Bursaries Privacy Notice

Last updated June 2025

Introduction

City & Guilds is committed to data security and the fair and transparent processing of personal data. This privacy notice (Notice) sets out how City & Guilds treats the personal data of Website visitors in compliance with applicable data protection law, including the General Data Protection Regulation (EU) 2016/679 (EU GDPR), the UK GDPR and Data Protection Act 2018 (DPA). 

If you are visiting our Website, please read this Notice carefully as it contains important information on who we are, how and why we collect, store, use and share your personal data (process), your rights in relation to your personal data, how to contact us, and how to contact supervisory authorities in the event that you would like to report a concern about the way in which we process your personal data. 

Who are we?

The City and Guilds of London Institute is a charity incorporated by Royal Charter, with registered charity number 312832 (England and Wales) and SC039576 (Scotland). Our registered address is Giltspur House, 5-6 Giltspur Street, London, EC1A 9DE (City & Guilds, we, us, or our). 

For the purposes of applicable data protection law, including the UK GDPR and DPA, City & Guilds is the ‘controller’ of personal data processed via our Website or in connection the provision information, products, and services to you. 

If you have any queries about this Notice the way in which City & Guilds processes your personal data, or about exercising any of your rights, you may send an email to dp@cityandguilds.com; or write to Data Protection, City & Guilds, Giltspur House, 5-6 Giltspur Street, London, EC1A 9DE. 

City & Guilds collects the data of its bursary applicants. This Notice, any other documents referred to in it, sets out the basis on which City & Guilds processes personal data. 

What personal data do we collect?

We may collect and process the following personal data: 

Information you provide to us: 

• Name 
• Age range 
• Course and centre name / location 
• Address 
• Email address 
• Telephone number 
• Sex 
• Employment status 
• Qualification level 
• Information about your income, expenditure, debt and savings 
• Career interests 
• Your skills and experience 
• Your professional development goals 
• Disability information/any adjustments/learning difficulties 
• Equal opportunity monitoring information

Information we collect about you

If you visit our website, we may automatically collect the following information: 

• technical information, including the internet protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; 
• information about your visit to our website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page; 
• any phone number used to call our customer service number. 

Information we receive from other sources

We may also receive personal data about you if you use any of the other websites which we, or another company within the City & Guilds business , or the other services and/or products which we, or another company within the City & Guilds business, provide. You can find out more about the City and Guilds business here. 

We work closely with our associated companies including processing of personal data, see our other companies’ privacy notices for more information. 

Information about other people

If you provide information to us about any person other than yourself, such as your relatives and next of kin, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it. 

Sensitive personal data

In certain limited cases, we may collect certain sensitive personal data from you such as information about your physical or mental health of condition, to enable us to administer requests for reasonable adjustments or sensitive personal data or racial/ethnic origin in order for us to be able to monitor our bursary scheme.  

How do we use your personal data?

We may use your personal data where this is necessary to pursue our legitimate interests as a provider of bursaries including to: 

• send you evaluation forms to collect data about your post-qualification career progression. 
• contact you about opportunities to share your experience as a bursary case study or speaker. 

Legitimate interests: we may process your personal data where it is necessary to pursue our, or third parties’, legitimate interests, including to: 

• communicate with you in relation to any issues, complaints, or disputes; 
• develop, improve and deliver marketing and advertising for products and/or services offered by us or another member of the City & Guilds business; 
• improve the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our Website; 
• perform analytics on sales/marketing data, determining the effectiveness of promotional campaigns; and 
• prevent and detect crime and/or assist with the apprehension or prosecution of offenders. 

We may also process your personal data in pursuance of our legitimate interests to provide you with newsletters, surveys, or information about our awards and events, offers, and promotions, related to products and/or services offered by us or another the company within the City & Guilds business, which may be of interest to you. Where you do receive such marketing communications from us, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us. 

Note that you have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading Your rights. 

Where required by law:  we may also process your personal data if required by law. 

Consent: we may process your special category data when we have obtained your explicit consent to do so. 

With respect to special category data, we may also process such data if necessary for, for compliance with legal responsibilities (such as reasonable adjustments), reasons of substantial public interest, including for the prevention or detection of unlawful acts or in compliance with, or to assist third parties to comply with, any regulatory requirements relating to the investigation of unlawful acts, dishonesty or malpractice. 

Who do we share your personal data with?

Who do we share your personal data with? 

We may share your personal data with trusted third party service providers, including: 

• service providers contracted to us in connection with our Website or provision of information, products and services, such as providers of IT services and customer relationship management services; 
• our digital credential partner platform and 
• analytics and search engine providers that assist us in the improvement and optimisation of our Website. 

We will ensure that there is a contract in place with such third party service providers, which includes obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them, and which upholds your rights and freedoms with respect to personal data. 

Where a third party recipient is located outside the UK, European Economic Area or any other approved country or territory, we will ensure that the transfer of personal data is protected by appropriate safeguards, including the UK international data transfer agreement and/or the EU standard contractual clauses, as applicable. 

We may share your personal data with companies within the City & Guilds business, including City & Guilds companies registered in the UK and outside of the UK. See our other companies’ privacy notices for more information. 

We may also share personal data (including any special category data) with law enforcement or other authorities or agencies if required by law or where we otherwise deem it necessary in pursuance of our legitimate interests. This may include, without being limited to, responding to requests for information from such authorities or agencies, or sharing information with them in connection with our quality assurance processes, investigations, complaints, or appeals. 

You should be aware that, where personal data is shared with a public authority, it will become subject to the Freedom of Information Act 2000 (FOIA) and may potentially fall within the scope of any future FOIA request made to such public authority.  

How long will you keep your personal data?

Where there is a contract between us, we will retain your personal data for the duration of the contract, and for a period of 6 years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.

Where you have consented to marketing communications, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.

How do we protect your personal data? 

We take all reasonable steps to ensure that both we and our third party service providers protect your personal data. This includes ensuring that our staff are aware of their information security obligations, providing training, and limiting access to your personal data to staff who have a genuine business need to know. 

We also take reasonable steps to protect your personal data from loss or destruction and have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

Furthermore, our project management and change control process includes structured assessment of information security and data privacy risks. This process aims to ensure that all proposed system changes of City & Guilds from time to time fully align with data protection requirements and good practice to uphold data subjects’ rights and freedoms with respect to personal data.  

Note that where you as a Website visitor have a username or password (or other identification information) which enables you to access certain services or parts of our Website, you are responsible for keeping this password confidential. We ask you not to share passwords with anyone. 

Note that unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access. Your rights 

Under the applicable data protection law, you have various rights with respect to our processing of your personal data: 

Right to Access 

You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address given below. Please include with your request information that will enable us to verify your identity. We will respond within 1 month of request. Please note that there are exceptions to this right. We may be unable to make all data available to you if, for example, making the data available to you would reveal personal data about another person, if we are legally prevented from disclosing such data, if there is no basis for your request, or if your request is excessive. 

Right to rectification 

We aim to keep your personal data accurate, current and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date. 

Right to erasure 

You have the right to request the deletion of your personal data where, for example, the personal data is no longer necessary for the purposes for which it was collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data be erased, please contact us using the contact details provided below. 

Right to object 

In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details provided below. 

Right to restrict processing 

In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the personal data, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. If you would like to make such request, please contact us using the contact details provided below. 

Right to data portability 

In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another ‘controller’, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to make such request, please contact us using the contact details provided below. 

Please note that applicable data protection laws sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response. 

Contact 

If you have any queries about this Notice, the way in which City & Guilds processes personal data via our Website, or about exercising any of your rights, you can send an email to dp@cityandguilds.com or write to Data Protection, City & Guilds, Giltspur House, 5-6 Giltspur Street, London, EC1A 9DE. 

Complaints 

If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint with the applicable supervisory authority or seek a remedy through the courts. Please visit the UK Information Commissioner’s Office website for more information on how to report a concern. 

Changes to our Notice 

Any changes we may make to our Notice in the future will be posted on this Website and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Notice.