Privacy policy and GDPR

On this page:

The data we collect about you

We collect data to provide you with a better experience of using our websites and applications, amongst other reasons (see the “How will we use your data?” section below). In order to provide you with access to our services or data within our websites and applications, we may require that you provide certain personal data. This information may include:

• Your name, postal address, telephone number, fax number, e-mail address, subscriber name or screen name, password used to access our services, country of residence and/or method of payment

• personal and contact details you give us when subscribing to receive marketing information from us (for example name, role and email address)

• data relating to your place of employment and affiliations

• information we collect via cookies or similar technology stored on your device about how you use our websites (please see section below re use of Cookies)

• information from social media activity (such as likes, shares and tweets) when you interact with us on social media

• information you provide if you report a problem with our website or service

• your financial information, such as account name and account number

How we collect your personal data

This will depend on the reason we are processing your personal data. Our processes for collection are:

• online via our various application platforms and databases that we use which are either wholly owned or used by us under license

• via post

• telephone

• face to face

• from publicly available sources, such as LinkedIn, institution websites

• collected as a business contact

• use of Cookies

Who we may share your personal data with, and why

• HEaTED staff – to provide you with applicable services.

• Banks, finance management, direct debit, and accountancy software systems – so that we can process payments with you in accordance with the appropriate transaction that you are entering into with us.

• Mentoring services – to provide you with the service you opt in for.

• Mailing and delivery companies – to send you written communications and hard copies of newsletters, magazines etc as appropriate.

• Third party legal, counselling and career services – to provide the contracted service (only on receipt of your completed contact form).

• Social media – where you have submitted a community related news story to us and we have published it.

• Print supplier companies – for fulfilment of external printing.

• Travel booking systems, travel companies, taxi services and flight providers – where you ask us to make such arrangements on your behalf.

• Venues where we are running an event, conference or symposium – when the venue requires personal details of attendees to make bookings, for example for hotel rooms.

Third parties

We will not sell your personal data.

We may disclose your personal data to third parties if we are under a duty to disclose or share it, in order to comply with any legal regulations, good governance obligations, in order to enforce or to protect our rights, property, or safety, that of other persons with whom we have a business relationship, or to purchasers or prospective purchasers in relation to a disposal of our business or assets.

We may use third party service providers to support our provision of our services. Such will relate to business functions, including (without limitation) IT support, hosting our data on cloud platforms, legal, accounting, audit, consulting and other professional service providers, and providers of other services related to our business.

Portions of our services may be provided by organisations with which we have a contractual relationship, including subcontractors, and, accordingly, your personal data may be disclosed to them. We only provide these organisations with the information that they need to be able to perform their services. We will have in place an agreement with our service providers which will restrict how they are able to process your personal data.

Our promise to you

• We will never pass your personal details to anyone outside HEaTED for them to use for their own marketing purposes unless you have previously provided us with your informed and specific consent.

• We will make sure that our contact with you is relevant and in accordance with the preferences that you give us and in order to enable us to provide the service you require to you.

• You can change your contact preferences at any time. All you need to do is update your preferences by contacting us at heated@sheffield.ac.uk. But remember, you may miss out on important news and developments.

• Your personal data will be stored safely and will remain secure at all times.

• No statistical information which identifies you personally will be published.

• No personal data will be kept any longer than necessary in order to fulfil the purpose it was collected for, and if you ask us to, it will be deleted. We will collect and process your personal data in accordance with this Statement.

If you make an enquiry via our website, on the telephone or via email, or via any third party, we will collect the information you provide to us, together with any information provided by that third party.

How we will use your data

We will process your personal data:

• As necessary to perform our contract with you for the relevant service: to take steps at your request before entering into it, to decide whether to enter into it, to manage and perform that contract and to update our records.

• As necessary for our own legitimate interests: for example to monitor emails, record calls, and other communications to train staff and activities relating to your membership, or in dealing with a complaint that you raise.

• As necessary to comply with a legal obligation: for example when you exercise your rights under data protection laws and make requests, for establishment and defence of legal rights or obligations, for example in dealing with any complaint from you.

• Based on your consent: for example to send you direct marketing where we’ve asked for your consent to do so.

Marketing

We want to share information and news about our products and services with you. We can do this in various ways including e-mail, post, phone or social media (or such other method(s) as may become relevant) but only if you would like us to.

In accordance with applicable laws and lawful basis for processing, we may use your personal data to provide you with direct marketing about our products and services as well as those of third parties and to take part in our marketing research.

We will ensure that any direct marketing from us and which is sent by electronic means will provide a simple means for you to stop further communications, in accordance with applicable law. Once you have provided your express consent for us to contact you on our behalf, or on behalf of other organisations, there are a number of methods available to you in order to change your preferences, to correct or update your personal data at any time by:

• clicking the ‘unsubscribe’ link in any promotional e-mail you receive from us

• contacting our product or service team where a correction is required

• contacting us at heated@sheffield.ac.uk

In addition, if we need your consent for direct marketing under applicable law, and if you provide your consent, you will be able to change your mind at any time.

We use 3rd parties to conduct some of our email campaigns using their contact lists, such as for training, development and events for reasons such as promoting our specific courses. We will provide such 3rd parties with a stop list of those who have specifically opted out of receiving such emails on the proviso that this list is deleted after the campaign is completed.

In the instance that marketing material we send you is returned, we will remove your incorrect details from our systems, where possible.

If you complete a contact form on one of our websites, your query and data will be forwarded to our relevant internal team to answer and respond.

Photography and video

We have a procedure in place in relation to our use of images through use of photographs and video, including process for consent to use (as applicable), retention and deletion. For more information please contact our Data Protection Officer at the address shown above.

International transfer

HEaTED is an organisation located in the United Kingdom. This Statement establishes our national principles for the collection, use and disclosure of information gathered through our websites and applications. The country in which you are doing business with us or where the website you are visiting is located/hosted may have specific requirements concerning personal data.

The data that we collect from you will not be be stored in a location outside of the European Economic Area.

We have not set out the specific circumstances when each of these protection measures are used. You can contact us at heated@sheffield.ac.uk for the details as to how we protect specific transfer of your data.

Children’s data

We recognise any individual under the age of 18 years old as being a child. We take safeguarding of children (including the protection of their personal data) seriously and will take all reasonable steps to ensure that children are provided with sufficiently clear information on how we will collect, process and store their personal data, and that children and their guardians understand the nature of the processing of their personal data together with their rights in respect of the same.

Save for photography and filming, children under 18 years old may be able to provide consent in their own right to the processing of their personal data depending on their maturity and ability to understand the nature of the processing of that data. We will take reasonable steps to assess a child’s maturity and ability to understand the nature of data processing before determining whether a child can reasonably consent to processing in their own right. Further information on how we will assess a child’s ability to consent in their own right can be supplied on request via our contact details above.

Special categories of personal data

We may collect special categories of personal data if it is provided to us by you, or on your behalf, with your consent and it is appropriate to the service that we will provide to you. By giving us this information, you agree that we may use such data as set out in this Statement.

Data anonymisation and aggregation

We may anonymise or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymised or aggregated data, for example, for statistical analysis and administration including analysis of trends, to carry out actuarial work, to tailor products and services and to conduct risk assessment and analysis of costs and charges in relation to our products and services. We may share anonymised or aggregated data with third parties.

Your rights

We also offer the following controls:

• You may request access to, or copies of, the personal data that we hold about you. If you would like to exercise this right, please contact us at heated@sheffield.ac.uk or the HEaTED designated address above;

• If you believe that any data we have about you is incorrect or incomplete, or have concerns as to how we are using your data please contact us at heated@sheffield.ac.uk as soon as possible. We will take steps to seek to correct or update any data if we are satisfied that the data we hold is inaccurate.

• You may request that your personal data is deleted, where it is no longer necessary for the purposes for which it is being processed and provided there is no other lawful basis for which we may continue to process such data;

• If we are processing your personal data to meet our legitimate interests, you may object to such processing. If we are unable to demonstrate our legitimate grounds for that processing, we will no longer process your personal data for those purposes;

• You may withdraw any consent given to processing (this will not affect the lawfulness of processing based on consent before its withdrawal); or

• If we are processing your personal data automatically, for the purposes of performing our contract with you, or based on your consent you may have the right to request that the personal data we hold about you be transferred to a third party data controller.

If you consider that we are in breach of our obligations under data protection regulation, you may lodge a complaint with the Information Commissioner’s Office.

Retention

We have criteria in place in relation to how we determine the period for which we use your personal data, as well as a process for their deletion at the end of the relevant retention period. For more information please contact our Data Protection Officer at the address shown above. In certain circumstances, we may be required to retain your personal data for longer where such retention is required by law or record-keeping requirements, including managing our relationship with you, defending any claims, or for tax purposes.

Changes to this Statement

This statement is not a contract, and it does not create any legal rights or obligations. We may change this Statement from time to time in order to reflect changes in the law and/or our privacy practices. We will update the date at the top of the Statement accordingly. We encourage you to regularly check this Statement online for changes.