“Personal Information” is information that identifies you as an individual or relates to an identifiable individual. As data controller, HEI processes Personal Information which may include:
We collect Personal Information in a variety of ways, including:
- We collect Personal Information by providing (or in order to provide) our Services, for example, when you submit your details on the request information form on our website https://myonlinecampus.com or paid traffic landing pages, create an account, enrol via our online enrolment form, or maintain an ongoing relationship with us.
- From you during your course of study or period of enrolment.
- We collect your IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website (together, “Technical Data”) from analytics providers such as Google.
- We collect Personal Information from you offline, such as when you contact us by phone or email and provide information to a member of our contact centre.
We will only use your Personal Information when the applicable law allows us to and for the purposes of providing our Services to you. These uses include:
- To provide our Services’ functionality to you, such as arranging access to your registered account and purchased courses;
- To respond to your enquiries and fulfil your requests, for example, when you send us questions, suggestions, or complaints;
- To complete your transactions, and provide you with related assistance;
- To send administrative information to you, such as changes to our terms, conditions and policies;
- To allow you to send messages to another person if you choose to do so.
We will engage in these activities to manage our recruitment, enrolment, and support processes. The legal basis we rely on for processing this Personal Information until you have enrolled is consent under article 6(1)(a) of the General Data Protection Regulation ((EU) 2016/679) (GDPR). We will request both email and telephone contact details in order to ensure that any security administrative functions are robustly managed. Further, to provide verbal and written communication to ensure you are fully informed to enabling you to make the decision of aquiring our Services. Then once enrolled, we will rely on 6(1)(b) of the GDPR; processing is necessary for the performance of our contractual relation with you.
- To send you marketing related emails, with information about our Services and other news about us or other programmes offered by our partners;
- We will engage in this activity with your explicit consent and you have the right to withdraw consent to marketing at any time by contacting us in accordance with the “Contacting Us” section below;
- You will receive marketing communications from us if you have previously authorized to receive such comnunications.
The legal basis we rely on for processing this Personal Information is consent under article 6(1)(a) of the GDPR.
- For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
- For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
- For developing new services;
- For enhancing, improving, or modifying our current Services;
- For identifying usage trends, for example, understanding which parts of our Services are of most interest to users;
- For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users;
- For operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.
The legal basis used for processing the above rely on No 1 – necessary for compliance with a legal obligation, for example, regulatory audits, article 6 (1)(c) of the GDPR; and No’s 2-7 - necessary for the purposes of a legitimate interest, article 6 (1)(f) of the GDPR.
We will only use your Personal Information for the purposes for which we collected it, as mentioned herein.
We may share your Personal Information with the parties set out below, for the purposes listed above. We disclose Personal Information:
We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:
We will use appropriate organisational, technical and administrative measures to protect Personal Information within our organisation. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
We have additionally put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You gave consent to receive personalised information about online courses or programmes by your preferred method. You may withdraw your consent:
- To receiving email marketing from us. If you no longer want to receive marketing-related emails from us on a going-forward basis, unsubscribe by following the instructions contained in each such email or by contacting us at firstname.lastname@example.org.
- To receiving other types of marketing communications from us regarding other online programmes or courses offered through HEI or its partners. If you no longer want to receive marketing-related communications from us on a going-forward basis, you can unsubscribe by contacting us at email@example.com.
- To change the preferred method of contact. Should you wish to change your preferred method, contact us at firstname.lastname@example.org.
We will try to comply with your request(s) as soon as reasonably practicable.
Under GDPR, you have the right to:
- Withdraw consent where that is the legal basis of our processing;
- Access your Personal Information that we process;
- Rectify inaccuracies in Personal Information that we hold about you;
- Be forgotten, that is your details to be removed from systems that we use to process your Personal Information;
- Restrict the processing in certain ways;
- Obtain a copy of your data in a commonly used electronic form; and
- Object certain processing of your Personal Information by us.
In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information.
Please note that we need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a payment, you may not be able to change or delete the Personal Information provided until after the completion of such transaction). Further information regarding retention periods can be found below.
We retain Personal Information for as long as needed or permitted in light of the purposes for which it was obtained and consistent with applicable law, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint.
The criteria used to determine our retention periods include:
We will retain personal information for no more than six years from the date on which you cease to have access to your last module.
Our Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under eighteen (18).
Your Personal Information is stored and processed in the United States of America. We share your data within the HEI Group and this will involve transferring your Personal Information outside the European Economic Area (EEA). It may also be processed outside the EEA by third party service providers. Any international data transfers will take place in full compliance with the GDPR and any relevant UK legislation.
Please contact us if you want further information on the specific memorandum used by us when transferring your Personal Information out of the EEA.
It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
If you are located in the EEA, you also may lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection law occurs.
We would however, appreciate the chance to deal with your concerns before you approach the data protection authority for your country or region, so please contact us in the first instance.