UH Online Privacy Notice
This privacy notice is for the delivery of post-graduate online programmes by the University of Hertfordshire.
The University of Hertfordshire Higher Education Corporation (the ‘University’) is the Data Controller and is responsible for, and controls, the processing of, your Personal Data. The University is registered with the Information Commissioner’s Office (ICO), with the reference number Z5759523.
The University has engaged an external organisation, Skilled Education Limited (a company registered in England with number 12642946), to assist in the delivery of our online provision (course enquiries, application to study, and ongoing non-academic support). Skilled Education Limited acts as the University’s Data Processor and will process your data under the University’s instruction. Its ICO registration number is ZB521877.
The University and Skilled Education Limited are committed to maintaining the privacy and security of your personal data in line with data protection legislation, namely the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) 2018.
This Privacy Notice explains how your personal data will be processed (i.e., collected, used, shared and protected etc.). It is important that you read this Notice so that you are aware of how and why your personal data will be used. This notice should be read in conjunction with the University’s main Data Protection Policy and Privacy Statement, UPR IM08, and its appendices (IM08-Data-Protection.pdf (herts.ac.uk))
2. How your personal data will be used, what data will be collected and what lawful basis applies
Your personal data will be collected and processed for a number of related reasons and will only be used when the law allows (i.e. where there is a lawful basis as defined by the data protection legislation).
The vast majority of information that is processed about you will be provided by you, typically, for example, when you submit your details on the request information form on the website, by applying for admission via the online application form, or by phone if you provide information to an advisor. The tables below show the data processing involved and the lawful basis on which your data is processed, depending on how you engage with the University and Skilled Education Limited.
2.1. Enquiries and prospects
When you request information, make enquiries about any of the University services or programmes, or sign up to a taster lecture or event, the personal data you provide will be used in order to fulfil your request or respond to your enquiry. You may be contacted by email, WhatsApp, SMS or telephone depending on what you have consented to.
• Identify you.
• Process and administrate your query or request.
• Communicate any response.
If you make an application to the University’s courses, the personal data and any supporting documents (including references) you provide in your application will be processed. A third party application system, Dream Apply, is used to capture any data you provide as part of your application (https://www.dreamapply.com/privacy-policy).
• Identify you.
• Process your application.
• Verify information provided.
• Decide whether to offer you a place.
• Communicate the outcome of your application.
• Date of Birth
• Address (including country)
• Mobile number
• Fee Status
• Unique Identifier
• Disability (yes / no)
• Previous Qualifications
• Nominated Contact details.
• Passport Information
• Personal Statement
• Referee Information
If you are offered a place and subsequently enter into a contract with the University relating to study, your personal data will be processed as in the table below. When you become a student at the University, your data may also be processed in accordance with section 7.3 of the University’s main Data Protection Policy and Privacy Statement, UPR IM08, and its appendices (IM08-Data-Protection.pdf (herts.ac.uk).
Personal data will be used to identify you, process your registration, and verify information provided.
• Bank account details
• Billing address
• Credit card or other payment information in order to process your payments.
Personal data will be used to:
• identify you, and record your attendance, marks, performance on your courses and in assessments and examinations for the purpose of verifying that
• information and the results that you obtain.
deal with any disciplinary proceedings and complaints you are involved in.
• demonstrate you have met criteria set by relevant professional bodies.
The personal data will include your name, home address, email address, date of birth, course(s) studies, fee payments and information about your examinations, assessments, and results.
It may also include personal data about your health in order to make appropriate arrangements and reasonable adjustments that the University is legally obliged to provide for you regarding your welfare or participation in your studies – see also Special category, or ‘sensitive’, Personal Data
The University is required to submit certain statistical returns to government and regulatory agencies, by law.
These returns may include certain elements of students’ personal data.
This may include your name, home address, date of birth, course(s) studies, fee payments and information about your examinations, assessments and results, and other personal data that may identify you.*
It may be necessary to process sensitive personal data (or “special category” personal data) about you.
You will be given full information about the use of any such sensitive personal data at the time that it is requested and prior to any sharing of such data. Often sharing of this data will be by the data subject’s explicit consent and provision will therefore be optional.
Your personal data may be used to inform you of special offers and new or existing services or courses the University offers that are similar to those that you have already purchased or enquired about. This will normally be with your consent. If you would prefer to not receive such communications please follow the opt-out links on any marketing message.
Personal data will be processed in order to send you details of events and other information of interest to you by post, including sending you publications (e.g., newsletters and updates about the University).
Personal data will be processed in order provide you with details of events and other information of interest to you by telephone and electronic means, including:
• conducting surveys.
• providing services, including access to University facilities.
• sending you tailored proposals, appeals and requests for donations.
• sending you details of volunteering opportunities.
• inviting you to University events and administering such events.
• internal record keeping, including the management of any feedback or complaints.
2.5. Internal business purposes
Your personal data may also be used for internal business purposes. This is in the legitimate interests in order to operate as a business and monitor and improve the services provided by the University. Wherever possible, this information will be anonymised..
3. Sharing your information with third parties
Your personal data may be shared with third parties where required by law (e.g., with regulators and designated bodies such as JISC or OfS); where it is necessary to perform the contract with you and the third party is performing a service connected with that (e.g., processing payments, software provider for managing student records); or where there is a legitimate interest in doing so.
More information on when your data may be shared, along with a list of third parties, can be found here. Where necessary there will be appropriate data sharing arrangements in place with any 3rd party providers with whom your data is shared. This also includes where Skilled Education Limited may use third party providers for the purposes of collecting your personal data when you make an enquiry about our programmes, sign up to an event or taster session, make an application, or receive non-academic support as a student.
4. Sharing and processing personal data outside the UK and EEA
Personal data can only be transferred out of the UK and EEA when there are safeguards in place to ensure an adequate level of protection for the data, such as where a country has received an ‘adequacy decision’ for their level of data protection from the EU Commission. There are certain limited circumstances in which your personal data will be shared with third parties outside the UK and EEA, which may include:
• where a third-party service provider uses servers outside the UK or EEA;
• where a partner educational institution is based in territories outside the UK or EEA
• where foreign recruitment agents are outside the UK or EEA; and
• where placement providers are outside the UK or EEA.
In such circumstances, any transfer of personal data outside the UK or EEA will be subject to appropriate safeguards such as strict contractual arrangements, incorporating appropriate clauses that meet the requirements of data protection legislation.
5. The security of your personal data
Appropriate organisational and technical security measures have been put in place to protect your personal data from a data breach, i.e., accidental, or unlawful destruction, loss, alteration, and unauthorised disclosure or access. Access to your personal information is limited to those employees, service providers, business partners, agents and other third parties who have a legitimate need to know. They will only process your personal information on the instructions of the University or Skilled Education Limited or as otherwise agreed and they are subject to a duty of confidentiality.
Procedures are in place for dealing with any suspected data security breach and you will be notified, as will any applicable regulator of a suspected breach, where there is a legal obligation to do so.
6. Storage and retention of your personal data
Your personal data will only be retained for as long as necessary to fulfil the purposes it was collected for, including for the purposes of providing you with the education you signed up for, and for satisfying any legal, accounting or reporting requirements. Your data will be held in line with the University retention schedule which is available here: Archiving-Retention-of-Prime-Docs-Business-Records.pdf
If you have any queries on the retention of your data, please contact email@example.com
7. Your data subject rights
Under certain circumstances, by law, you have the right to:
• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data held about you.
• Request correction of any personal held about you.
• Request erasure of your personal data where there is no good reason for us continuing to process it.
• Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party), including where the processing of your personal information is for direct marketing purposes.
• Request the restriction of processing of your personal data. You can ask for processing of your data to be suspended where you might, for example, want to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.
If you want to fulfil any of these rights please contact firstname.lastname@example.org. You can also find further information as to how we will deal with any data subject rights requests here: Data-Subjects-Rights.pdf
9. Contact and complaints and exercising data rights
Please contact email@example.com in the first instance if you have any queries or complaints about the way your data or fulfilment of your rights has been handled, and we will make every attempt to deal with your concerns.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
Social Networking Buttons
Many of our web pages contain links to social networking sites that are provided by the sites themselves such as Facebook and Twitter. The scripts used to generate these buttons come from from third party websites and the third parties might be setting cookies, gathering usage information and setting their own cookies. Details of their privacy policies can be found here:
• Discus' terms and policies