NCELP Research Participant Privacy Notice

This privacy notice is for individuals participating in continuing professional development (CPD) courses organised by the National Centre for Excellence for Language Pedagogy (NCELP). It sets out the ways in which NCELP gathers, uses, stores and shares your data. It also sets out how long we keep your data and what rights you have in relation to your data under the General Data Protection Regulation (GDPR).

For the purposes of this privacy notice, University of York is the Data Controller as defined in the General Data Protection Regulation. We are registered with the Information Commissioner’s Office and our entry can be found at Our registration number is: Z4855807.

Where do we get your data from and what data do we collect?

We collect personal data from you when you apply to attend/complete the course via our online application form, and use this to liaise with you about the course. We collect attendance/completion data to verify that you have attended/completed all sessions and completed the course. We also collect data from you when you complete the pre- and post-course knowledge quizzes and in-session quizzes, in order to research the usefulness and effectiveness of providing research-informed CPD as well as learning about your attitudes towards research. We will use your personal details to link your pre- and post-course answers.

As part of its research about the usefulness and effectiveness of its programmes, NCELP will collect the following data about you:

  • Information provided on the application form
  • Data about your registration and attendance/completion
  • Pre- and post-course knowledge quiz
  • In-session quizzes
  • Consent to contact you about future research

What is our legal basis for processing your data?

Under the General Data Protection Regulation (GDPR), the University has to identify a legal basis for processing personal data and, where appropriate, an additional legal basis for processing special category data.

Your data will be processed for the purposes of research. Our legal basis for processing is:

  • because it is necessary for the performance of a task carried out in the public interest (for information on our public task see our function as set out in our charter

In line with ethical expectations and to comply with common law duty of confidentiality, we may seek your consent to participate where appropriate. This consent will not, however, be our legal basis for processing your data under the GDPR.

How do we use your data?

Your data will be used in research to investigate the usefulness and effectiveness of providing research-informed CPD.

Who do we share your data with?

Access to personal data will be password protected. Information will be treated confidentially and shared on a need-to-know basis only with the following:

  • Employees of the University directly involved in NCELP (Louise Earnshaw, Victoria Hobson, Wendy Burns, Heather Bradley, Sarah Blakeman, Amber Dudley, Emma Marsden, Giulia Bovolenta, Inge Alferink, Natalie Finlayson); and
  • Rachel Hawkes at Comberton Academy Trust, which will be required to sign a data sharing arrangement.

Anonymised data aggregated at course level will be shared with:

  • The Funding Body
  • Teaching School Council and Teaching School Hubs
  • CPD Course Leaders employed by NCELP Lead Schools

How do we keep your data secure?

The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information see,

How do we transfer your data safely internationally?

In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers, the University will comply with our obligations under Data Protection Law and ensure an adequate level of protection for all transferred data.

How long will we keep your data?

The University will retain your data in line with legal requirements or where there is a business need. Retention timeframes will be determined in line with the University’s Records Retention Schedule.

We are practising Open Science and anonymised data will be managed professionally and stored indefinitely with Research Data York and/or IRIS ( The data that we collect) may be used in an anonymous format in different ways, e.g. in teaching, presentations, and academic and professional publications.

What rights do you have in relation to your data?

Under the General Data Protection Regulation, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances).

For more information please see

Questions or concerns

If you have any questions about how your data is being processed, please feel free to contact NCELP Principal Investigator Professor Emma Marsden by email ( or by telephone on +44 (0)1904 328159, or the Chair of Ethics Committee via email (

If you are still dissatisfied, or alternatively please contact the University’s Data Protection Officer at

Right to complain

If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office, see