Privacy and cookies

Privacy policy

How we use information you give to us

This policy explains how Health Education England (referred to as 'we', ‘our’ or ‘us’ below) uses any personal data we collect from you or which you give to us and the ways we protect your privacy. Protecting the privacy and personal data of the visitors to our website (‘this site’) is of the utmost importance to us.

By visiting this site you are accepting and consenting to the practices described in this policy.

The Data Protection Act 1998

We are committed to meeting our obligations under the Data Protection Act 1998 (“the Act”) and protecting the rights of and freedoms of individuals protected under the Act. For the purpose of the Act, the data controller is Health Education England of 1st Floor Blenheim House, Duncombe Street, Leeds, LS1 4PL.

Information we may collect from you

We may collect and process the following data about you:


Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

Uses made of the information

We use information held about you in the following ways:

Disclosure of your information

We will not share your personal data with third parties for commercial purposes.

We may share your information with selected third parties including:

We may disclose your personal information to third parties:

Where we store your personal data

The data that we collect from you will not be transferred to, or stored at, any locations outside the European Economic Area.

All information you provide to us is stored on our secure servers.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of this site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to this site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Statement coverage

This privacy statement applies to this site only. It does not cover links within this site to other websites.  If you follow a link to any third party websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to such websites.

Access to information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Changes to the policy

If the privacy policy changes in any way, we will place an updated version on this page. Please check back regularly to ensure that you are always aware of the information that we collect, how we use it and under what circumstances, if any, we will share it with third parties.

Contacting us

If you have any questions about this privacy statement or the practices of this site, you can contact us on  

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing, or request that we remove you from our database, by contacting us on  

Cookie policy 

Information about our use of cookies

Cookie policy

Regulation 6(1) of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (2003 Regulations) as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208) (2011 Regulations) requires website operators and other online providers that set cookies on their users' equipment to provide internet users with clear and comprehensive information about the purposes for which the cookie is stored and accessed.

This cookie policy forms part of a layered approach providers may take to comply with this obligation. Providers can either link to the cookie policy directly from a prominent place on their website (for example, the website header), or they can link to it from a short-form notice or the relevant place in their privacy policy.

For more information about cookies and the practical steps providers can take to comply with their obligations under the Regulations, see Practice notes, Cookies: UK issues ( and Complying with the new cookie regime: practical steps (

For a sample short-form notice, see Standard document, Information about cookies: short-form notice (

For a sample privacy policy, see Standard document, Privacy policy (

This site uses cookies to distinguish you from other users of this site. This helps us to provide you with a good experience when you browse this site and also allows us to improve this site. By continuing to browse the site, you are agreeing to our use of cookies.

Consent to receive cookies

Cookies are small data files that most website operators place on the browser or hard drive of their user's computer. Cookies may gather information about the user's use of the website or enable the website to recognise the user as an existing customer when he returns to the website at a later date. More recently, cookies have also been used to collect information about the user which allows the website operator or a third party to create a profile of the user, his preferences and his interests for the purpose of serving the user with targeted, interest-based advertising.

Most browsers automatically accept cookies by default, but users can change those settings to block some or all cookies.

It has long been the opinion of the Information Commissioner that cookies can be classified as storing personal data, at least where the information collected might later be combined with other personal information the website operator or a third party holds about the user (for example, information the user has provided when first registering on the website or when purchasing goods or services). The collection and use of cookies therefore always had to comply with the Data Protection Act 1998.

Under the 2003 Regulations as originally drafted, the user also had to be given the opportunity to refuse the storage of, or access to, such cookies. However, following the coming into force of the 2011 Regulations, website operators must now obtain the users' consent to the use of cookies (Regulation 6(2)(b), 2003 Regulations as revised by the 2011 Regulations).

The 2011 Regulations do not include any detailed provisions on how user consent should be obtained. However, the Information Commissioner has issued guidance on the practical steps providers can take to comply with the new obligations. For more information about ways to obtain user consent, see Practice note, Complying with the new cookie regime: practical steps (

The ICO's guidance specifically permits the use of so-called "implied consent" solutions, provided that the website operator provides clear information to the user, which of the user's actions (for example, continuing to browse the site) will be deemed to constitute his consent to the operator's use of cookies. However, website operators should note that the use of implied consent is controversial in other member states, whose legal requirements may not be satisfied through these solutions.

If a user accepts cookies from the site, it might makes sense for the website operator to store that preference (for example, by setting a "cookie acceptance" cookie on the user's browser or hard drive) to avoid the need to obtain consent again when the user next visits the site. The 2003 Regulations allow website operators to make the user's access to certain web pages dependent on his acceptance of cookies. As a matter of good practice, the user should be informed, however, that restrictions on his use of the website apply if he decides to reject cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:





Google Analytics


  • Google Analytics cookie which to track visitor behaviour and measure site performance.

Approximately 2 years

Google Analytics


  • This cookie determines new sessions and visits

30 minutes

Google Analytics


  • This cookie is used in combination with the _utmb cookie to identify new sessions/visits for returning visitors.

On closure of browser

Google Analytics


  • This cookie can tell site owners where visitors came from when arriving on the site.

6 months


Session Cookie SESS*

  • The Session cookie is used when accessing pages of the site that require username and password authentication. This cookie determines that a user is logged in. When the user logs out of the site, this cookie is removed from the browser.

On logging out of the site



  • Logs whether the site has JavaScript enabled which allows the appropriate content to be delivered

End of Session

Third-party cookies

Since they do not have a direct relationship with the user, third parties (for example, advertising networks) that want to place cookies on users' equipment through a website that they do not operate themselves will find it difficult to provide users with the necessary information and to obtain valid consent. The Information Commissioner's guidance therefore raises the possibility that third parties may wish to consider including a contractual obligation into their agreements with website owners that imposes an obligation on those website owners to satisfy themselves that appropriate steps will be taken to provide information about the third-party cookies and obtain consent.

Given that they have no control over the cookies set by their advertisers, website owners should ideally reject such an obligation. Instead they should bring the fact that third parties may be given access to the website for the purpose of setting cookies to the user's attention without being seen to accept any liability for the third party's compliance with its legal obligations. For more information about third-party cookies, see Practice notes, Cookies: UK issues ( and Complying with the new cookie regime: practical steps (

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of this site.

Make a comment or report a problem with this page

Help us improve Health Careers