Privacy Policy

Home / Privacy Policy

Privacy Policy


Foundation Year Network’s responsibilities under data protection legislation include the duty to ensure that we provide individuals with information about how we process personal data. We do this in a number of ways, one of which is the publication of privacy notices. Our privacy notices comprise two parts – a generic part and a part tailored to the specific processing activity being undertaken.

The following notice is Foundation Year Network’s Generic Privacy Notice.

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

If you complete a contact form then the data you provide will be retained for the purposes stated on the form. Data may be shared with members of the Foundation Year Network.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


We may collect data, such as aggregated information like the total number of times people engaged with the site, or individual pages for the purpose of reporting to the FYN Executive Committee and/or FYN membership.

Who we share your data with

Data collected and retained by this website may be shared with Members of the Foundation Year Network. We may share or disclose non-personal data, such as aggregated information like the total number of times people engaged with the site, the number of people who clicked on a particular link or voted on a poll  (even if only one did), the topics that people are posting about in a particular location, or reports to FYN members regarding the site use. We will never knowingly share any of your data with 3rd parties.

How long we retain your data

The Network keeps personal data for as long as it is needed for the purpose for which it was originally collected. Most of these time periods are set out in the Network Records Retention Schedule.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Privacy notices and/or consent

You have the right to be provided with information about how and why we process your personal data. Where you have the choice to determine how your personal data will be used, we will ask you for consent. Where you do not have a choice (for example, where we have a legal obligation to process the personal data), we will provide you with a privacy notice. A privacy notice is a verbal or written statement that explains how we use personal data.

Whenever you give your consent for the processing of your personal data, you receive the right to withdraw that consent at any time. Where withdrawal of consent will have an impact on the services we are able to provide, this will be explained to you, so that you can determine whether it is the right decision for you.

Accessing your personal data

You have the right to be told whether we are processing your personal data and, if so, to be given a copy of it. This is known as the right of subject access. Further information about this right is available in the Network’s Subject Access Requests document.

Right to rectification

If you believe that personal data we hold about you is inaccurate, please contact us and we will investigate. You can also request that we complete any incomplete data.

Once we have determined what we are going to do, we will contact you to let you know.

Right to erasure

You can ask us to erase your personal data in any of the following circumstances:

• We no longer need the personal data for the purpose it was originally collected
• You withdraw your consent and there is no other legal basis for the processing
• You object to the processing and there are no overriding legitimate grounds for the processing
• The personal data have been unlawfully processed
• The personal data have to be erased for compliance with a legal obligation
• The personal data have been collected in relation to the offer of information society services (information society services are online services such as banking or social media sites).

Once we have determined whether we will erase the personal data, we will contact you to let you know.

Right to restriction of processing

You can ask us to restrict the processing of your personal data in the following circumstances:

• You believe that the data is inaccurate and you want us to restrict processing until we determine whether it is indeed inaccurate
• The processing is unlawful and you want us to restrict processing rather than erase it
• We no longer need the data for the purpose we originally collected it but you need it in order to establish, exercise or defend a legal claim and
• You have objected to the processing and you want us to restrict processing until we determine whether our legitimate interests in processing the data override your objection.

Once we have determined how we propose to restrict processing of the data, we will contact you to discuss and, where possible, agree this with you.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

If you have any questions regarding your data or wish to request copies of the data we hold about you or to have that data erased, you can contact us at

Additional information

How we protect your data

We take data protection very seriously and will endeavour to protect our users’ data by ensuring that the site employs regularly updated security fixes and reduces potential avenues of exploitation.

What data breach procedures we have in place

All breaches of data protection legislation shall be reported immediately in compliance with current data protection legislation. If you suspect a data breach, please contact us at

What third parties we receive data from

We collect data from Twitter via an embedded feed. Please see Twitter Privacy Policy for information about how this data used

What automated decision making and/or profiling we do with user data

We do not use automated decision making and/or profiling with user data on this site.

Data Controller

The Data Controller is the Foundation Year Network. If you would like more information about how the Network uses your personal data, please see the Network’s Information Governance webpages or contact:

Clerk to the Network

Data Protection Officer

The Data Protection Officer is responsible for advising the Network on compliance with Data Protection legislation and monitoring its performance against it. If you have any concerns regarding the way in which the Network is processing your personal data, please contact the Data Protection Officer:

NAME: Wendy Ashall

Skip to toolbar