Data Protection

Our Position

LSE Students' Union is committed to ensuring the rights and freedoms of data subjects, we have policies and procedures in place to aid this. This page also acts as your one-stop-shop privacy notice

Please read on to find out more about how we protect your rights as a data subject, our data processing, our privacy notices which may relate to you and anything relevant to protecting your data

We understand that the current UK Data Protection Legislation, the new General Data Protection Regulations (GDPR) and the Privacy and Electronic Communications Regulations (PECR), are the main legislation we must ensure we keep to.


Data Protection Officer

Our Data Protection Officer is

James Hann (CEO)


They can be contacted by:


Writing to:

Data Protection Officer

LSE Students' Union

1 Sheffield Street



Union Closure


Throughout the year there are times where the Union and the building we are located in are closed.

Despite this, we aim to meet any data subject requests within the deadline and will meet any timeframes as directed by the ICO.

There may be a slight delay in our confirmation of receipt emails during the closure dates.

Our closure dates for 2018/19 are:

  • Thursday 29th March 2018 - Wednesday 4th April 2018
  • Friday 21st December 2018 - Monday 1st January 2019
  • Thursday 18th April 2019 - Wednesday 24th April 2019

Quick Links

Know what you're looking for? Use these quick links to help you get there quicker!

Privacy Notices

These are our Union Privacy Notices for our main Stakeholders, so you know what happens with your data.

Data Protection, Information Security and Systems Policy

This is our Union wide Policy regarding Data Protection, Information Security and Systems.

Data Protection Documentation

This is our list of processing documentation including our retention schedules for personal data.


These are the 3rd Parties that we use to help provide services to our members, employees and other stakeholders.

Your Rights

This is all the information about your rights under data protection legislation and all the forms you will need to action an of them with us!

Our Policies

LSESU has an up-to-date Data Protection, Information Security and Systems Policy. This has been updated to recently to reflect the new General Data Protection Regulations and is updated with new legislation as necessary.

Our policy is viewable below.

Our Policy

Our Legal Bases

As part of our General Data Protection Regulation governance, we keep a record of the legal basis that we use to process your data. We've detailed the ones that we may rely upon for you on a regular basis.


We may ask you to consent to us processing your data for CCTV coverage or engaging with our website


We may need some personal information to fulfill a contract between yourself and us!

Legitimate Interests

We sometimes have a legitimate interest in processing your personal data, if we use this, we carefully balance your rights with our interest so we do not override them.

Legal Obligations

We process some data for legal obligations, this includes employment legislation, the education act and the charities act.

Task in the Public Interest

We process some data for a task in the public interest, this includes keeping attendees safe at some of our events.


Our Privacy Notices

We have different privacy notices available for each of our main stakeholders, take a look at the ones that are relevant to you. We update these as necessary to ensure they are kept up to date. 

Our Documentation

As part of our General Data Protection Regulation governance, we have linked all relevant documentation below. These link to our processing activities including the legal basis and how we protect your rights with regard to that specific processing activity, the retention schedules and also which of our teams are responsible for the data.

Data Sharing Agreement

We have a Data Sharing Agreement with the London School Of Economics, which enables the sharing of our members data. This agreement details what data may be shared and for what purposes. When we (LSE Students' Union) receive this data we become a data controller.

LSE-LSESU Data Sharing Agreement 2018

Data Processing Registers

To be transparent and accountable which are key themes of GDPR, we publish our Data Processing Registers. Our Teams update these on a regular basis to ensure that they are accurate and reflect the sorts of processing that we undertake at LSESU

Data Processing Register


We are very specific in which Processors we engage with, ensuring that they respect privacy of data subjects, and can comply with the relevant data protection legislation.

Our current processors currently include but are not limited to:

Your Rights

We are open about your rights and freedoms and how you can action them. We have detailed those which you have the ability action yourself, and have linked the relevant forms for you to fill in.

Importantly, some of these requests may have an effect on the ability of our staff and volunteers to provide services to you. During the process of the request, we will explain to you what effect it will have so you can make an informed decision about your data and the request that you have placed.

The Process

1. Fill out the Form


Fill out the form you require below, detailing what information and any specifics

Attach your proof of identity documents so that we know its you.

Either Email it to the Data Protection Officer or post it to us!

2. We'll Confirm

Within 5 working days of receipt we will let you know that we have received your request.

If we haven't, feel free to pop us an email and we'll follow up on it!

We'll also let you know at this point if we have any questions.

3. Results

Within 1 month we will give you the results of the your request.

If we need a little bit more time, on certain types of requests because of their complexity, we will also let you know by now!


Note : This will be 1 Month from when we receive your request, not when you send it!

Types of Requests


Subject Access Requests

LSESU is not subject to any FOI (Freedom of Information Requests) as we are not a publicly funded body.

However you can requests to know what specific information we hold on you. To do this you should use our Subject Access Request Form linked below and follow our process above.


Subject Access Request Form

Rectification Request

If after a subject access request, or you already know that we have some inaccurate data about you . Use this form to let us know so we can temporarily stop processing your incorrect data and update it for you.

If you are a student at LSE and are looking to update some information on your profile on our system, here's what to do.

  1. If it is contact details - you can login to this website and change those yourself in your account
  2. If it is other data - please get in contact with Student Services to update any out of date information

Rectification Request Form

Erasure Request

This is your right to be forgotten. This covers for example, if you haven given consent for us to process your data and would like us no longer to do so or we are processing your data for direct marketing and you no longer wish to receive any marketing from us.

Erasure Request Form

Data Portability Request

Where appropriate, you are able to take your data with you. To do this, place in a Data Portability Request, and we will be happy to provide you your data in a machine readable format. This will normally be in a CSV file which can be opened in excel.

Portability Request Form

Right to Restrict Processing Request

Where you wish for us to stop processing your data, but do not wish for it to be erased, you can place in a restriction to processing requests. This means that we can only store the data we hold on you until the relevant retention period (how long we hold that piece of data) ends.

Right to Restrict Processing Request Form

Objection to Processing Request

You may, if you wish, place an objection to us processing your data. This has a similar effect to restriction of processing. This applies in certain circumstances, but means that if your objection to processing is approved, we have to stop processing that data. This may also including deleting and removing that data from our storage.

Objection to Processing Request Form