This policy also describes your options regarding use, access and correction of your personal information.
Who we are
This website http://supervision.ukcge.ac.uk is owned and managed by the UK Council for Graduate Education – a registered UK charity (charity number 1061495) championing and enhancing postgraduate education.
What personal data we collect and why we collect it
Document Download Forms
When you choose to download a document from this website, that requires you to enter your name, job title and/or email address, you opt-in to receive email communications from us.
This allows us to send you an email link to the downloaded document and keep you informed of future updates to that document.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide.
We use three categories of cookies:
- Strictly necessary cookies are essential for you to move around our website and to use its features, like our shopping basket and your account.
- Performance cookies collect anonymous information about how you use our site, like which pages are visited most. No information that identifies you is kept.
- Functionality cookies remember choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. They are anonymous.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
“No Cookies, Please”
You can opt-out of all our cookies (except the strictly necessary ones). Find out how to control and delete cookies in your browser.
However, if you choose to refuse all cookies you may not be able to use our website properly.
Embedded content from other websites
Content on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use Google Analytics to collect, monitor and analyze traffic to this website.
Who we share your data with
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
How long we retain your data
We only keep it as long as is reasonable and necessary, which may be to fulfil statutory obligations.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
What rights you have over your data
If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
All individuals who are subject of personal data held by The UK Council for Graduate Education are entitled to:
- Ask what information the company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the charity is meeting its data protection obligations.
If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed to the Data Protection Officer (firstname.lastname@example.org).
The Data Protection Officer will aim to provide the relevant data within 14 days. The Data Protection Officer will always verify the identity of anyone making a subject access request before handing over any information.
How we protect your data
We take the security of your personal information extremely seriously. We have implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
What data breach procedures we have in place
A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
The UK Council for Graduate Education will notify the relevant supervisory authority of a breach where it is likely to result in a risk to the rights and freedoms of individuals – for example, result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. These will be assessed on a case by case basis. For example, the Council will notify the relevant supervisory authority about a loss of details where the breach leaves individuals open to identity theft. On the other hand, the loss or inappropriate alteration of a staff telephone list, for example, would not normally meet this threshold.
Where a breach is likely to result in a high risk to the rights and freedoms of individuals, The UK Council for Graduate Education will notify those concerned directly.
A ‘high risk’ means the threshold for notifying individuals is higher than for notifying the relevant supervisory authority.
This notification will contain:
- The nature of the personal data breach including, where possible:
- The categories and approximate number of individuals concerned; and
- The categories and the approximate number of personal data records concerned.
- The name and contact details of the data protection officer (if your organisation has one) or another contact point where more information can be obtained.
- A description of the likely consequences of the personal data breach; and
- A description of the measures taken or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.
A notifiable breach has to be reported to the relevant supervisory authority within 72 hours of the Council becoming aware of it. If the breach is sufficiently serious to warrant notification to the public, the organisation responsible must do so without undue delay.