Privacy statement for our websites

1. Introduction

Under 18 years? Read this:

This privacy statement provides information about the different types of personal data that Trinity College London¹ and/or, where relevant, its subsidiaries (together, ‘Trinity College London’, ‘us’, ‘our’ or ‘we’) collects and the ways in which we use it and your data protection rights, including a right to object to some of the processing which we carry out.

This privacy statement applies to all those who visit our Sites and interact with us online through our websites:

• trinitycollege.com 
• musicbooking.trinitycollege.co.uk 
• trinityrock.com and www.trinityrock.com/app
• seltbooking.trinitycollege.co.uk 
• artsaward.org.uk 
• artsawardsupporter.co.uk 
• trinitycollege.co.uk 
• arts-support.trinitycollege.co.uk 
• learning.trinitycollege.com 
• trv.trinitycollege.co.uk 
• trinityverify.trinitycollege.co.uk 
• shop.trinitycollege.com 
• and any other website run by us from time to time

(our ‘Sites’ and each a ’Site’).

This privacy statement also applies to personal data collected in connection with the exam booking process by means of a printed form which you (or the person who fills it on your behalf) has downloaded from the Sites or has obtained by participating in a Trinity College London event or webinar.

Access to each Site and the use of information contained in each Site is governed by the relevant Terms of Use. If you book an exam, order products or register for training you will also be subject to specific Terms and Conditions of Booking which are for the protection of both you and Trinity College London, so we advise that you please take the time to read them carefully. This privacy statement forms part of the Terms of Use and Terms and Conditions of Booking of Trinity College London. You are also advised to read our Data Protection Policy. The contents of the Sites, including their terms and conditions, are subject to change by us without notification to you. We accept no responsibility or liability for keeping the information on the Sites up to date or for any failure to do so.

We are not responsible for the content or privacy practices of other websites. Any external links to other websites are clearly identified as such. 

2. Our role

Under 18 years? Read this:

Trinity College London is the data controller in respect of any personal information we collect about you.

When and what personal information do we collect? As a data controller, we are committed to protecting your privacy at all times in accordance with all applicable laws and regulations governing the use or processing of personal data, including (where applicable) the General Data Protection Regulation (EU) 2016/679 (‘GDPR’) and the Data Protection Act 2018 (each as amended from time to time, and in the case of the GDPR, as incorporated into UK law, including by any legislation arising out of the withdrawal of the UK from the European Union)  and any subsequent data protection legislation, which is in force in the UK at the relevant time.

3. When and what personal information do we collect?

(a) When you visit our Site(s)

Under 18 years? Read this:

The information collected about your visits to our Site(s) is usually limited to personal data such as:

1. the internet address (or IP address) of the device you used to access the Sites;
2. whether you reached the Sites using a search engine or if you clicked a link on another website;
3. the type of web browser you used; and
4. the type of device you used to access the internet.

We use this data for administrative and statistical purposes as well as to help us improve our Sites. More information about the data we collect about your visits to our Sites and the purposes for which we collect it can be found in our Cookie Policy.

Most websites use cookies in order to improve the visitor experience by enabling that website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’). Cookies may be set by the website you are visiting (‘first party cookies’) or they may be set by other websites who run content on the page you are viewing (‘third party cookies’). Some third parties, such as social media websites, may use cookies and other storage technologies to collect or receive information via our website and elsewhere on the internet and use that information to provide measurement services and target ads. You can opt out of the collection and use of information for ad targeting. For further information on internet browser cookies please see our Cookie Policy.

The personal information collected by the ‘Facebook pixel’ cookie on our Site(s) includes:

1. HTTP header information which include information about the web browser or app used (e.g. user agent, locale country-level/language);
2. information regarding standard/optional events such as "Page view" or "App install", further object properties, as well as buttons clicked by site visitors, each according to configuration of the ‘Facebook pixel’; and
3. online identifiers including IP addresses and, insofar as provided, Facebook-related identifiers or device identifiers (such as mobile OS advertising IDs) as well as information on opt-out/limited ad tracking status.

We may use this data to measure, optimise and build audiences for advertising campaigns. You have the option to choose not to accept the ‘Facebook pixel’ or to remove it at any time from your browser whilst still accepting and keeping other essential cookies on our Site(s). More information on the ‘Facebook pixel’ can be found in our Cookie Policy.

(b) Information you give to us directly

Under 18 years? Read this:

We will collect certain personal information about you when you interact with us, for example when you complete an online form on one of our Sites (including our online ‘Contact Us’ forms and/or when you subscribe to our newsletter), or a printed form which you (or the person who fills it on your behalf) have downloaded from the Sites or obtained by participating in a Trinity College London event or webinar, when you respond to a survey, when you register as a user on our Site(s), where you post entries on our online forums and every time you send us an email of contact us by other means.

We may collect the following information from you:

• your full name and contact details, including email address, postal address, telephone number;
• other information about your application provided on your application form;
• information that we require to verify your identity, such as the details of your identity documentation and/or a photograph and/or copy of your passport, driving licence or other identity documentation;
• profile information if you register on our Site(s);
• information about your communication preferences; and/or
• payment information, when you make a payment through our Site(s), by telephone or, if via an app, through the App Store and Google Play.

If you take one of our Secure English Language Tests, for example for visa and immigration purposes, private hire licences or for university admission, we will collect your photo, full name, candidate ID, date of birth, nationality, ID type, ID number, gender, exam name, exam date, certificate issue date, exam centre, result, unique electronic reference number, agent name and address, and the pdf certificate of award. We will also record and store information about your personal identity using biometrics and voice identification verification equipment to help verify your identity. We do this to prevent exam fraud. Due to coronavirus Covid-19, the Secure English Language Test will be delivered by secure video link at the exam centre rather than in person until further notice.  We will use CCTV recording equipment to record the exams. We do this to confirm the identities of exam participants, for examiner and centre staff training and standardisation purposes and to combat exam malpractice. We retain all footage and recordings for up to 24 months after which they will be destroyed.

(c) Information we obtain indirectly

Under 18 years? Read this:

Your personal information (as listed above) may also be shared with us by third parties. For instance, we may receive it from your training provider.

4. Special categories of information

Under 18 years? Read this:

Data protection law recognises certain categories of personal information as sensitive and therefore requiring higher levels of protection. These categories of data include information about health and ethnicity.

We may collect and/or use special categories of data in connection with the provision of our services, for example in order to make adjustments for any disabilities you may have. We may also collect race, nationality or ethnicity data from you (should you choose to provide it) to ensure meaningful equal opportunity monitoring, reporting and treatment. As explained above, if you take one of our Secure English Language Test exams, we will collect biometric and/or voice recognition data about you in order to verify your identity. We will only process these special categories of data if there is a valid reason for doing so and where the applicable data protection laws allow us to do so.

5. Children’s Privacy

Under 18 years? Read this:

Under 13 years? Read this:

The Sites are not intended for use by individuals under 13 years of age and so, if you are under 13, you must not use the services on our Sites or provide any personal information to us without the express consent of your parent or guardian.

If you are under 13 years of age, we may need to verify your parent or legal guardian’s consent for your use of the services on the Sites and/or your registration for an exam.

6. How do we use your personal information?

Under 18 years? Read this:

We may use your personal information for one or more of the following purposes (depending on the nature of our relationship, and whether you are just visiting our Sites, interacting with us online or booking an exam):

• providing, improving and personalising our services and our Sites;
• providing you with information and news about our exams, products and programmes of events, such as our syllabuses, publications, webinars or conferences, if you have requested to receive our newsletters or if you are our existing or former customer;
• dealing with your enquiries and requests or those made on your behalf by anyone who booked your exam or bought one of our products on your behalf;
• considering and processing your application for one of our exams and communicating with you in connection with your registration and exam results, including by providing you a copy of your exam certificate if you successfully pass your exam - this may also include updating your national learner record where relevant or necessary;
• carrying out necessary checks to verify your identity, as may be necessary as part of our exam registration process;
• fulfilling an order you make to purchase any products from us
• providing booking services when you register for our events;
• dealing with complaints and appeals;
• retaining a record of incoming and outgoing communications (eg e-mails, telephone calls) - information in the e-mail we receive and send will not be disclosed to any third party without the permission of the sender unless otherwise permitted in accordance with the applicable data protection laws;
• providing you access to downloadable support resources (if available on the relevant Site);
• inviting you to participate in marketing and academic surveys, if you have specifically consented to receive such communications or if you are our existing of former customer;
• administering registered user records;
• using aggregated data for academic, research and training purposes to improve and develop our products and services;
• verifying and carrying out financial transactions in relation to payments made by you;
• administering our online forums (when such functionality is available on our Site(s));
• generating anonymous reports about the use of our Sites and our services (including about qualifications);
• monitoring malpractice and preventing fraud or misuse of service;
• in response to requests by government or law enforcement authorities conducting an investigation;
• to further our charitable aim in general;
• to satisfy legal obligations which are binding on us;
• in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such personal information in connection with legal process or litigation);
• for the prevention of fraud or misuse of service; and/or
• for the establishment, defence of enforcement of legal claims (including disclosure of such personal information as is required in connection with legal process or litigation).

7. Marketing communications and your rights

Under 18 years? Read this:

Under 13 years? Read this:

Trinity College London operates a strict ‘opt-in’ policy for individuals. That means we will not send you any information unless you have requested to receive email/text/social media message updates from us. We may require the consent of a parent or guardian where a child under the age of 13 years wishes to ‘opt-in’ to receive such updates from us.

For legal entities, such as companies, limited liability partnerships and other incorporated organisations, Trinity College London operates, in compliance with the relevant data protection laws, an ‘opt-out’ policy. This means that we will continue to contact such businesses with news and information of our goods and services until we are informed that this communication is no longer required.

You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by clicking on the unsubscribe link in the relevant email or message or by emailing us at unsubscribe@trinitycollege.com. Once this information is received we will remove you from our direct marketing database.

8. Lawful processing

Under 18 years? Read this:

We are required to rely on a lawful ground to collect and use the personal information that we have outlined above. The following are applicable, depending on the context:

Consent - Where you have provided your consent for our use of your personal information in a certain way. When we ask you for consent we will explain at that time the purpose for which we will use your personal information. For example, where we ask for your consent to send you our newsletter or information about our products, publications and programmes of events, or where we invite you to participate in marketing and academic surveys. Where applicable, we may require the consent of your parent or guardian.

Legal obligation - Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject. For example, to comply with our obligation to provide reasonable adjustments to candidates with disability or where we respond to requests by government, regulatory or law enforcement authorities conducting an investigation.

Contractual relationship - Where it is necessary for us to process your personal information in order to perform a contract to which you are a party or to take steps at your request prior to entering a contract. For example, to provide our exam services to you or to provide you with support resources (where available).

Legitimate interests - We rely on this basis where applicable law allows us to collect and use personal information for our legitimate interests and the use of your personal information is fair, balanced, and does not unduly impact your rights. For instance, it is in our legitimate interest to process personal data of any person who contacts us with an enquiry, in order to respond to such enquiry. You can obtain information on our legitimate interest balancing tests by contacting us using the details set out later in this notice.

9. Sharing your Personal Data

Under 18 years? Read this:

We will not sell, rent or lease your personal information to others.

We will only share personal information we collect from you with:

• our national and local representatives who deliver information and services in relation to our exams in your locality;
• the schools, colleges, education centres, local authorities and any other entity that provides training courses preparing for a qualification awarded by us, to the extent necessary to provide them with information about your results;
• those persons or bodies contracted by us to carry out the roles of examiner, marker, advisor, moderator, proctor, tutor, consultant, steward, representative or other similar roles on our behalf in the context of our provision of qualifications and/or in the course of providing training to such persons or bodies;
• other exam candidates in the context of relevant exams, such as exam candidates participating with you in the discussion component of an ESOL Skills for Life exam;
• the service providers we engage to process results data and produce qualification certificates on our behalf;
• our marketing automation tool service providers, for the purpose of managing email lists and issuing communications on our behalf;
• in relation to data collected by the ‘Facebook pixel’ cookie only, to Facebook Ireland Limited, to enable us to measure, optimise and build audiences for advertising campaigns;
• other companies in our group such as our subsidiaries where they are providing support services to us;
• your parents and/or guardians (of children under 18 years of age), where parents and/or guardians raise a specific request in relation to, or asking to view, your personal information or where we need to obtain consent from your parents and/or guardians (for children under 13 years of age) or where we have any concerns;
• our academic research partners, for monitoring assessment and the development of assessment tools and products; and/or
• as required by law to any law enforcement, regulatory or other government bodies or agencies, or to any relevant universities, schools, colleges, local authorities or other such entities to the extent required to progress your applications to such entities, for example, we may share your personal data with the Home Office (and the Home Office may share such personal data with its other service providers) in connection with the verification of your test results for visa and immigration purposes and in relation to the prevention of exam malpractice and deception (and where fraudulent activity is suspected, the Home Office will take appropriate enforcement action), with a university or the University and Colleges Admissions Service (UCAS) for admission purposes or, where required, with the Department of Education for statistical purposes.

For Arts Award advisers and prospective advisers registering via artsaward.org.uk, some of the information you supply will be used by:

• training agencies, trainers, moderators and bridge organisations who advocate and deliver Arts Award training and support, and engage with you as an Arts Award adviser.
• Arts Council England and the bridge organisations, for the purpose of monitoring and reporting information about our Arts Award activities including adviser, candidate and supporter engagement with the programme;
• Upstart Projects for the purpose of profiling and consulting with young people who have achieved an Arts Award or Trinity College London qualification.

For Arts Award supporter organisations registering via www.artsawardsupporter.com, some of the information you supply will be publicly available or shared with:

• Arts Award centres or advisers, Arts Council England, Bridge organisations and Upstart Projects for the purposes of managing registrations and communicating with Arts Award supporters, promoting supporter offers and for monitoring and reporting engagement in the programme

 For learners in England and Wales only:

• some of the information you supply will be used by the Skills Funding Agency to fulfil its statutory functions, issue/verify your Unique Learner Number (ULN) and update/check your Personal Learning Record.

We may disclose your personal information to selected third party processors (such as agents and our suppliers) but only in connection with our own processing purposes, as outlined above in paragraph 6. Any such third party will be required to use any personal data they receive from us in accordance with our instructions and the applicable data protection laws.

We reserve the right to disclose your personal information to third parties:

• in the event that we buy or sell any business or assets, in which case we will disclose your personal information to the prospective buyer or seller of such business or assets;
• if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
• for auditing purposes eg finance audits where we employ chartered accountants;
• if we are under any legal or regulatory obligation to do so (for example as required by our regulator, the Office of Qualifications and Examinations Regulation, or the Information Commissioner’s Office (‘ICO’)); and
• in connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.

10. Payment transactions

Under 18 years? Read this:

Credit card online payment transactions from SELTbooking.trinitycollege.co.uk, musicbooking.trinitycollege.co.uk and www.trinityrock.com are either handled via Paypal or Barclaycard SmartPay. We are not responsible for the contents of their privacy policies, which can be found at:

Paypal: www.paypal.com/en/webapps/mpp/ua/privacy-full

Barclaycard SmartPay: www.barclaycard.co.uk/content/dam/barclaycard/documents/business/top-nav/Barclaycard-Business-commercial-payments-privacy-notice.pdf

Downloads and payment transactions relating to the app showcased on www.trinityrock.com/app are either handled by Apple via the App Store, or by Google via Google Play. We are not responsible for the contents of their privacy policies, which can be found respectively at www.apple.com/uk and policies.google.com/privacy.

11. International data transfers

Under 18 years? Read this:

Where we transfer personal information to and from the UK and the European Economic Area (‘EEA’), we adopt all relevant measures required by the data protection laws. As we sometimes use third parties to process personal information, it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK or the EEA. Please note that certain countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security protections.

Where your personal information is transferred, stored, and/or otherwise processed outside the UK or EEA in a country which does not offer an equivalent standard of protection to the UK or EEA, we will put in place appropriate transfer mechanisms as required under the relevant data protection laws and take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards designed to protect your personal information. If you have any questions about the transfer of your personal information, please contact us.

12. Security of Data

Under 18 years? Read this:

Trinity College London takes seriously its security obligations in respect of your personal data under the data protection laws.  We will endeavour to take all reasonable steps to protect your personal information in order to prevent unauthorised access to, or alteration or destruction of personal data in our possession. All the personal information we collect is stored securely on servers and we use secure internet protocols and secure networks to protect data collection and processing.

Any payment transaction from our Sites will be encrypted. While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that is transferred via the internet. If you have any particular concerns about your information, please contact us (see paragraph 15 below for our contact details).

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

13. How long do we keep your personal information for?

Under 18 years? Read this:

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Information which is necessary to verify or confirm exam results may be kept by us indefinitely. For further detail about the periods for which we retain personal data and the criteria determined for setting these periods, please see our Data Retention Policy and Data Retention Schedule.

14. Your rights

Under 18 years? Read this:

Where we rely on your consent to use your personal information, you have the right to withdraw your consent at any time.

Under certain circumstances, by law, you have the right to:

1. Request access to your personal information (commonly known as a ‘data subject access request’). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it. For further details please refer to the Data Subject Access Request Policy.
2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
3. Request erasure of your personal information (often referred to as ’the right to be forgotten’). This enables you to ask us to delete or remove personal information where there is no appropriate reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
4. Object to the processing of your personal information where we are relying on a legitimate interest (ours or those of a third party) and there is something about your particular situation which causes you to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
6. Request the transfer of your personal information to another party.

Parents and/or guardians may be able to exercise some of these rights on behalf of their child (who is under the age of 18 years) in connection with their child’s personal information, though, depending on the circumstances, we may need to keep the child informed of such exercise of their rights by a parent and/or guardian.

Your rights described above may be limited in some instances where statutory exemptions apply, such as where they would infringe the rights of a third party or our rights or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. For example, under data protection laws, Trinity College London is not required to provide personal data comprising information recorded by candidates during exams and/or in circumstances where its release would adversely affect our rights in the intellectual property and confidentiality of our exams or reveal the personal data of another data subject. We will inform you of the relevant exemptions we rely upon when responding to any request you make. Where we send you emails, if you decide you do not wish to receive any further emails from us, please tell us and we will remove you from the mailing list. At any point you can request to unsubscribe from our mailing by contacting us using the details listed at paragraph 15.

If you would like to exercise any of the above rights, please:

• contact us (see paragraph 15 below);
• let us have proof of your identity. This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
• let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.

If you have unresolved concerns, you have the right to complain to a UK or EU data protection authority where you are based or where you believe a breach may have occurred. In the UK this is the ICO.

15. Contact us or the ICO

Under 18 years? Read this:

We have appointed a Data Protection Officer (‘DPO’) to oversee compliance with this privacy notice. If you have any questions about this privacy statement or how we handle your personal data, or if you wish to make a complaint, please contact the DPO at dpo@trinitycollege.com

You can also contact or make a complaint at any time to the ICO on 00 44 (0)303 123 1113.

16. Changes to this privacy statement

Under 18 years? Read this:

From time to time we may update this privacy statement. When we do, we will publish the updated version on the Sites. If material changes are made to this privacy statement we will notify you by email or by placing a prominent notice on the Sites.

Trinity College London trusts that you appreciate that we respect and value your right to privacy, and that our honesty and integrity shall mean that you will continue to trust us with your personal data, knowing that we will not use it for any inappropriate purpose.

¹ Trinity College London is a registered charity with registration numbers 1014792 (England and Wales) and SC 049143 (Scotland) and company registration number 02683033 in England.  Its registered office is at Blue Fin Building, 110 Southwark Street, London SE1 0TA.