×
 

Skip to content

Policies

Below you can read about The Game Assembly’s privacy notice and cookie policy.

Student Privacy Notice – The Game Assembly (HND Programmes)

Last updated: 2025-10-16

1) Who we are and what this notice covers

This notice explains how The Game Assembly (“TGA”, “we”, “us”) collects, uses, shares and protects personal data for learners on Higher National Diploma (HND) programmes.

Core legal framework: UK GDPR and Data Protection Act 2018 (DPA 2018).
Context: The Data Use and Access Act 2025 has been enacted; DfE will issue sector-specific guidance. We will update this notice when DfE/ICO publish operative details.

The Game Assembly is registered as a data controller with the UK Information Commissioner’s Office (ICO). Our registration reference is ZB903619.

2) What data we process (adults) and why

We process the following, strictly tied to purpose limitation and data minimisation principles:

- Personal details: identifiers, contact info, nationality, learner numbers.
- Education records: enrolment, attendance, coursework, assessments, progression.
- Support & equal opportunities (special category where applicable): health/disability, ethnicity, religion, sexual orientation – only where needed for support or statutory monitoring.
- Criminal offence data (if required for placements/safeguarding): processed under Article 10 UK GDPR + DPA 2018 Schedule 1 with an Appropriate Policy Document.

3) Lawful bases (Article 6) and conditions (Articles 9 & 10)

Our lawful bases include Public task, Contract, Legal obligation, Vital interests, and Consent. Special category data relies on Article 9(2)(g) (substantial public interest) or explicit consent. Criminal offence data relies on Article 10 UK GDPR with DPA 2018 Schedule 1 conditions and an Appropriate Policy Document.

4) Sharing your data

We share data with:

  • Pearson (awarding body) – registration, assessment, certification.
  • Department for Education (DfE) / ESFA – statutory/funding returns where applicable.
  • Regulators/auditors – where legally required.
  • Work placement hosts/partners – only necessary data (health/safeguarding info if justified).
  • CLC (Higher Education Partner) – or programme delivery, oversight and compliance. CLC acts as an independent data controller for the data they receive. Learners can access CLC’s Privacy Notice here: https://liv-coll.ac.uk/about-us/policies-and-procedures/data-protection

5) International transfers

Where cloud services or processors are located outside the UK, we use approved safeguards (UK IDTA or SCCs), conduct risk assessments, and reflect this in contracts.

6) Use of photos, communications and AI tools

Photos: consent required for external online publication; legitimate interests may apply in other cases.
Electronic communications: comply with PECR; consent obtained where required.
Generative AI: no identifiable data entered into open tools; DPIAs conducted where high risk.

7) Records, retention and deletion

We maintain a Record of Processing Activities and keep data no longer than necessary. Our Retention Schedule is available on request or via our website.

8) Your rights (adults)

You have rights to be informed, access, rectification, erasure, restriction, portability (where applicable), objection, and to not be subject to solely automated decisions. We respond within one calendar month (extendable for complex cases).

9) Security and data breaches

We apply proportionate technical and organisational measures. Where a data breach meets the legal threshold, we notify the ICO and affected individuals without undue delay.

10) Roles, responsibilities and DPO

TGA is the data controller for most learner data. Pearson and DfE act as independent controllers for copies they receive.

11) Contact and complaints

TGA contact: [email protected].
Supervisory Authority: Information Commissioner’s Office (ICO)

Cookiepolicy

Last updated: 2024-10-04

Cookies

This policy explains how we use cookies and how you can choose whether and how cookies are installed on your device (typically a computer, tablet, or phone).

Cookies are small text files containing information that enable various functions on the website. There are two types of cookies: persistent and temporary. Persistent cookies remain for a set period after you visit the site, while temporary (session) cookies are deleted when you close your browser.

Through our cookie consent tool, you can choose which cookies you want to accept. However, some cookies, necessary for the website to function, cannot be opted out of.

Our website uses cookies for specific purposes within the following four main categories:

  • Necessary Cookies: These are essential for the website to function, and you cannot opt out of them.
  • Functional Cookies: These cookies make your visit to the website easier. For example, they remember the language you selected, so you don't have to choose it each time you visit. You can opt out of these cookies if you wish.
  • Analytics Cookies: We use analytics cookies to evaluate search and usage behaviors on our website, with the goal of improving the user experience. You can opt out of these cookies.
  • Marketing Cookies: Information about your visit to our website, and in some cases your device, may be shared with other companies within and outside the AcadeMedia Group. This mainly includes our partners such as web agencies, but also platforms like Facebook, Google, and Snapchat.

Some cookies, which are essential for the website’s functionality, cannot be opted out of.