This privacy notice is for the delivery of post-graduate online programmes by the University of Hertfordshire.
The University of Hertfordshire Higher Education Corporation (the ‘University’) is the Data Controller and is responsible for, and controls, the processing of, your Personal Data. The University is registered with the Information Commissioner’s Office (ICO), with the reference number Z5759523.
The University has engaged an external organisation, Skilled Education Limited (a company registered in England with number 12642946), to assist in the delivery of our online provision (course enquiries, application to study, and ongoing non-academic support). Skilled Education Limited acts as the University’s Data Processor and will process your data under the University’s instruction. Its ICO registration number is ZB521877.
The University and Skilled Education Limited are committed to maintaining the privacy and security of your personal data in line with data protection legislation, namely the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) 2018.
This Privacy Notice explains how your personal data will be processed (i.e., collected, used, shared and protected etc.). It is important that you read this Notice so that you are aware of how and why your personal data will be used. This notice should be read in conjunction with the University’s main Data Protection Policy and Privacy Statement, UPR IM08, and its appendices (IM08-Data-Protection.pdf (herts.ac.uk))
If you have any questions about this Privacy Policy, you can contact the University by emailing the Data Protection Officer (DPO) at dataprotection@herts.ac.uk
Your personal data will be collected and processed for a number of related reasons and will only be used when the law allows (i.e. where there is a lawful basis as defined by the data protection legislation).
The vast majority of information that is processed about you will be provided by you, typically, for example, when you submit your details on the request information form on the website, by applying for admission via the online application form, or by phone if you provide information to an advisor. The tables below show the data processing involved and the lawful basis on which your data is processed, depending on how you engage with the University and Skilled Education Limited.
Please note that, where you opt-in to communication using WhatsApp, any personal data processing will be subject to WhatsApp’s own privacy policy. Please see WhatsApp’s privacy information here (Privacy Policy (whatsapp.com).
When you request information, make enquiries about any of the University services or programmes, or sign up to a taster lecture or event, the personal data you provide will be used in order to fulfil your request or respond to your enquiry. You may be contacted by email, WhatsApp, SMS or telephone depending on what you have consented to.
If you make an application to the University’s courses, the personal data and any supporting documents (including references) you provide in your application will be processed. A third party application system, Dream Apply, is used to capture any data you provide as part of your application (https://www.dreamapply.com/privacy-policy).
If you are offered a place and subsequently enter into a contract with the University relating to study, your personal data will be processed as in the table below. When you become a student at the University, your data may also be processed in accordance with section 7.3 of the University’s main Data Protection Policy and Privacy Statement, UPR IM08, and its appendices (IM08-Data-Protection.pdf (herts.ac.uk).
Your personal data may be used to inform you of special offers and new or existing services or courses the University offers that are similar to those that you have already purchased or enquired about. This will normally be with your consent. If you would prefer to not receive such communications please follow the opt-out links on any marketing message.
Your personal data may also be used for internal business purposes. This is in the legitimate interests in order to operate as a business and monitor and improve the services provided by the University. Wherever possible, this information will be anonymised..
Your personal data may be shared with third parties where required by law (e.g., with regulators and designated bodies such as JISC or OfS); where it is necessary to perform the contract with you and the third party is performing a service connected with that (e.g., processing payments, software provider for managing student records); or where there is a legitimate interest in doing so.
More information on when your data may be shared, along with a list of third parties, can be found here. Where necessary there will be appropriate data sharing arrangements in place with any 3rd party providers with whom your data is shared. This also includes where Skilled Education Limited may use third party providers for the purposes of collecting your personal data when you make an enquiry about our programmes, sign up to an event or taster session, make an application, or receive non-academic support as a student.
Personal data can only be transferred out of the UK and EEA when there are safeguards in place to ensure an adequate level of protection for the data, such as where a country has received an ‘adequacy decision’ for their level of data protection from the EU Commission. There are certain limited circumstances in which your personal data will be shared with third parties outside the UK and EEA, which may include:
• where a third-party service provider uses servers outside the UK or EEA;
• where a partner educational institution is based in territories outside the UK or EEA
• where foreign recruitment agents are outside the UK or EEA; and
• where placement providers are outside the UK or EEA.
In such circumstances, any transfer of personal data outside the UK or EEA will be subject to appropriate safeguards such as strict contractual arrangements, incorporating appropriate clauses that meet the requirements of data protection legislation.
Appropriate organisational and technical security measures have been put in place to protect your personal data from a data breach, i.e., accidental, or unlawful destruction, loss, alteration, and unauthorised disclosure or access. Access to your personal information is limited to those employees, service providers, business partners, agents and other third parties who have a legitimate need to know. They will only process your personal information on the instructions of the University or Skilled Education Limited or as otherwise agreed and they are subject to a duty of confidentiality.
Procedures are in place for dealing with any suspected data security breach and you will be notified, as will any applicable regulator of a suspected breach, where there is a legal obligation to do so.
Your personal data will only be retained for as long as necessary to fulfil the purposes it was collected for, including for the purposes of providing you with the education you signed up for, and for satisfying any legal, accounting or reporting requirements. Your data will be held in line with the University retention schedule which is available here: Archiving-Retention-of-Prime-Docs-Business-Records.pdf
If you have any queries on the retention of your data, please contact dataprotection@herts.ac.uk
Under certain circumstances, by law, you have the right to:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data held about you.
• Request correction of any personal held about you.
• Request erasure of your personal data where there is no good reason for us continuing to process it.
• Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party), including where the processing of your personal information is for direct marketing purposes.
• Request the restriction of processing of your personal data. You can ask for processing of your data to be suspended where you might, for example, want to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.
If you want to fulfil any of these rights please contact dataprotection@herts.ac.uk. You can also find further information as to how we will deal with any data subject rights requests here: Data-Subjects-Rights.pdf
This Privacy Policy will be updated from time to time to reflect changes to the legislation and data processing as a result. Please check this policy for future updates. You may also be notified in other ways from time to time about the processing of your personal information.
Please contact dataprotection@herts.ac.uk in the first instance if you have any queries or complaints about the way your data or fulfilment of your rights has been handled, and we will make every attempt to deal with your concerns.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
Many of our web pages contain links to social networking sites that are provided by the sites themselves such as Facebook and Twitter. The scripts used to generate these buttons come from from third party websites and the third parties might be setting cookies, gathering usage information and setting their own cookies. Details of their privacy policies can be found here:
• Facebook's Privacy Policy
• Twitter's Privacy Policy
• Discus' terms and policies
We will embed videos into our web pages, mostly from YouTube and Vimeo. These third parties might be gathering usage information and setting their own cookies. Details of their privacy policies can be found here:
• YouTube's Privacy Policy
• Vimeo's Privacy Policy
