Education for Health is committed to protecting the privacy of those who share their data with us. Please read this policy which explains how we collect, manage, use and protect your personal information.
The information we collect about you
Whenever you interact with Education for Health, we may collect personal information from you, for example if you study on one of our courses, make an enquiry, visit our websites, or sign up for our newsletter. Information may be collected in person at an event, over the phone, through our websites, via our shop, or via social media.
The information we hold may include your name, postal and/or email addresses, your phone number, and will include more information if you are a student or commissioner with us.
Your personal information is stored and protected by secure servers, firewalls and SSL encryption. The Charity obtained Cyber Essentials in 2017, which means our IT infrastructure has been externally assessed to a national standard.
We will keep your personal information for no longer than is necessary for the purposes for which it is processed (in accordance with our internal policies/data retention policy).
How we will use your information if you visit our websites
Education for Health makes all reasonable efforts to ensure that the information on our websites is correct and current. Please note however that the content is subject to change from time to time.
We use Google Analytics to measure the performance of the website, the traffic on the site and how people move around the site. The information is all anonymised and cannot be matched against your identity.
When you access our websites, including our free online elearning resources, some cookies are saved to your computer to support your visit and our analytics, and you are asked on your first visit if you are happy with this. You can turn off your cookies, however you need to be aware that the site may not fully function if this is done, and you will be unable to access any eLearning.
How we will use your information if you make a purchase with us
We will use your information for administration purposes. We will use your payment and contact details, payment amount, date and time of payment; to process that payment and take any follow-up administrative action needed (for example, sending a receipt).
How we will use your information if you study with us
If you participate in education and training with Education for Health, we will ask you to provide information in relation to qualifications, administrative details such as email address and postal address, and other relevant details. With regard to the collection of personal sensitive data, we will ask you for details of any accessibility need which you may have, which will be used to ensure you can access the education and training. We will also collect data from students on their ethnicity status and we will share this as anonymised data with our academic partners who are required to report this to HESA (Higher Education Statistics Agency) for statistical purposes.
How we will use your information if you make an enquiry with us
If you contact us with an enquiry about a course, then we will keep a record of your details matched against that course so we can follow up with suitable information.
You will not be added to our enewsletter distribution list unless you also specifically consented to this.
How we will use your information if you have subscribed to our enewsletters
Our enewsletters (email newsletters) typically include information about our courses, funding opportunities, free eLearning and other information we think you may wish to know. When you sign up to a newsletter, opt-in to our communications using an online form, or agree in person, then you are giving us your consent to send you marketing information. We will never send you marketing information by email without your consent, and you can use the unsubscribe link in any email we have sent you at any time if you no longer wish to hear from us. If you ask us not to contact you, we will keep your email address on our unsubscribed list in order to avoid sending you emails in the future.
We also send an enewsletter to education commissioners who interact with our Partnerships team. This is done as a legitimate interest, and we carry out a legitimate interest assessment of whether it would be fair and reasonable to contact such commissioners to send information without explicit consent (i.e. it is in the interests of our aims as a charity and will not cause undue prejudice). Education Commissioners can opt out of our marketing and communications at any time by clicking the unsubscribe link in any email we have sent.
Our enewsletter distribution list is processed on our behalf by the Data Processor MailChimp, using a secure server that is certified as compliant with the EU-US Privacy 3 Shield, which sets out clear safeguards and transparency responsibilities for US-based organisations processing personal information from EU citizens. We will ensure any data processor that we contract with outside of the EEA is fully compliant with GDPR
prior to the transfer of data to them.
We will use your information to enforce and comply with the law
As with all charities, we ensure that our activities comply with the law. Therefore we may need to share or use your personal information if we are required to do so by law (for example; in response to a warrant or court order) and we may use information from other sources for the purposes of fraud prevention, for example to comply with money laundering regulations, or to protect people’s rights, property or safety.
How we will use your information if you apply to work with us
If you apply to work with us, we will obtain personal data via an application form either in paper format or on line. In the event, your job application does not lead to an offer of work, we will keep this information for 6 months from your application. In the event there is a successful outcome to your job application and you become an employee, we will keep your data for 7 years after you have left the organisation. For those that
choose to volunteer for the charity, we will keep this information for two years with the exception of Trustees, where data will be retained for 7 years. All data involved with job applications is kept in a lockable storage and only accessible to those involved in the selection process.
Links to third party information
Our websites may include links to third party websites. We are not responsible for the content or security of these sites. These links are used to provide further information and are not intended to signify that Education for Health endorses such websites and/or their content.
Who we share your data with
We will never share your details with other organisations, other than where we are required to by law, contractual obligations or where you have specifically consented to this action.
Education for Health will never sell your personal information to any third party for marketing purposes and you will not receive offers from other companies or organisations as a result of giving your details to us.
If you participate in education and training that has been funded or part-funded by an external organisation such as a pharmaceutical company or other charity, then as per our terms and conditions, your information will be shared with that specific organisation. This may be purely for administration of that education and training, or for purposes that are more general. We give assurance that we will handle your data responsibly and with your consent.
We will ensure we have a lawful reason to process your personal information as defined within the GDP Regulations. This will be with your consent, as a contractual obligation between us, Education for Health fulfilling our contractual or legal obligation or under a legitimate interest assessment. Data must be processed in line with data subjects’ rights and data subjects have a right to:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
How we keep your information safe and who has access to it
We ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, confidential paper records are securely stored, our online forms are encrypted and our network is protected and routinely monitored. Confidential paper waste is shredded by a certified off-site document disposal contractor.
We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by appropriate staff, and our service/host providers. We do comprehensive checks on the companies we use before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they may have access to as part of providing those services.
We have a duty to report personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
You have the right to request access to your personal information and a copy of all of the information related to you that we are processing. For your request to be actioned by us, please complete the online form found on our Right to Access Personal Information page. In accordance with data protection regulations, we will provide this information one month after your request. If your information is incorrect, out of date or if there is no longer justification for us to hold it, you can ask for it to be updated, removed or blocked from our use.
If you are unhappy with the way in which we have responded to your data request, you should refer to our complaint procedure on our Terms and Conditions page, or you can complain directly to the ICO www.ico.org.uk
Information about us
We are a charitable company limited by guarantee.
Company registration number: 03090774, Charity number: 1048816, Data Protection register number: Z6920622.
Education for Health is the Data Controller for the Personal Data we collect and process. The Data Protection Officer is Becky Harkcom, Deputy CEO. Email address firstname.lastname@example.org, Post: Becky Harkcom, Education for Health, No 1 Lowes Lane Business Park, Lowes Lane (off Walton Road), Wellesbourne, Warwickshire, CV35 9RB, Phone: 01926 836847
This policy will be reviewed in 2021.