Log in


Privacy Notice

Cardiff University Students' Union and our subsidiary companies Cardiff Union Services LTD & Cardiff Volunteering, collectively known in this notice as "The Students' Union", "Us" or "We" (find out more about our corporate structure), is committed to protecting the rights of our students, members & customers in line with the general data protection regulations. This page explains how your information is used, who it may be passed to and what your rights and responsibilities are. The three companies that make up our corporate structure are registered with the Information Commissioner's Office (ICO) to process personal data and you can view the registration on the ICO's website under the Data Protection Register for CUSU, Data Protection Register for CUSL, and Data Protection Register for CV.

This notice may be updated from time to time to ensure continued compliance with current legislation and to reflect best practice.


Current students of Cardiff University, The Students' Union will receive an up to date copy of your student record directly from Cardiff University (unless you have opted out of Students' Union membership at enrolment), from the start of your enrolment to the end of your course your information will be stored on our secure servers.  You can find out more about this transference of data by viewing the University Data Sharing Agreement.  The Students’ Union will notify all members when elections are running in line with Article 6 (e), for the purpose of carrying out fair elections the processing of Student data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller as is in our memorandum and Part 3 of Ordinance 13 .

Past students of Cardiff University, as an alumni of Cardiff University you will be entitled to continue to use our services, your account will be automatically archived at the end of your studies for purposes of records of achievement and account transaction history management, if you wish to regain full access to the range of services at the end of your studies please send an email to us at StudentsUnion@Cardiff.ac.uk quoting “Alumni SU Account”.

General public (our customers), The Students' Union will collect your personal data during your online application, we will continue to process your personal data so that we can manage our contractual obligations, fulfil our and your legitimate interests and satisfy our statutory responsibilities.

Your personal data will be used to:

  • manage your online account - including memberships and entitlements;
  • allow you to purchase and access stored event tickets;
  • manage event entrances and guest lists;
  • notify you of changes;
  • provide services (food and drink provisions);
  • carry out legal duties (including providing information to others - see disclosures section);
  • use your data to produce anonymous demographics;
  • use your contact details for the purpose of promotion and marketing where consent is first freely given.

Personal information may be collected separately and in person or by any other means from staff of the organisation, such as our security personnel or events management for the purposes of public safety. Any information obtained will be GDPR compliant and if such an occurrence takes place an explanation of why and how the data will be used will be communicated.

Mailchimp & Our Marketing Mailing Lists

The Students' Union currently operates two Mailchimp subscriber mailing lists:

  • With our Offers & Promotions Mailing List you can sign up to if you are interested in hearing all about our current and future events, any sweet deals and offers us or our partners might be running and our September activities.
  • With our Cardiff Students Alumni Mailling List you can sign up if you are a graduate of Cardiff University and want to hear all about our Alumni events including our annual Varsity.

We will use your consent to join these mailing lists, this is captured when you fill out either of the subscriber forms, If you opt into our marketing communications via OpenTable or our App you will be consenting to joining the Offers & Promotions Mailing List

We will never share your personal data with anyone without first getting your explicit consent to do so, we will keep you on the mailing list for two years before we will notify you to remind you that your data is still held by us for the purpose of sending you our marketing material.

You can unsubscribe from either of these lists by click unsubscribe in any email you have received or by contacting StudentsUnion@Cardiff.ac.uk.

Business to Business, The Students' Union will keep a record of business contacts that “We” have or that have provided a service to “Us” in a business capacity, this information will be kept securely and will be processed lawfully in line with our legitimate interest to do so. The Students' Union will use this information to communicate business to business services and to fulfil contractual obligations. This information will be shared to comply with statutory requirements and for the purposes of audit.


The Students' Union may share your relevant personal data with the following bodies where we have a lawful basis to do so:

Disclosure to


Fulfil a contract where a contract exists with you.

In accordance with the terms of the contract.  

The governing body for university sport in the United Kingdom (BUCS)

In order to confirm entry into the British Universities and Colleges Sport competitions "we" will (on request) share information to process your application (BUCS DSA)

University Hospital of Wales and/or South Wales police

Where an individual is not capable of giving consent and we have a duty to protect their vital interest.

Work placement sites or educational partners involved in joint course provision.

Where this is necessary for the delivery of your programme of study. (SDS Data Sharing Agreements)


Potential employers or providers of education whom you have approached

To confirm your qualifications, references or development courses. (SDS Data Sharing Agreements)

UK agencies with duties relating to the prevention and detection of crime, collection of a tax or duty or safeguarding national security

In order to allow the assessment, and payment and collection of relevant taxes i.e Council Tax, and benefits.

To aid the police, UK Visas and Immigration Agency or the Foreign and Commonwealth Office.

(This happens only as necessary and in consideration of your rights and freedoms)



In accordance with the University and Students' Union Data Sharing Agreement and with your consent where an application is made to use the Jobshop service (Jobshop Sharing Agreements)

Cardiff Student Letting

In accordance with the University and Students' Union Data Sharing Agreement and with your consent or where an application is made or a contract or tenancy agreement is in place. (Download and View Cardiff Student Letting Privacy Notice)

Any other disclosures that the Students’ Union makes will be in accordance with a lawful basis defined in the General Data Protection Regulations and your interests will always be considered.

How long your information will be held

The Students’ Union will retain your personal information for different periods of time depending on the services you have used and if you are a student, alumni or customer.

  • Your transaction history will be kept for 7 years from the date of transaction.
  • Ticket event attendance lists are kept for 2 years from the date of the event.
  • Your online account will be kept open indefinitely unless you have asked “Us” to close it or if we have taken the decision to do so.
  • As a training provider the Students’ Union will keep a student record of any studies that you have undertaken with “Us” permanently. This student record will include, name, date of birth, course attended, date of course and any grades obtained.

Security of your information

General Data Protection Regulations require us to keep your information secure. This means that your confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to relevant personal data will be authorised to do so. Information about you in electronic form will be subject to password and other security restrictions, while paper files will be stored in secure areas with controlled access.

Some processing may be undertaken on behalf of the Students’ Union by an organisation contracted for that purpose. Organisations processing personal data on behalf of the Students’ Union will be bound by an obligation to process personal data in accordance with Data Protection legislation.

Your rights

You have a right to access your personal information through the a Subject Access Request, You also have a right to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information.  Any requests or objections should be made in writing to the Data Protection Officer using the contact details provided below.

Your responsibilities

You have a responsibility to keep your personal details up to date, as a student you can do so via SIMS, as a member of the public you can do so by either logging into your profile management on the website or by contacting StudentsUnion@Cardiff.ac.uk

How to raise a query, concern or complaint

If after reading this page you still have queries, concerns or wish to raise a complaint you should contact the Data Protection Officer in the first instance at the following:

Allan Morris
Data Protection Officer
Web Development & Data Protection
Cardiff University Students’ Union
University Union
Park Place
CF10 3QN
Email: StudentsUnion@Cardiff.ac.uk 
Tel: 029 2078 1405

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for investigation. The Information Commissioner can be contacted at: -

Information Commissioner’s Office,
Wycliffe House,
Water Lane,

The Information Commissioner's Office also provides useful advice and guidance on data protection.

Relevant Links 

Jobshop Privacy Notice

Cardiff University Students' Union Recruitment Privacy Notice

Cardiff Student Letting Privacy Notice

Cardiff Volunteering Privacy Notice

Cardiff University Students' Union Website Terms & Conditions

Hysbysiad Preifatrwydd

Mae Undeb Myfyrwyr Prifysgol Caerdydd ac is-gwmnïau Gwasanaethau Undeb Caerdydd CYF a Gwirfoddoli Caerdydd, gyda’i gilydd y cyfeirir atynt yn yr hysbysiad hwn fel "Undeb y Myfyrwyr", "Ni" (cewch wybod mwy am ein strwythur corfforaethol), wedi ymrwymo i amddiffyn hawliau ein myfyrwyr, aelodau a chwsmeriaid yn unol â'r rheoliadau cyffredinol ar gyfer diogelu data. Mae'r dudalen hon yn esbonio sut caiff eich gwybodaeth ei defnyddio, at bwy y gellir ei throsglwyddo a beth yw eich hawliau a'ch cyfrifoldebau. Mae'r tri chwmni sy'n ffurfio ein strwythur corfforaethol wedi'u cofrestru â Swyddfa'r Comisiynydd Gwybodaeth (ICO) i brosesu data personol, a chewch weld y cofrestriad ar wefan yr ICO o dan Gofrestr Ddiogelu Data UMPC, Cofrestr Ddiogelu Data Gwasanaethau UM Caerdydd CYF, a'r Gofrestr Ddiogelu Data Gwirfoddoli Caerdydd.

Gellir diweddaru'r hysbysiad hwn o bryd i'w gilydd i sicrhau cydymffurfiad parhaus â'r ddeddfwriaeth gyfredol ac i adlewyrchu arfer gorau.


Statws myfyrwyr presennol Prifysgol Caerdydd, Bydd Undeb y Myfyrwyr, yn cael copi cyfoes o'ch cofnod myfyrwyr yn uniongyrchol o Brifysgol Caerdydd (oni bai eich bod wedi optio allan o aelodaeth Undeb y Myfyrwyr wrth gofrestru), o’r adeg y bu i chi gofrestru hyd ddiwedd eich cwrs. Caiff eich gwybodaeth ei storio ar ein gweinyddion diogel. Cewch wybod mwy am y trosglwyddiad data hwn drwy edrych ar Gytundeb Rhannu Data’r Brifysgol. Bydd Undeb y Myfyrwyr yn hysbysu bob aelod pan mae’r etholiadau yn cael eu cynnal yn unol ag Erthygl 6 (e), er mwyn cynnal etholiadau teg mae prosesu data'r Myfyrwyr yn angenrheidiol ar gyfer cwblhau’r dasg er budd y cyhoedd neu i weithredu awdurdod swyddogol wedi ei freintio i’r rheolwr fel sydd yn ein memorandwm a Rhan 3 o Orchymyn 13.

Cyn-fyfyrwyr Prifysgol Caerdydd, fel cyn-fyfyrwyr Prifysgol Caerdydd, bydd gennych hawl i barhau i ddefnyddio ein gwasanaethau, caiff eich cyfrif ei archifo'n awtomatig ar ddiwedd eich astudiaethau at ddibenion cofnodion cyrhaeddiad a rheoli hanes trafodion y cyfrif. Os ydych yn dymuno adennill mynediad llawn at yr amrywiaeth o wasanaethau ar ddiwedd eich astudiaethau, e-bostiwch ni ar StudentsUnion@Caerdydd.ac.uk gan ddyfynnu "Cyfrif Cyn-fyfyrwyr yr Undeb".

Y cyhoedd yn gyffredinol (ein cwsmeriaid), Bydd Undeb y Myfyrwyr yn casglu eich data personol yn ystod eich cais ar-lein; byddwn yn parhau i brosesu eich data personol fel bod modd i ni reoli ein dyletswyddau cytundebol, gwarchod ein buddiannau cyfreithiol ni a'ch rhai chi, yn ogystal â chyflawni ein cyfrifoldebau statudol.

Caiff eich data personol ei ddefnyddio i wneud y canlynol:

  • rheoli eich cyfrif ar-lein - gan gynnwys aelodaethau a hawliau;
  • eich galluogi i brynu a chael mynediad i docynnau ar gyfer digwyddiadau sydd wedi'u storio;
  • rheoli mynediad i ddigwyddiadau a rhestrau gwestai;
  • rhoi gwybod i chi am newidiadau;
  • darparu gwasanaethau (darpariaeth fwyd a diod);
  • cyflawni dyletswyddau cyfreithiol (gan gynnwys darparu gwybodaeth i eraill - gweler yr adran ddatgeliadau);
  • defnyddio eich data i gynhyrchu demograffeg anhysbys;
  • defnyddio eich manylion cyswllt at ddibenion hyrwyddo a marchnata lle rhoddir caniatâd o'ch gwirfodd.

Gellir casglu gwybodaeth bersonol ar wahân, wyneb yn wyneb neu drwy unrhyw ddull arall gan staff y mudiad, megis ein personél diogelwch neu staff rheoli digwyddiadau at ddibenion diogelwch y cyhoedd. Bydd unrhyw wybodaeth a gesglir yn cydymffurfio â GDPR, ac mewn achos o'r fath, caiff esboniad o pam a sut y caiff y data ei ddefnyddio a’i gyfathrebu.

Busnes i Fusnes, Bydd Undeb y Myfyrwyr yn cadw cofnod o gysylltiadau busnes sydd gennym "Ni" neu sydd wedi darparu gwasanaeth i "Ni" ar sail busnes. Caiff yr wybodaeth hon ei chadw'n ddiogel a’i phrosesu'n gyfreithlon yn unol â'n buddiannau dilys i wneud hynny. Bydd Undeb y Myfyrwyr yn defnyddio'r wybodaeth hon i gyfathrebu gwasanaethau busnes i fusnes ac i gyflawni dyletswyddau cytundebol. Rhennir y wybodaeth hon i gydymffurfio â gofynion statudol ac at ddibenion archwilio.


Mae'n bosib y bydd Undeb y Myfyrwyr yn rhannu'ch data personol perthnasol â'r cyrff canlynol pan fydd gennym sail gyfreithlon i wneud hynny:

Datgelu i


Cyflawni cytundeb pan fydd cytundeb yn bodoli gyda chi.

Yn unol â thelerau'r cytundeb,

Corff llywodraethu chwaraeon prifysgolion y Deyrnas Unedig (BUCS)

Er mwyn cadarnhau cyfranogiad yng nghystadlaethau Chwaraeon Prifysgolion a Cholegau Prydain byddwn "ni" (ar gais) yn rhannu gwybodaeth er mwyn prosesu eich cais (BUCS DSA)

Ysbyty Athrofaol Cymru a/neu Heddlu De Cymru

Mewn achosion pan nad fydd modd i unigolyn roi caniatâd a bydd gennym ddyletswydd i ddiogelu eu buddiannau sylfaenol.

Darparwyr lleoliadau gwaith neu bartneriaid addysgol sy'n ymwneud â darparu cyrsiau ar y cyd.

Pan fydd hyn yn angenrheidiol ar gyfer cyflwyno eich rhaglen astudio. (Cytundebau Rhannu Data SDS)



Cyflogwyr neu ddarparwyr addysg posib rydych wedi cysylltu â nhw

I gadarnhau eich cymwysterau, geirdaon neu gyrsiau datblygu. (Cytundebau Rhannu Data SDS)

Asiantaethau'r DU sydd â dyletswyddau sy'n ymwneud ag atal a chanfod troseddau, casglu trethi neu dollau, neu sicrhau diogelwch cenedlaethol

Er mwyn caniatáu’r asesiad, a thalu a chasglu trethi perthnasol, h.y. Treth y Cyngor, a budd-daliadau.

I gynorthwyo'r heddlu, Asiantaeth Fisas a Mewnfudo’r DU neu'r Swyddfa Dramor a Chymanwlad.

(Nid yw hyn ond yn digwydd yn ôl yr angen yn unig ac wrth ystyried eich hawliau a'ch rhyddid)



Siop Swyddi

Yn unol â'r Cytundeb Rhannu Data rhwng y Brifysgol ac Undeb y Myfyrwyr a chyda'ch caniatâd, lle gwneir cais i ddefnyddio'r gwasanaeth Siop Swyddi (Jobshop Data Agreements)

Gosod Myfyrwyr Caerdydd

Yn unol â'r Cytundeb Rhannu Data rhwng y Brifysgol ac Undeb y Myfyrwyr a chyda'ch caniatâd, pan wneir cais neu pan fydd contract neu gytundeb tenantiaeth yn bodoli. (Lawrlwythwch i gael gweld Hysbysiad Preifatrwydd Gosod Myfyrwyr Caerdydd )

Bydd unrhyw ddatgeliadau eraill y bydd Undeb y Myfyrwyr yn eu gwneud yn unol â sail gyfreithlon a ddiffinnir yn y Rheoliadau Diogelu Data Cyffredinol a chaiff eich buddiannau eu hystyried drwy’r amser.

Am ba hyd y caiff eich gwybodaeth ei chadw

Bydd Undeb y Myfyrwyr yn cadw eich gwybodaeth bersonol am gyfnodau gwahanol gan ddibynnu ar y gwasanaethau rydych wedi'u defnyddio ac os ydych yn fyfyriwr, yn gyn-fyfyriwr neu'n gwsmer.

  • Caiff cofnod o'ch trafodion ei gadw am 7 mlynedd o ddyddiad y trafodiad ymlaen.
  • Cedwir rhestrau presenoldeb mewn digwyddiadau â mynediad drwy docyn am 2 flynedd o ddyddiad y digwyddiad.
  • Cedwir eich cyfrif ar-lein yn agored am gyfnod amhenodol oni bai eich bod wedi gofyn i "Ni" ei gau neu os byddwn wedi penderfynu gwneud hynny.
  • Fel darparwr hyfforddiant, bydd Undeb y Myfyrwyr yn cadw cofnod parhaol o unrhyw astudiaethau rydych wedi ymgymryd â nhw gyda "Ni". Bydd y cofnod myfyriwr hwn yn cynnwys, enw, dyddiad geni, cwrs a fynychwyd, dyddiad y cwrs ac unrhyw farciau a enillwyd.

Diogelwch eich gwybodaeth

Mae Rheoliadau Diogelu Data Cyffredinol yn ein gorfodi i gadw eich gwybodaeth yn ddiogel. Mae hyn yn golygu y bydd eich cyfrinachedd yn cael ei barchu, a chymerir pob mesur priodol i atal mynediad a datgelu heb awdurdod priodol. Dim ond aelodau o staff y mae angen mynediad at ddata personol perthnasol arnynt a gaiff yr awdurdod i wneud hynny. Bydd gwybodaeth amdanoch chi ar ffurf electronig yn destun cyfrinair a chyfyngiadau diogelwch eraill, a chaiff ffeiliau papur eu storio mewn mannau diogel â mynediad wedi'i reoli.

Gall sefydliad, a gontractiwyd at y diben hwn, wneud rhywfaint o brosesu ar ran Undeb y Myfyrwyr. Bydd dyletswydd ar sefydliadau sy'n prosesu data personol ar ran Undeb y Myfyrwyr i brosesu data personol yn unol â deddfwriaeth Diogelu Data.

Eich hawliau

Mae gennych hawl i gael gafael ar eich gwybodaeth bersonol drwy Gais am Fynediad am y Testun yn ogystal â’r hawl i wrthwynebu prosesu eich gwybodaeth bersonol, sef cywiro, dileu, cyfyngu a throsglwyddo eich gwybodaeth bersonol. Dylid gwneud unrhyw geisiadau neu wrthwynebiadau yn ysgrifenedig i'r Swyddog Diogelu Data gan ddefnyddio'r manylion cyswllt a ddarperir isod.

Eich cyfrifoldebau

Mae gennych gyfrifoldeb i gadw eich manylion personol yn gyfredol. Fel myfyriwr, cewch wneud hynny drwy SIMS, fel aelod o'r cyhoedd cewch wneud hynny naill ai drwy fewngofnodi ar eich proffil ar y wefan neu drwy gysylltu â sStudentsUnion@Caerdydd.ac.uk.

Sut mae gwneud ymholiad, pryder neu gwyn

Ar ôl darllen y dudalen hon, os bydd gennych chi ymholiadau, pryderon neu os ydych am wneud cwyn, dylech gysylltu â'r Swyddog Diogelu Data yn gyntaf ar y canlynol:

Allan Morris
Swyddog Diogelu Data
Datblygu’r We a Diogelu Data
Undeb Myfyrwyr Prifysgol Caerdydd
Undeb y Brifysgol
Plas y Parc
CF10 3QN
E-bost: StudentsUnion@Caerdydd.ac.uk 
Ffôn: 029 2078 1405

Os ydych yn dal i fod yn anfodlon, mae gennych yr hawl i wneud cais uniongyrchol i'r Comisiynydd Gwybodaeth am archwiliad. Gellir cysylltu â'r Comisiynydd Gwybodaeth ar: -

Swyddfa'r Comisiynydd Gwybodaeth,
Wycliffe House,
Water Lane,
Swydd Gaer,

Mae Swyddfa'r Comisiynydd Gwybodaeth hefyd yn rhoi cyngor ac arweiniad defnyddiol ar ddiogelu data.

Dolenni perthnasol 

Hysbysiad Preifatrwydd y Siop Swyddi

Hysbysiad Preifatrwydd Recriwtio Undeb Myfyrwyr Prifysgol Caerdydd

Hysbysiad Preifatrwydd Gosod Myfyrwyr Caerdydd

Hysbysiad Preifatrwydd Gwirfoddoli Caerdydd

Telerau ac Amodau Gwefan Undeb Myfyrwyr Prifysgol Caerdydd