UCL Centre for Holocaust Education

Local Privacy Notice

This supplements the wider UCL privacy notice

1. Introduction
UCL Centre for Holocaust Education (“we” “us”, or “our”) respects your privacy and is committed to protecting your personal data.

Please read this Privacy Notice carefully – it describes why and how we collect and use personal data and provides information about your rights.  It applies to personal data provided to us, both by individuals themselves or by third parties and supplements the following wider UCL privacy notice:

–          General privacy notice when you visit UCL’s website

We keep this Privacy Notice under regular review. It was last updated on 3rd February 2022.

2.  About us 

UCL Centre for Holocaust Education is part of the Department of Curriculum, Pedagogy and Assessment at IOE, UCL’s Faculty of Education and Society, University College London (UCL).

UCL, a company incorporated by Royal Charter (number RC 000631), is the entity that determines how and why your personal data is processed. This means that UCL is the ‘controller’ of your personal data for the purposes of data protection law.

3. Personal data that we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you. This may include:

  • Your name and contact details;
  • Your school/organisation name and address;
  • Your job title and subject taught (if a teacher);
  • Date and location of the course/event you have booked / completed;
  • The names and other details about third parties who are involved in the issues we are helping you with; for example, schools that are partnering with us to offer our CPD courses.
  • Any other information you post, email or otherwise send to us.
  • How you use the website and where available, your IP address, operating system and browser type.

We use this data so that we can check you are eligible to attend our courses/events, communicate with you about the course you have booked, and keep you up to date with news and course information from the Centre. We collect this data using the course registration and email newsletter subscription forms on our website.

4. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

To register you as a client and to manage our relationship with you.

  • To help you with your enquiry.
  • To check you are eligible to attend our courses.
  • To record the courses you have completed so you can access related resources on our website and be issued with relevant certificates.
  • To keep you up to date with news, research, resources and professional development opportunities from the Centre.

We collect this data using the course registration and email newsletter subscription forms on our website.

Where the processing is based on your consent, you have the right to withdraw your consent at any time by contacting us using the details set out below. Please note that this will not affect the lawfulness of processing based on consent before its withdrawal.

We may also use anonymised data, meaning data from which you cannot be identified, for the purposes of:

  • Service evaluation;
  • Education and research; or
  • Fundraising and promotional purposes.
  • Anonymised data may also be used in published reports or journals and at conferences.

5. Who we share your personal data with
Your personal data will be collected and processed primarily by our staff and UCL (Access to your personal information is limited to staff who have a legitimate need to see it for the purpose of carrying out their job at UCL.). We may have to share your personal data with the parties set out below for the purposes outlined in section 4:

When organising a course in partnership with a school, we may share the names (but not contact details) of individuals who have booked onto a specific course.  This is sometimes required if the school is also promoting a course, so we can ensure we have the full list of participants.  On occasions, the partner school may also require a list of participants for their own Safeguarding purposes, if the course is taking place on their premises.

We use a third party – currently MailChimp – to distribute the email newsletters that we send to our subscribers. To do this they also store this data. When we use a third party to process the personal data that we collect and use, it will be on the understanding that they operate in compliance with the GDPR. Read more about how MailChimp is complying with the GDPR in its Privacy Policy.

We will never sell or give your personal information to other organisations.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes – we only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. Lawful basis for processing
Data Protection Legislation requires that we meet certain conditions before we are allowed to use your data in the manner described in this notice, including having a “lawful basis” for the processing. The basis for processing will be as follows:

  • Consent. You have given us your consent for processing your personal data.
    or
  • Public task. The processing of your personal data may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

7. International transfers
We use a third party – currently MailChimp – to distribute the email newsletters that we send to our subscribers.  Mailchimp are based outside the European Economic Area (EEA). Read more about how MailChimp is complying with the GDPR in its Privacy Policy.

8. Information security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have established procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We will keep your personal data according to the Records Retention Schedule.

10. Your rights
Under certain circumstances, you may have the following rights under data protection legislation in relation to your personal data:

  • Right to request access to your personal data;
  • Right to request correction of your personal data;
  • Right to request erasure of your personal data;
  • Right to object to processing of your personal data;
  • Right to request restriction of the processing your personal data;
  • Right to request the transfer of your personal data; and
  • Right to withdraw consent.

If you wish to exercise any of these rights, please contact the Data Protection Officer.

Contacting us regarding your data

You can contact UCL by telephoning +44 (0)20 7679 2000 or by writing to: University College London, Gower Street, London WC1E 6BT.

Please note that UCL has appointed a Data Protection Officer. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below:

Data Protection & Freedom of Information Officer:

data-protection@ucl.ac.uk

11. Complaints
If you wish to complain about our use of personal data, please send an email with the details of your complaint to the Data Protection Officer so that we can look into the issue and respond to you.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (the UK data protection regulator).  For further information on your rights and how to complain to the ICO, please refer to the ICO website.