The STEM Exchange is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the The STEM Exchange site and governs data collection and usage. By using the The STEM Exchange site, you consent to the data practices described in this statement.
This policy covers who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and the relevant channels in the event that something goes wrong.
When we ask you to supply us with personal data we will make it clear whether the personal data we are asking for must be supplied, for example, so that we can provide products and services to you, or whether the supply of any personal data we ask for is optional.
Who are we?
The STEM Exchange acts as a matching service, providing teachers and young people (aged 14 and over) with the opportunity to access face-to-face science, technology, engineering and maths (STEM) experiences offered by employers.
It was established by Semta and originally commissioned and funded by the Education and Training Foundation (ETF).
For the purposes of Applicable Laws (including the GDPR), The STEM Exchange is the 'controller' of the personal data you provide to us or one of our associated companies.
If you have any queries about this Policy, the way in which The STEM Exchange processes personal data, or about exercising any of your rights, please contact us via email at firstname.lastname@example.org or write to us at:
Unit 2, The Orient Centre
What personal data do we collect?
Personal data means, in summary, any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Information you provide to us
- complete a form on our Website
- complete a survey
- correspond with us by phone, e-mail, or in writing
- report a problem
- sign up to receive our communications
- create an account with us
- enter into a contract with us to receive products and/or services
We may collect identity and contact data, such as your name, personal/work e-mail address, postal address, telephone number and job role (including where relevant the name of your employer).
Information we collect about you
If you visit our Website, we may automatically collect the following information:
- technical information, including the internet protocol (IP) and other security address used to connect your computer to the Internet, login information (such as login, password and other security information), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- information about your visit to our Website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Please also see the section below headed 'Website Cookie Use'.
Information we receive from other sources
We may also receive information about you if you use any of the other websites we operate or the other services we provide.
As an organisation contributing to a national system of qualifications, The STEM Exchange are required by the regulators to collate and provide comprehensive data. The STEM Exchange will process personal data in accordance with the statutory regulation of external qualifications in England, Wales and Northern Ireland. The minimum data requirements we would normally provide to regulatory bodies are:
- Centre data - centre number (UCN), name, address, postcode, telephone number and centre type
- learner data - surname, first name, date of birth, gender, ethnic group, address, postcode, telephone number, e-mail address, awarding organisation's registration number and/or unique learner number, registration date, unit certification, final result, award date, particular assessment requirements, language(s) in which assessment is taking place, i.e. English and/or Welsh/Irish
- qualification and unit data - qualification(s) code(s), qualification level, title, unit code, unit titles.
Information about other people
If you provide information to us about any person other than yourself, such as your relatives, next of kin, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
Sensitive personal data
In certain limited cases, we may ask for your consent to collect and process certain sensitive personal data from you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, sexual orientation, or details of criminal offences, or genetic or biometric data). Provision of that information is optional and we will ask for your separate explicit consent before we collect or processed that data.
How do we use your personal data?
Contract performance: we may use your personal data to fulfil a contract, or take steps linked to a contract:
- to provide the products and/or services to you
- to communicate with you in relation to the provision of the contracted products and services
- to provide you with administrative support such as account creation, security, and responding to issues
- provide you with industry information, surveys, information about our awards and events, offers and promotions, related to the products and/or services.
Legitimate interests: where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
- providing you with newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by The STEM Exchange which may be of interest to you
- communicating with you in relation to any issues, complaints, or disputes
- improving the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our Website
- performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns.
NOTE: you have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading Your rights.
Consent: where you have given your express consent to process personal data for any given purpose specified in that consent. For example you may give consent to receive marketing communications, in which case we may use your personal data to:
- send you newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by The STEM Exchange which may be of interest to you
- developing, improving, and delivering marketing and advertising for products and services offered by The STEM Exchange.
Please note that any such consent given by you (including consent to receive marketing communications) can be withdrawn at any time.
Marking Opt Out
Where you have consented to receive marketing communications from us (or a third party), you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us (or the third party concerned) or by following other marketing preferences/opt outs displayed on our websites (or on the website of the relevant third party).
Where required by law: we may also process your personal data if required by law, including responding to requests by government or law enforcement authorities, or for the prevention of crime or fraud.
Who do we share your personal data with?
We may share your personal data with members of the SEMTA Group (including EAL and SAS).
We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.
- legal and other professional advisers, consultants, and professional experts
- service providers contracted to us in connection with provision of the products and services such as providers of IT services and customer relationship management services
- Official bodies who we act on behalf of in relation to the services we provide
- analytics and search engine providers that assist us in the improvement and optimisation of our Website.
We will ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.
Some of the third parties with whom we may share your data (as referred to above) may be based outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. We are also registered under Privacy Shield on a voluntary basis.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We will share personal data with law enforcement or other authorities if required by applicable law.
How long will we keep your personal data?
Where we are required to do so by the contracts we have in place with agencies or providers, we will retain your personal data for the duration of the contract, and for a period of up to 7 years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we can use this information indefinitely without further notice to you.
Subject to the above, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
How and where do we store your personal data and how is it protected?
We can store personal data in paper or electronic format. We take reasonable steps to protect your personal data from loss or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Where you have a username or password (or other identification information) which enables you to access certain services or parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Under the GDPR, you have various rights with respect to our use of your personal data. We have summarised theses rights below. To exercise any of these rights, please contact us using our email or postal address given below under the heading 'Contact'.
Right to access
You have the right to request a copy of the personal data that we hold about you and to check that we are processing it lawfully. Please include with your request information that will enable us to verify your identity. We will respond within 30 days of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would adversely affect the rights and freedoms of others.
Right to rectification
We aim to keep your personal data accurate and complete. You have the right to require us to rectify/complete any inaccurate or incomplete personal data we hold about you. We encourage you to contact us to let us know if any of your personal data is not accurate, is incomplete or changes, so that we can keep your personal data up-to-date.
Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed or to comply with the law. Please note that these are exceptions to this right (e.g. compliance with law); if any such exception applies we will inform you when you make your request to us.
Right to object
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests (of us or a third party) or for the performance of a task in the public interest and there are no compelling overriding legitimate grounds for us to continue to process your personal data.
You also have a separate right to object to the processing of your personal data for direct marketing.
Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have contested the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing (see above, right to object) and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted or we no longer need the personal data for the purposes of processing, but you require the data in connection with legal claims.
Right to data portability
In certain circumstances, you have the right to request that your personal data is provided to you, and/or to another data controller, in a structured, commonly used, machine-readable format. This right only arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. Please note that the GDPR sets out exceptions to the above rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
The STEM Exchange is managed by Semta. If you have any queries about this Policy, the way in which we process personal data, or about exercising any of your rights, please send an email to email@example.com or write to
Unit 2, The Orient Centre
If you believe that your data protection rights may have been breached, you may lodge a complaint with the Information Commissioner's Office or to seek a remedy through the courts. Please visit https://ico.org.uk/concerns/ for more information on how to report a concern to the Information Commissioner's Office.
Although, you do have the right to complain as above, we would appreciate the chance to deal with any concerns you may have before you approach the Information Commissioner's Office; accordingly, we would ask that you contact us in the first instance to deal with any concerns.
Changes to our Policy
Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Policy. We will also provide you an archived version for reference.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.