Privacy policy and GDPR

Your privacy is very important to us, which is why we make sure you are always in control of what we do with your personal data.

Last updated: 17 August 2020

You can also read our Cookie policy.

The purpose of this Statement is to tell you what information we collect from you as a data subject, how and when it may be collected and what happens to it. For the purpose of this Statement “we”, “our” and “us” refer to Higher Education and Technicians’ Educational Development as an organisation (also referred to as “HEaTED”). Transmission of data online is not 100% secure and we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk.

HEaTED is a data controller and our address for contact is:

The University of Sheffield
8 Palmerston Road
Sheffield, S10 2TE

If you wish to contact our Data Protection Officer, you can contact via telephone (+44 114 222 9671), email (heated@sheffield.ac.uk) or in writing at the address above. If you have a specific question about this Statement or how we use your personal data, you should contact us via the contact methods set out above. Please mark your communication as “Data Protection Enquiry”.

This Statement only applies to:

Third party websites and services we link to through our websites have their own privacy policies, independent of HEaTED. We hold no responsibility or liability for those independent policies and encourage you to review the privacy policies of any third party website you visit.

This Privacy Statement explains in general terms how we seek to comply with data privacy laws and regulations, including but not limited to the General Data Protection Regulation (“Regulation”).

The data we collect about you

We collect data to provide you with a better experience of using our websites and applications, amongst other reasons (see the “How will we use your data?” section below). In order to provide you with access to our services or data within our websites and applications, we may require that you provide certain personal data. This information may include:

How we collect your personal data

This will depend on the reason we are processing your personal data. Our processes for collection are:

Who we may share your personal data with, and why

Third parties

We will not sell your personal data.

We may disclose your personal data to third parties if we are under a duty to disclose or share it, in order to comply with any legal regulations, good governance obligations, in order to enforce or to protect our rights, property, or safety, that of other persons with whom we have a business relationship, or to purchasers or prospective purchasers in relation to a disposal of our business or assets.

We may use third party service providers to support our provision of our services. Such will relate to business functions, including (without limitation) IT support, hosting our data on cloud platforms, legal, accounting, audit, consulting and other professional service providers, and providers of other services related to our business.

Portions of our services may be provided by organisations with which we have a contractual relationship, including subcontractors, and, accordingly, your personal data may be disclosed to them. We only provide these organisations with the information that they need to be able to perform their services. We will have in place an agreement with our service providers which will restrict how they are able to process your personal data.

Our promise to you

If you make an enquiry via our website, on the telephone or via email, or via any third party, we will collect the information you provide to us, together with any information provided by that third party.

How we will use your data

We will process your personal data:

Marketing

We want to share information and news about our products and services with you. We can do this in various ways including e-mail, post, phone or social media (or such other method(s) as may become relevant) but only if you would like us to.

In accordance with applicable laws and lawful basis for processing, we may use your personal data to provide you with direct marketing about our products and services as well as those of third parties and to take part in our marketing research.

We will ensure that any direct marketing from us and which is sent by electronic means will provide a simple means for you to stop further communications, in accordance with applicable law. Once you have provided your express consent for us to contact you on our behalf, or on behalf of other organisations, there are a number of methods available to you in order to change your preferences, to correct or update your personal data at any time by:

In addition, if we need your consent for direct marketing under applicable law, and if you provide your consent, you will be able to change your mind at any time.

We use 3rd parties to conduct some of our email campaigns using their contact lists, such as for training, development and events for reasons such as promoting our specific courses. We will provide such 3rd parties with a stop list of those who have specifically opted out of receiving such emails on the proviso that this list is deleted after the campaign is completed.

In the instance that marketing material we send you is returned, we will remove your incorrect details from our systems, where possible.

If you complete a contact form on one of our websites, your query and data will be forwarded to our relevant internal team to answer and respond.

Photography and video

We have a procedure in place in relation to our use of images through use of photographs and video, including process for consent to use (as applicable), retention and deletion. For more information please contact our Data Protection Officer at the address shown above.

International transfer

HEaTED is an organisation located in the United Kingdom. This Statement establishes our national principles for the collection, use and disclosure of information gathered through our websites and applications. The country in which you are doing business with us or where the website you are visiting is located/hosted may have specific requirements concerning personal data.

The data that we collect from you will not be be stored in a location outside of the European Economic Area.

We have not set out the specific circumstances when each of these protection measures are used. You can contact us at heated@sheffield.ac.uk for the details as to how we protect specific transfer of your data.

Children’s data

We recognise any individual under the age of 18 years old as being a child. We take safeguarding of children (including the protection of their personal data) seriously and will take all reasonable steps to ensure that children are provided with sufficiently clear information on how we will collect, process and store their personal data, and that children and their guardians understand the nature of the processing of their personal data together with their rights in respect of the same.

Save for photography and filming, children under 18 years old may be able to provide consent in their own right to the processing of their personal data depending on their maturity and ability to understand the nature of the processing of that data. We will take reasonable steps to assess a child’s maturity and ability to understand the nature of data processing before determining whether a child can reasonably consent to processing in their own right. Further information on how we will assess a child’s ability to consent in their own right can be supplied on request via our contact details above.

Special categories of personal data

We may collect special categories of personal data if it is provided to us by you, or on your behalf, with your consent and it is appropriate to the service that we will provide to you. By giving us this information, you agree that we may use such data as set out in this Statement.

Data anonymisation and aggregation

We may anonymise or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymised or aggregated data, for example, for statistical analysis and administration including analysis of trends, to carry out actuarial work, to tailor products and services and to conduct risk assessment and analysis of costs and charges in relation to our products and services. We may share anonymised or aggregated data with third parties.

Your rights

We also offer the following controls:

If you consider that we are in breach of our obligations under data protection regulation, you may lodge a complaint with the Information Commissioner’s Office.

Retention

We have criteria in place in relation to how we determine the period for which we use your personal data, as well as a process for their deletion at the end of the relevant retention period. For more information please contact our Data Protection Officer at the address shown above. In certain circumstances, we may be required to retain your personal data for longer where such retention is required by law or record-keeping requirements, including managing our relationship with you, defending any claims, or for tax purposes.

Changes to this Statement

This statement is not a contract, and it does not create any legal rights or obligations. We may change this Statement from time to time in order to reflect changes in the law and/or our privacy practices. We will update the date at the top of the Statement accordingly. We encourage you to regularly check this Statement online for changes.