top of page



Privacy Notice – The International Academy of Surgical and Prosthetic Design (SPD)


SPD is part of Cardiff Metropolitan University. It was established in 2020 by the University’s International Centre for Design and Research – PDR and is responsible for the research and development of healthcare applications of 3D design software and manufacturing.


The following Notice describes how your data is managed by SPD in accordance with data protection legislation - the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA18).



Cardiff Metropolitan University is the Data Controller and is committed to protecting the rights of individuals in line with the GDPR and the DPA18. The University’s Privacy Statement can be found here.


Data Protection Contact

Cardiff Metropolitan University’s Information and Data Compliance Officer can be contacted via the following routes (if you have any further queries regarding the processing of your data):


Email: and/or



By means of this notice, SPD wishes to notify you of the following:


  • The Personal Data and Special Category Data SPD collects;

  • Why SPD collects and processes this data;

  • Who has access to this data and who SPD shares the data with;

  • The legal basis for processing Personal and Special Category Data;

  • Individual Rights;

  • Technical and organisational measures to ensure Personal Data remains secure;

  • Retention periods; and

  • General information.

Personal Data Collected


Email address(es)

Your current location


The Internet Protocol (IP) address used to connect your computer to the internet


Special Category Data Collected

(Please note: Special Category Data is personal data that needs more protection because it is sensitive)

SPD is not collecting any Special Category Data.


What SPD uses your Personal Data for

SPD collects your Personal Data when you subscribe to its newsletter. The newsletter is used to update you on the following:

  • New video launches;

  • Webinar events; and

  • Other marketing media.


Please note:

SPD uses MailChimp to collect and store your Personal Data when you subscribe to its newsletter. Please click here for MailChimp’s Privacy Notice.

MailChimp is a US based company and although the company is fully accepting of its data protection and information security obligations, the US does not have the same robust and stringent data protection laws as those in the UK and the EU. Please familiarize yourself with MailChimp’s Privacy Policy and if you have any concerns over the handling of your data contact

Sharing Information with Other Organisations

Personal Data provided to subscribe to SPD’s newsletter will be only be accessed to facilitate distribution of the newsletter: It is not sold or provided to any third parties unless the law allows. Your personal information is handled and stored in line with relevant data protection legislation.

SPD’s Legal Basis for Processing Your Personal Data

To process your Personal Data, SPD must ensure that it is compliant with one of the ‘Lawful Bases’ for processing data under Article 6 of the UK GDPR. This means that it must have a lawful reason for using/storing personal information for the purposes outlined in the “What SPD uses your Personal Data for” section of this notice.


Article 6.1 (a) – Consent

SPD relies on your explicit consent to use your Personal Data to send you a newsletter. When subscribing to the newsletter, your explicit consent is recorded via a double opt-in consent check system. The first opt-in occurs at subscription phase. The second opt-in is sent to your email address for the purpose of email verification before you are added to the newsletter distribution list. You have the right to withdraw consent at any time, without having to give a reason, using the unsubscribe function at the bottom of every newsletter.


Individual Rights

The lawful basis for processing can affect which Rights are available to individuals. Using Consent as the lawful basis for processing, your Individual Rights include:

  • The Right to Access

  • The Right to Rectification

  • The Right to Erasure

  • The Right to Portability

  • The Right to Withdraw Consent


For more information about these Rights, please click here.


Security of Processing

Technical and organisational measures have been implemented to ensure personal data processed remains secure, however absolute security cannot be guaranteed. Should you have a concern about a method of data transmission, the University will take reasonable steps to provide an alternate method.


Retention of Personal Data

The Personal Data collected by SPD will be retained until you unsubscribe from the newsletter distribution list, upon which time your data will be deleted within one month of unsubscribing.


Cardiff Metropolitan University has a Data Protection Policy, which can be found here.


If you wish to make a complaint about the way your personal data has been processed you can find details of how to do so here.

Use of Cookies 

Please visit our cookies page.

bottom of page