Records Management & Information Governance
- Records Management and Information Governance
- Data Protection
- Your information
- Privacy notice - Language-Driven Pedagogy (LDP) CPD
Language-Driven Pedagogy (LDP) CPD Privacy Notice
LDP (Language-Driven Pedagogy) is part of the Department of Education within the University of York. We organise Continuing Professional Development (CPD) courses for those involved in modern foreign languages education.
This privacy notice is for individuals applying/registering to attend LDP CPD courses, sessions and events. It sets out the ways in which LDP gathers, uses, stores and shares your data. It also sets out how long we keep your data and what rights you have in relation to your data under the General Data Protection Regulation (GDPR).
For the purposes of this privacy notice, University of York is the Data Controller as defined in the UK GDPR . For the University’s registration with the Information Commissioner’s Office, see the Information Commissioner's Register of Fee Payers. Our registration number is: Z4855807.
Where do we get your data from and what data do we collect about you?
We collect personal data about you when you register your interest in a course or apply to attend a course via our online booking system. We typically collect the following data for the purposes of liaising with you about the course:
- Your name;
- Your email address;
- Your role;
- Languages you teach (if applicable);
- Your school details (if applicable);
- Financial details for the purpose of paying for the course.
What is our legal basis for processing your data?
Under the UK GDPR, the University has to identify a legal basis for processing personal data. The University needs to collect and retain certain types of data, in various formats, about current and past LDP CPD course applicants/registrants in order to fulfil its functions as a CPD provider.
Typically, data will be processed:
- on the grounds of contractual requirement or to take steps to enter into a contract with you e.g. to provide you with training and support;
- because it is necessary for our legitimate interests;
- because you have given us your consent.
How do we use your data?
The University may process your personal data for the following purposes:
- to process your course registration and to liaise with you about the course logistics e.g. issue joining instructions, course materials etc. and creating, if appropriate, accounts on the LDP Learning Management System (LMS);
- to provide you with and manage your use of University facilities and services and your participation on courses, sessions and events;
- to administer the financial aspects of our relationship with you and any funders including processing any payments made by you to the University;
- to compile anonymised statistical information which the University may be required to publish;
- (if you have consented) to send marketing information to keep you updated about LDP events, courses, resources and activities. You may opt out at any time. If you no longer wish to be contacted for marketing purposes, you can either contact us at LDP Project or request to be removed or simply click the ‘unsubscribe’ button at the bottom of our marketing emails.
Who do we share your data with?
The University may share your data with:
- employees of the University for the purpose of providing you with appropriate support during the application process,
- third parties that process data on behalf of the University to support it in fulfilling its obligations and responsibilities to and relationship with you (e.g. software and system providers including but not limited to Administrate, MailChimp, MailJet, Zoom, Blackboard, Customer First, and WPM Education)
The University may also disclose your data to other 3rd parties not listed above on a case-by-case basis. Disclosures will be made in full accordance with the data protection legislation and only where necessary. Consent will be sought from you where appropriate and you will be told about such disclosures unless exceptional circumstances apply.
How do we keep your data secure?
The University maintains a high standard of information security. Access to information and systems for all users are restricted on a need-to-know basis, and security arrangements are reviewed to ensure their continued suitability. For further information see, our IT security webpages.
How do we transfer your data safely internationally?
In certain cases, your personal data will be transferred outside the UK. For these transfers, the University will always comply with UK GDPR obligations and use necessary safeguards to protect your data.
How long will we keep your data?
The University will only keep your data as long as necessary to meet legal requirements or satisfy a defined business need. Specific retention timeframes are set out in the University’s Records Retention Schedule.
What rights do you have in relation to your data?
Under the UK GDPR, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction of processing, objection or portability (in certain circumstances). You also have a right to withdraw consent, and rights relating to automated decision making. For more information see Individuals’ Rights.
Questions or concerns
If you have any queries about this privacy notice or about how your data is being processed, please contact the University’s Information Governance Team at dataprotection@york.ac.uk.
Right to complain
If you wish to make a data protection complaint, please contact the University’s Data Protection Officer at dataprotection@york.ac.uk.
If you are unhappy with the way in which the University has handled your personal data, you also have a right to complain to the Information Commissioner’s Office (ICO).
Changes to our privacy notice
We keep our privacy notices under regular review. This privacy notice was last updated on 16 June 2026.