We collect personal information from you:

• through the use of forms, which may be on paper or on our Websites, such as when you login to access our Services, signup to receive our newsletters, register for information, make a purchase or commence a course of study;
• when you create an account on our Websites and provide us with information about any special requirements, such as dietary requirements, that you may have;
• if you choose to provide us with information when you use any of our Website or access our Services; and
• when you communicate with us for any reason, including by email, postal mail or telephone, and when you use our Services.

We may also process your data in relation to COVID-19 or within other crisis management activities.

Reference to “personal information” or “personal data” in the Privacy Policy means any recorded information that is about you and from which you can be identified, whether directly or indirectly. It does not include anonymous data where your identity has been removed.

Generally, the personal data we collect about you depends upon the particular services we provide to you. It may include, although is not limited to:

• your name and contact information, such as your address, email address, telephone number and company details;
• information to check and verify your identity, eg your date of birth, ID photograph;
• your sex and gender identity;
• information about your household income, marital status, nationality and details of dependants;
• Funding and financial support information;
• Emergency contact information (where you have got the necessary consent to share);
• National Insurance number (where you have voluntarily provided it);
• Visa, passport and immigration information;
• Education and employment information (including, but not limited to, the school(s), sixth and/or other form college(s) or universities you have attended. This includes any courses you have completed, dates of study and examination results, and places where you have worked);
• Other personal and socio-economic background information collected during the admissions process or during your studies with us. For example, but not limited to, whether you have been in care, have caring responsibilities, your socio-economic classification;
• Admission records including information in relation to any tests or interviews undertaken;
• Examination records;
• Information about your attendance record and use of facilities provided (both online and on site);
• Photographic data taken at events which may be live steamed and/or recorded for teaching and/or publicity and/or other purposes (such as monitoring and audit);
• your billing information, transaction and payment card information;
• your personal or professional interests;
• your professional online presence, eg LinkedIn profile;
• information to enable us to undertake credit or other financial checks on you;
• information about how you use our website, IT communications and other systems; and
• your responses to surveys, competitions and promotions.

Certain personal data is considered to be more sensitive and is treated as a special category to which additional protections apply under data protection law. Special category data includes information about your racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data. Special Category data is dealt with in more detail below.

We collect this information for the purposes described in this privacy notice.

When you visit our Websites, we may collect certain information automatically from your device. The information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading ‘Cookies’, below.

We may receive personal information about you from third party sources (such as your employer or other third parties if they enrol you on a course or create an account on your behalf), or agencies if you apply for study or employment, but only where we believe that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. We collect only the minimum amount of information required from these third parties to enable us to provide the requested service or process any application you send to us (for example, your educational or employment history). We only use the information we receive from these third parties as set out in this Privacy Notice.

The information that we collect and store relating to you is primarily used to enable us to provide our Services to you. In addition, we may use the information for the following purposes:

• to provide you with information or Services you request from us;
• teaching, academic assessment, supervision and support services such as welfare, libraries and accommodation;
• the administration of our (and our partners where appropriate) policies and procedures including in relation to admissions, complaints, appeals and academic integrity etc;
• efficiency, training and quality control;
• to provide information on other QA products and Services which we feel may be of interest to you, in accordance with your communications and consent preferences;
• to meet our contractual commitments to you or to take steps at your request before entering into a contract;
• to act on your behalf where third party involvement is available and appropriate – for example through a third party specialist training provider or certification/awarding body;
• to comply with our legal and regulatory obligations, including but not limited to, applicable legislation surrounding COVID-19 test and trace or other crisis management schemes;
• to obtain additional personal information to secure funding and financial support or satisfy statutory legal or Government scheme requirements – for example through an Apprenticeship scheme or at the request of ESFA to provide data and information to such entity or government organisation;
• operational reasons, such as improving efficiency, training, delivery and quality control;
• marketing our services (and those of selected third parties) to: (i) existing and former customers, (ii) third parties who have previously expressed an interest in our services and (iii) third parties with whom we have had no previous dealings;
• to monitor and analyse trends, usage and activities in connection with our Websites/Services; and
• as necessary to prevent or detect crime.

We may also monitor or record telephone calls for training, customer service and quality assurance purposes, and to detect or prevent crime. These recordings will be retained for a maximum of 6 months.

In general, we will use the information we collect from you for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect such information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as statistical purposes and research purposes) if and where this is permitted by applicable data protection laws.

We set out below the grounds on which it may be necessary for us to process your personal data:

• entering into or the performance of a contract to which you are a party;
• where we need to comply with a legal obligation;
• protecting your vital interests;
• the performance of a task carried out in the public interest or in the exercise of official authority vested in us or in a third party to whom the data is disclosed;
• where it is necessary to meet our legitimate interests or the legitimate interests of a third party

There may be circumstances in which we ask for your consent to process data. For example, if you do not want us to use your data for any marketing purposes, you will have the opportunity to withhold your consent to this when you provide your details to us.

Consent can be varied online via our consent portal at cp.qa.com.

Special category data and criminal conviction data requires a higher level of protection under data protection laws. Where we process special category data, we will also ensure we are:

• permitted to do so under data protection laws: e.g. we have your explicit consent; and/or
• the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; and/or
• the processing is necessary to establish or exercise or defend legal claims.

Sometimes there may be exceptional reasons for processing this data, for example when protecting your vital interests or for safeguarding purposes. In these circumstances it may be necessary to share data with third parties, even where the data has been provided in confidence (data in these instances would be subjected to minimisation, recipients of such data would be limited to those people or agencies able to assist). For example, where there is a serious risk to your health, data may need to be shared with the NHS or emergency services.

Listed below are some examples of processing activities that we regularly undertake in terms of special category data:

a. Health (including disabilities)

We will process data about your health where it is:

• necessary to make reasonable adjustments for disability and/or to monitor equal opportunities;
• in accordance with any of our contractual obligations, to protect our legitimate interests and/or to comply with legal obligations;
• a situation where we have asked for your explicit consent to process or share information about your health;
• where your and/or other people’s health and safety is at serious risk. In these instances, your health data may need to be shared whether or not you have provided your consent (data in these instances would be subjected to minimisation, recipients of such data would be limited to those people or agencies able to assist). Examples of such limited circumstances might be where you are at risk or causing serious harm to yourself or others or have tested positive for easily transmissible infectious illness (such as Covid-19).

b. Racial or ethnic origin, sexual orientation, and religion and beliefs

This data may be processed by us with your consent, in accordance with the terms of our contract with you, to protect our legitimate interests, in order to meet our statutory obligations under equality or other legislation and/or to comply with legal obligations relevant to any of our procedures, for example, investigating an allegation of racial discrimination. If the outcome of such a procedure is referred to a regulatory body, this processing will be subject to suitable safeguarding and is considered to meet a substantial public interest.

c. Criminal conduct (including convictions, proceedings or allegations)

Relevant criminal convictions data may be collected when you are applying for a course and are offered a place. For certain courses we are legally required to collect barring decision information. This will only be collected once you have applied for and been accepted on to such a course. We may also process data about criminal conduct while you are on a course. Processing of criminal conduct data may be carried out in accordance with the terms of our contract with you, in order to protect our legitimate interests and in order to meet our legal obligations. Any processing of this nature will be subject to suitable safeguards.

In order to process special category data we may need your explicit consent. In certain circumstances if you do not provide or if you withdraw your consent we may be unable to provide our Services to you. For example, where you require reasonable adjustments for examinations if we do not have your consent to process health data we cannot provided the service.

If at any time you want to vary your consent in relation to our processing of special category data you can do so via our consent portal at cp.qa.com.

The personal information you provided to us is stored within secure servers. We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.

All QA email addresses support TLS email encryption, so it is advised that if you are concerned about the contents of any email to use this encryption.

Where we have given you (or where you have chosen) a password so that you can access certain parts of our sites and portals, you are responsible for keeping these passwords confidential.

Please note that the transmission of information via the internet (including email) is not completely secure and therefore, although we endeavour to protect the personal information you provide to us, we cannot guarantee the security of data sent to us electronically and the transmission of such data is therefore entirely at your own risk. We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business or statutory need to process your personal information, we will either delete or anonymise it.

If however, you would like your record deleted please send an email to QAHE.Marketing@qa.com and we will be more than happy to remove your data unless this not possible due to i) fulfilling any contractual obligations owed to you; ii) complying with our legal obligations; or iii) for our own legitimate interests.

We may disclose your personal information to any company within our corporate group. This includes, where applicable, our subsidiaries, our holding company and its subsidiaries. This will only be done where lawful bases exists.

We will also disclose, where required, your personal information with:

• our university partners;
• third party service providers and partners who provide data processing services to us (for example, to support the delivery of Services), or who otherwise process personal information for purposes that are described in this Privacy Notice;
• your employer, where they have instructed us or funded the goods or services provided to you. This may include progression, assessment, attainment or exam results as well as other personal data as and when required;
• With exam certification bodies where reasonable adjustments are required on health grounds;
• a third party where they have funded the services that we deliver to you or your organisation;
• any product evaluation or feedback comments you provide may be shared with the purchasing organisation or course vendor;
• NHS or other authorised government agencies in connection with COVID-19 containment measures or other crisis management scenarios;
• government agencies, where required by the scheme or education path you elect to follow;
• to comply with our legal and regulatory obligations, including but not limited to, applicable legislation surrounding COVID-19 test and trace or other crisis management schemes;
• the ESFA or to provide data and information to such entity or government organisation;
• partners with whom we work to provide Services (such as course vendors, examination bodies, customer suppliers and trainers);
• regulatory bodies or other third parties relating to audits, enquiries, or investigations in compliance with applicable law;
• other commercial organisations with regards to potential work placements or provision of, or attendance at, employment fairs;
• any third party in connection with, or during negotiations of, any merger, sales of company assets, financing or acquisition of all or a portion of our business by another company;
• third parties who help us in achieving our business objectives, including but not limited to, better operational performance, improving our services and enhancing student or stakeholder experience;
• any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation (and may not be able to inform you so as not to compromise any investigation or other proceedings), or otherwise to protect our rights or the rights of any third party; and
• any other person with your consent to the disclosure.

Where you are a customer or prospective customer, we may disclose your data to third parties for our marketing purposes so that we can identify products and services we think you will be interested in. Personal data used in this way may include contact details such as name, address, phone number, and email address. When sharing with third party marketing organisations, your data may be processed in countries inside or outside of the European Economic Area (EEA).

It is important that the personal information that we hold and which you provide to us is accurate and current. This is your responsibility to check and ensure we have the most up-date-date on our records.

You might find links to third party websites on our Websites or within documentation we provide.

If you access other websites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their own Privacy Notices which you should review.

We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

The Website may offer you the opportunity to share or follow information about us (or the Website or our Services) using third party social networking functionality (such as through share this”, “like” or “follow” buttons).

We offer this functionality in order to generate interest in us, the Website and our Services among the members of your social networks, and to permit you to share and follow opinions, news and recommendations about us with your friends. However, you should be aware that sharing personal or non-personal information with a social network may result in that information being collected by the social network provider or result in that information being made publicly available, including through Internet search engines.

Please note that we do not exercise, endorse, secure or control the policies or practices of any third party social network whose functionality you may access through the Website.

You should always carefully read the Privacy Notice of any social network through which you share information in order to understand their specific privacy and information usage practices.

For some of our Services, your personal information may be transferred to, and processed in, countries outside of the UK and EEA. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These measures include transferring your personal data to third parties who are located in a country which the UK Secretary of State and/or the European Commission has determined has data protection laws that are at least as protective as those in the UK or Europe (as applicable), and transferring your personal data to third parties who have entered into standard contractual clauses with us. For more information about these safeguards please contact us using the contact details provided below.

We are conscious of our requirements as of March 2022 in relation to international data transfers and seek to implement a risk assessment with respect to international transfers of personal data, either in accordance with EU Standard Contractual clauses with the additional of the UK addendum or the International Data Transfer Agreement; in each scenario to seek compliance with law and regulation.

We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, why we use them and how you can control Cookies please see our Cookie Notice at: www.qa.com/legal/cookie-notice

Our lawful bases for collecting and using personal information will depend on the personal information being collected and the specific context in which we collect it.

However, we will normally collect personal information from you only:

• where we need the personal information to perform a contract with you (for example, to enrol you into a course or provide you with learning materials);
• where the processing is undertaken on the grounds of legitimate interest and is not overridden by your rights; or
• where we have your consent to do so.

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We carry out an assessment when relying on legitimate interests, to balance our interests against your own.

In respect of data processed within COVID-19 frameworks;

• Substantial Public Interest; and
• Vital interests of the individual or other individuals.

In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the lawful bases on which we collect and use your personal information, please contact us using the contact details provided below.

We will use your personal data to send you updates (by email, text message, telephone or post) about our services including exclusive offers, promotions or new services.

We have a legitimate interest in using your personal data for marketing purposes. This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

You have the right to opt-out of receiving marketing communications at any time by:

• contacting us at QAHE.Marketing@qa.com;
• using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts; or
• updating your marketing preferences on applicable links provided to you e.g. cp.qa.com.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell it to other organisations.

We only allow certain organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

We or these third parties occasionally also share personal data with:

• our and their external auditors, eg in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
• our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
• law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations; and
• other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised (or pseudonymised) but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

You have the following data protection rights:

• If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided below;
• In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided below;
• You have the right to opt-out of marketing and telemarketing communications we send you at any time. You can exercise this right by clicking on the “Manage your Marketing Preferences” link in the marketing e-mails we send you and directly within our consent portal at cp.qa.com;
• Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent; and
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

The data controller of your personal information will be the QA group entity that you are dealing with, and as such will be one of the following:

• QA Limited
• QA Consulting Services Limited
• QAHE Limited
• QAHE (SU) Limited
• QAHE (UR) Limited
• QAHE (Ulst) Limited
• QAHE (NU) Limited
• QAHE (Mdx) Limited
• QAHE (LM) Limited
• QAHE (Services) Limited
• QAHE (Solent) Limited
• Branch Campus (London and Birmingham) Limited NI
• Northumbria London Campus Limited
• Roehampton Pathway Campus Limited
• Solent Pathway Campus Limited
• USW Pathway College Limited
• Focus Project Management Europe Limited
• Infosec Skills Ltd
• The Training Foundation Limited
• Cloud Academy, Inc.

We welcome any queries, comments or requests you may have regarding this Privacy Notice. Please do not hesitate to contact us, or our DPO,  via email at: QAHE.Marketing@qa.com.

• QAHE Limited is registered in England no. 11325201 UKPRN: 10067618
• QAHE (Services) Limited is registered in England no. 09134452 UKPRN: 10049009
• QAHE Pathways Limited is registered in England no. 13308665 UKPRN: 10088682
• QAHE (NU) Limited is registered in England no. 08468104 UKPRN: 10066760
• Northumbria London Campus Limited is registered in England no. 8846878. Our registered office and postal address is Financial Accounts, Pandon Building, Camden Street, Newcastle Upon Tyne, England, NE2 1XE.
• Solent Pathway Campus Limited is registered in England no. 11302550. Our registered office and postal address is Finance Services, East Park Terrace, Southampton, Hampshire, England, SO14 0YN.
• QAHE (SU) Limited is registered in England no. 11852515 UKPRN: 10088623
• Branch Campus (London & Birmingham) Limited is registered in Northern Ireland no. NI614694 UKPRN: 10067803. Our registered office and postal address is Murray House, 4 Murray Street, Belfast, Northern Ireland, BT1 6DN.
• Roehampton Pathway Campus Limited is registered in England no. 09612532. Our registered office and postal address is Grove House, Roehampton Lane, London, United Kingdom, SW15 5PJ.
• QAHE (Mdx) Limited is registered in England no. 10990471 UKPRN: 10066760
• QAHE (LM) Limited is registered in England no. 12435190 UKPRN: 10087170
• USW Pathway College Limited is registered in England and Wales no. 13313973. Our registered office and postal address is University Of South Wales, Treforest, Pontypridd, Wales, CF36 1DL.

For our Degree and Higher Apprenticeship provision:

• QA Limited is registered in England no. 02413137

The registered office and postal address for all is International House, 1 St Katharine’s Way, London, E1W 1UN

We may change this Privacy Notice from time to time by updating this document. The online version is available at: https://qahighereducation.com/privacy-notice/.

You should check this page from time to time to ensure that you are happy with any changes.

If material changes are made to this Privacy Notice, we will notify you by placing a prominent notice on the Website or by contacting you to let you know via the contact details you have provided us with.