Trinity College London1 and/or, where relevant, its subsidiaries (together, ‘Trinity’, ‘us’, ‘our’ or ‘we’) is committed to protecting the privacy and security of your personal information. This privacy statement provides information about the different types of personal information that we collect, the ways in which we use these and your data protection rights, including a right to object to some of the processing which we carry out.
This privacy statement is for you if you are:
(our ‘Sites’ and each a ’Site’).
This privacy statement also applies to personal information collected in connection with the exam booking process by means of a printed form which you (or the person who fills it on your behalf) has downloaded from the Sites or has obtained by participating in a Trinity event or webinar.
Trinity is a data controller in respect of any personal information we collect about you, except where we provide examination services for the Secure English Language Test, where we are the data processor and the Home Office is the data controller.
Where we provide exam services in relation to the Secure English Language Test, the Home Office is the data controller of your personal information that we collect and use, which means that the Home Office is responsible for determining the purposes and means of processing your personal information. We are the data processor processing this personal information on behalf of the Home Office. We may also collect and use your personal information for our own purposes as a data controller, for example to comply with our own regulatory obligations. In each case, we will collect and use your personal information in relation to the Secure English Language Test in accordance with this privacy statement.
Whether as a data controller or a data processor, we are committed to protecting your privacy at all times in accordance with all applicable laws and regulations governing the use or processing of personal information, including (where applicable) the General Data Protection Regulation (EU) 2016/679 (‘GDPR’) and the Data Protection Act 2018 (each as amended from time to time, and in the case of the GDPR, as incorporated into UK law, including by any legislation arising out of the withdrawal of the UK from the European Union) and any subsequent data protection legislation which is in force in the UK at the relevant time.
(a) Information we collect when you visit our Site(s)
The information collected when you only visit our Site(s) is usually limited to personal information such as:
(i) the internet address (or IP address) of the device you used to access the Sites;
(ii) whether you reached the Sites using a search engine or if you clicked a link on another website;
(iii) the type of web browser you used; and
(iv) the type of device you used to access the internet.
The personal information collected by the ‘Facebook pixel’ cookie on our Site(s) includes:
(i) HTTP header information which include information about the web browser or app used (e.g. user agent, locale country-level/language);
(ii) information regarding standard/optional events such as "Page view" or "App install", further object properties, as well as buttons clicked by site visitors, each according to configuration of the ‘Facebook pixel’; and
(iii) online identifiers including IP addresses and, insofar as provided, Facebook-related identifiers or device identifiers (such as mobile OS advertising IDs) as well as information on opt-out/limited ad tracking status.
(b) Information you give to us directly
We will collect certain personal information about you when you apply to take a qualification with Trinity.
We will also collect certain personal information about you when you interact with us, for example when you complete an online form on one of our Sites (including our online ‘Contact Us’ forms and/or when you subscribe to our newsletter), or a printed form which you (or the person who fills it on your behalf) have downloaded from the Sites or obtained by participating in a Trinity event or webinar, when you respond to a survey, when you register as a user on our Site(s) and when you use the facilities provided on or via our Site(s), where you post entries on our online forums and every time you send us an email or contact us by other means.
We may collect, store and use the following information from you:
If you are doing an Arts Award we may collect your related portfolios and videos.
If you take one of our Secure English Language Tests, for example for visa and immigration purposes, private hire licences or for university admission, we will collect your photo, full name, candidate ID, date of birth, nationality, ID type, ID number, gender, exam name, exam date, certificate issue date, exam centre, result, unique electronic reference number, agent name and address, and the pdf certificate of award. We do this to prevent exam fraud. The Secure English Language Test will be delivered by secure video link at the exam centre until further notice. We will use CCTV recording equipment to record the exams. We do this to confirm the identities of exam participants, for examiner and centre staff training and standardisation purposes, research and to combat exam malpractice.
(c) Information we obtain indirectly
Your personal information (as listed above) may also be shared with us by third parties. For instance, we may receive it from your training provider, your school or teacher (for example with the Skill Up application), the applicant submitting your exam booking order, the submitter of your entry or exam performance video, validated course provider or validated course and assessment provider, parent or guardian, or, in the case of Arts Award, your Arts Award centre or adviser.
Data protection law recognises that certain categories of personal information are sensitive and require higher levels of protection. These categories of data include information about health and ethnicity.
We may collect and/or use special categories of data in connection with our qualifications and the provision of our services, for example, in order to make adjustments for any disabilities you may have. We may also collect race, nationality or ethnicity data from you (should you choose to provide it), to ensure meaningful equal opportunity monitoring, reporting and treatment.
We will only process these special categories of data if there is a valid reason for doing so and where the applicable data protection laws allow us to do so.
The Sites are not intended for user by individuals under 13 years of age and so, if you are under 13, you must not use the services on our Sites or provide any personal information to us without the express consent or supervision of your parent or guardian.
If you are under 18 years of age, we may need to verify your parent or legal guardian’s consent for your use of certain services on the Sites and/or your registration for an exam. We may also require your parent or legal guardian’s details (such as email address) to be used instead of your own, for example where an exam booking is made for a candidate who is under 18 years of age, we may require the email address of the parent or legal guardian of such candidate to be provided rather than the candidate’s own email address.
Further information in relation to our collection, use and transfer of personal information of individuals under 18 years of age is set out within the relevant sections of this privacy statement.
Depending on the nature of your relationship or interaction with us, we may use your personal information for one or more of the following purposes:
We are required to rely on a lawful ground to collect and use the personal information that we have outlined above. The following are applicable, depending on the context:
Legitimate interests – We rely on this basis where applicable law allows us to collect and use personal information for our legitimate interests of delivering and monitoring our qualifications or providing you with a product or service that you have requested, and the use of your personal information is fair, balanced, and does not unduly impact your rights. For instance, it is in Trinity’s legitimate interest to process personal information when Trinity makes video or audio recordings of our exams in order to monitor the quality of our assessments and/or for testing, feedback, research and training purposes. It is also in our legitimate interest to process the personal information of any person who contacts us with an enquiry, in order to respond to such enquiry. Similarly, it is in our legitimate interest to process personal information to contact a representative who has submitted a form via a Site expressing an interest in their centre becoming a registered exam centre for Trinity exams. In relation to Arts Award, it is in our legitimate interest to retain and use your Arts Award portfolio or video for research, standardisation and training purposes. In relation to the Trinity Teacher Directory, it is in our legitimate interest to process your personal information in order to enable you to set up your account and a profile or listing. You can obtain information on our legitimate interest balancing tests by contacting us using the details set out later in this notice.
Consent – Where you have provided your consent for our use of your personal information in a certain way. When we ask you for consent we will explain at that time the purpose for which we will use your personal information. For example, where we ask for your consent to send you our newsletter or information about our products, publications and programmes of events, or where we invite you to participate in marketing and academic surveys. In relation to Arts Award, we will ask for your consent where we use your Arts Award portfolio or video for marketing or publicity purposes or on our website. Where applicable, we may require the consent of your parent or guardian. In relation to the Trinity Teacher Directory, we will ask for your consent to collect and review a copy of your certificate from the UK’s Disclosure and Barring Service to evidence that you have no prior criminal convictions.
Legal obligation – Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject. For example, to comply with our obligation to provide reasonable adjustments to candidates with a disability, or where we respond to requests by government, regulatory or law enforcement authorities conducting an investigation.
Contractual relationship – Where it is necessary for us to process your personal information in order to perform a contract to which you are a party, or to take steps at your request prior to entering a contract. For example, to provide you with support resources (where available) or to issue you with a product that you have ordered from us.
We will not sell, rent or lease your personal information to others. We will only share personal information we collect from you with:
Where we have chosen to issue a digital certificate to you, we have engaged a third party provider EdInvent, Inc, D.B.A. (‘Accredible’) to provide you with the digital certificate. Accredible acts as our processor (or sub-processor in relation to Secure English Language Tests) in connection with providing you with the Trinity digital certificate and where you access Accredible’s website to access your Trinity digital certificate. Accredible may also provide the option for you to use an account set-up with Accredible (that may have Trinity branding). Please note that with respect to an account with Accredible and where you use this account with Accredible directly and choose to provide Accredible with additional personal information in relation to this account and where you use your account with Accredible in relation to credentials other than your Trinity digital certificate (for example, where you use your account with Accredible to hold certificates issued by another organisation), another party (i.e., not the Home Office or Trinity), such as Accredible or the other organisation that issued such credentials to you, is the data controller and you should refer to their privacy statement for further information about how your personal information is collected and used. We are not responsible for the contents of such other party’s privacy statement and policies. Please also note that you may have the option to change the privacy settings in relation to your digital certificate via your account with Accredible. Where these privacy settings are set to ‘public’, your digital certificate will be visible to anyone with the link that was provided to you to access your digital certificate, can be shared on social media, will be visible in search engine results and can appear in your professional directory profile.
For Arts Award advisers and prospective advisers registering via artsaward.org.uk, some of the information you supply will be used by:
For Arts Award supporter organisations registering via www.artsawardsupporter.com, some of the information you supply will be publicly available or shared with:
For learners in England and Wales only:
We may disclose your personal information to selected third party processors (such as agents and our suppliers) but only in connection with our own processing purposes, as outlined above in paragraph 6. Any such third party will be required to use any personal information they receive from us in accordance with our instructions and the applicable data protection laws.
We reserve the right to disclose your personal information to third parties:
Credit card online payment transactions from SELTbooking.trinitycollege.co.uk, musicbooking.trinitycollege.co.uk, https://booking.trinitycollege.com/ and www.trinityrock.com are either handled via Paypal or Barclaycard SmartPay. We are not responsible for the contents of their privacy policies, which can be found at:
Downloads and payment transactions relating to the app showcased on www.trinityrock.com/app are either handled by Apple via the App Store, or by Google via Google Play. We are not responsible for the contents of their privacy policies, which can be found respectively at www.apple.com/uk and policies.google.com/privacy.
Where we transfer personal information to and from the UK and the European Economic Area (‘EEA’) we adopt all relevant measures required by the data protection laws. As we sometimes use third parties to process personal information, it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK or the EEA. Certain countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security protections.
Where your personal information is transferred, stored, and/or otherwise processed outside the UK or EEA in a country which does not offer an equivalent standard of protection to the UK or EEA, we will put in place appropriate transfer mechanisms as required under the relevant data protection laws and take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards designed to protect your personal information.
If you have any questions about the transfer of your personal information, please contact us.
Where we rely on your consent to use your personal information, you have the right to withdraw your consent at any time. Under certain circumstances, by law, you have the right to:
- Request access to your personal information (by a ‘data subject access request’). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it. For further details please refer to the Data Subject Access Request Policy.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (often referred to as ‘the right to be forgotten’). This enables you to ask us to delete or remove personal information where there is no appropriate reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to the processingof your personal information where we are relying on a legitimate interest (ours or those of a third party) and there is something about your particular situation which causes you to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Parents and/or guardians may be able to exercise some of these rights on behalf of their child (who is under the age of 18 years) in connection with their child’s personal information, though, depending on the circumstances, we may need to keep the child informed of such exercise of their rights by a parent and/or guardian.
Your rights described above may be limited in some instances where statutory exemptions apply, such as where they would infringe the rights of a third party or our rights or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. For example, under data protection laws, Trinity is not required to provide personal information comprising information recorded by candidates during exams and/or in circumstances where its release would adversely affect our rights in the intellectual property and confidentiality of our exams or reveal the personal information of another data subject. We will inform you of the relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us by contacting our Data Protection Officer using the details set out at the end of this document. If you have unresolved concerns, you have the right to complain to a UK or EU data protection authority where you are based or where you believe a breach may have occurred. In the UK this is the ICO.
Except in relation to individuals who have already signed-up for an exam, event or other service or good from us, Trinity operates a strict ‘opt-in’ policy for individuals. That means that where you have already signed-up for an exam, event or other good or service from Trinity, we may send you news and information of similar exams, events, goods or services that we provide until we are informed that this communication is no longer required. We will give you an opportunity to ‘opt-out’ of receiving such communications at the time that we collect your personal information and every time after that when we contact you with such communications. In all other cases, we will not send you any information unless you have requested to receive email/text/social media message updates from us. We may require the consent of a parent or guardian where a child under the age of 13 years wishes to ‘opt-in’ to receive such updates from us.
You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by clicking on the unsubscribe link in the relevant email or message, or by emailing us at email@example.com. Once this information is received we will remove you from our direct marketing database.
Trinity takes its security obligations under the data protection laws seriously. We will endeavour to take all reasonable steps to protect your personal information in order to prevent unauthorised access to or alteration or destruction of personal information in our possession. All the personal information we collect is stored securely on servers and we use secure internet protocols and secure networks to protect data collection and processing.
Any payment transaction from our Sites will be encrypted. While we will use all reasonable efforts to safeguard your personal information, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal information that is transferred via the internet. If you have any particular concerns about your information, please contact us (see paragraph 15 below for our contact details).
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In determining the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Information which is necessary to verify or confirm exam results may be kept by us indefinitely. For further details about the periods for which we retain personal information and the criteria determined for setting these periods, please see our Data Retention Policy and Data Retention Schedule.
We have appointed a Data Protection Officer (‘DPO’) to oversee compliance with this privacy notice. If you have any questions about this privacy statement or how we handle your personal information, or if you wish to make a complaint, please contact the DPO at firstname.lastname@example.org.
You can also contact or make a complaint at any time to the ICO on 00 44 (0)303 123 1113.
We may update this privacy statement from time to time. When we do, we will publish the updated version on our website. If material changes are made to this privacy statement we will notify you by email or by placing a prominent notice on the website.
Document owner and approval
The Data Protection Officer is the owner of this document and is responsible for ensuring that this document is reviewed in line with the review requirements.
Effective date: 31 August 2023
© Trinity College London 25 November 2020 (amended on 31 August 2023)