NCELP CPD Course Participant Privacy Notice

This privacy notice is for individuals participating in continuing professional development (CPD) courses organised by the National Centre for Excellence for Language Pedagogy (NCELP). It sets out the ways in which NCELP gathers, uses, stores and shares your data. It also sets out how long we keep your data and what rights you have in relation to your data under the General Data Protection Regulation (GDPR).

For the purposes of this privacy notice, University of York is the Data Controller as defined in the General Data Protection Regulation. We are registered with the Information Commissioner’s Office and our entry can be found at Our registration number is: Z4855807.

Where do we get your data from and what data do we collect?

We collect personal data from you when you apply/register to attend/complete the course via our online application/registration form, and use this to liaise with you about the course. We collect attendance/completion data to verify that you have attended/completed all sessions and completed the course. We also collect data from you when you complete the pre- and post-course knowledge quizzes and in-session quizzes, in order to provide information to you about your learning and to evaluate and improve our courses.

NCELP will collect the following data about you:

  • Information provided on the application/registration form
  • Decisions reached about your application
  • Data about your registration on the course
  • Attendance/completion information during the course

What is our legal basis for processing your data?

Under the General Data Protection Regulation (GDPR), the University has to identify a legal basis for processing personal data and, where appropriate, an additional legal basis for processing special category data. 

Your data will be processed for the purposes of NCELP CPD course management and evaluation. 

  • on the grounds of contractual requirement or to take steps to enter into a contract with you eg to offer you a place on and deliver the NCELP CPD programme;
  • because it is necessary for the performance of a task carried out in the public interest (for information on our public task see our function as set out in our charter).

How do we use your data?

We will use the results of the pre- and post-course knowledge quizzes and in-session quizzes to provide you with information about your learning. We will also use the quiz results to evaluate the effectiveness of and design improvements to the CPD course.

We will use the attendance/completion data to verify that you have completed the CPD course so that we can provide you a completion certificate. We will also anonymise and aggregate this data at course level to report attendance levels to the Funding Body.

Who do we share your data with?

Access to personal data will be password protected. Information will be treated confidentially and shared on a need-to-know basis only with the following:

  • Employees of the University directly involved in NCELP 
  • Named individuals at Comberton Academy Trust, which will be required to sign a data sharing arrangement. 
  • Named individuals (CPD Course Leaders) at NCELP Lead Schools, which will be required to sign a data sharing arrangement.

Anonymised data aggregated at course level will be shared with:

  • The Funding Body (Department for Education)
  • Teaching School Council and Teaching School Hubs

How do we keep your data secure?

The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information see,

How do we transfer your data safely internationally?

In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers, the University will comply with our obligations under Data Protection Law and ensure an adequate level of protection for all transferred data.

How long will we keep your data?

The University will retain your data in line with legal requirements or where there is a business need. Retention timeframes will be determined in line with the University’s Records Retention Schedule. The data that we collect (application, registration, attendance/completion, quiz responses) may be used in an anonymous format in different ways, e.g. in teaching, presentations, and academic and professional publications.

What rights do you have in relation to your data?

Under the General Data Protection Regulation, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances).

For more information please see

Questions or concerns

If you have any questions about how your data is being processed, please feel free to contact NCELP Principal Investigator Professor Emma Marsden by email ( or by telephone on +44 (0)1904 328159, or the Chair of Ethics Committee via email ( 

If you are still dissatisfied, or alternatively please contact the University’s Data Protection Officer at

Right to complain

If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office, see