NCELP events and webinars – Privacy Notice

The National Centre for Excellence for Language Pedagogy (NCELP), funded by the Department for Education, aims to improve language teaching and the uptake of Modern Foreign Languages at Key Stage 3 and 4.

This Privacy Notice tells you what to expect when you sign up to an NCELP event or webinar. For details of how the University uses personal information in other ways, please see the other University Privacy Notices.

For the purposes of this privacy notice, University of York is the Data Controller as defined in the General Data Protection Regulation. We are registered with the Information Commissioner’s Office. Our registration number is: Z4855807.

What data do we have?

Personal data, including your name, your email address, your telephone number and the name of the organisation you work for. We also collect data on where you heard about the event and if you are using NCELP resources/schemes of work.

What is our legal basis for processing your data?

Under the General Data Protection Regulation (GDPR), the University has to identify a legal basis for processing personal data, which is: Processing your data is necessary for the performance of a task carried out in the public interest.

Your personal contact information will be used to manage the event attendee list and for contacting you about the event. All other data that we collect may be used in an anonymous format for statistical purposes.

Who do we share your data with?

Your data will be treated confidentially and shared on a need-to-know basis only. The University is committed to the principle of data protection by design and default and will collect the minimum amount of data necessary for the project. In addition, we will anonymise or pseudonymise data wherever possible.

How do we keep your data secure?

The University takes information security seriously and has implemented appropriate technical and organisational measures to protect personal data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information see IT Services’ Security webpage.

Transfer of data internationally

In certain circumstances it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers the University will comply with our obligations under Data Protection Law and ensure an adequate level of protection for all transferred data.

How long will we keep your data?

The University will keep your personal data for three months after an event. If you choose to be removed from the registration list prior to the event, your data will be deleted.

We are practising Open Science and anonymised data will be managed professionally and stored indefinitely with Research Data York, IRIS or another recognised data repository. 

What rights do you have in relation to your data?

Under the General Data Protection Regulation (GDPR), you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent (where this applies).

If you want to exercise these rights, then you can do so by contacting us at

Questions or concerns

If you have any questions about this privacy notice or concerns about how your data is being processed, please contact the NCELP Administrators at

If you have further questions, the University’s Data Protection Officer can be contacted at

Right to complain

If you are unhappy with the way in which the University has handled your personal data, we ask you to contact us in the first instance, so that we can try to put things right. If you are unhappy with our response, you have a right to complain to the Information Commissioner’s Office (ICO). For information on reporting a concern to the ICO, see the ICO website.