We understand that the TNE Readiness Audit asks institutions to share candid assessments of their capabilities and governance. We take the handling of this information seriously. This page explains what data we collect, how we use it, who has access, and your rights.
Last updated: April 2025
Your name and email address are required to begin the assessment. Institution, role, and TNE context are optional. We also record your responses to the seven sample diagnostic questions and the readiness scores generated. This data is held securely by IndaloHE Ltd, used only for service improvement and to support any follow-up you may request, and never shared with third parties. Lawful basis: legitimate interest. Retention: 24 months from submission.
Institution name, respondent name, role, and email address. Institutional profile information including institution type, current TNE portfolio, governance structure, and target markets. Your responses to the comprehensive diagnostic across all seven assessment domains, and the resulting scores and analysis.
Information shared during advisory and programme leadership engagements is governed by the terms of the specific engagement agreement and is treated as confidential.
The Indalo conversational agent on this website is provided through ElevenLabs Conversational AI, with the underlying language model from Anthropic (Claude). When you interact with Indalo, your messages and the agent's responses are processed by these third parties under their respective terms. IndaloHE Ltd may access conversation logs to improve the service, identify common questions, and inform product development.
Indalo is an AI-driven information service, not a substitute for tailored professional advice. Conversation data is retained for up to 24 months. Lawful basis: legitimate interest. We do not use Indalo conversations to identify or contact individual users unless you proactively share contact details and request follow-up.
Your audit responses and institutional profile are used to produce your TNE Readiness Report. This is the primary purpose of data collection and the basis on which you engage with the service.
With your explicit consent, we may include your audit data — fully anonymised and aggregated — in sector-wide benchmarking analysis. This benchmarking helps all participating institutions understand how their readiness compares with the sector. No institution is identifiable in benchmarking outputs. You can opt out of benchmarking at any time without affecting your audit report.
We may use anonymised, aggregated patterns from audit data to improve the diagnostic methodology and develop new advisory services. No individual or institutional data is used for this purpose without anonymisation.
Your institutional data is seen only by the Indalo HE team members directly involved in producing your report. Specifically:
Not shared with third parties. Your data is not shared with other universities, partner organisations, government bodies, or any third party. If specialist associates are involved in your engagement, they operate under confidentiality agreements with Indalo HE.
Not published. Your institutional data, scores, or findings are never published or made public in any form.
Not identifiable in benchmarking. If you consent to benchmarking participation, your data is anonymised and aggregated with other institutions. No individual institution can be identified from benchmarking outputs.
Audit data is stored securely using encrypted cloud services based in the United Kingdom. Access is restricted to authorised Indalo HE personnel. We use industry-standard security measures appropriate to the sensitivity of the information held.
All audit data — sample and full — is held using encrypted cloud services in the United Kingdom or European Economic Area, with access restricted to authorised IndaloHE personnel.
Active engagements: Your data is held securely for the duration of your advisory relationship with Indalo HE, including any ongoing review or support arrangements.
Completed engagements: Following the completion of an engagement, your data is retained for a period of 12 months to allow for follow-up enquiries or re-assessment, after which it is securely deleted unless you request otherwise.
Deletion on request: You may request deletion of your data at any time by contacting us. We will confirm deletion within 30 days.
Report delivery: Contractual necessity — processing your data is necessary to deliver the audit service you have commissioned.
Benchmarking: Consent — you are asked to opt in to benchmarking participation separately, and may withdraw consent at any time.
Under UK data protection law (UK GDPR), you have the right to access, correct, or delete your personal data held by us. You have the right to withdraw consent for benchmarking at any time. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled improperly.
To exercise any of these rights, please contact us at the address below.
For any questions about data handling, privacy, or to exercise your rights:
Data Controller
IndaloHE Ltd