Data Protection

In order to deliver our mission to provide outstanding adult residential and community education we need to collect, use and store personal data about a range of individuals including our students, staff, governors, suppliers and visitors.

We are committed to ensuring that all the personal data we use is collected and processed legitimately, fairly and in line with data protection laws.

We will make sure that all personal data is:

  • processed lawfully, fairly and in a transparent manner;
  • collected for specified, explicit and legitimate purposes and is not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

All our policies and procedures have been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018.

Privacy Notices

When we collect your data we’ll always tell you why we need it and what we are going to do with it. For example if you are completing a form there will be a data protection statement included and you’ll be directed to our privacy notices below for more detailed information.

Our privacy notices provide information about how and why the College is processing your personal data, including how long we’ll keep it, if we will share it with anyone else and why, how we’ll keep it secure and what our legal basis for collecting it is. Please read the ones which are relevant to you.

College Personnel

Data Protection Policies and Procedures

We have a range of policies and procedures in place that guide how we collect, process and store your data:

Data Protection Policy (a revised policy is currently under consultation and will be published shortly, if you have any questions regarding the revised policy please contact the Data Protection Officer.)
Data Protection Impact Assessment (DPIA) Procedure
Retention Schedule (this schedule is currently being revised and an updated version will be published shortly, if you have any questions regarding the retention of data please contact the Data Protection Officer)
Data Breach Protocol
CCTV Code of Practice

Your Rights

Data protection law means that you have a range of rights over the personal data the College collects and processes about you.

  • You have the right to know what data we have about you and what we are doing with it; this is known as the right to be informed.
  • You have the right to make sure that the data we have about you is correct and complete; this is known as the right to rectification.
  • In some circumstances you have the right to have your data deleted; this is known as the right to erasure, sometimes referred to as the ‘right to be forgotten’.
  • In some circumstances you have the right to ask us to stop processing your data; this is known as the right to restrict processing.
  • For some of your data you have the right to ask us to provide you with an electronic version which you can then use elsewhere; this is known as the right to data portability.
  • In some circumstances you can ask us to stop using your data; this is known as the right to object.

The law also gives you the right not to have decisions made automatically about you without a person being involved in the decision making: this is known as the right not to be subject to automated decision making, including profiling.

Our A Guide to Your Rights – Personal Data explains these rights in more detail and how you can exercise them, including making a request to access your data. The above rights are not always available to you in every circumstance, the guide explains when and how they apply

Data Breaches

The College takes data security very seriously and has procedures and security measures in place to guard against unlawful or unauthorised processing and against accidental loss or damage.

Despite this it is still possible that we may suffer a data breach. A data breach is when your data is lost, destroyed, corrupted or disclosed; when someone accesses your data or passes it on without proper authorisation; or if your data is made unavailable and this has a significant negative effect on you.

The College has a data breach protocol in place which sets out how we will address any potential data breaches including identifying and investigating potential breaches, containment and recovery, notifying authorities and individuals concerned and remedial action to prevent any further incidents.

If you think that any personal data the College holds has been subject to a data breach please contact our Data Protection Officer (DPO) as soon as possible. You can do this in person at the College, by telephone on 01226 776005 or via email to Please mark emails with “Data Breach Report – URGENT”.

In the absence of the Data Protection Officer the breach should be reported to the Vice Principal or any other member of College staff.

Data Protection Officer

We have a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data Protection Officer at or ring 01226 776000.

The Information Commissioner

Further guidance is available from the Information Commissioner’s Office: 

Wycliffe House
Water Lane
Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Our Registration Details 

The College is registered as a data controller under the Data Protection Act 2018 – registration number Z6656286. This means that the purposes for which we collect and process personal data are notified to and registered with the Information Commissioner’s Office.