Data Protection

Edinburgh Business School needs to obtain and process certain information about prospective students, students and alumni. The information we collect is used fairly, stored safely and not disclosed to any other person unlawfully. To do this, we comply with the General Data Protection Regulation (GDPR) Principles.

In summary, these state that personal data shall be: 

Processed lawfully, fairly and in a transparent manner in relation to individuals (lawfulness, fairness and transparency);

Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (purpose limitation);

Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);

Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy);

Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (storage limitation);

Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

Information about how we protect the personal data that we process is available here.


Data Protection Policy

Edinburgh Business School and all staff or others who process or use any personal information must ensure that they follow these principles at all times. Edinburgh Business School, a member of the Heriot-Watt Group, follows these principles at all times. In order to ensure that this happens, the University has developed a Data Protection Policy. If you have any questions about our Data Protection procedures, please contact our FOI & Data Protection Officer.

Website Privacy Policy

Edinburgh Business School is committed to protecting your privacy. In order to operate the Edinburgh Business School website, we may collect and store personal information you submit via this website. Please read the following privacy policy to understand how we use and protect the information that you provide. The policy relates to personal data collected via our website and does not apply to data provided to us by any other means.

In this policy, website means Edinburgh Business School’s website at and its subdomains.

By using our website you consent to the collection, retention and use of your personal information in accordance with the terms of this policy.
The policy is subject to change and any changes to it in the future will be notified on this page. We recommend that you check the privacy policy each time you visit this site.

Information we collect

•    Personal details (such as your name, contact details, email address, etc) which you provide by registering with us or submitting an enquiry via the website.
•    Your response to any surveys we may ask you to complete.
•    How you use the website and any other information you email or otherwise send to us.

Visitors to our website

We use cookies to gather non-personal, statistical information about visitors to our website (such as the number of visits to pages, the amount of time spent viewing a page, the path taken by visitors to a particular page and other general information). We use this information to improve our websites.

We collect this information in a way that does not identify anyone. We will not associate any data gathered from this site with any personally identifying information from any source. 

If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Please see detailed information about the cookies we use. 

Here's a list of the cookies we use

  • ASP.NET_SessionId: This identifies a user's single session

  • CMSPreferredCulture: This is the default culture/language of content which is set in Kentico CMS.

  • cookiePrefs: This is an indicator to state that the cookie policy has been accepted by the user

  • CountrySelected: This stores a cookie with information of the country the user has confirmed their location.

  • CurrentContact & VisitorStatus: These are used for identifying users and used to aid lead scoring.

  • _ga: Google analytics tracking

  • _dc_gtm_UA-304053-6: Google tag manager tracking

    Hotjar - visitor journey analytics

More about cookies

If you'd like to know more about cookies in general and to how to manage them, visit or (these open in an new window) Please note that we can't be responsible for the content of external websties.

IP address

We may collect information where available about your IP address, operating system and browser type. This is data about users’ browsing actions and patterns. It is used to inform improvements to the website, for system administration, and to report aggregate information to third parties.

Disclosure of your information

Authorised personnel within Edinburgh Business School will be able to access the information you provide to us. We may also disclose your information to authorised third parties, acting on behalf of Edinburgh Business School, for the purposes set out in the policy or for purposes approved by you.

Unless required or permitted to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.


We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction or damage.

The transmission of information via the internet is never completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal or other data transmitted to our website. Any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

Changes to our Privacy Policy

We may amend this policy from time to time. If we make any substantial changes we will notify you by posting a prominent notice on the website.

Your rights

You have the right to access the personal data which Edinburgh Business School holds about you (this is known as a ’subject access request’). For further information contact

Further information

If you wish to enquire about Data Protection, this privacy policy or cookies please contact