Privacy Policy

Under the GDPR 2018, everyone who has data held by an organisation is a 'data subject' and will have more rights regarding how their data is held, used and disposed of.

CDEP has updated the Terms and Conditions and Privacy Policy to comply with the GDPR and the new rights listed below.

The right to be informed - Data subjects must be told what personal data is being held, what it is being used for and why. They should also be informed if any data breaches occur in a timely manner.
The right of access - Data subjects are allowed to see what data of theirs is being processed upon request.
The right of rectification - If personal data held by organisations is incorrect; they have an obligation to correct it.
The right to erasure - Data subjects can demand that personal data held about them is deleted where there is no compelling reason for its on-going storage.
The right to restrict processing – Data subjects have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances.
The right to data portability - At the data subject’s request their data must be moved to another processor.
The right to object - If a data subject does not like the way their data is being used they can request that the use is stopped, and that must happen unless there is an overriding legitimate reason to continue using it.
Rights in relation to automated decision-making or profiling - Data subjects can demand that a human review any decision made by software alone.

Click here for more information on the GDPR and the rights it provides for individuals.

CDEP appreciates that your privacy is of utmost importance and that you are concerned about the way your information is used and shared. We respect and value all CDEP users’ privacy and only collect and use information that are useful to improving the learning opportunity offered to you and in a manner consistent with your rights and our obligations under the law.

What is this Privacy Policy for?

This privacy policy is for both the Cambridge Diabetes Education Programme (CDEP) and CDEP's sister site - the Cambridge Diabetes Education Programme Australia (AusCDEP). The terms 'CDEP', 'we' and 'us' refer to both websites. The policy sets out how we use personal data and what we data we publish or share with other organisations.

General data protection statement

Any personal information you share with us will be processed in accordance with the UK Data Protection Act 1998. Your data will be used for the purposes of managing CDEP (i.e. providing you with secure access to CDEP’s online diabetes education platform to complete your e-learning topics and access your reports, certificates and reflection documents.). Access to your CDEP account is password protected and passwords are account specific

CDEP will not share any identifiable individual data with any third party. On request, we will share aggregate data with employing organisation or wider commissioning bodies if they have purchased bulk CDEP licences so they can monitor uptake and utilisation of CDEP within their region to support equality in diabetes education opportunities as well as target local diabetes education and training strategies. We also publish aggregated, anonymised data for audit and research purposes.

CDEP will, from time to time, contact you (via email) about CDEP to inform you of any changes or additions to the diabetes learning opportunities CDEP offers you.

CDEP has appropriate organisational and technical measures in place to look after your personal data and we will not keep it for any longer than is necessary.

The CDEP website

CDEP has taken all the necessary steps to protect your privacy. This is a fundamental part of CDEP’s design and functionality. This website complies with all UK national laws and requirements for user privacy. All personal data is held securely and in accordance with the Data Protection Act 1998.

CDEP has no inbuilt automated decision-making or profiling functionality. There are no advertising or sponsored links used on the website.

CDEP does not have access to or store any banking details. All online financial transactions are conducted directly on the Paypal website and fall within their security and privacy policies.

CDEP uses Google Analytics tracking software to better understand how you use the website.

Electronic communications are by nature not guaranteed to be 100% secure and CDEP urges you to make use of appropriate security tools on your device.

How does CDEP use your personal data or CDEP activity and why?

We use your personal data (name and email address) for the following purposes:

to send email newsletters to you
to manage your registration
to troubleshoot any issues you report to us

CDEP uses your anonymised CDEP demographic and activity data for the following purposes:

Aggregated data is used for research and improving the learning opportunity provided.
For organisation who have purchased bulk CDEP licences for their staff, aggregated data is provided to support them monitor uptake and utilisation of CDEP to ensure equality of education opportunities as well as focus diabetes education and training strategies across their area. Individual staff names and email addresses are not shared to protect confidentiality.

Aggregated data provided in reports to organisations include:

Roles of the staff using CDEP (i.e. nurse, doctor, dietitian, paramedic, midwife, podiatrist, etc)
Name of the practice / trust / care home / etc. in which staff work
Healthcare sector (general pratice, hospital trust, community service, ambulance trust, mental health trust, other)
Clinical commissioning group or health education area that organisation falls in (source: NHS Digital Data)
Total number of staff registered, the date registered and date the account expires
CDEP registration level (core, intermediate, diabetes specialist, expert or consultant)
Total number of registered users active on CDEP (i.e. started a topic)
Total number of registered users with completed topics (i.e. certificates)
Total number of certificates generated and names of the topics certificates
Average number of attempts per topic and per competency
Which learning resources have been access
Average evaluation of the impact of undertaking CDEP
Anonymised verbatim feedback

Other than as set out in this policy, CDEP does not pass on your personal information to any third parties save where this is necessary to comply with the law.

Use of cookies

This website uses cookies to improve your experience when visiting the website. Cookies are small files saved to your device that track, save and store information about your interactions with and usage of the website. This allows the website, through its server to provide you with a tailored experience within this website. If you don’t want cookies to be stored on your device, you should make the necessary changes to your device or the relevant browsers or apps.

Google Analytics tracking software will save a cookie to your device in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.

Contact and Communication

CDEP attempts to ensure its email communication process is safe and secure, but the nature of electronic communications means this is not completely secure.

We use information you submit:

to provide you with further information about CDEP
to assist you in answering any questions or queries you may have
to send newsletters to you

Email newsletter

Emails will be sent to you (via Mailchimp) which contain tracking facilities within the actual email. Your email activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity, other activity around how you access and view the emails and tracking with the aim of improving your experience and how we present our email newsletter going forward. This information is used to refine future email campaigns and supply you with more relevant content based around your activity.

You will be able to unsubscribe from an email newsletter from us by clicking the applicable unsubscribe link in our email – or other instructions provided by us in the email.

External links

Although this website only looks to include quality, safe and relevant external links, take care before clicking any external web links. External links are clickable text / banner / image links to other websites.

We cannot guarantee or verify the contents of any externally linked website. We are not responsible for these external websites or how they use your personal data.

Social media platforms

CDEP participates with social media platforms subject to their privacy policies and terms. CDEP does not request personal data through social media platforms. CDEP recommends that social media platforms be used wisely and people should engage with them using due diligence and caution in regard to their own personal data.

The CDEP website uses social sharing buttons which help share web content directly from web pages to social media platforms. These buttons should be used with care. Please note that the social media platform may track and save requests to share a web page through your social media platform account.

URLs and shortened links

CDEP shares web links on social media. Sometimes, these links can be shortened. These shortened URLs or even the displayed URL can be hacked or otherwise changed against our wishes to divert you to another site. We are not responsible if you are redirected to the incorrect site.

Contact CDEP

Please contact Candice Ward in writing if you wish to invoke any of your individual rights regarding data protection as laid out by the GDPR.