Skip to main navigation Skip to content
 

Privacy and cookie statement


This privacy and cookie statement tells you what to expect when The Quality Assurance Agency for Higher Education (QAA) collects personal information. It applies to information we collect about:

  • visitors to our websites, which include www.enhancementthemes.ac.uk, www.qaa.ac.uk, http://heer.qaa.ac.uk, www.accesstohe.ac.uk and the secure Qmmunity reviewer extranet
  • people who email QAA
  • people who call QAA
  • people who contact QAA via social media
  • individuals submitting complainants or concerns about HEIs
  • individuals complaining about QAA
  • individuals who contact QAA in relation to a data protection subject access request or other enquiry
  • people who use our services, for example subscribe to one of our newsletters, attend a QAA event, or request a publication from us
  • job applicants and our current and former employees
  • testing and training.

Visitors to our websites

When you visit one of our websites, we collect standard internet log information and details of visitor behaviour patterns. This helps us to identify the number of visitors to various parts of the site. We collect this information in a way which does not identify anyone. We do not attempt to find out the identities of visitors to our websites. We will not associate any data gathered from this site with any personally identifying information from any source.

Where we need to collect personally identifiable information through one of our websites, we will do this by asking users to complete a registration form (for example when registering to use the HEER database, to sign up to attend a QAA event or to receive a QAA publication). We will make it clear when we collect personal information and will explain what we intend to do with it.

We may use personal information collected when people contact us to offer services and information related to our work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary QAA Enterprises Limited. QAA will enable users to 'opt out' of further contact with QAA or QAA Enterprises at the time that personal data is collected.

Data may be passed to the police and other authorities where it is required in the investigation of illegal activities and security breaches.

Where data is passed to third parties, it is done so in compliance with the Data Protection Act 1998.

More information about QAA's Data Protection policy.

Use of cookies by QAA websites

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, remember your individual settings and preferences, and to measure how you use websites to ensure they meet your needs.

We do not use cookies to identify individuals or collate personal data. We only use cookies to make our sites work better for you.

Most web browsers allow some control of cookies through the browser settings, and you are able to manage and delete cookies from specific websites.

To find out more about cookies, including how to see what cookies have been set by the websites you visit, and how to manage and delete them, visit All About Cookies.

The table below explains the cookies we use on this website and why.

Cookie Name Purpose More information
Google Analytics _utma
_utmb
_utmc
_utmz

These cookies are used to collect information about how visitors use our site. This information is used to improve QAA's sites and to ensure they meet your needs.

All data is collected in an anonymous form and includes information such as the number of visitors to our websites and the pages they visit while they're on our sites.

Overview of privacy at Google

Opt out of Google Analytics

Google cookies GAPS khcookie NIDS PREF VISITOR_INFO1_LIVE YSC

We use the YouTube video player and Google Maps functionality on our website. These are cookies set by Google to store your user preferences.

Overview of privacy at Google
Flickr BX
localization
xb

These cookies are set by Flickr (owned by Yahoo!). We use Flickr to share some of the photographs on our website.

Yahoo's privacy policy
BrowseAloud Browsealoudcountry
country

We subscribe to a service called BrowseAloud, which allows our website visitors to use the BrowseAloud toolbar for free.

BrowseAloud website
Standard ASP.NET cookie ASP.NET_SessionId

Created when session state is used. Expires when the browser closes.

All About Cookies: What is a session cookie used for?

Links

Our websites contain links to other sites. QAA is not responsible for the privacy practices within any of these other sites. We encourage you to be aware of this when you leave our sites and to read the privacy statements on other websites you visit which collect personally identifiable information. This privacy statement applies solely to information collected on our websites.

People who email QAA

QAA retains a copy of all emails sent in and out of our network for 5 years.  Emails that are saved as records may be kept longer. This data is held securely and will be released to third parties only when QAA believes the release is appropriate to comply with the law.

We may use personal information collected when people contact us to offer services and information related to its work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary QAA Enterprises Limited. QAA will enable users to 'opt out' of further contact with QAA or QAA Enterprises at the time that personal data is collected.

People who call QAA

QAA retains copies of all voicemail recorded as an audio attachment within the email system. As with text-based email, these recordings may be copied or forwarded within the email system, and they are retained for a set period of time. Audio data is held securely and could be released to third parties if QAA believes this is appropriate to comply with the law.

We may use personal information collected when people contact us to offer services and information related to its work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary QAA Enterprises Limited. QAA will enable users to 'opt out' of further contact with QAA or QAA Enterprises at the time that personal data is collected.

People who contact QAA via social media

QAA retains copies of messages received via social media. Any personal data collected will only be used in order to respond to the message. Messages are retained for a set period of time, and used by QAA to monitor its social media activity.  Data is held securely and could be released to third parties if QAA believes this is appropriate to comply with the law.

Individuals submitting complainants or concerns about HEIs

Individuals submitting complaints and concerns can request to remain anonymous. Their personal details will not be disclosed, however by completing the application form permission is given to QAA to discuss details of the case with the institution concerned, and any other appropriate organisations that we may need to consult in the course of our investigations. It is important that individuals are aware that QAA may not always be able to preserve their anonymity as they may be identifiable through the details of their application.

We will keep personal information contained in complaint and concerns files in line with our retention policy. This means that information relating to a complaint will be retained for 10 years from closure. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.

Individuals complaining about QAA

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant's identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person's record is in dispute. If a complainant doesn't want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for 10 years from closure. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.

Individuals who contact QAA in relation to a data protection subject access request or other enquiry

Personal data relating to a data subject access request or other information request will not be disclosed publically. However individuals should be aware that they may be identifiable through the details of their request.

People who use QAA services, e.g. who subscribe to one of our newsletters, attend a QAA event, or request a publication from us

QAA offers various services to the public, including publications, newsletters and events. We have to hold the details of the people who have requested the service in order to provide it.

We may use personal information collected when people contact us to offer services and information related to its work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary QAA Enterprises Limited. QAA will enable users to 'opt out' of further contact with QAA or QAA Enterprises at the time that personal data is collected.

Job applicants and our current and former employees

When individuals apply to work at QAA, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a 'disclosure' from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 6 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with the QAA, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person's employment. Once their employment with QAA has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

Testing and training

Test data

To ensure that the systems are tested thoroughly, QAA uses recent copies of live data from existing systems. This ensures that the system can cope with comparable volumes of information, that a wide range of realistic scenarios is covered, and that the test will reflect all the possible combinations that occur in the real environment. Test systems are isolated from external networks to ensure that live systems are not compromised.

QAA's use of data for training purposes

Training may be undertaken using the live or test environment. In either case, the people accessing the data will be limited to those who would have access to it in the real environment, and have completed the appropriate non-disclosure and confidentiality agreements where necessary.
Complaints or queries

Should you think that QAA's collection or use of information is unfair, misleading or inappropriate, you are encouraged to contact us at the address below ('How to contact us').

Access to personal information

QAA tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a 'subject access request' under the Data Protection Act 1998. To make a request to the QAA for any personal information we may hold you need to put the request in writing addressing it to our Information and Records Team at the address provided below ('How to contact us'). For further guidance please see QAA's subject access request guidance and form.

Disclosure of personal information

We may use personal information collected when people contact us to offer services and information related to its work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary QAA Enterprises Limited. QAA will enable users to 'opt out' of further contact with QAA or QAA Enterprises at the time that personal data is collected.

Please also see our information sharing agreements.

Notification of changes to this privacy notice

If we decide to change our privacy policy, we will post details of any changes on this page. This will help ensure that you are always aware of what information we collect, how we use it, and under what circumstances, if any, we share it with other parties.

This privacy notice was last updated on 15 October 2012.

If you have any concerns, questions or comments please contact us at: dataprotection@qaa.ac.uk.

How to contact us

Requests for information about our privacy policy can be emailed to dataprotection@qaa.ac.uk or by writing to:

Information and Records team
Quality Assurance Agency for Higher Education
Southgate House
Southgate Street
Gloucester
GL1 1UB

Summary of terms

Browser

Used to locate and display web pages via a software application.

Cookie

Message given to a web browser by a web server. The message is then stored by the browser in a text file called cookie.txt. Each time the browser requests a page from the server, this message is sent back.
A cookie's main objective is to identify users and/or personalise their visit by customising web pages for them, for example by welcoming them by name next time they visit the same site or remembering previously selected choices.

IP (Internet Protocol)

All networks connected to the internet speak IP, the technical standard which allows data to be transmitted between two devices. TCP/IP (Transmission Control Protocol/Internet Protocol) is responsible for making sure messages get from one host to another and that the messages are understood.

IP address

If you are connected to the Internet you have one, for example it may look something like this 195.185.99.9

Web server

Delivers (serves up) web pages to your computer