How we use your personal information
We collect and hold personal information relating to you during our enrolment process and may also receive information about you from your previous school, local authority and/or the Department for Education (DfE).
We use this personal data to:
- support your learning
- monitor and report on your progress
- provide appropriate pastoral care;
- assess the quality of our services; and
- validate claims for funding to provide our services
We collect the data to meet statutory obligations, to help protect the vital interests of our students and to perform contractual obligations for teaching purposes.
We comply with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) and all subsequent UK legislation relating to the protection of records, including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.
What information do we collect?
This information will include your personal details – name, date of birth, address, telephone number, personal email etc. This information is required to undertake a course of study at the college.
We also collect personal characteristics such as your ethnic group, any special educational needs you have as well as relevant medical information. In all cases we will ask your consent to record this information.
Any sensitive personal information we collect from you will never be supplied to anyone outside the College without first obtaining your consent, unless required or permitted by law.
For learners enrolling for post 14 qualifications, we match your records to the Learning Records Service to obtain your unique learner number (ULN) which may also give us details about your learning or qualifications.
Who collects the information?
Information is collected by college staff who have had specific training in data handling and are aware of the requirements to treat personal data in a private and secure manner.
How is the information collected?
The information is collected primarily during our enrolment process via paper or electronic means. We may also collect data from the Learning Records Service relating to personal learning records for individuals over the age of 13. Why do we collect the information?
We collect the information for academic purposes only to register students participation in a course of study and provide a valid certificate of achievement on its completion and to ensure that we can communicate effectively with you during your period of learning with the College.
Do we share your information with parents, carers or guardians?
Young people aged 16 and over can decide for themselves and give consent for the processing of their personal information. Parental consent is not required. There may be exceptions with regards to students with severe learning difficulties, school link students and those who are otherwise unable to decide for themselves.
The College has found that it is very beneficial to you as a young student if we are able to engage with your parent/s (or guardian/carer). Therefore, it is very important that we have these details recorded on our systems.
We can only release information about you if we have your consent for this recorded on College systems. We ask for this consent on the enrolment form or when enrolling face-to-face. Students can also inform us at any later time who we may discuss progress and other college related matters with. Students may withdraw their consent the same way which they gave it.
How do we store your information?
The College stores information about students manually in secure filing cabinets and on the College’s computer network and on web based services. Access to computerised data is restricted to you, your parents (where we have your consent) and appropriate staff, and is password protected.
How will it be used?
The information is accessed only to support your learning. For this purpose, we may use personal data to contact students to inform them of new learning opportunities, specific events, open evenings and enrichment opportunities. We may also use the data to offer course enhancements that improve learning and employability.
The college does not use any automated systems for decision making in relation to your eligibility for a course of study.
Who will your data be shared with?
The law requires us to pass on certain information about you to the local authority who have responsibilities in relation to the education or training of students under 19 years of age. We may also share certain personal data relating to students aged 16 and over with post-16 education and training providers in order to secure appropriate services for them.
We will not give information about you to anyone without your consent unless the law and our policies allow us to do so.
The college is also required to provide student data to the Education and Skills Funding Agency (ESFA) who are an executive agency of the Department for Education (DfE). The DfE may also share student level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the GDPR.
For more information on now the ESFA use your data please refer to the following privacy notice - https://www.gov.uk/government/publications/esfa-privacy-notice
We do not share or transfer your data with any other country.
We also share your information with other organisations that provide services to enhance your learning experience, in such instances the college will have a data sharing agreement that protects the third parties use of your data.
What will be the effect of this data sharing on you?
There should be no effect on students other than to improve their learning experience, however the college recognises the sensitivity of releasing information to third parties.
Decisions on whether DfE releases this personal data to third parties are subject to a robust approval process and are based on a detailed assessment of who is requesting the data, the purpose for which it is required, the level and sensitivity of data requested and the arrangements in place to store and handle the data. To be granted access to pupil level data, requestors must comply with strict terms and conditions covering the confidentiality and handling of data, security arrangements and retention and use of the data.
For more information on how this sharing process works, please visit: https://www.gov.uk/guidance/national-pupil-database-apply-for-a-data-extract
For information on which third party organisations (and for which project) learner level data has been provided to, please visit: https://www.gov.uk/government/publications/national-pupil-database-requests-received
Will sharing the data in this way cause you to object or complain?
We pass information on only for the benefit of your learning, we do not pass on information to third parties for the marketing of goods or other paid for services.
How long do we keep your records?
We retain student records for a maximum of 7 years with the exception of ESF funded courses which are retained for 20 years. We retain records only for the benefit of students, funding obligations and records of learning.
What are your rights in relation to the information that we hold?
You have significant legal rights in respect of the data that we process in relation to your engagement with the College, and the key points are detailed below.
Subject Access Request (SAR) – you may request copies of all the information the college stores relating to you including details relating to the rights of data subjects. For initial queries the College does not charge a fee for SAR requests however further fees may apply under certain circumstances. We will provide the data requested within 30 days of the request.
Right to correct data – you may ask for data held by the college to be corrected where applicable.
Right to erasure (the right to be forgotten) – you may request the college to delete all information relating to you where the data is no longer needed for its original purpose.
Right to restrict processing – you may request that the information we store is strictly limited in use to the sole purpose of continuing or completing their course of study. In this circumstance we will not pass on any information to third parties other than the statutory bodies described in this document.
Right to data portability – you may ask to receive a copy of all information held by the college in a common format to allow transfer to another organisation.
Right to object – you may object to our use of their data on certain grounds.
Right to complain – you have the right to complain if the college has used your data in a manner that has infringed your rights. This can be directly to the college in which case we will do all we can to satisfy the complaint, alternatively a complaint can be made directly to the Information Commissioners Office.
To exercise any of these rights please contact the Data Protection Officer in writing using the address at the end of this document. To raise a concern with the Information Commissioners Office please access the following web page - https://ico.org.uk/concerns
Our legal right to process your data
The information we collect is necessary for your enrolment and participation as a student or is required by law. You must provide it in order to enrol at the College.
We use your data for specific purposes, for a list of the processes involved and our legal right to process your data please contact the Data Protection Officer for a full and detailed listing.
The College as a corporate body is the data controller under the Data Protection Act, and the Board of Governors is therefore ultimately responsible for implementation.
The Data Protection Officer who is appointed to ensure compliance with the Act and responsible for the safe use and storage of data under the GDPR is the Vice Principal – Finance & Corporate Services and operational matters in relation to data protection are handled by staff within the Finance department.
The college is registered as a data controller through the Information Commissioners Office. Our registration reference is Z5043537.
Identity and Contact Details
Data Protection Officer – Matt Larkin, Vice Principal – Finance & Corporate Services.
Tel: 0151 353 4423
Email – firstname.lastname@example.org