In order to deliver its mission to provide outstanding adult residential and community education the college needs to collect, use and store personal data about a range of individuals including its staff, suppliers, students, governors, parents and visitors.
The college is committed to ensuring that all personal data is collected and used legitimately, fairly and in line with data protection laws.
We will make sure that any data is:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes and is not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
All our policies and procedures have been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018.
Who oversees how we respect your rights and follow the law (Data Protection Officer & ICO)
We have a data protection officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the data protection officer, Sarah Johnson at email@example.com, or ring 01226 776000.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Our data protection policies and procedures
We have a range of policies and procedures in place that guide how we collect, process and store your data.
Data Protection Policy (please note a revised policy is currently under consultation and will be published shortly, if you have any questions regarding the revised policy please contact the data protection officer.)
Data Protection Impact Assessment (DPIA) Procedure
Data Retention Policy
Data Breach Protocol
CCTV Code of Practice
The data we collect and process about you and how we use it (Privacy Notices and Data Protection Impact Assessments (DPIA)
If the college processes any of your personal data the law gives you the right to be informed about how the college collects and uses it. The college must provide information about its purpose and legal basis for processing your data, how long the data will be retained and who, if anyone, it will be shared with.
Our privacy notices set out the personal data the college collects and processes in relation to:
Where we conduct a Data Protection Impact Assessment (DPIA) regarding any new or revised project which involves the collection and/or processing of personal data we will publish it here.
The rights you have over your data and how to exercise them
If the college processes any of your personal data the law gives you the right to access your data, rectify it if it is inaccurate, erase it in certain circumstances or restrict its processing. You may also sometimes have the right to request your information in a portable format, object to its processing and not be subject to automated decision making or profiling.
Our Rights of Individuals (Personal Data) Protocolexplains these rights in more detail and how you can exercise them, including making a request to access your data.
What we’ll do if we suffer a data breach
The college takes data security very seriously and has procedures and security measures in place to guard against unlawful or unauthorised processing and against accidental loss or damage.
Despite this it is still possible that we may suffer a data breach. A data breach is when your data is lost, destroyed, corrupted or disclosed; when someone accesses your data or passes it on without proper authorisation; or if your data is made unavailable and this has a significant negative effect on you.
The college has a data breach protocol in place which sets out how we will address any potential data breaches including identifying and investigating potential breaches, containment and recovery, notifying authorities and individuals concerned and remedial action to prevent any further incidents.
If you think that any personal data the college holds has been subject to a data breach please contact the data protection officer (DPO) – Sarah Johnson asap, either in person at the college, by telephone on 01226 776005 or via email to firstname.lastname@example.org. Emails should be marked “Data Breach Report – URGENT”. In the absence of the data protection officer the breach should be reported to the vice principal or any other member of college staff.
Our registration with the Information Commissioner
The college is registered as a data controller under the Data Protection Act 2018 – registration number Z6656286. This means that the purposes for which the college collects and processes personal data are notified to and registered with the Information Commissioner?s Office (ICO).