The Centre for Transforming Access and Student Outcomes in Higher Education (TASO) is committed to protecting your personal information and being transparent about any information we hold about you. We only collect information which is necessary for our research projects and communications work.
This privacy notice tells you how we handle personal data. It explains:
- The type of information we collect
- Why we collect this information
- How we collect it
- What we do with it
- How we store it
- Your rights relating to this information
We may change this privacy notice from time to time. It was last updated in November 2020.
1. Our contact details
Name: The Centre for Transforming Access and Student Outcomes in Higher Education
Address: Virginia Woolf Building, 22 Kingsway, London, United Kingdom, WC2B 6LE
2. The type of personal information we collect
The exact information we collect for our research projects varies from project to project. Privacy notices for each project are issued to the participants by TASO, the project delivery teams or independent evaluators.
For participants in our research projects, we typically collect and process information in the following categories:
- Personal identifiers: for example, names (normally only used for matching datasets and often replaced by anonymous identifiers)
- Characteristics: for example, age, gender
- Education outcomes: for example, whether an individual enters higher education
Sign-up details: If you register or sign up for events, newsletters or publications on our website, we will ask you for personal information such as your name, email address, occupation and other contact details such as a contact phone number.
Feedback and surveys: We may also ask you for feedback about TASO or to complete surveys.
Your posts and communications: If you post content or communicate via the website, we may also ask for your name, occupation and the organisation you may work for. We also store and monitor your content and communications.
3. How we get the personal information and why we have it
If you agree to take part in one of our research projects we will use your information for the purpose of that project. Full details of how your personal information will be collected and used will be given to you at the time you agree to participate.
We also receive personal information indirectly, from other sources in the following scenarios:
- We may receive information from higher education providers and other organisations that are funded by us or collaborating with us on research projects.
- We may match research participant information with information held by the Higher Education Access Tracker (HEAT) (or other similar tracking services) on whether they have participated in outreach programmes and your long-term outcomes (e.g. whether and where they have progressed to higher education).
- We may also directly match research participant data information with government data sources, including the Higher Education Statistics Agency (HESA), the National Pupil Database (NPD) and the Individualised Learner Record (ILR). Via this matching we may gather information on the education pathways and detailed characteristics of our participants.
We may share the information we gather with other organisations in the following scenarios (where this has been outlined in the privacy notice):
- We may share information with higher education providers and other organisations that are funded by us or collaborating with us on research projects.
- We may share information with independent evaluators that we hire to work on specific projects.
- We may also share information with HEAT, HESA, the NPD and ILR for the purpose of matching as outlined above.
The use of the data will be outlined in the privacy notice we distribute for each project. The aim of our projects will normally be to test the impact of an activity designed to improve equality in education, or to understand existing patterns of inequality in education.
Our legal basis for processing personally identifiable data for research purposes, under GDPR, is a ‘task in the public interest’. Where we collect data on ethnicity, our condition for processing this special category data is GDPR Article 9, condition j: archiving, research and statistics.
Most of the personal information we process for our communications work is provided to us directly by you for one of the following reasons:
If you sign up to the TASO mailing list we will use your details to keep you informed about latest news, blogs, programme updates, research, publications, event details, jobs and funding opportunities, and may request feedback..
We use third party providers to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. We currently use Mailchimp whose servers are hosted in the USA. Mailchimp agrees to abide by and process EU Data in compliance with Standard Contractual Clauses. Although Mailchimp does not rely on the EU-US Privacy Shield as a legal basis for transfers of Customer Data in light of the judgement of the Court of Justice of the EU in Case C-311/18, for as long as Mailchimp is self-certified to the Privacy Shield: (i) Mailchimp agrees to process EU Data in compliance with the Privacy Shield Principles and (ii) if Mailchimp is unable to comply with this requirement, Mailchimp shall inform Customer. If you want to know more about how your information will be stored and processed see the Mailchimp website.
If you no longer want to receive marketing communications from us, you can unsubscribe from our mailing list at any time by please clicking the unsubscribe link, at the bottom of our emails or by emailing email@example.com detailing your name and email address, and indicating that this is in relation to the unsubscribing.
If you register to attend a TASO event we will use your personal information to process your application to attend the event, take payment, if any, for our administration and management of the event and to send you any updates or information regarding the event.
We may use Eventbrite as registration system for our events and their servers are based in the United States (U.S.) and may store and process your information outside the European Economic Area (EEA). For information located in the United Kingdom, Eventbrite agrees that it will be bound by the Controller-to-Processor Standard Contractual Clauses. If you wish to know more please see the Eventbrite website.
Feedback and surveys
If you agree to give us feedback or complete a survey, we will use the information to improve our work and activities. We usually use Smart Survey to process surveys, and their servers are based in the UK. All data is stored on these UK/EU-based servers and will never leave the EU. For more information see the Smart Survey website.
If you agree to participate in any survey that will form part of any research project or consultation, we will tell you at the time you take part how your information will be used for the particular research project or programme, and how long it will be kept for.
The information that we obtain about your device helps us to monitor the website and keep it secure. When you visit our website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
The cookies we use tell us how you use the site and what pages you have visited. In pursuing these activities, we use our legitimate interest of monitoring and improving the performance of the site, and its security, to help us understand more about our stakeholders’ interests and preferences and to inform our marketing strategy.
If we do collect personal data through our website, we’ll be up front about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Cookies are text files, which identify a user’s computer to our servers. Cookies in themselves do not identify the individual user, just the computer used.
For our marketing activities and surveys, under the General Data Protection Regulation (GDPR), we rely on consent as our lawful bases for processing. For our events, under the General Data Protection Regulation (GDPR), we rely on legitimate interests as our lawful bases for processing
4. How we store your personal information
Some of the information we collect for our communications work is stored on third party systems as specified above (Mailchimp, Eventbrite and SmartSurvey). All other information we collect is securely stored on King’s servers. We store our data in line with the King’s College London Data Protection Policy.
We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected. The length of time which we plan to keep any information for will be outlined on the privacy notice for each individual project. Wherever possible, personal data will be anonymised or pseudonymised, as long as this does not impair the aims of the project. When data is no longer needed, we will securely destroy any paper or digital records, or anonymise and archive the data (as specified in the privacy notice for any particular project).
If you have provided consent for us to use your information for our communications work, we will retain your information until you withdraw that consent.
If you attend one of our events, we will use your information for the purpose of the event and will only contact you for any other purpose if you have said we can. We will retain your personal information collected for the purpose of the event for 3 years for evaluation and business development purposes to help us understand our audience and reach, and to improve future events.
5. Your data protection rights
Your rights depend on the legal basis which we have used to collect and process data.
Subject to certain exemptions, and in some cases dependent upon our lawful basis (see above), you have certain rights in relation to your personal data:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us by contacting email@example.com.
TASO is currently incubated within King’s College London and you can see the King’s College London privacy notice, with contact details for the university Data Protection Officer, online.
You can also complain to the ICO using the details below if you are unhappy with how we have used your data. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Research partner privacy notices
TASO currently has a number of research partners that we are collaborating with on projects. For each project we will distribute tailored privacy notices as appropriate. We also link to the privacy notices of each of our research partners below.
Summer schools RCT (pre-16)