1. The Council of Deans of Health and Universities UK

  • The Council of Deans of Health (the Council) is a restricted fund of Universities UK (UUK) and the UUK group acts as Data controller for the Council.
  • The Council receives HR and Finance function services from UUK and therefore shares with UUK HR and Finance information about our membership subscription income and expenditure.
  • Outside of this, the Council will not share any member contact information with UUK.

2. The data controllers

The data controllers are:

The UUK group includes the Council of Deans of Health and Universities Wales.

The UUK Director of Operations has responsibility for data protection, and can be contacted by:


Post    Woburn House, 20 Tavistock Square, London, WC1H 9HQ

Phone 020 7419 4111 (office hours only)

Universities UK privacy policy .

3. The personal data the Council collects

This privacy notice applies to information we collect about:

  • Visitors to our website
  • Our members
  • People who sign up for mailing lists and bulletins, request information from us or use our services
  • Delegates and speakers attending our events
  • Members and other external parties booking our conference and meeting facilities

Personal data we routinely collect includes:

  • Name
  • Postal address
  • Email address
  • Telephone number

For our conference delegates and speakers we collect:

  • Personal data (name, postal and email address, telephone number)
  • Dietary and access requirements

4. How the Council collects personal data

We collect personal data through:

  • Web forms online
  • Telephone
  • Email
  • Paper forms

 5. How the Council sources data

We find contact data from several sources, for example on institutions’ websites for individuals, other online resources, Companies House and we are given contact details from an individual’s colleague to add to our mailing lists.

We generally do not buy in data lists from third parties. If we felt this was necessary, we would conduct a data protection impact assessment.

 6. The purpose for collecting data

We use the data to keep in touch with individuals interested in the healthcare & higher education sectors. This could include:

  • People working in higher education institutions, or organisations connected to higher education
  • People working in healthcare policy and regulation
  • Political, business, media and policy contacts
  • Attendees at our conferences and events

For the above groups, we will email news updates relating to their work and the wider higher education sector.

For our named members and their PA’s, we will use data for administrative purposes to manage membership.

 7. Your rights as an individual

You can unsubscribe from email communications at any time, using the unsubscribe button, or replying to emails with the instruction to be removed from a mailing list. As a data subject, individuals have a number of rights in relation to their personal data.

Subject access requests

If an individual makes a subject access request, UUK will tell him/her:

  • whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual;
  • to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;
  • for how long his/her personal data is stored (or how that period is decided);
  • his/her rights to rectification or erasure of data, or to restrict or object to processing;
  • his/her right to complain to the Information Commissioner if he/she thinks UUK has failed to comply with his/her data protection rights; and
  • whether or not UUK carries out automated decision-making and the logic involved in any such decision-making.

UUK will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise. This will be provided within one month of the request being made to meet GDPR requirements.

To make a subject access request, the individual should send the request to In some cases, UUK may need to ask for proof of identification before the request can be processed. UUK will inform the individual if it needs to verify his/her identity and the documents it requires.

If a subject access request is manifestly unfounded or excessive, UUK is not obliged to comply with it. Alternatively, UUK can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which UUK has already responded. If an individual submits a request that is unfounded or excessive, UUK will notify him/her that this is the case and whether or not it will respond to it.

Other rights

Individuals have a number of other rights in relation to their personal data. They can require UUK to:

  • rectify inaccurate data;
  • stop processing or erase data that is no longer necessary for the purposes of processing;
  • stop processing or erase data if the individual’s interests override UUK’s legitimate grounds for processing data (where UUK relies on its legitimate interests as a reason for processing data);
  • stop processing or erase data if processing is unlawful; and
  • stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual’s interests override UUK’s legitimate grounds for processing data.

To ask UUK to take any of these steps, the individual should send the request to

8. If you have a complaint

The supervisory authority is the Information Commissioner’s Office. Individuals can lodge a complaint directly with them.

Details of how to report concerns are on the ICO website. The helpline telephone number is 0303 123 1113.

9. The legal basis we are relying on

The Council of Deans of Health (as part of UUK)  will use legitimate interest for contacts and communications for the following groups:

  • Council of Deans of Health members and staff within member organisations
  • Higher education sector
  • Healthcare sector
  • Policy, political, business and media contacts
  • Grant and funding bodies

For these groups the data held will be:

  • Full name
  • Postal address (business address)
  • Contact details including address, telephone number and email (business contact details)

The Council believes that:

There is a genuine business reason (the legitimate interest) for processing this data, the purpose of the Council of Deans of Health is:

  • Be the principal source of informed opinion and advice on all matters concerning education and research for nursing, midwifery and allied health professions (AHPs) in the UK, and its relation to the National Health Service and to similar education in universities in other countries.
  • Work to improve and maintain quality in nursing, midwifery and AHP education and research, and to exchange information and good practice.
  • Promote nursing, midwifery and AHP education and research through collaboration with Government Departments, Professional and Statutory Bodies, the Research Councils and other organisations.
  • Serve as the first point of reference for the media in this area.

And for our income generating activities:

  • To operate events to cover costs and use any surplus to fund the work of the Council, therefore using contact details for direct marketing activities.
  • To carry out activities funded externally that benefit our sector and membership.

And has considered the necessity test:

Processing individual’s data for the purposes of communicating with members, HE sector contacts, political, media, business and policy contacts is necessary to effectively service the needs and represent our members’ interests fully.

The Council and UUK consider the impact on the individual to be low (the balancing test):

  • Only targeting individuals working or having a professional interest in the higher education sector, using business contact details.
  • We believe there is value in individuals hearing about developments and opportunities in the sector
  • Providing opportunities for networking with peers.
  • The individuals have already expressed an interest in our work through signing up for regular newsletter, using the facilities or attending an event.
  • Users can opt out of communications
  • We are not using any special categories of data
  • We will not transfer the data to third parties.

There are safeguards in place:

Opportunity for all contacts to unsubscribe from mailings

  • Email ( for individuals to practice their rights (see section 6).
  • The amount of data held on individuals is restricted to only what is necessary, and kept no longer than necessary
  • Data will not be shared with third parties, without making individuals aware and having a clear data sharing agreement
  • Access to data is restricted to only staff who need it for the performance of their roles
  • IT systems are secure, with regular security testing programme in place.
  • Data protection training is done by all staff as part of their probation.

 10. Where our data is stored

Data is stored on premise in offices in London, Edinburgh and Cardiff. Where cloud hosted systems are in use, the data is stored in the EEA.

11. Profiling

When you visit our website, we may store some information on your computer. This information will be in the form of a ‘cookie’ or similar file and can help us in many ways. For example, cookies allow us to tailor a website to better match your interests and preferences. With most internet browsers you can erase cookies from your computer hard drive, block all cookies or receive a warning before a cookie is stored.

The web statistics package we use on our site, Google Analytics, sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage. This is to ensure that the service is available when you want it and fast. The following cookies are set by Google Analytics:

Cookie NameExpiration TimeDescription
_ga2 yearsUsed to distinguish users.
_gid24 hoursUsed to distinguish users.
_gat1 minuteUsed to throttle request rate.

For further details on the cookies set by Google Analytics, please refer to the Google Analytics documentation.

12. Our data retention policy

UUK has a policy on data and document retention. Retention periods are based on ICSA Guide to Document Retention (3rd Edition).  If you have questions on our retention policy, email

13. Leaving our websites

Links to external websites are not our responsibility and that once a user clicks on a link to an external site it will be subject to that organisation’s privacy policies, not ours.

14. How recent is this Privacy Policy

This policy was last updated in March 2018. It will be reviewed annually, or before if we introduce any changes to our data practices.