This privacy and cookie statement tells you what to expect when The Quality Assurance Agency for Higher Education (QAA) collects personal information. It applies to information we collect about:
- visitors to our websites, which include www.enhancementthemes.ac.uk, www.qaa.ac.uk, ebta.qaa.ac.uk, heerd.qaa.ac.uk, www.accesstohe.ac.uk and the secure Qmmunity reviewer extranet
- people who email QAA
- people who call QAA
- individuals submitting complainants or concerns about HEIs
- individuals complaining about QAA
- individuals who contact QAA in relation to a data protection subject access request or other enquiry
- people who use our services, for example subscribe to one of our newsletters, attend a QAA event, or request a publication from us
- job applicants and our current and former employees
- testing and training.
Visitors to our websites
When you visit one of our websites, we collect standard internet log information and details of visitor behaviour patterns. This helps us to identify the number of visitors to various parts of the site. We collect this information in a way which does not identify anyone. We do not attempt to find out the identities of visitors to our websites. We will not associate any data gathered from this site with any personally identifying information from any source.
Where we need to collect personally identifiable information through one of our websites, we will do this by asking users to complete a registration form (for example when registering to use the HEER database, to sign up to attend a QAA event or to receive a QAA publication). We will make it clear when we collect personal information and will explain what we intend to do with it.
We may use personal information collected when people contact us to offer services and information related to our work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary Partners in Quality (PiQ Ltd). QAA will enable users to 'opt out' of further contact with QAA or PiQ Ltd at the time that personal data is collected.
Data may be passed to the police and other authorities where it is required in the investigation of illegal activities and security breaches.
Where data is passed to third parties, it is done so in compliance with the Data Protection Act 1998.
More information about QAA's Data Protection policy.
Use of cookies by QAA websites
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, remember your individual settings and preferences, and to measure how you use websites to ensure they meet your needs.
We do not use cookies to identify individuals or collate personal data. We only use cookies to make our sites work better for you.
Most web browsers allow some control of cookies through the browser settings, and you are able to manage and delete cookies from specific websites.
To find out more about cookies, including how to see what cookies have been set by the websites you visit, and how to manage and delete them, visit All About Cookies.
The table below explains the cookies we use on this website and why.
| Cookie | Name | Purpose | More information |
| Google Analytics | _utma
_utmb
_utmc
_utmz | These cookies are used to collect information about how visitors use our site. This information is used to improve QAA's sites and to ensure they meet your needs. All data is collected in an anonymous form and includes information such as the number of visitors to our websites and the pages they visit while they're on our sites. | Overview of privacy at Google Opt out of Google Analytics |
Links
Our websites contain links to other sites. QAA is not responsible for the privacy practices within any of these other sites. We encourage you to be aware of this when you leave our sites and to read the privacy statements on other websites you visit which collect personally identifiable information. This privacy statement applies solely to information collected on our websites.
People who email QAA
QAA retains a copy of all emails sent in and out of our network for 5 years. Emails that are saved as records may be kept longer. This data is held securely and will be released to third parties only when QAA believes the release is appropriate to comply with the law.
We may use personal information collected when people contact us to offer services and information related to its work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary Partners in Quality (PiQ Ltd). QAA will enable users to 'opt out' of further contact with QAA or PiQ Ltd at the time that personal data is collected.
People who call QAA
QAA retains copies of all voicemail recorded as an audio attachment within the email system. As with text-based email, these recordings may be copied or forwarded within the email system, and they are retained for a set period of time. Audio data is held securely and could be released to third parties if QAA believes this is appropriate to comply with the law.
We may use personal information collected when people contact us to offer services and information related to our work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary Partners in Quality (PiQ Ltd). QAA will enable users to 'opt out' of further contact with QAA or PiQ Ltd at the time that personal data is collected.
Individuals submitting complainants or concerns about HEIs
Individuals submitting complaints and concerns can request to remain anonymous. Their personal details will not be disclosed, however by completing the application form permission is given to QAA to discuss details of the case with the institution concerned, and any other appropriate organisations that we may need to consult in the course of our investigations. It is important that individuals are aware that QAA may not always be able to preserve their anonymity as they may be identifiable through the details of their application.
We will keep personal information contained in complaint and concerns files in line with our retention policy. This means that information relating to a complaint will be retained for 10 years from closure. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.
Individuals complaining about QAA
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant's identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person's record is in dispute. If a complainant doesn't want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for 10 years from closure. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.
Individuals who contact QAA in relation to a data protection subject access request or other enquiry
Personal data relating to a data subject access request or other information request will not be disclosed publically. However individuals should be aware that they may be identifiable through the details of their request.
People who use QAA services, e.g. who subscribe to one of our newsletters, attend a QAA event, or request a publication from us
QAA offers various services to the public, including publications, newsletters and events. We have to hold the details of the people who have requested the service in order to provide it.
We may use personal information collected when people contact us to offer services and information related to its work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary Partners in Quality (PiQ Ltd). QAA will enable users to 'opt out' of further contact with QAA or PiQ Ltd at the time that personal data is collected.
Job applicants and our current and former employees
When individuals apply to work at QAA, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a 'disclosure' from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 6 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with the QAA, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person's employment. Once their employment with QAA has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Testing and training
Test data
To ensure that the systems are tested thoroughly, QAA uses recent copies of live data from existing systems. This ensures that the system can cope with comparable volumes of information, that a wide range of realistic scenarios is covered, and that the test will reflect all the possible combinations that occur in the real environment. Test systems are isolated from external networks to ensure that live systems are not compromised.
QAA's use of data for training purposes
Training may be undertaken using the live or test environment. In either case, the people accessing the data will be limited to those who would have access to it in the real environment, and have completed the appropriate non-disclosure and confidentiality agreements where necessary.
Complaints or queries
Should you think that QAA's collection or use of information is unfair, misleading or inappropriate, you are encouraged to contact us at the address below ('How to contact us').
Access to personal information
QAA tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a 'subject access request' under the Data Protection Act 1998. To make a request to the QAA for any personal information we may hold you need to put the request in writing addressing it to our Information and Records Team at the address provided below ('How to contact us').
Disclosure of personal information
We may use personal information collected when people contact us to offer services and information related to its work on quality and standards in higher education, which we feel would be of interest. This may include services offered by our wholly owned trading subsidiary Partners in Quality (PiQ Ltd). QAA will enable users to 'opt out' of further contact with QAA or PiQ Ltd at the time that personal data is collected.
Please also see our information sharing agreements.
Notification of changes to this privacy notice
If we decide to change our privacy policy, we will post details of any changes on this page. This will help ensure that you are always aware of what information we collect, how we use it, and under what circumstances, if any, we share it with other parties.
This privacy notice was last updated on 22 May 2012.
How to contact us
Requests for information about our privacy policy can be emailed to dataprotection@qaa.ac.uk or by writing to:
Information and Records team
Quality Assurance Agency for Higher Education
Southgate House
Southgate Street
Gloucester
GL1 1UB
Summary of terms
Browser
Used to locate and display web pages via a software application.
Cookie
Message given to a web browser by a web server. The message is then stored by the browser in a text file called cookie.txt. Each time the browser requests a page from the server, this message is sent back.
A cookie's main objective is to identify users and/or personalise their visit by customising web pages for them, for example by welcoming them by name next time they visit the same site or remembering previously selected choices.
IP (Internet Protocol)
All networks connected to the internet speak IP, the technical standard which allows data to be transmitted between two devices. TCP/IP (Transmission Control Protocol/Internet Protocol) is responsible for making sure messages get from one host to another and that the messages are understood.
IP address
If you are connected to the Internet you have one, for example it may look something like this 195.185.99.9
Web server
Delivers (serves up) web pages to your computer.