Vitae-UNISA training event privacy notice
1. Introduction
We are The Careers Research and Advisory Centre (CRAC) Ltd. CRAC is the non-profit organisation that manages the Vitae programme. Vitae is the global leader in supporting the professional development of researchers, experienced in working with institutions as they strive for research excellence, innovation and impact.
You can find more information about CRAC and the work that we do on our website: www.crac.org.uk.
CRAC is committed to protecting the personal information of all its contacts and being clear about what information we hold about them and how we use it. This privacy notice tells you what to expect when CRAC collects personal information.
CRAC is registered as a data controller with the Information Commissioner’s Office (ICO). Our registration number is Z1030346. You can check our registered details on the ICO’s website: https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/
2. Data controller and Data Protection Officer
CRAC is the “data controller” of any personal information collected within scope of this privacy notice. Our Data Protection Officer (DPO) is the first point of contact for people whose information is processed. Our location and contact details for our DPO are as follows:
Data Protection Officer
The Careers Research and Advisory Centre (CRAC) Limited
22 Signet Court
Cambridge
CB5 8LA
Email: data.protection@crac.org.uk
Tel: 01223 448500
3. How we use your information
We can only use your personal information where we have legitimate reasons for doing so and have told you what those reasons are.
The specific uses that will be made of your personal information are listed below:
UNISA has recommended that Vitae uses Microsoft Teams for these virtual training courses as UNISA participants are familiar with the tool. Any personal information that you share with Vitae or our training associates through Microsoft Teams will only be used to facilitate the delivery of the training event as described in this policy. Your personal information will not be shared with any other party or for any purpose not referenced in this privacy notice and will not be used for marketing purposes.
Lawful basis
We will process your personal data for the purpose of facilitating the event and sharing the event outcomes with event participants; These are legitimate interest purposes (GDPR Article 6(1)(f)).
Below you will find information on usage, privacy and other issues that we recommend you read before the session.
Usage
- Sign in and join the meeting using your Teams account.
(If you don't have a Teams account, you can join a meeting as a guest. To do this, you can:- Go to the meeting invite and select Join Microsoft Teams Meeting
- Choose to Join on the web or Download the Windows app
- Click Join now
- Enter your name
- The meeting organiser will be notified that you've joined, and someone in the meeting can admit you.)
- We would like you to identify you with your real name as we believe this reflects the level of collaboration and interaction we aim to achieve in our sessions. However, you can also change your name to just a first name, nickname or pseudonym if you prefer.
- We would prefer you to turn on your camera during the session, particularly during any break outs as again, we feel this reflects the level of collaboration and interaction needed for an experiential training course. Of course, if you have connectivity issues you may find keeping the camera off assists in the sound quality.
- We ask you to mute your microphone when you are not speaking to avoid background noise, but we hope you will be able and willing to turn on your microphone when discussions and interactions are taking place, so you can get the most out of the session.
- Like most other websites, the Microsoft Teams website uses cookies for statistics, and tracking and collecting diagnostic data (https://learn.microsoft.com/en-us/microsoftteams/privacy/policy-control-diagnostic-data-desktop).
- Microsoft Teams' chat is end-to-end encrypted; Chats can further be stored by us to record relevant exchanges and questions. In general, we therefore advise against sharing sensitive data via Microsoft Teams.
Recordings
- Please do not take any image and sound recordings. This is in accordance with data protection regulations.
- While Vitae will not record these training , we reserve the right to use screenshots, audio and video recordings of sessions for communication purposes in online, print and other media. If you stay with us, you agree to this.
- Microsoft Teams complies with GDPR. For more information, please visit Microsoft Teams’ website (https://pulse.microsoft.com/en/work-productivity-en/na/fa2-privacy-and-protection-of-your-data-in-microsoft-teams/).
- As with other online tools, the use of Microsoft Teams generates data that may allow conclusions to be drawn about people. This data is treated confidentially and is neither passed on nor sold to third parties by Vitae or by Microsoft Teams, according to their privacy policy (https://pulse.microsoft.com/en/work-productivity-en/na/fa2-our-commitment-to-privacy-and-security-in-microsoft-teams/).
- Like many other webinar technology providers, Microsoft is a US-based service provider. Like others, Microsoft is certified under the EU-U.S. Privacy Shield, so that the legal requirements for an adequate level of data protection are met.
- We do everything possible to protect your and our data and to ensure transparency. However, it is up to you to decide whether you want to or are allowed to participate in our events on Microsoft Teams. With your participation in a Microsoft Teams meeting you accept our data privacy policy and agree to the processing of the data necessary for the execution of the meeting.
- Purpose of Processing: We use “Microsoft Teams” as a tool to conduct online events. “Microsoft Teams” is a service of Microsoft which is based in the US.
- The data Controller in the context of these online events is The Careers Research and Advisory Centre (CRAC) of which Vitae is part.
- As soon as you access the Microsoft Teams website or application, the provider of Microsoft Teams is responsible for data processing.
- Various types of data are processed when using Microsoft Teams, depending on what you provide in advance or during an online meeting.
- The following personal data are subject to processing:
- User data: forename, surname, email address, password (if “single-sign-on” is not used), profile picture (optional), department (optional)
- Meeting metadata: topic, description (optional), participant IP address, hardware information
- Text, audio and video data: You may use chat during the meeting. The data entered there is processed for the purpose of making it visible. To enable the display of video and the rendering of audio, corresponding data will be collected from the microphone of your device and any video cameras of your device for the duration of the meeting. You can turn off the camera or microphone in the “Microsoft Teams” application at any point of the meeting.
The personal information we collect and use is set out below:
- Title
- Name
- Job Title
- Telephone
- Email Address
5. Personal information we obtain from another source
Other than the personal information collected from you directly, we may also obtain personal information about you from other sources, listed below:
- Your organisation or the organisation that organised the training session and invited you to attend
Purpose of obtaining personal information from other source(s):
- To facilitate the delivery of the training event only
Lawful basis for obtaining personal information from other source(s)
- Legitimate interests
6. Who we give your personal information to
Your personal information may be shared with associate trainers for the purpose of facilitating the training session in which case the processing will be strictly controlled by data processing agreement. We will not routinely pass your information to any other organisation except where required to do so as part of our functions or by law.
7. Where your personal information will be stored
Your personal information is stored on Microsoft Office 365 business services. Microsoft will have access to your personal information for the purposes of providing the business services to us.
https://learn.microsoft.com/en-us/microsoftteams/privacy/location-of-data-in-teams
For more information about how Microsoft may process your personal information please see the information in the Microsoft Trust Centre:
www.microsoft.com/en-us/trustcenter/privacy .
You should understand and agree that your personal information may be transferred to, and stored at, a destination outside the country and economic area in which you reside, and that it may also be processed by staff operating outside that country for the purposes set out in this Privacy Policy.
8. How we protect your personal information
CRAC has a number of security measures in place to protect your personal information, listed below:
- All staff are required to undertake training in data protection and information security on joining CRAC and then on an annual basis.
- Formal information security policies that must be read and understood by all staff.
- Personal information is only available to those members of staff who require access as part of their role.
- CRAC is ISO27001 accredited.
- We work with third-party data processors that have comply with General Data Protection Regulations (GDPR):
https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
9. Your rights over your personal information
Once your personal information has been collected, you have certain rights in relation to that personal information that may be exercised. You have the right to:
- Ask for a copy of your personal information
- Correct inaccurate personal information held about you
- Ask for your personal information to be deleted (within 30 days)
- Restrict processing of your personal information
- Ask for a copy of their information in a format that allows easy transfer (“data portability”)
- Object to automated decision making or profiling (if these take place)
10. How long we will hold your personal information
We are only able to retain a copy of your personal information as long as it is still needed for the purpose(s) for which it was collected. We will retain your personal data no longer than six months following completion of the training session.
11. Complaints about the use of your personal information
If you are unhappy with the way in which your personal information has been handled by CRAC, you may contact us at: data.protection@crac.org.uk or via our Data Protection Officer (details in section 2) and we will try to resolve your issue informally.
If we are not able to resolve the issue to your satisfaction, you can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) and they can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Email: casework@ico.org.uk
12. Changes to this privacy notice
We keep our privacy notices under regular review and we will inform you of any changes to this notice by placing an update on the Vitae website.
This privacy notice was last updated on 02/09/2024.