How we may use your personal information
AccessHE is a division of London Higher. London Higher and AccessHE are committed to protecting your personal information and being clear about what information we collect from you and how we use it. If we make any changes to this policy, we will let you know by revising the updated date, placing an alert on the homepage of the website and corresponding with you directly. The material on AccessHE Creative is intended for the use of those over the age of 13. This is because the online courses we provide are directed at students aged 13 and over. If you have any questions about this policy or our uses of personal data, please contact email@example.com
Who we are and how to contact us
A key division of London Higher and the largest network of its kind, AccessHE is the pan-London organisation that aims to support the progression of under-represented groups to higher education (HE). We do this by enabling HE institutions (HEIs), schools and colleges to achieve their objectives on widening access to HE more efficiently and effectively. We are also a partner in the London NCOP consortium, which delivers the government-funded Uni Connect Programme in London. Through this we facilitate the delivery of activities and programmes, such as HE taster sessions, mentoring, campus visits, and careers fairs, to prospective students either in school or in community settings.
All personal information provided by you through this website is under the control of AccessHE, who are responsible for taking care of your personal information in line with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). This policy may refer to AccessHE as: ‘AccessHE’, ‘our’, ‘us’ or ‘we’. Our registered office is: Tavistock House, Tavistock Square, London, WC1H 9JJ.
How to contact us
You can contact us via the following means:
- Email: firstname.lastname@example.org
- Telephone: 020 7391 0688
- Post: AccessHE (London Higher), Tavistock House, Tavistock Square, London, WC1H 9JJ
Why do we collect data
We collect information about individuals who participate in the Uni Connect events and activities we deliver. We do this for the purposes of monitoring, evaluating and reporting on the effectiveness of this work in increasing progression to higher education amongst certain cohorts. The data we collect also enables us to improve the events and activities.
We collect this data under the legal basis ‘Legitimate Interest’ as set out in GDPR under article 6(1)f:
‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’
The legitimate interest for collecting and processing data is to enable the effective running and monitoring of outreach programmes AccessHE is involved in that directly support progression to higher education and social mobility in London.
What we collect
We collect the following data for the following purposes:
- The below data is collected from all web users for website and server administration and research and development. However in the event of a security breach we may need to use web access logs to trace the origin of the breach:
- http elements: date and time of link, server or IP address, top level domain name such as “.ac.uk”
- click-stream data: type of computer and browser software, address of linking web site.
- We collect the below to compile monthly and annual statistics about the website and web pages from the web access logs (e.g. numbers of unique users, page hits):
- If you log in and register an account: to access any of our courses we ask you to register an account. For this we require that you provide us with your name, your email address, your date of birth and a password for accessing your account
- When you access our website: your IP address, if you are the only person who has access to your computer or device, it can identify you.
- In addition to this we collect your personal information so we can monitor users of our online courses to measure their effectiveness for students from different backgrounds. To do this, we collect the information detailed below.
- Your home postcode,
- Your current school,
- Your year group,
- The country you live in,
- The level of education of your parents/carers,
- Your first spoken language,
- Whether you are eligible for Free School Meals/Pupil Premium,
- Whether you have been, or are currently in, local authority care,
- Whether you are estranged from your family,
- Whether you have any caring responsibilities,
- Whether your parent is or has been in the military,
- Whether you are an asylum seeker or refugee,
- Whether you are from Gypsy, Roma or Traveller communities,
- Whether you are a student, a member of school/college staff, a member of staff in a higher education institution/university or a parent/carer.
Where it is required for the effective review and evaluation of the outreach activity in question, we may also collect the following special category data, subject to additional condition 9a of the GDPR (obtaining ‘explicit consent’ from individuals) being met:
- Your gender,
- Your ethnicity,
- Whether you have a disability or mental health condition,
- Whether you are from Gypsy, Roma or Traveller communities.
Please note that by filling in these fields, you will be consenting to AccessHE using your data in the manner described below.
Sharing your information
For the purpose of monitoring and evaluating the impact of AccessHE’s contribution to the Uni Connect programme, your personal information may also be shared with the London NCOP partnership. London NCOP is one of 29 partnerships, which provide targeted higher education outreach to young people in years 9 to 13 from areas with low rates of HE progression as part of the Uni Connect programme, which is funded by the Office for Students. The London NCOP partnership consists of three networks (AccessHE, Linking London and Aimhigher London) working in collaboration with Kingston University as lead Higher Education Institution.
Our HEI members and the London NCOP partnership may also record this data on the Higher Education Access Tracker (www.heat.ac.uk), a secure online database managed by the University of Kent. This data is used to analyse, evaluate and monitor the impact of widening participation outreach activities. Learner progress is tracked to investigate longitudinal impact on attainment, progression and social mobility.
For research and evaluation purposes, AccessHE, London NCOP or HEI members of AccessHE who have created courses may also share this information with reputable and reliable third parties. The information used for these purposes is aggregated (i.e. combined with other user data) and anonymised, and will not be provided in a way which identifies you. These institutions may include:
- AccessHE members (https://www.accesshe.ac.uk/members/hei/)
- The Office for Students
- The Department for Education
- The Education and Skills Funding Agency
- The Higher Education Statistics Agency
- UCASWe may use the personal information we collect as the basis for research reports investigating the impact that AccessHE programmes and events have on progression to higher education and social mobility. These reports may be published on www.accesshe.ac.uk and/or www.accessheonline.ac.uk and made available to external audiences. You will not be identifiable in this data.
How we keep your information secure
We take steps to make sure we hold your personal information securely and share it with people or organisations who need to access it. For the duration of this project, information will be stored on both The AccessHE Online website (to enable use of the platform) and on password protected Excel spreadsheets which are shared with AccessHE member HEIs who have created courses. These spreadsheets will be kept on a secure server and will only be accessed by AccessHE staff. The AccessHE Online website itself has several layers of protection:
- Our secured sockets layer (SSL) encrypts all transmitted data from each user session ensuring any data intercepted is not readable.
- Our firewall – Wordfence Premium – is installed on all websites. This will fight any threat/attack in real-time. For details see website.
- We keep plugins up to date on a monthly basis in order to minimise risk against any known vulnerabilities with older versions.
In order to provide our service, we need to transfer information to other organisations. We make sure these organisations commit to keeping your personal information secure.
How long do we keep your data?
We keep data for extended periods of time to enable the functioning of the AccessHE Online website and to evaluate the success of AccessHE Online as an outreach activity. We will retain records securely for the duration detailed below, and will review our retention periods annually in line with Information Commissioner’s Office guidance and other best practice in the sector.
- Information stored on the website will remain there until a user contacts us to disable and delete their account or until the end of the project, whichever arises first.
- Personal information stored on secure Excel spreadsheets will be deleted at the end of each academic year or at the end of the project, depending on which occurs first.
To request access to your personal information, change, delete, or stop using it
You have the right, under the GDPR, to request a copy of your personal information we hold, to have it corrected, deleted, or to ask us to stop using it. To request a copy of the personal information we hold about you – please send your request via email to: email@example.com To ask us to change, delete or stop using the personal information we hold about you – please send your request via email to: firstname.lastname@example.org. We will always consider your request to make changes to your personal information and write back to confirm the action we have taken.
Other websites you can access from this one
Changes to this Policy
Effective: October 2020