This Privacy Statement provides information about the different types of personal data that we collect and the ways in which we use it and your data protection rights, including a right to object to some of the processing which we carry out.
It applies to all those who visit our Sites and interact with us online through our websites:
(our “Sites” and each a “Site”).
This Privacy Statement also applies to personal data collected in connection with exam booking process by means of a printed form which you (or the person who fills it on your behalf) has downloaded from the Sites or has obtained by participating in a Trinity event or webinar.
We are not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identified as such.
Trinity College London is the data controller in respect of any personal information we collect about you.
As a data controller, we are committed to protecting your privacy at all times in accordance with all applicable laws and regulations governing the use or processing of personal data, including (where applicable) the General Data Protection Regulation (“GDPR”) and any subsequent data protection legislation, whichever is in force in the UK at the relevant time.
By simply visiting our Sites, you do not disclose, nor do we collect, personal data about you.
(a) When you visit our Site(s)
The information collected about your visits to our Site(s) is limited to technical data such as for example:
(i) the Internet address (or IP address) of the device you used to access the Sites;
(ii) whether you reached the Sites using a search engine or if you clicked a link on another website;
(iii) the type of web browser you used; and
(iv) the type of device you used to access the Internet.
(b) Information you give to us directly
We will collect certain personal information about you when you interact with us, for example when you complete an online form on one of our Sites (including our online “Contact Us” forms and/or when you subscribe to our newsletter), or a printed form which you (or the person who fills it on your behalf) have downloaded from the Sites or obtained by participating in a Trinity event or webinar, when you respond to a survey, when you register as a user on our Site(s), where you post entries on our online forums and every time you send us an email of contact us by other means.
We may collect the following information from you:
If you take one of our Secure English Language Test exams, for example for visa and immigration purposes, private hire licences or for university admission, we will collect your photo, full name, candidate ID, date of birth, nationality, ID type, ID number, gender, exam name, exam date, certificate issue date, exam centre, result, unique electronic reference number, agent name and address, and the pdf certificate of award. We will also record and store information about your personal identity using biometrics and voice identification verification equipment to help verify your identity. We do this to prevent examination fraud. Due to coronavirus Covid-19, the Secure English Language Test will be delivered by secure video link at the exam centre rather than in person until further notice. We will use CCTV recording equipment to record the exams. We do this to confirm the identities of exam participants, for examiner and centre staff training and standardisation purposes and to combat examination malpractice. We retain all footage and recordings for up to 24 months after which they will be destroyed.
(c) Information we obtain indirectly
Your personal information may be shared with us by third parties. For instance, we may receive it from your training provider.
Data protection law recognises certain categories of personal information as sensitive and therefore requiring more protection. These categories of data include information about health, ethnicity, and political opinions.
We may collect and/or use special categories of data in connection with the provision of our services, for example in order to make adjustments for any disabilities you may have. We may also collect ethnicity data from you (should you choose to provide it) to identify and keep under review the existence or absence of equality of opportunity or treatment. As explained above, if you take one of our Secure English Language Test exams, we will collect biometric and/or voice recognition data about you in order to verify your identity. We will only process these special categories of data if there is a valid reason for doing so and where the data protection laws allow us to do so.
The Sites are not intended for use by individuals under 13 years of age and so, if you are under 13, you must not use our Sites or provide any personal information to us without the express consent of your parent or guardian.
If you are under 13 years of age, we may need to verify your parent or legal guardian’s consent for your use of the Sites and/or your registration for an exam.
We may use your personal information for one or more of the following purposes (depending on the nature of our relationship, and whether you are just visiting our Sites, interacting with us online or booking an exam):
Trinity College London operates a strict ‘opt-in’ policy for individuals. That means we will not send you any information unless you have requested to receive email/text/social media message updates from us.
For legal entities, such as companies, limited liability partnerships and other incorporated organisations, Trinity College London operates, in compliance with the relevant data protection laws, an ‘opt-out’ policy. This means that we will continue to contact such businesses with news and information of our goods and services until we are informed that this communication is no longer required.
You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by clicking on the unsubscribe link in the relevant email or message or by emailing us at firstname.lastname@example.org. Once this information is received we will remove you from our direct marketing database.
The above rights may be limited in some instances, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us by contacting our Data Protection Officer using the details set out below. If you have unresolved concerns, you have the right to complain to a UK or EU data protection authority where you are based or where you believe a breach may have occurred. In the UK this is the Information Commissioner's Office (the "ICO").
We are required to rely on one or more lawful grounds to collect and use the personal information that we have outlined above. The following are applicable, depending on the context:
Where you have provided your consent for our use of your personal information in a certain way, for example where we ask for your consent to send you our newsletter.
(b) Legal obligation
Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject e.g.to comply with our obligation to provide reasonable adjustments to candidates with disability.
(c) Contractual relationship
Where it is necessary for us to process your personal information in order to perform a contract to which you are a party (or to take steps at your request prior to entering a contract), for example to provide our examination services to you.
(d) Legitimate interests
We rely on this basis where applicable law allows us to collect and use personal information for our legitimate interests and the use of your personal information is fair, balanced, and does not unduly impact your rights. For instance, it is in our legitimate interest to process personal data of any person who contacts us with an enquiry, in order to respond to such enquiry.
For the data processing based on our legitimate interests described above, you can obtain information on any of our balancing tests by contacting us using the details set out later in this notice.
We will not sell, rent or lease your personal information to others.
We will only share personal information we collect from you with:
For Arts Award advisers and prospective advisers registering via artsaward.org.uk, some of the information you supply will be used by:
For Arts Award supporter organisations registering via www.artsawardsupporter.com, some of the information you supply will be publicly available or shared with:
For learners in England and Wales only:
We may disclose your personal information to selected third party processors (such as agents and our suppliers) but only in connection with our own processing purposes, as outlined above in paragraph 6. Any such third party will be required to use any personal data they receive from us in accordance with our instructions and the applicable data protection laws.
We reserve the right to disclose your personal information to third parties:
Credit card online payment transactions from SELTbooking.trinitycollege.co.uk, musicbooking.trinitycollege.co.uk and www.trinityrock.com are either handled via Paypal or Barclaycard SmartPay. We are not responsible for the contents of their privacy policies, which can be found at:
Downloads and payment transactions relating to the app showcased on www.trinityrock.com/app are either handled by Apple via the App Store, or by Google via Google Play. We are not responsible for the contents of their privacy policies, which can be found respectively at www.apple.com/uk and policies.google.com/privacy.
As we sometimes use third parties to process personal information, it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK or the European Economic Area (EEA).
Please note that certain countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security protections. Where your personal information is transferred, stored, and/or otherwise processed outside the UK or EEA in a country which does not offer an equivalent standard of protection to the UK or EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards designed to protect your personal information. If you have any questions about the transfer of your personal information, please contact us.
Trinity College London takes seriously its security obligations in respect of your personal data under the data protection laws in order to prevent unauthorised access to, or alteration or destruction of personal data in our possession.
We will endeavour to take all reasonable steps to protect your personal information. All the personal information we collect is stored securely on servers and we use secure internet protocols and secure networks to protect data collection and processing.
Any payment transaction from our Sites will be encrypted. While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see paragraph 15 below for our contact details).
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Information which is necessary to verify or confirm exam results may be kept by us indefinitely. For further detail about the periods for which we retain personal data and the criteria determined for setting these periods, please see our Data Retention Policy.
Where we rely on your consent to use your personal information, you have the right to withdraw your consent.
Under certain circumstances, by law, you have the right to:
(a) Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
(b) Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
(c) Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
(d) Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
(e) Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
(f) Request the transfer of your personal information to another party.
If you decide you do not wish to receive any further emails from us, please tell us and we will remove you from the mailing list. At any point you can request to unsubscribe from our mailing by contacting us using the details listed at paragraph 15.
If you would like to exercise any of the above rights, please:
If you wish to contact us, please contact:
The Data Protection Officer
Trinity College London
You can also contact the Information Commissioner’s Office on 0303 123 1113.
From time to time we may update this Privacy Statement. When we do, we will publish the changes on the Sites. If material changes are made to this Privacy Statement we will notify you by email or by placing a prominent notice on the Sites.
Trinity College London trusts that you appreciate that we respect and value your right to privacy, and that our honesty and integrity shall mean that you will continue to trust us with your personal data, knowing that we will not use it for any inappropriate purpose.