Edinburgh Business School needs to obtain and process certain information about prospective students, students and alumni. The information we collect is used fairly, stored safely and not disclosed to any other person unlawfully. To do this, we comply with the General Data Protection Regulation (GDPR) Principles.
In summary, these state that personal data shall be:
• Processed lawfully, fairly and in a transparent manner in relation to individuals (lawfulness, fairness and transparency);
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (purpose limitation);
• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation);
• Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (accuracy);
• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (storage limitation);
• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).
Information about how we protect the personal data that we process is available here.
Data Protection Policy
Edinburgh Business School and all staff or others who process or use any personal information must ensure that they follow these principles at all times. Edinburgh Business School, a member of the Heriot-Watt Group, follows these principles at all times. In order to ensure that this happens, the University has developed a Data Protection Policy. If you have any questions about our Data Protection procedures, please contact our FOI & Data Protection Officer.
In this policy, website means Edinburgh Business School’s website at www.ebsglobal.net and its subdomains.
By using our website you consent to the collection, retention and use of your personal information in accordance with the terms of this policy.
Information we collect
• Personal details (such as your name, contact details, email address, etc) which you provide by registering with us or submitting an enquiry via the website.
• Your response to any surveys we may ask you to complete.
• How you use the website and any other information you email or otherwise send to us.
Visitors to our website
We collect this information in a way that does not identify anyone. We will not associate any data gathered from this site with any personally identifying information from any source.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Please see detailed information about the cookies we use.
Here's a list of the cookies we use
ASP.NET_SessionId: This identifies a user's single session
CMSPreferredCulture: This is the default culture/language of content which is set in Kentico CMS.
CountrySelected: This stores a cookie with information of the country the user has confirmed their location.
CurrentContact & VisitorStatus: These are used for identifying users and used to aid lead scoring.
_ga: Google analytics tracking
_dc_gtm_UA-304053-6: Google tag manager tracking
Hotjar - visitor journey analytics
More about cookies
If you'd like to know more about cookies in general and to how to manage them, visit aboutcookies.org or allaboutcookies.org (these open in an new window) Please note that we can't be responsible for the content of external websties.
We may collect information where available about your IP address, operating system and browser type. This is data about users’ browsing actions and patterns. It is used to inform improvements to the website, for system administration, and to report aggregate information to third parties.
Disclosure of your information
Authorised personnel within Edinburgh Business School will be able to access the information you provide to us. We may also disclose your information to authorised third parties, acting on behalf of Edinburgh Business School, for the purposes set out in the policy or for purposes approved by you.
Unless required or permitted to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction or damage.
The transmission of information via the internet is never completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal or other data transmitted to our website. Any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
We may amend this policy from time to time. If we make any substantial changes we will notify you by posting a prominent notice on the website.
You have the right to access the personal data which Edinburgh Business School holds about you (this is known as a ’subject access request’). For further information contact firstname.lastname@example.org.