Privacy Policy

Under the GDPR 2018, everyone who has data held by an organisation is a 'data subject' and will have more rights regarding how their data is held, used and disposed of.

CDEP has updated the Terms and Conditions and Privacy Policy to comply with the GDPR and the new rights listed below.

  • The right to be informed - Data subjects must be told what personal data is being held, what it is being used for and why. They should also be informed timeously if any data breaches occur.
  • The right of access - Upon request, data subjects are allowed to see what data of theirs is being processed.
  • The right of rectification - If personal data held by organisations is incorrect; they have an obligation to correct it.
  • The right to erasure - Data subjects can demand that personal data held is deleted where there is no compelling reason for its ongoing storage.
  • The right to restrict processing – Data subjects have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances.
  • The right to data portability - At the data subject’s request, their data must be moved to another processor.
  • The right to object - If a data subject does not like the way their data is being used, they can request that the use is stopped. This must then be stopped unless there is an overriding, legitimate reason to continue using it.
  • Rights in relation to automated decision-making or profiling - Data subjects can demand that a human reviews any decision made by software alone.

Click here for more information on the GDPR and the rights it provides for individuals.

CDEP appreciates that your privacy is of utmost importance and that you are concerned about the way your information is used and shared. We respect and value all CDEP users’ privacy and only collect and use information that is useful to improving the learning opportunity offered to you, and in a manner consistent with your rights and our obligations under the law.

What is this Privacy Policy for?

This privacy policy is for Cambridge Diabetes Education Programme (CDEP). The policy sets out how we use personal data and what data we publish or share with other organisations.

General data protection statement

Any personal information you share with us will be processed in accordance with the UK Data Protection Act 1998. Your data will be used for the purposes of managing CDEP (i.e. providing you with secure access to CDEP’s online diabetes education platform to complete your e-learning topics and access your reports, certificates and reflection documents). Access to your CDEP account is password protected and passwords are account specific.

CDEP will not share any identifiable, individual data with any third party. On request, we will share aggregate data with an employing organisation or wider commissioning bodies such as the Clinical Commissioning Group (CCG) or Clinical Networks, provided they have purchased bulk CDEP licences in order to monitor uptake and utilisation of CDEP within their region so as to support equality in diabetes education opportunities as well as target local diabetes education and training strategies. We also publish aggregated, anonymised data for audit and research purposes.

CDEP will, from time to time, contact you (via email) about CDEP to inform you of any changes or additions to the diabetes learning opportunities CDEP offers you.

CDEP has appropriate organisational and technical measures in place to look after your personal data and we will not keep it for any longer than is necessary.

The CDEP website

CDEP has taken all the necessary steps to protect your privacy. This is a fundamental part of CDEP’s design and functionality. This website complies with all UK national laws and requirements for user privacy. All personal data is held securely and in accordance with the Data Protection Act 1998.

CDEP has no inbuilt, automated decision-making or profiling functionality. There are no advertising or sponsored links used on the website.

CDEP does not have access to or store any banking details. All online financial transactions are conducted directly on the Paypal website and fall within their security and privacy policies.

CDEP uses Google Analytics tracking software to better understand how you use the website.

Electronic communications are by nature, not guaranteed to be 100% secure and CDEP urges you to make use of appropriate security tools on your device.

How does CDEP use your personal data or CDEP activity and why?

We use your personal data (name and email address) for the following purposes:

  • to send email newsletters to you
  • to manage your registration
  • to troubleshoot any issues you report to us

CDEP uses your anonymised CDEP demographic and activity data for the following purposes:

  • Aggregated data is used for research and improving the learning opportunity provided.
  • For organisations who have purchased bulk CDEP licences for their staff, aggregated data is provided to support them in monitoring uptake and utilisation of CDEP so as to ensure equality of educational opportunities as well as a focus on diabetes education and training strategies across their area. Individual staff names and email addresses are not shared to protect confidentiality.

Aggregated data provided in reports to organisations include:

  • Roles of the staff using CDEP (i.e. nurse, doctor, dietitian, paramedic, midwife, podiatrist, etc)
  • Name of the practice / trust / care home / etc. in which staff work
  • Healthcare sector (general practice, hospital trust, community service, ambulance trust, mental health trust, other)
  • Clinical commissioning group or health education area that organisation falls into (source: NHS Digital Data)
  • Total number of staff registered, the date registered and date that the account expires
  • CDEP registration level (core, intermediate, diabetes specialist, expert or consultant)
  • Total number of registered users active on CDEP (i.e. started a topic)
  • Total number of registered users with completed topics (i.e. certificates)
  • Total number of certificates generated and names of the topic certificates
  • Average number of attempts per topic and per competency
  • Which learning resources have been accessed
  • Average evaluation of the impact of undertaking CDEP
  • Anonymised verbatim feedback

Other than as set out in this policy, CDEP does not pass on your personal information to any third parties apart from when this is necessary to comply with the law.

Use of cookies

This website uses cookies to improve your experience when visiting the website. Cookies are small files saved to your device that track, save and store information about your interactions with and usage of the website. This allows the website, through its server, to provide you with a tailored experience within this website. If you don’t want cookies to be stored on your device, you should make the necessary changes to your device or the relevant browsers or apps.

Google Analytics tracking software will save a cookie to your device in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.

Contact and Communication

CDEP attempts to ensure its email communication process is safe and secure, but the nature of electronic communications means this is not completely secure.

We use the information you submit:

  • to provide you with further information about CDEP
  • to assist you in answering any questions or queries you may have
  • to send newsletters to you

Email newsletter

Emails may be sent to you (via Mailchimp) which contain tracking facilities within the actual email. Your email activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity, other activity around how you access and view the emails and tracking with the aim of improving your experience and how we present our email newsletter going forward. This information is used to refine future email campaigns and supply you with more relevant content based on your activity.

You will be able to unsubscribe from an email newsletter from us by clicking the applicable unsubscribe link in our email – or other instructions provided by us in the email.

External links

Although this website only looks to include quality, safe and relevant external links, take care before clicking any external web links. External links are clickable text / banner / image links to other websites.

We cannot guarantee or verify the contents of any externally linked website. We are not responsible for these external websites or how they use your personal data.

Social media platforms

CDEP participates with social media platforms subject to their privacy policies and terms. CDEP does not request personal data through social media platforms. CDEP recommends that social media platforms be used wisely and people should engage with them using due diligence and caution with regard to their own personal data.

The CDEP website uses social sharing buttons which help share web content directly from web pages to social media platforms. These buttons should be used with care. Please note that the social media platform may track and save requests to share a web page through your social media platform account.

URLs and shortened links

CDEP shares web links on social media. Sometimes, these links can be shortened. These shortened URLs or even the displayed URL can be hacked or otherwise changed against our wishes to divert you to another site. We are not responsible if you are redirected to the incorrect site.

Contact CDEP

Please contact Candice Ward in writing if you wish to invoke any of your individual rights regarding data protection as laid out by the GDPR.

Further reading and resources

General Data Protection Regulation (GDPR)
Data Protection Act 1998
Twitter Privacy Policy
Facebook Privacy Policy
Instagram Privacy Policy
Google Privacy Policy
LinkedIn Privacy Policy
MailChimp Privacy Policy
PayPal Privacy Policy