Privacy Statement for Exam Candidates

1. Introduction

Under 18 years? Read this:

This privacy statement is for you if you are a candidate taking an exam (except for a Secure English Language Test) with Trinity College London¹ (‘Trinity’, ‘us’, ‘our’ or ‘we’) or our validated course providers or validated course and assessment providers, and for your parents and guardians (if applicable). This includes your involvement in any test or trial connected with Trinity’s online assessment tools.

Trinity is committed to protecting the privacy and security of your personal data. This privacy statement provides information about the different types of personal data that we collect during the exam process, the ways in which we use these and your data protection rights, including a right to object to some of the processing which we carry out.

You may also be subject to specific terms and conditions of booking for your exam which are for the protection of both you and us, so we advise that you please take the time to read them carefully. In addition, you are advised to read our Data Protection Policy.

If you are a candidate taking a Secure English Language Test please refer to the privacy statement relating to that exam (Trinity’s privacy statement for our websites).

2. Our role

Under 18 years? Read this:

Trinity is a data controller in respect of any personal information we collect about you.

As a data controller, we are committed to protecting your privacy at all times in accordance with all applicable laws and regulations governing the use or processing of personal data, including (where applicable) the General Data Protection Regulation (EU) 2016/679 (‘GDPR’) and the Data Protection Act 2018 (each as amended from time to time, and in the case of the GDPR, as incorporated into UK law, including by any legislation arising out of the withdrawal of the UK from the European Union) and any subsequent data protection legislation which is in force in the UK at the relevant time. 

3. When and what personal information do we collect?

Information you give to us directly

Under 18 years? Read this:

We will collect certain personal data about you when you apply to take a qualification with Trinity.

We may collect, store and use the following information from you:

• your full name and contact details, including email address, postal address and telephone number;
• your unique candidate identifier and password (to access our online assessment tools);
• your gender, date of birth and any special needs requests;
• information that we require to verify your identity, such as the details of your identity documentation and/or a photograph and/or copy of your passport, driving licence or
  other identity documentation;
• image, video and/or audio recordings, including of the exam you undertake;
• information about your communication preferences;
• name and contact details of parent/guardian for candidates and/or the submitter of the candidate’s entry or exam performance video where applicable;
• other information about your application provided on your application form, information relating to your exam performance and assessment and your exam results; and/or
• where exams are undertaken at home, we also process the contents of your screen that are shared with the invigilator, and any images, video and audio recordings of any chaperone that accompanied you during your exam.

Information we obtain indirectly

Under 18 years? Read this:

Your personal information (as listed above) may also be shared with us by third parties. For instance, we may receive it from your training provider, the submitter of your entry or exam performance video, validated course provider or validated course and assessment provider, parent or guardian.

4. Special categories of information

Under 18 years? Read this:

Certain categories of personal information are categorised as sensitive and require higher levels of protection. These categories of data include information about health and ethnicity.

We may collect and/or use special categories of data in connection with our qualifications and the provision of our services, for example, in order to make adjustments for any disabilities you may have. We may also collect race, nationality or ethnicity data from you (should you choose to provide it), to ensure meaningful equal opportunity monitoring, reporting and treatment.

We will only process these special categories of data if there is a valid reason for doing so and where the applicable data protection laws allow us to do so.

5. How do we use your personal information?

Under 18 years? Read this:

We may use your personal information for one or more of the following purposes: 

• providing you with information and news about our exams;
• considering and processing your application for one of our qualifications and communicating with you in connection with your registration and exam results, including by providing you with a copy of your certificate where appropriate – this may also include updating your national learner record where relevant or necessary;
• carrying out necessary checks to verify your identity, as may be necessary as part of our exam registration process;
• retaining a record of incoming and outgoing communications (eg emails, telephone calls) – information in the email we receive and send will not be disclosed to any third party without the permission of the sender unless otherwise permitted in accordance with the applicable data protection laws;
• dealing with your enquiries and requests or those made on your behalf by anyone who booked your exam;
• monitoring malpractice;
• dealing with complaints and appeals;
• using exam audio and video recordings, assessment decisions, results and other personal data for research, educational resources and professional support materials, statistical, training (including training materials) and standardisation purposes and to combat exam malpractice;
• to monitor the quality of assessments and to test, develop, receive feedback on and improve our assessment tools and products;
• to create aggregate and statistical data (which cannot be used to identify you). For example, aggregate data may include data that describes the general demographics, usage or other characteristics of our exam candidates. We may use this aggregate and statistical data for marketing and publicity purposes or for educational resources, training and professional support materials;
• to satisfy legal obligations which are binding on us;
• for the prevention of fraud or misuse of service;
• to participate in marketing and academic surveys;
• to verify and carry out financial transactions in relation to payments made by you;
• to enforce compliance with our terms of use and other policies or otherwise in connection with the establishment, defence or enforcement of legal claims, compliance, regulatory and investigatory purposes as necessary (including disclosure of such personal information as is required in connection with legal process or litigation); and/or
• to further our charitable aim in general.

 6. Lawful processing

Under 18 years? Read this:

We are required to rely on a lawful ground to collect and use the personal information above, as follows:

Consent – Where you have provided your consent for our use of your personal information in a certain way. When we ask you for consent we will explain at that time the purpose for which we will use your personal information. For example, where we ask for your consent to send you our newsletter or information about our products, publications and programmes of events, or where we invite you to participate in marketing and academic surveys. Where applicable, we may require the consent of your parent or guardian.

Legal obligation – Where the processing of your personal information is necessary for us to comply with a legal obligation. For example, to comply with our obligation to provide reasonable adjustments to candidates with a disability, or where we respond to requests by government, regulatory or law enforcement authorities conducting an investigation.

Legitimate interests – We rely on this basis where applicable law allows us to collect and use personal information for our legitimate interests of delivering and monitoring our qualifications, and the use of your personal information is fair, balanced, and does not unduly impact your rights. For instance, it is in Trinity’s legitimate interest to process personal data when Trinity makes video or audio recordings of our exams in order to monitor the quality of our assessments and/or for testing, feedback, research and training purposes. You can obtain information on our legitimate interest balancing tests by contacting us using the details set out later in this notice.

Contractual relationship – Where it is necessary for us to process your personal information in order to perform a contract to which you are a party, or to take steps at your request prior
to entering a contract. For example, to provide our exam services to you, to provide you with support resources (where available) or to issue you with a qualification certificate where you successfully complete a qualification.

7. Sharing your personal data

Under 18 years? Read this:

We will not sell, rent or lease your personal information to others. We will only share personal information we collect from you with:

• our national and local representatives who deliver information and services in relation to our exams in your locality;
• the schools, colleges, education centres, local authorities and any other entity that provides training courses preparing for a qualification awarded by us, to the extent necessary to provide them with information about your results;
• those persons or bodies contracted by us to carry out the roles of examiner, marker, advisor, moderator, proctor, tutor, consultant, steward, representative or other similar roles on our behalf in the context of our provision of qualifications and/or in the course of providing training, educational resources or other support materials to such persons or bodies;
• other exam candidates in the context of relevant exams, such as exam candidates participating with you in the discussion component of an ESOL Skills for Life exam;
• the service providers we engage to provide our online assessment tools, to provide an exam performance video submission service, to test and process results data and to produce qualification certificates on our behalf (see further information on digital certificates below);
• our marketing automation tool service providers, for the purpose of managing email lists and issuing communications on our behalf;
• other companies in our group, such as our subsidiaries, where they are providing support services to us;
• your parents and/or guardians (of children under 18 years of age), where parents and/or guardians raise a specific request in relation to, or ask to view, your personal information or where we need to obtain consent from your parents and/or guardians (for children under 13 years of age) or where we have any concerns;
• our academic research partners, for monitoring assessment and the development of assessment tools and products; and/or
• as required by law to any law enforcement, regulatory or other government bodies, or to any relevant universities, schools, colleges, local authorities or other such entities to the extent required to progress your applications to such entities – for example, we may share your personal data with a university or the University and Colleges Admissions Service (UCAS) for admission purposes or, where required, with the Department of Education for statistical purposes.

Where we have chosen to issue a digital certificate to you, we have engaged a third party provider EdInvent, Inc, D.B.A. (‘Accredible’) to provide you with the digital certificate. Accredible acts as our processor (or sub-processor in relation to Secure English Language Tests) in connection with providing you with the Trinity digital certificate and where you access Accredible’s website to access your Trinity digital certificate. Accredible may also provide the option for you to open an account with Accredible (that may have Trinity branding). Please note that where you choose to open an account with Accredible directly and provide Accredible with additional personal information in relation to this account and where you use your account with Accredible in relation to credentials other than your Trinity digital certificate (for example, where you use your account with Accredible to hold certificates issued by another organisation), another party (ie, not the Home Office or Trinity), such as Accredible or the other organisation that issued such credentials to you, is the data controller and you should refer to their privacy statement for further information about how your personal information is collected and used. We are not responsible for the contents of such other party’s privacy statement and policies.

We may disclose your personal information to selected third party processors (such as agents and our suppliers) but only in connection with our own processing purposes, as outlined above in paragraph 5. Any such third party will be required to use any personal data they receive from us in accordance with our instructions and the applicable data protection laws.

We reserve the right to disclose your personal information to third parties:

• if we buy or sell any business or assets or if most of our assets are acquired by a third party, in which case we will disclose your personal information to the prospective buyer
  or seller of such business or assets;
• for auditing purposes, for example where we employ chartered accountants;
• if we are under any legal or regulatory obligation to do so (for example as required by our regulators, eg the Office of Qualifications and Examinations Regulation (Ofqual) or the Information Commissioner’s Office (‘ICO’); and/or
• in connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.

8. International data transfers

Under 18 years? Read this:

Where we transfer personal information to and from the UK and the European Economic Area (‘EEA’) we adopt all relevant measures required by the data protection laws. As we sometimes use third parties to process personal information, it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK or the EEA. Certain countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security protections.

Where your personal information is transferred, stored, and/or otherwise processed outside the UK or EEA in a country which does not offer an equivalent standard of protection to the UK or EEA, we will put in place appropriate transfer mechanisms as required under the relevant data protection laws and take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards designed to protect your personal information.

If you have any questions about the transfer of your personal information, please contact us.

9. Your rights

Under 18 years? Read this:

Where we rely on your consent to use your personal information, you have the right to withdraw your consent at any time. Under certain circumstances, by law, you have the right to:

1. Request access to your personal information (by a ‘data subject access request’). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it. For further details please refer to the Data Subject Access Request Policy.
2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
3. Request erasure of your personal information (often referred to as ‘the right to be forgotten’). This enables you to ask us to delete or remove personal information where there is no appropriate reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
4. Object to the processing of your personal information where we are relying on a legitimate interest (ours or those of a third party) and there is something about your particular situation which causes you to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
6. Request the transfer of your personal information to another party.

Parents and/or guardians may be able to exercise some of these rights on behalf of their child (who is under the age of 18 years) in connection with their child’s personal information, though, depending on the circumstances, we may need to keep the child informed of such exercise of their rights by a parent and/or guardian.

Your rights described above may be limited in some instances where statutory exemptions apply, such as where they would infringe the rights of a third party or our rights or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. For example, under data protection laws, Trinity is not required to provide personal data comprising information recorded by candidates during exams and/or in circumstances where its release would adversely affect our rights in the intellectual property
and confidentiality of our exams or reveal the personal data of another data subject. We will inform you of the relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us by contacting our Data Protection Officer using the details set out at the end of this document. If you have unresolved concerns, you have the right to complain to a UK or EU data protection authority where you are based or where you believe a breach may have occurred. In the UK this is the ICO.

10. Marketing communications and your rights

Under 18 years? Read this:

Under 13 years? Read this:

Except in relation to individuals who have already signed-up for an exam, event or other service or good from us, Trinity operates a strict ‘opt-in’ policy for individuals. That means that where you have already signed-up for an exam, event or other good or service from Trinity, we may send you news and information of similar exams, events, goods or services that we provide until we are informed that this communication is no longer required. We will give you an opportunity to ‘opt-out’ of receiving such communications at the time that we collect your personal information and every time after that when we contact you with such communications. In all other cases, we will not send you any information unless you have requested to receive email/text/social media message updates from us.

You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by clicking on the unsubscribe link in the relevant email or message, or by emailing us at unsubscribe@trinitycollege.com. Once this information is received we will remove you from our direct marketing database. We may require the consent of a parent or guardian where a child under the age of 13 years wishes to ‘opt-in’ to receive such updates from us.

11. Security of your data

Under 18 years? Read this:

Trinity takes its security obligations under the data protection laws seriously. We will endeavour to take all reasonable steps to protect your personal information in order to prevent unauthorised access to or alteration or destruction of personal data in our possession. All the personal information we collect is stored securely on servers and we use secure internet protocols and secure networks to protect data collection and processing.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12. How long do we keep your personal information for?

Under 18 years? Read this:

We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In determining the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Information which is necessary to verify or confirm exam results may be kept by us indefinitely.

For more details please see our Data Retention Policy and Data Retention Schedule.

13. Contact us or the ICO

Under 18 years? Read this:

We have appointed a Data Protection Officer (‘DPO’) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, or if you wish to make a complaint, please contact the DPO at dpo@trinitycollege.com 

You can also contact or make a complaint at any time to the ICO on 00 44 (0)303 123 1113.

14. Changes to this privacy statement

Under 18 years? Read this:

We may update this privacy statement from time to time. When we do, we will publish the updated version on our website. If material changes are made to this privacy statement we will notify you by email or by placing a prominent notice on the website.

¹ Trinity College London is a registered charity with registration numbers 1014792 (England and Wales) and SC049143 (Scotland) and company registration number 02683033 in England. Its registered office is at Blue Fin Building, 110 Southwark Street, London SE1 0TA.