+44 1223 346180

Privacy policy

Welcome to Cambridge Education Group Limited’s Privacy Notice.

This Privacy Notice applies to Cambridge Education Group (CEG) and all CEG’s subsidiary companies (CEG Group).

When we mention Cambridge Education Group, CEG or refer to we, us or our in this Privacy Notice then we are referring to the relevant company that is responsible for protecting your personal data.

The relevant CEG companies are:

  • Cambridge Education Group Limited
  • Cambridge Education Group Consulting Limited (Shanghai and Beijing branches)
  • Castel Education Limited (Ireland)
  • iheed Health Training Limited (Ireland)
  • CEG Administrative Services Limited
  • CEG Pathways Inc. (Universities USA)
  • CEG UFP Limited
    • ONCAMPUS Aston Limited
    • ONCAMPUS Hull Limited
    • ONCAMPUS London Limited
    • ONCAMPUS Loughborough Limited
    • ONCAMPUS LSBU Limited
    • ONCAMPUS Reading Limited
    • ONCAMPUS Southampton Limited
    • ONCAMPUS Sunderland
    • ONCAMPUS UK North Limited
  • ONCAMPUS Amsterdam BV
  • ONCAMPUS Paris SASU

CEG Digital Limited:

  • Arts Online Bournemouth Limited
  • CEG Online Limited
  • CEG UNW Online Limited
  • Falmouth Flexible Limited
  • Kings College London
  • Hull Online Limited
  • CEG Global Online SB Limited
  • Plymouth Online Limited
  • Portsmouth Online Limited
  • Queen Mary Digital Limited
1. Important information and who we are

1.1.Purpose of this privacy notice

This privacy notice aims to give you clear and detailed information about:

  • how CEG collects and processes your personal data
  • the legal grounds allowing CEG to do so
  • how CEG looks after your personal data
  • your privacy rights
  • how the law protects you

1.2.Controller

Under data protection law the controller of your personal data decides how and why your personal data will be processed and takes responsibility for looking after your personal data. The controller of your personal data will be Cambridge Education Group Limited. We are registered with the Information Commissioner’s Office (ICO) with reference number Z1727261.

1.3.Data Protection Officer

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

1.4.Contact details

Full name of legal entity: Cambridge Education Group Limited

Name or title of DPO: Kathryn Brooks

Email address: [email protected]

Postal address: 51-53 Hills Road, Cambridge CB2 1NT

1.5.Changes to the privacy notice and your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

When we issue a new version of this privacy notice we will post a message on our websites advising of this.

1.6.Third-party links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. The websites of any of CEG’s subsidiary businesses are subject to this privacy policy.

2. The data we collect about you

d an account you can then apply for the position you are interested in by:

  • uploading a summary of your work experience (CV)
  • answering a few mandatory questions and
  • adding a supporting statement
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
  • Identity Data includes first name, last name, username, student ID number, marital status, title, date of birth, gender, photograph, immigration status, right to work, curriculum vitae (CV), covering letter, academic record, employment history and references and images captured by CCTV.
  • Special Category Data includes details about your race or ethnicity, religious beliefs, information about your health, genetic and biometric data (we have in place safeguards for processing such data including confidentiality agreements and restrictions on access to such data).
  • Criminal Conviction Data includes details about any unspent criminal convictions and offences (where not covered by Section 1 (1) of the Rehabilitation of Offenders Act 1974) (we have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data).
  • Contact Data includes your home address, email address and telephone numbers, next of kin and emergency contact information.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when accessing our website www.cambridgeeducationgroup.com or any of the websites of our subsidiaries accessed from that website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data includes information about how you use our websites and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Aggregated Data includes statistical or demographic data which we may collect, use, and share for any purpose. Where Aggregated Data can directly or indirectly identify you, we will use it in accordance with this Privacy Notice.

2.1 If you do not provide us with personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with education services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time. Depending on the position, we may do a Microsoft Teams interview in the first instance.

We use different methods to collect data from and about you including through:

3.1Direct interactions

You may give us your Identity Data, Special Category Data, Criminal Conviction Data, Contact Data and Financial Data by filling in application forms, by sending us your CV and covering letter or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • create an account on our website;
  • request marketing information is sent to you;
  • apply for one of our courses;
  • apply for a job;
  • complete a survey; or
  • give us some feedback.
 

3.2.Third parties or publicly available sources

We may receive personal data about you from various third parties and public sources such as those set out below:

  • Educational agents – Identity Data, Special Category Data, Criminal Conviction Data, Contact Data and Financial Data.
  • Parents or parental approved representatives – Identity Data, Special Category Data, Criminal Conviction Data, Contact Data and Financial Data.
  • Universities – Identity Data, Special Category Data, Criminal Conviction Data, Contact Data and Financial Data.
  • Named Referees – Identity Data and Contact Data
  • Recruitment agencies – Identity Data and Contact Data
  • Disclosure and Barring Service – Criminal Conviction Data
  • Providers of technical, payment and delivery services – Contact, Financial and Transaction Data.
  • Technical Data from the following parties:
    • analytics providers;
    • advertising networks; and
    • search information providers.

3.3.Cookies (Automated technologies or interactions)

As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our separate Cookies Policy for further details.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for us to perform a contract entered into with you or is necessary for us to take steps (at your request) prior to us entering into a contract (CONTRACT).
  • Where we have a legitimate organisational interest and use your personal data in a way that you would reasonably expect, and which has a minimal impact on your privacy (LEGITIMATE INTERESTS).
  • Where we need to comply with a legal or regulatory obligation (LEGAL OBLIGATION).
  • Where you have given us your consent to process your personal data (CONSENT).
  • Where there is an emergency situation, for example, if you needed emergency medical treatment (VITAL INTERESTS).

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to the processing of Special Category Data or when sending third party direct marketing communications to you via email or text message.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

You have the right to withdraw your consent at any time by contacting us. 
Please see Section 10: Your legal rights

5.1.Prospective Students and Agents

PROSPECTIVE STUDENTS AND AGENTS

Purpose/Activity

Type of Data

Lawful basis for processing

To register you on our website and subscribe to our services

Identity

Contact

 

Marketing and Communications Data

Contract

 

 

Consent

 

 

 

To process your application form and correspond with you including:

(i) arranging visas

(ii) processing deposits and course fees

(iii) verifying exam and test results

Identity

Contact

Financial

Criminal Conviction

 

 

Special Category

 

Contract

 

 

 

 

 

Consent

 

 

 

 

To assess students’ eligibility for scholarship or bursary

Contact

Identity

Financial

 Contract

 

 

 

ACCOMMODATION PROVIDERS (INCLUDING HOMESTAY PROVIDERS)

 

 

To process your application to become an approved accommodation provider (includes compulsory DBS check/background check in North America)

Identity
Contact

Financial

Transaction

 

Criminal Conviction

Contract

 

 

 

 

Legal obligation

 

Provision of personal data to third parties

 

 

To educational agents where the agent has submitted an application on behalf of a prospective student

Identity

Contact

Financial

Criminal Conviction

 

Special Category

Contract

 

 

 

 

Consent

 

 

 

To parents/parental approved representatives where the parents or representatives have submitted an application on behalf of a prospective student who is under 18.

Identity

Contact Financial

Criminal Conviction

 

Special Category

 

Contract

 

 

 

Consent

 

 

 

To third party online conversion service where an applicant has started the application process but does not complete it.

Identity

Contact

Legitimate interests (CEG has a business interest in securing applications for its courses)

 

 

 

To Third party agencies supporting the processing of an application for a Tier 4 visa, if required.

Identity

Contact

Financial

Transactional

Consent (provided by applicant to CEG at the time of referral)

 

 

 

To third party applicant screening companies supporting compliance interviews, if required

Identity

Contact

Consent (provided by applicant to CEG at the time of referral)

 

 

 

To UK Visas and Immigration (UKVI) to facilitate the application for a Tier 4 visa

Identity

Contact

Legal obligation

 

 

 

To Immigration and Naturalisation Service (Netherlands)

Identity

Contact

Legal obligation

 

 

 

To US Immigration and Customs Enforcement

Identity

Contact

Legal obligation

 

 

 

 

Identity

Contact

Legal obligation

To cloud hosted virtual learning environment (VLE) services

Identity

Contact

Legitimate interests (CEG has a business requirement to use VLEs in order to provide online teaching resources)

 

 

 

To financial or government sponsors of a course

Identity

Contact

 

Special Category

Legal obligation

 

 

Consent

 

5.2Enrolled Students

ENROLLED STUDENTS

 

 

Purpose/Activity

Type of Data

Lawful basis for processing

 

 

 

To register you for our services as an enrolled student

Identity

Contact

Financial

Transaction

 

Special Category

Contract

 

 

 

 

Consent

 

 

 

To provide you with ongoing services after enrolment including:

(i) provision of core teaching and learning services

(ii) administration including maintaining student records, processing fees, managing accommodation

(iii) providing services including library, IT and information services and other student support services (excluding welfare and medical)

Identity

Contact

Financial

Contract

 

 

 

 

To provide you with ongoing services after enrolment in respect of student welfare and medical services

Identity

 

Special Category

Contract

 

Consent

 

 

 

To provide you with reports on your progress

Identity

Contact

Contract

 

 

 

 

To provide you with information on progression to degree courses (where applicable)

Identity

Contact

Legitimate interests (It is in the interests of the student for CEG to provide this information and has a business benefit for CEG with regard to promotion and marketing of its courses)

 

 

 

To process student complaints and grievances

Identity

Contact

 

 

 

 

 

Special Category

Legitimate interests (It is in the interest of both parties for CEG to investigate and attempt to resolve complaints and grievances)

 

 

Consent

 

 

 

To carry out internal research and statistical analysis 

Identity

Legitimate interests (to monitor and evaluate the performance and effectiveness of our courses)

 

 

 

To capture images on CCTV used by our offices, educational centres, and campuses, where relevant.

Identity

Legitimate interests (CEG has an organisational requirement to maintain the security of its premises and for the prevention and investigation of crime)

 

 

 

To monitor attendance and compliance with attendance regulations and to identify any support needs

Contact

Identity

 

Legal obligation

 

 

 

 

To conduct lesson observations using sound and video recording software

Identity

Legitimate interests (It is appropriate for CEG to monitor teaching quality and to share examples of good practice as an internal training resource.)

To deliver and record lessons, lectures or webinars online using cloud-hosted sound and video

Identity

Contract

To take photographs and videos of students for marketing purposes (including for use in brochures, on CEG’s website and in promotional videos)

Identity

Consent

 

 

 

To use examples of students’ work in class for the improvement of teaching and learning practice.

Identity

Legitimate interests (It is appropriate for CEG to share examples of good practice during lessons. Some items may be named.)

 

 

 

To enable students to collaborate or showcase work on shared platforms in relation to their studies

Identity

Consent

 

 

 

To monitor message profanity filtering with Safeguarding (including child protection) and Prevent regulations to ensure continuing safety and wellbeing of students.

Identity

Legal obligation or vital interest (depending on the circumstances)

 

 

 

Provision of personal data to third parties

 

 

Internal

 

 

To enable CEG companies to provide (i) application and admissions services (ii) core teaching and learning services, (iii) student administration services and (iv) student welfare services

Identity

Contact

Financial

Transaction

 

 

 

Special Category

Legitimate interests (The transfer is necessary to enable CEG to provide its services. All CEG subsidiaries are subject to the CEG privacy policy and other relevant policies and procedures.)

 

 

Consent

 

 

 

External

 

 

To provide your parents/parental approved representatives and educational agents with reports on your progress

Identity

Legitimate interests (It is appropriate for CEG to share this information with these interested parties.)

 

 

 

To make contact with a student’s agents, parents and/or guardians in the event a student is not attending their course, is not appearing to comply with their visa conditions, has not been in regular contact and/or has left without notice, as required by UK Visas and Immigration.

Identity

Contact

Legal obligation

 

 

 

To UK Visas and Immigration (UKVI)

Identity

Contact

 

 

Legal obligation

 

 

 

 

 

 

To Immigration and Naturalisation Service (Netherlands)

Identity

Contact

 

 

Legal obligation

 

 

 

 

 

 

To US Immigration and Customs Enforcement

Identity

Contact

 

 

Legal obligation

 

 

 

 

 

 

 

 

 

 

 

 

To financial or government sponsors of a course

Identity

Contact

 

Special Category

Legal obligation

 

 

Consent

 

 

 

To taxi companies who provide transfers from airport to accommodation providers

Identity

Contact

Legitimate interests (CEG has a valid business requirement to outsource this service. CEG has contracts with all its approved taxi companies and all employees have current DBS checks)

 

 

 

Accommodation providers (including Homestay providers)

Identity
Contact

 

 

 

 

 

 

Special Category

Legitimate interests (CEG has a valid business requirement to outsource this service. CEG has contracts with all its approved accommodation providers and all Homestay providers (including others living in the property) have current DBS checks)

Consent

 

 

 

ONCAMPUS university partners

Identity

Contact

Financial

Transaction

 

 

Special Category

Legitimate interests (CEG’s business model for operating its ONCAMPUS programme requires partnership with universities. CEG has a data sharing agreement with each partner university.)

 

 

Consent

 

 

 

CEG Digital university partners

Identity

Contact

Financial

Transaction

 

 

Special Category

Legitimate interests (CEG’s business model for operating its Online learning programmes requires partnership with universities. CEG Digital has a data sharing agreement with each partner university.)

 

Consent

 

 

 

Other university destinations

Identity

Contact

Financial

Transaction

 

 

Special Category

Legitimate interests (Where CEG receives a request to refer a student to a non-partner university due to the student’s particular circumstances. Request will be from student or agent.)

 

Consent

 

 

 

To insurance companies worldwide who provide student insurance policies

Identity

Contact

Legitimate interests (CEG cannot provide insurance policies itself and therefore needs to recommend a third-party provider)

 

 

 

To approved test centres 

Identity

Contact

Legitimate interests (CEG has a business requirement to use the services of test centres)

 

 

 

To exam boards

Identity

Contact

Legitimate interests (CEG needs to share candidate information with the relevant exam boards)

 

 

 

To validating bodies for exam boards

Identity

Contact

Legitimate interests (CEG needs to share candidate information with the validating bodies)

 

 

 

To remote proctoring services  who provide assurance on student conduct during remote assessments and exams.

Identity

Contact

Legitimate interests (CEG requires confirmation of exam candidates’ identity and assurance of candidate reliability during remote exams)

 

 

 

To medical or Public Health authorities (and any other organisations/individuals deemed necessary as assessed at the time) in the event of an emergency where you are incapable of giving consent

Identity

Contact

 

 

 

Special Category

Vital Interests

 

 

 

 

Vital Interests

 

 

 

To medical or Public Health authorities (and any other organisations/individuals deemed necessary as assessed at the time) in the event of an emergency and where we are legally obliged to comply with a request for disclosure

Identity

Contact

 

 

Special Category

Legal obligation

 

 

 

Legal Obligation & Public Interest (in the area of public health)

To providers of activities for students

Identity

Contact

 

 

Special Category

Legitimate interests (CEG offers various activities as part of its courses and cannot provide these activities itself)

 

Consent

 

 

 

To accreditation bodies worldwide for inspections in respect of course accreditations

Identity

Contact

Financial

Transaction

 

 

Special Category

Legitimate interests (CEG has a business interest in obtaining accreditation for its academic courses)

 

 

Consent

 

 

 

To provide statistical information to the Higher Education Statistics Agency (HESA) who are the official agency for the collection analysis and dissemination of quantitative information about higher education (HE) in the UK.

Identity

 

 

Special Category

Legal obligation

 

 

Legal obligation and necessary for statistical purposes

 

 

 

To provide information to the Quality Assurance Agency for Higher Education (QAA) during Higher Education Review (Alternative Providers) inspection visits

Identity

Contact

 

Legal obligation

 

If a student provides a confidential student submission to QAA as part of its review, then this will be on the basis of the student providing consent at the time of submission

 

 

 

To provide information to the Office for Students for the purposes of the National Student Survey and Leavers Survey (Office for Students then shares the information with its approved survey agents). Published results do not disclose any personal data.

Identity

Contact

 

Special Category

Legal obligation

 

 

Legal obligation and necessary for statistical purposes

 

 

 

To local councils to enable them to assess council tax obligations.

Identity

Contact

Legitimate interests (To enable CEG to notify councils that certain accommodation is exempt from council tax)

 

 

 

To Transport for London to manage registration for discounted Oyster cards for students

Identity

Contact

Legitimate interests (To enable CEG to obtain discounted travel for students studying in London)

 

 

 

To HM Revenue & Customs for reporting of financial processing activities

Identity
Contact

Financial

Transaction

Legal obligation

 

 

 

To service providers worldwide who provide IT and system administration services (including secure online software for student health records in the US)

Identity

Contact

 

 

Special Category

Legitimate interests (CEG has a business requirement to use third party providers for specialist services)

 

Consent

 

 

 

To cloud hosted virtual learning environment (VLE) services

Identity

Contact

Legitimate interests (CEG has a business requirement to use VLEs in order to provide online teaching resources)

 

 

 

To deliver and record lessons, lectures or webinars online using cloud-hosted sound and video

Identity

Contact

Contract

 

Legitimate interests (CEG has a business requirement to use these services to provide online teaching and accessible lesson resources for students learning remotely and needing to access recordings of lessons.)

 

 

 

Professional advisors subject to a duty of confidentiality (e.g. lawyers, bankers, insurers, auditors)

Identity

Contact

Financial

Transaction

 

Special Category

Legitimate interest (CEG has a business requirement to seek specialist professional advice that cannot be provided internally)

 

 

Consent

 

 

 

To local authorities regarding a safeguarding concern in relation to Keeping Children Safe in Education  or the Prevent Duty.

Identity

Contact

Financial

 

Special Category

Legal obligation

 

 

 

Legal obligation

 

 

 

To the Police regarding a safeguarding concern or in connection with the prevention or reporting of a crime.

Identity

Contact

 

 

 

Special Category

Legal obligation or Vital interests (depending on the circumstances)

 

 

 

Legal obligation or Vital interests (depending on the circumstances)

 

5.3.Employment Candidates

EMPLOYMENT CANDIDATES

 

 

Purpose/Activity

Type of Data

Lawful basis for processing

To assess your skills, qualifications, and suitability for the role

Identity

Contact

Contract

 

 

 

 

To assess information about disability status to consider whether we need to make appropriate adjustments during the recruitment process

Special Category

Consent

 

 

 

Once an offer has been made to carry out background and reference checks, where applicable (excluding criminal record)

Identity

Contact

Contract

 

 

 

 

Once an offer has been made to carry out a criminal record check where required by law due to the nature of the role applied for

Identity

 

Criminal Conviction

Contract

 

Legal obligation

 

 

 

To communicate with you about the recruitment process

Contact

Contract

 

 

 

To comply with equal opportunities monitoring and reporting requirements

Identity

 

Special Category

Legal obligation

 

Legal obligation and necessary for statistical purposes

 

5.4All visitors to website

ALL VISITORS TO WEBSITE

 

 

Purpose/Activity

Type of Data

Lawful basis for processing

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

Identity

Contact

Profile

Usage

Technical

 

Marketing and Communications

Legitimate interests (to study how our services are used, to develop them, to grow our business and to inform our marketing strategy)

 

Consent

 

 

 

To use data analytics to improve our website, services, marketing, customer relationships and experiences

Technical

Usage

Legitimate interests (to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

 

 

 

To make suggestions and recommendations to you about services that may be of interest to you

Identity

Contact

Technical

Usage

Profile

 

Legitimate interests (to develop our services and grow our business)

 

 

 

Provision of personal data to third parties

 

 

External

 

 

To service providers worldwide acting as processors who provide IT and system administration services

Identity

Contact

Technical

Usage

Profile

Legitimate interests (CEG have a business requirement to use specialist IT and system administration providers that cannot be provided internally)

 

 

 

To third parties to whom we may choose to sell, transfer or merge parts of our business as our assets.

Identity

Contact

Legitimate interests (CEG may wish to do this as part of its business strategy)

 

 

 

 

5.5.Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

You will receive marketing communications from us if you have requested information from us or purchased services from us or if you provided us with your details when you entered a competition, registered for a promotion or attended an event and, in each case, you have not opted out of receiving that marketing.

 

5.6.Third-party marketing

We will get your express opt-in consent before we share your personal data with any company outside the CEG subsidiaries for marketing purposes.

 

5.7.Opting out

You can ask us or third parties to stop sending you marketing messages at any time by   following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of purchasing a service or other transaction.

 

5.8.Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 5 above.

6.1.Internal Third Parties

CEG companies acting as joint controllers or processors and who are based in the UK, the Netherlands, the US, and China and provide (i) application and admissions services, (ii) core teaching and learning services, (iii) student administration services and (iv) student welfare services.

6.2.External Third Parties

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We share your personal data within the CEG Group. This will involve in some cases transferring your data outside the European Economic Area (EEA) and the UK.

Some of our external third parties are based outside the EEA and the UK so their processing of your personal data will involve a transfer of data outside the EEA and the UK.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission which are specified on their website: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_enWhere we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if we have specific contracts approved by the European Commission in place which give personal data the same protection it has in Europe and the UK, with standard contractual clauses and by using additional technical or organisational safeguards. 

The personal data that we collect from you will be stored by cloud providers or third-party services hosted in the Microsoft Azure UK or Western Europe regions. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Details of retention periods for different aspects of your personal data are set out in the table below:

Type of data

Retention timescale

 

STUDENT RECORDS

  
   
  1. Student Recruitment
 

Enquiries from prospective students (ONCAMPUS)

1 year from creation of record

 

Records of campaigns and events (ONCAMPUS)

1 year from creation of record

 

Enquiries from prospective students (CEG Digital

Where we hold your personal information for marketing purposes, we will retain that information for a period of three years (or longer if you agree).

 

Records of campaigns and events (CEG Digital)

1 year from last sales activity

 
   

2. Applications – Not Progressed (Closed)

  

Application form (incl scholarship applications)

2 Years after date of closure

 

Offer of place and related correspondence

2 Years after date of closure

 

Acceptance of place and related correspondence

N/A

 

Details of criminal convictions

1 Year after date of closure

 

Passport Documentation/Previous Visas

1 Year after date of closure

 

Academic and English Documents

1 Year after date of closure

 

Centre-related Application and Registration Forms

1 Year after date of closure

 

3a. Applications – Registered Paid (Without a CAS, Not Arrived/Enrolled, where applicable)

  

Application form (incl scholarship applications)

2 Years after date of Withdrawal

 

Offer of place and related correspondence

2 Years after date of Withdrawal

 

Acceptance of place and related correspondence

2 Years after date of Withdrawal

 

Details of criminal convictions

2 Years after date of Withdrawal

 

Passport Documentation/Previous Visas

2 Years after date of Withdrawal

 

Academic and English Documents

2 Years after date of Withdrawal

 

Centre-related Application and Registration Forms

2 Years after date of Withdrawal

 

Copies of invoices

7 Years after date of Withdrawal

 

3b. Applications – Registered Paid (With a CAS, Not Arrived/Enrolled, where applicable)

  

Application form (incl scholarship applications)

Original course end date (as per most recent CAS) + 2 Years

 

Offer of place and related correspondence

Original course end date (as per most recent CAS) + 2 Years

 

Acceptance of place and related correspondence

Original course end date (as per most recent CAS) + 2 Years

 

Details of criminal convictions

Original course end date (as per most recent CAS) + 2 Years

 

Passport Documentation/Previous Visas

Original course end date (as per most recent CAS) + 2 Years

 

Academic and English Documents

Original course end date (as per most recent CAS) + 2 Years

 

Centre-related Application and Registration Forms

Original course end date (as per most recent CAS) + 2 Years

 

Copies of invoices

7 Years after date of Withdrawal

 

4. Arrived/Enrolled Students – Withdrawn

 

Digital

ONCAMPUS 

 

Application form (incl scholarship applications)

Original course end date

+ 3 years

+ 6 years

 

Offer of place and related correspondence

Original course end date

+ 3 years

+ 6 years

 

Acceptance of place and related correspondence

Original course end date

+ 3 years

+ 6 years

 

Details of criminal convictions

Original course end date

+ 3 years

+ 6 years

 

Passport Documentation/Previous Visas

Original course end date

+ 3 years

+ 6 years

 

Academic and English Documents; Reports

Original course end date

+ 3 years

+ 6 years

 

Offer/offer pack Forms

Original course end date

+ 3 years

+ 6 years

 

Copies of invoices

7 Years after date of Withdrawal

 

5. Arrived/Enrolled Students – Completed

 

Digital

ONCAMPUS

 

Application form (incl scholarship applications)

Completion of course

+ 3 years

+6 Years

 

Offer of place and related correspondence

Completion of course

+ 3 years

+6 Years

 

Acceptance of place and related correspondence

Completion of course

+ 3 years

+6 Years

 

Details of criminal convictions

Completion of course

+ 3 years

+6 Years

 

Passport Documentation/Previous Visas

Completion of course

+ 3 years

+6 Years

 

Academic and English Documents; Reports

Completion of course

+ 3 years

+6 Years

 

Copies of invoices

7 Years after date of Withdrawal

 
   

Basic student record comprising student name, enrolment date, end date, institution, and transcript data

Permanently

 
   

Accident/incident records of students

3 years from the date of accident/incident

40 years in the event of exposure to asbestos

 
   

Copies of filmed lesson observations

Completion of academic year + 1 term

 
   

CANDIDATE RECORDS

  
   

Application forms, CVs, and interview notes (unsuccessful candidates)

Last communication to candidate + 6 months

 
   

Application forms, CVs, and interview notes (successful candidates)

Part of personnel file 6 years after employment ceases.

 

(Please note that CEG’s stated data retention periods may be affected by the terms of reference of the Independent Inquiry into Child Sexual Abuse (IICSA). CEG is obliged to retain all documentation regarding a safeguarding concern for the duration of the IICSA. For more information, please visit https://www.iicsa.org.uk/).

In some circumstances you can ask us to delete your data: see Request Erasure in Section 10 Your legal rights for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  • Request access to your personal data – (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data – (commonly known as the “right to be forgotten”). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data – where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing your personal data – This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request transfer of your personal data – (also known as the “right to data portability”) We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to withdraw consent – However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Information for students studying with a CEG university partner in the US

Family Educational Rights and Privacy Act of 1974 (FERPA)

FERPA is a US federal law that aims to protect the privacy and sensitivity of student education records and gives certain rights to parents and guardians in respect of those records. These rights automatically transfer to you when you turn 18 years old. During your student registration process CEG’s university partners will ask you to sign a voluntary waiver form authorising disclosure of your records to your parent(s) or guardian(s). Further information on FERPA may be found at:

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA is a US federal law that aims to protect individuals’ medical records and other personal health information. It gives you the right to access your health information and may apply if you are offered a health insurance plan by the CEG university partner. Further information may be found at:

Additional information for students ordinarily resident in the state of California, US who are studying outside of California.

California Consumer Privacy Act of 2018 (CCPA)

CCPA is a Californian state law and is effective as of 1 January 2020.  It creates new consumer rights relating to the access to, the deletion of and sharing of personal information that is collected by businesses (which includes CEG).  Please note that if your place of study is located in the European Union then you will also have the rights detailed earlier in this section 10 under the GDPR.  Further information may be found at California Consumer Privacy Act of 2018 (CCPA):

10.1.Data Protection Officer

If you wish to exercise any of the rights set out above, please contact our Data Protection Officer, Kathryn Brooks in writing with full details of your request.  You can send an email to [email protected] or can write to us at: –

Kathryn Brooks

Data Protection Officer

Cambridge Education Group Limited, 51-53 Hills Road, Cambridge, CB2 1NT

10.2.No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

10.3.What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

10.4.Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10.5.Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Cambridge Education Group Limited,
Registered in England 06020370

Icon-linkedin

Contact Us:

51-53 Hills Road,
Cambridge,
CB2 1NT
United Kingdom

Our Divisions:

Become an Agent

© 2024 Cambridge Education Group