This policy describes how OneHE will collect and use personal information about you when you use our website. For the purpose of data protection legislation (which includes the Data Protection Act 1998 or, from the date it comes into force, the General Data Protection Regulation (Regulation (EU) 2016/679)) (the “GDPR”)), OneHE is the “data controller.” This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this policy.
Who we are
OneHE is a company limited by guarantee incorporated in England and Wales under company number 11223758 with its registered office at Quad East, Lord Mayor’s Walk, York, YO31 7EX, United Kingdom. We can also be contacted at firstname.lastname@example.org.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site at www.onehe.org. This includes information you provide when creating your profile, subscribing to email communications, news, research, and reports, posting material, or requesting further services. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for awarding funding or research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our site and of the fulfilment of your orders.
- Details of your visits to our site including, but not limited to: traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
What we may use your data for
- Customer care and for personalised communication of OneHE services
- To contact you for market research purposes
- To create an individual customer profile (this may include data you have provided to OneHE, or which is generated by your use of OneHE services, for example contact details, preferences, purchase history, app usage and online behaviour)
- To ensure that content from our site is presented in the most effective manner for you and for your computer
- To provide you with information that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes
- To carry out our obligations arising from any contracts entered into between you or your institution and us
- To allow you to participate in interactive features of our service, when you choose to do so
- To notify you about changes to our service
- To use information for reporting purposes
We may sometimes be obliged to disclose your personal information by law such as by a regulator with appropriate power, or court order. In addition, information held by or for public bodies can be subject to freedom of information requests.
Where we store your personal data
How we will protect your personal information
We are committed to holding your personal information provided to us securely.
Where personal information is held electronically, it is held on a computer system that is owned and controlled by the OneHE or such other third party appointed by OneHE.
All the information that you provide to us will be transmitted to and stored on our secure servers or the servers of such other third party who we may appoint from time to time to store information.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our online service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we will retain your data for
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for (see “What we may use your data for” above). To determine the appropriate retention period for personal data, we consider:
- the amount, nature, and sensitivity of the personal data;
- the potential risk of harm from unauthorised use or disclosure of your personal data; and
- the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements;
- your membership status.
OneHE will ensure that our suppliers and selected third parties with whom we share your personal information in accordance with this policywill delete your personal information when they no longer require it.
Links to other sites
Our site may, from time to time, contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the support team on email@example.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you: we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You have the right to complain to the Information Commissioner (http://www.ico.gov.uk/) if you have any concerns in respect of the handling of your personal information by OneHE.