy.

Our website offers the ability to submit information through online forms and to make purchases. By completing a transaction or completing one of these forms, we understand that we have your consent to process and hold the personal data you have submitted. More detailed information about such data gathering processes are detailed in our Privacy statements below.

Links to third party websites

You will find links to other websites on the Royal College of Music site. The H can accept no responsibility or liability for the content of other websites or any information you provide to third party websites. It is your responsibility to familiarise yourself with the privacy policies of other websites.

Data breaches

The Royal College of Music has processes in place to detect a data breach.

In the event of a data breach, either intentional or unintentional, the H will assess the likely impact on any individuals affected and any risk to which they may be exposed and take steps to notify the individuals concerned. If necessary, the Information Commissioners Office (ICO) will be notifed of the breach.

Automated decision making

The General Data Protection Regulations provide safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. There are no automated decision making processes at the H. 


For more information concerning the way in which your data is managed please contact any of the following people:

Birju Patel

Technology Manager


Jennifer Allison

Head of Human Resources


Nicholas Seager

Registry Information & Systems Manager


Version control

These statements are reviewed regularly and updated if changes are required.

Privacy statements

Data retention

Back to top