Data Protection

In order to deliver our mission to provide outstanding adult residential and community education we need to collect, use and store personal data about a range of individuals including our students, staff, governors, suppliers and visitors.

We are committed to ensuring that all the personal data we use is collected and processed legitimately, fairly and in line with data protection laws.

We will make sure that all personal data is:

  • processed lawfully, fairly and in a transparent manner;
  • collected for specified, explicit and legitimate purposes and is not further processed in a manner that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

All our policies and procedures have been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018.

When we collect your data we’ll always tell you why we need it and what we are going to do with it. For example if you are completing a form there will be a data protection statement included and you’ll be directed to our privacy notices below for more detailed information.

Our privacy notices provide information about how and why the College is processing your personal data, including how long we’ll keep it, if we will share it with anyone else and why, how we’ll keep it secure and what our legal basis for processing it is. Please read the sections which are relevant to you.

We are the data controller of the personal data we hold about you. We are The Northern College for Residential Adult Education Ltd. Our address is Wentworth Castle, Lowe Lane, Stainborough, Nr Barnsley S75 3ET.

Our Data Protection Officer is Sarah Johnson. If you have any queries about this notice or how we are using your personal data please contact our Data Protection Officer on 01226 776005 or at dpofficer@northern.ac.uk.

This privacy notice has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018.

The College is registered as a data controller under the Data Protection Act 2019, our registration number of Z6656286. This means that the purposes for which the College collects and processes personal data are notified to and registered with the Information Commissioner’s Office (ICO).

The data we collect will only be used for the purposes outlined in this privacy notice. If the College intends to further process the data for a purpose which is incompatible with that outlined we will notify you of our intentions and the rights you have in relation to any further processing.

You have a range of rights over the data we hold about you, please see our A Guide to Your Rights – Personal Data for further information and how to exercise them.

We keep our privacy notice under regular review. Any changes we make will be displayed on our website and notified to you by email where appropriate.

This privacy notice sets out the personal data the College collects about its students and how that data is used and protected.

What data do we collect from you?

When you apply for a course

As part of your admission to the College we will collect your personal details, this may include:

  • your name, address, email address, telephone, date of birth, national insurance number, photograph, gender, ethnicity, disability, nationality, sexual orientation, religious belief, learning support needs, learning styles, employment status, LEA, benefits data, dietary requirements, where English is not first language, if you are a lone parent or asylum seeker, your refugee status, any offending background/previous convictions, health information, previous substance misuse, marital status, residency status, vehicle details for parking purposes, employment history, education history and qualifications, emergency contact details, voluntary work details, interests, references, where appropriate your carer details.
  • where it is relevant to your course we may ask about your trade union membership.
  • if you are applying for a community learning course we may collect information about the community group you are part of in order to fund your course.
  • if you wish to apply for a place at the Children’s Centre we will ask for information regarding the name and age of your child (children). Please see our separate privacy notice for children.

Whilst you are studying at the College

In order to manage and administer your education at the College we will collect further data, this may include:

  • course work, grades and results, exam entry details and results, attendance, tutor/personal tutor feedback, library usage, safeguarding information, accidents and injuries, first aid information, behavioural information, learner support needs, other support needs, placement data, withdrawal details, ICT usage.
  • in order to manage the financial arrangements related to your study at the College we may also collect and process your funding information, bank details, travel expenses details, student loan information, your benefits and income data (or those of your household) and in some cases evidence.
  • if you access additional learning support whilst you are studying at the College we may collect and process further information including detailed health information, disabilities and support provided.
  • we use CCTV at our site for the purposes of crime prevention, security and health and safety and, accordingly, may capture imagery of you whilst you are at the College. Our entry system also records location data.

How we use your data

We will use your personal data; 

  • to manage and process your application to the College;
  • to manage and administer your education whilst you are studying at the College. This will include communicating with you, managing your classes and timetable, putting together reports and registers, exam and assessment arrangements, personal tutoring, accessing the library, accessing ICT, accessing additional learning support and general student support, accessing accommodation and catering facilities, safeguarding, health and safety, security, first aid, parking, managing behaviour, monitoring performance, handling complaints, ensuring equality;
  • to ensure your place is appropriately funded, and to pay/receive payment from you;
  • for the purposes of teaching you and measuring your achievements;
  • to provide you with additional learning support;
  • to maintain the health, safety and security of the College and all its users.

If you access the Children’s Centre we will use your data to manage the provision of child care. Please see our separate privacy notice for children.

We treat your personal data with confidentiality. The data described in this notice will only be used for the purposes outlined.

Marketing our courses to you

Where you have previously studied at the College or commenced an application process with us before, then we will send you information about the courses we provide on the basis of our legitimate business interests. In doing so, we will comply with the requirements of the ‘soft opt in’ and offer you an opportunity to refuse marketing, both when your details are first collected and in every subsequent message, by giving you a clear and straightforward way to unsubscribe.

Any other marketing we carry out will be on the basis of consent.

Monitoring your use of the College ICT

We monitor how you use the College’s ICT systems and equipment and what websites you go on when you are browsing the internet at College. This is because we have legal obligations to protect you, and we also have a legitimate interest in making sure you are using our computer equipment correctly and that you are not looking at any inappropriate content.

Further information please see our website privacy notice and ICT user, bring your own device and e-safety policies.

What is our legal basis for processing your data?  

Generally, the data we collect about you is processed as part of our public interest task of providing education to you.

Where we collect health data this is defined as special category data we will process it because there is substantial public interest for us to do so.

Where we collect data to enable us to ensure and monitor equality of opportunity and treatment e.g. your ethnicity, disability, religious belief, sexual orientation this is defined as special category data. We process this data on the grounds that it is in the public interest, specifically by enabling us to identify and keep under review the existence or absence of equality of opportunity or treatment.

We also collect and process some personal data on the basis that we need to do so in order to comply with our legal obligations.

How we store and secure your data

Student personal data is held electronically in password protected systems which are accessed by authorised College staff only. Hard copy student data is stored securely and accessed by authorised College staff only. Please see our data security statement for further information.

The College uses software systems to process some of its personnel data which are provided by the following third party suppliers:

  • UNIT-e – student management system;
  • Heritage – library management system;
  • Corero Resource 3200 – finance system.

Where appropriate the College has written agreements in place to ensure the protection of any data included which can be accessed by the provider. The providers do not have any routine access to the data processed by the software other than in the course of the provision of technical support and system development.

Does anyone else process your data?

We do not use any third party data processors for our student data.

Who do we share your data with?

We do not share information about our students with anyone unless the law and our policies allow/require us to do so.

We may share your personal data with the following organisations (or types of organisation) for the following purposes: 

  • ESFA – if your course is funded by the ESFA we will share some of your data with the ESFA for the purposes of funding your education. Please see the ESFA privacy notice for information about how they manage your data. The information you supply is used by the Education and Skills Funding Agency, an executive agency of the Department for Education (DfE), to issue you with a Unique Learner Number (ULN) and to create your Personal Learning Record, as part of the functions of the DfE. For more information about how your information is processed, and to access your Personal Learning Record, please refer to the learning records service privacy notice.
  • Student Loans Company – if you have applied for a student loan we will share some of your data with the Student Loan Company in order to enable you to access your loan. Please see the SLC privacy notice for information about how they manage your data.
  • University of Huddersfield – if you are attending a higher education course validated by the University of Huddersfield we will share your data with them for the purpose of securing funding and enabling you to access your course and gain your qualification. Please see the University of Huddersfield privacy notice for information about how they manage your data.
  • Awarding bodies – if your course is accredited we will share some of your data with the relevant awarding body for the purpose of enabling you to gain your qualification.
  • If your course is funded by a local authority we may share some of your data with them in order to enable us to access the funding for your education.
  • If your course is funded by your trade union we may share data with them regarding your attendance and achievement.
  • If you have a serious accident whilst at College we may need to share that data with the Health and Safety Executive.

 We may also share your personal information with third parties who provide services to the College as follows:

  • Thomas Franks Ltd – we may share some of your data with the company who provide our catering services, for example your dietary requirements, in order to enable them to provide appropriate catering services for you;
  • Constant Security – we may share some of your data with the company who provide our security services in order for them to be able to provide effective security services for you.
  • The College’s audit providers – our auditors may view your data as part of their audit of our services.

Where we share your data with third party service providers we will have a written contract in place to ensure the protection of your personal data.

Do we transfer your data outside Europe?

We do not store or transfer your personal data outside Europe.

Is your data used to make automated decisions?

We do not make automated decisions using the data outlined in this notice.

How long will we keep your data?

We will not keep your personal information for longer than we need it for the purposes we have explained above.

We will retain your personal data in line with our retention schedule. Retention periods depend on the nature of the data being retained; in many cases we will retain your data for six years following the completion of your course.

This privacy notice sets out the personal data the College collects about its Personnel and how that data is used and protected.

Personnel is defined as any College employee, worker or contractor who accesses any of the College’s personal data and will include employees, consultants, contractors and temporary personnel hired to work on behalf of the College.

What data will we collect from you – Job Applicants

We will collect personal data from you when you apply for a job with us.  This will include your name; address; phone number; email; date of birth; NI number; current employment details including job title, start and end dates, current salary, notice period, reason for leaving; past employment details; education details; whether you are related to any personnel of the College or governing body; references; driving license; vehicle ownership.

We will also ask you if you would like to provide us with data regarding any disabilities you may have and whether there are any special arrangement you require for interview; plus your gender, ethnicity religion/belief and sexual orientation.

What data will we collect from you – College Employees

We will collect additional personal data from you when you are offered a position and once you become an employee at the College.  This may include your marital status; previous surname(s); next of kin and contact details; bank details; pension details; other employment; certifications/qualifications, photograph; disqualification information; voluntary salary reductions; student loan details; attachment to earnings data; medical information; car registration, make and model; car insurance details; tax code data; pre‑employment health questionnaire/medical report; criminal record details.

Over the course of your employment we will store and process personal data about you which may include appraisal/performance management; training & development records; travel expenses; contract details; working time; annual leave; travel expenses; changes to your terms and conditions.

This could also include disciplinary, grievance, capability details, sickness absences, maternity/paternity/adoption information; accidents and injuries at work; health information; flexible working; exit interviews; return to work notifications; parental leave request forms; occupational health records.

We use CCTV at our site for the purposes of crime prevention, security and health and safety and, accordingly, will capture imagery of personnel whilst they are at the College. Our door/car park entry system also records location data.

How will we use your data

We will use your personal data set out above as follows:

  • for the recruitment process and for carrying out pre‑employment checks;
  • for safeguarding students;
  • for checking your identity and right to work in UK;
  • for checking your qualifications;
  • to keep an audit trail of the checks we have made and our relationship with you in case of employment claims;
  • to set up payroll and pension and to reimburse expenses;
  • for dealing with HMRC;
  • for communicating with you;
  • for carrying out our role as your employer or potential employer.

What is our legal basis for this processing?

Generally, the data we collect is processed on the basis that it is necessary for performing our employment contract with you, or it is necessary to take steps before entering into a contract with you.

We also collect and use personal information on the basis that we need to do so in order to comply with our legal obligations.

Where we collect medical/health data this is defined as special category data. We collect and process this on the grounds that it is necessary for carrying out our obligations under employment law and/or necessary to assess the working capacity of employees. In some circumstances we may request your consent.

Where we collect data to enable us to ensure and monitor equality of opportunity and treatment e.g. your ethnicity, disability, religious belief, sexual orientation this is defined as special category data. We process this data on the grounds that it is in the public interest, specifically by enabling us to identify and keep under review the existence or absence of equality of opportunity or treatment.

How will we store and secure your data?

All the above data is held electronically in password protected systems which are accessed by authorised College staff only. Some hard copy information is also retained, where this is the case it is stored in a locked area which is accessed by authorised College staff only.

The College uses software systems to process some of its personnel data which are provided by the following third party suppliers:

Corero Resource 3200 – finance system

UNIT-e – student management system;

The College has a written agreement in place to ensure the protection of any data included which can be accessed by the provider. The providers do not have any routine access to the data processed by the software other than in the course of the provision of technical support and system development. This includes an online, two stage security validation system.

Does anyone else process your data

We use Cintra HR & Payroll Services Ltd to process payments in our payroll system. We have a third party data processing agreement in place which includes relevant clauses to ensure the protection of your personal data.

Who do we share your data with?

We do not share information about our personnel unless the law and our policies allow/require us to do so.

We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes:

  • We will share information with HM Revenue and Customs for the purposes of administering your tax and national insurance arrangements.
  • Where you are a member we will share relevant information with the Universities Superannuation Scheme for the purpose of administering your pension arrangements.
  • Where you are a member we will share relevant information with the South Yorkshire Pensions Authority for the purpose of administering your pension arrangements.
  • Where appropriate we may share your contact details with our security services provider.
  • We may be asked to share personal data about you with the National Office for Statistics as part of our statutory duties.

We may also share your personal information with third parties who provide services to the College as follows:

  • In some circumstances the College may engage the services of an occupational health provider or medical practitioner, where it is proposed that this is undertaken the human resources department will ensure that the individual concerned is provided with full details of the provider, an outline of any data to be shared/requested and be asked to provide their consent where appropriate.
  • From time to time the College may use the services of a third party recruitment agency. This is for the purpose of recruiting and employing personnel. Where this is the case we may share information about the individual employees concerned. The College will have a written contract in place with any provider utilised which will include appropriate clauses to ensure the protection of personal data.
  • The College’s audit providers may view your data as part of their audit of the College.

Is your data transferred outside of Europe

We do not store or transfer your personal data outside Europe.

Is your data used to make any automated decisions?

We do not make automated decisions using the data outlined in this notice.

How long will we keep your data

We will not keep your personal information for longer than we need it for the purposes we have explained above.

When you apply for a job with us, but your application is unsuccessful, we will normally keep your personal information for six months. In exceptional circumstances we may ask if we can retain your information for longer, for example if we think there may be a future vacancy you might be interested in. In such a case we would request your specific consent.

When you are an employee we will keep your personal information in line with our data retention schedule.

This privacy notice sets out the personal data the College collects about its governors and how that data is used and protected.

What data will we collect? 

We will collect data from you when you become a governor of the College or an independent member of a governor committee. This will include:

  • Contact Details – to enable us to contact you regarding meetings and other relevant activities;
  • Home address, nationality, occupation, country of residence – to register you with Companies House and the Charity Commission;
  • Ethnicity and Disability – to monitor diversity and build an accurate picture of the make-up of the Board of Governors and assess the effectiveness of the College’s equal opportunities policy;
  • Date of Birth – to register you as a director of the company with Companies House and a trustee of the charity with the Charity Commission. We will also use your date of birth to create an anonymised age profile for the Board of Governors which is published in the governance annual report;
  • Next of Kin/Contact Details – in case of an emergency whilst you are on College premises;
  • Legal Actions – to enable us to arrange insurance cover for your work as a governor;
  • Criminal Convictions – in order to establish whether you are eligible to serve as a governor/trustee/director;
  • Skills – to monitor the balance of skills and expertise of the Board of Governors as a whole and to identify any gaps;
  • Other Interests e.g. current employment, membership of professional bodies, directorships – to enable the identification of possible conflicts of interest. This information is not routinely shared but is made available to the public for inspection on request. Specific interests declared in meetings relating to items to be considered at that meeting will be recorded in the minutes which are publically available unless they are deemed confidential.
  • Bank details – if you claim travel expenses we will collect your bank details in order to reimburse you;
  • Photograph – images of you (photos or videos) may be used to promote the role and identity of governors inside the College and externally in publicity material. These images will be stored securely. We will request your consent to process your personal image, which you can withdraw at any time by contacting the Clerk to the Governors. Where you withdraw your consent, or your appointment terminates, the College will make reasonable efforts to cease processing your image.
  • Attendance – we have a contractual requirement to collect attendance data which we are required to publish in our Annual Report and Financial Statements;
  • Third party payments to governors and payment of expenses – we have a contractual requirement to publish related party payments and expenses under our funding agreement with the Education and Skills Funding Agency. Any payment of expenses to governors or related third parties are published in the College’s annual reports and financial statements;
  • Car registration, make and model – to enable you to use the car park.

We use CCTV on our site for the purposes of crime prevention, security and health and safety. We may therefore capture images of you whilst you are at the College. We have a CCTV Code of Practice which enables us to ensure the data captured is managed securely and appropriately. Our door/car park entry system also records location data.

The data described in this notice will only be used for the purposes outlined. If the College intends to further process the data for a purpose other than that outlined we will notify you of the intention and the rights you have in relation to any further proposed processing.

We will not use the data to make any automated decisions about you.

How will we use your data?

As well as the specific purposes outlined above we will use your data:

  • for recruitment to the post of Governor (including carrying out disqualification checks);
  • for the safeguarding of students;
  • to contact you in connection with board and committee business;
  • to conduct performance monitoring;
  • for inclusion in the minutes of the board and committees;
  • for inclusion in the College’s annual report and financial statement and other board and committee papers;
  • to maintain a register of interests;
  • to produce identification badges;
  • for use in promotional materials;
  • to inform reports and returns required by funding agencies, government departments and public bodies;
  • to provide information to banks;
  • to monitor and promote equality and diversity;
  • for inclusion in the College’s publication scheme (as required by the Freedom of Information Act 2000);
  • for approval and ratification of funding bids to UK funding bodies;
  • to confirm accommodation, dietary and access requirements for events;
  • to book training events; and
  • to add you to any relevant mailing lists.

Our legal basis for processing 

We process your contact details, home address, country of residence, date of birth, nationality, legal actions/criminal convictions, occupation and other interests in order to comply with the law.

We process your ethnicity, disability and skills data in order to deliver a public task.

We process your photograph and next of kin details on the basis of your explicit consent.

We process attendance data, third party payments to governors, payment of expenses and bank details in order to deliver a contract.

We process CCTV images and car registration, make and model on the basis of our legitimate interests for maintaining the security of our site.

How the data will be stored and secured

All the above data is held electronically in password protected systems which are accessed by authorised College staff only. Some hard copy information is also retained, where this is the case it is stored in a locked area which is accessed by authorised College staff only.

Your bank details are stored in the College finance system which is password protected and only accessed by authorised College staff.

The College does not use any third party data processors to undertake any processing of this data on their behalf.

We do not store or transfer your personal data outside of Europe.

Will we share the data? 

We do not use any third party processors to undertake any processing of this data.

We may share your data with the following organisations (or types of organisation) for the purpose specified:

  • Companies House – in order to register you as a director of the company we are required to share your name, title, occupation, date of appointment, nationality, date of birth, home address and country of residence with Companies House. Companies House will publish your name, date of birth, date of appointment, nationality, occupation and country of residence as a director of the company on their website (company number: 1339524), and link it to any other company for which you are appointed as a director. The Companies House privacy notice is available on their website.
  • Charity Commission – in order to register you as a trustee of the charity we are required to share your title, name, address, date of birth and the date of your appointment as a trustee with the Charity Commission. The Charity Commission will publish your name as a trustee of the college on their website, and link it to any other charity for which you are appointed as a trustee. (Charity Number: 507245). The Charity Commission privacy notice is available on their website.
  • Financial statements – we will publish attendance data and details of any third party transactions and expenses in our annual report and financial statements.
  • The email contact for the chair of the Board of Governors may be made available to the FE Commissioner and relevant contacts at the Education and Skills Funding Agency on request where they need direct contact with the chair. Contact details for the chair of the Board of Governors and chair of the Audit Committee may be made available to the College’s internal and/or financial statement auditors. We will always request out of date data to be deleted when we provide data about a new appointment.
  • The College’s register of interests is available for public inspection on request.
  • We may share data regarding legal actions with our insurance provider in order to arrange insurance cover for your work as a governor.
  • Other governors may be able to see your email address if group emails are sent that expose your address; and they may use this for the purpose of contacting other governors solely to progress the business of college.

How long will we keep the data? 

We will not keep your data for any longer than we need it for the purposes outlined. Our Retention Schedule sets out the retention periods that we have set for the different types of data we hold.

In general we retain your data for the period of your appointment plus six years. We retain records of the conduct and proceedings of meetings (e.g. minutes) which may contain your name for 50 years and statutory records and registers including the register of directors and secretaries and register of members and directors’ interests for the lifetime of the institution.

If you apply for a governor role with us, but your application is unsuccessful, we will keep your personal information for six months after the application process concludes.

We retain CCTV images in line with regulations.

This privacy notice sets out the personal data the College collects about visitors to its site and how that data is used and protected.

What data will we collect? 

We will collect data from you when you visit the College. This may include your name, car registration number and the organisation you are representing where appropriate. We will also record when you arrive and when you leave.

We use CCTV on our site for the purposes of crime prevention, security and health and safety. We may therefore capture images of you whilst you are at the College. We have a CCTV Code of Practice which enables us to ensure the data captured is managed securely and appropriately.

How we will use the data? 

We collect this data so we can effectively manage your visit to the College and to ensure the safety and security of the site, yourself and other people.

We will not use the data to make any automated decisions about you.

Our legal basis for processing 

We collect and process this data on the basis of our legitimate interests to manage our site and maintain safety and security.

How the data will be stored and secured

The data will be held electronically in a password protected system which will only be accessed by authorised College staff.

We do not store or transfer your personal data outside of Europe.

Will we share the data? 

We do not use any third party processors to undertake any processing of this data.

We may share your data with the following organisations (or types of organisation) for the purpose specified:

Organisation/Type of Organisation: Constant Security Ltd (the College’s third party security provider)

Purpose: To provide security services at the College.

How long will we keep the data? 

We will not keep the data for any longer than we need it for the purposes outlined. Our Retention Schedule sets out the retention periods that we have set for the different types of data we hold.

We retain data about visitors for one year.

We retain CCTV images in line with regulations.

This privacy notice sets out the personal data the College collects when you use this website and how that data is protected.

What personal data do we collect via our website

Apply On-line

We only collect personal data about you via our website if you use our apply on-line system or make an online enquiry. The data you provide is stored temporarily in a secure database prior to it being accessed and processed by our admissions team. For details of the data collected and how it is processed please see our privacy notice – students.

User Data

In addition we collect your IP address, the browser type and device you are using and its resolution. We only collect this in order to improve the security and usability of our website and it cannot be used to identify who you are.

Cookies

We use cookies on our website to enhance your experience of our site. Cookies are small text files which are placed on your device (for example your iPad or laptop) in order to make your online browsing easier. Most websites do this. Cookies cannot be used to identify who you are.

Some cookies on the site are essential, and the site won’t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site.

We will not use cookies to collect personally identifiable information about you. However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

Google Analytics

We also use Google Analytics to collect information about how people use our website. We do this to make sure it is meeting peoples’ needs and to understand how we can make the website work better.

Google Analytics stores information about what pages on the site you visit, how long you are on the site, how you got there and what you click on while you are there.

We do not collect or store any other personal information (e.g. your name or address) so this data cannot be used to identify who you are.

We also collect data on the number of times a word is searched for and the number of failed searches. We use this information to improve access to the site and identify gaps in the content and see if it is something we should add to the site.

What is our legal basis for this processing?

Our legal basis for collecting personal data via our apply online is outlined in our privacy notice – students.

How we store and secure your data

All the above data is secured electronically in a password protected system which is accessed by authorised college staff only.

Who do we share your data with?  

Unless the law requires us to, we do not share any of the data we collect about you with others, or use this data to identify individuals.

Do we transfer your data outside Europe?

We do not store or transfer your personal data outside Europe.

Is your data used to make automated decisions?

We do not make automated decisions using your data.

How long will we keep your data?  

We will not keep your personal data for longer than we need it for the purposes we have explained above.

We will keep your data in line with our data retention schedule.

This privacy notice sets out the personal data the College collects about children using our Children’s Centre and how that data is used and protected.

What data will we collect? 

When we register a child to access the Children’s Centre we collect personal data as follows:

  • Child – where the child’s parent/carer is attending a short course we will collect the child’s name, address, date of birth, age, gender, protection against certain diseases e.g. measles, details of any prescribed medicine that the Children’s Centre will be required to administer, any additional support needs, any dietary requirements, ethnicity.
  • Child – where the child’s parent/carer is attending a diploma or other longer course or the child is accessing a paid place we will collect the child’s name, address, date of birth, age, gender, medical information, disability or special needs, allergies, protection against certain diseases e.g. measles, details of any prescribed medicine that the Children’s Centre will be required to administer, any dietary requirements, ethnicity, first language, languages spoken at home, faith requirements, legal contact, the name, date of birth, relationship to and setting attended by any other child living at home, previous address, any other adult in relevant contact with the child, emergency contacts, whether the child has a CAF or named social worker, doctor, speech therapy details and health visitor details.
  • Parent/carer – we will collect the name, address and emergency contact details for any parent or carer who looks after the child or may collect them, plus the course being attended by them at the College where relevant.
  • Whilst the child is attending the Children’s Centre we may collect further data including details of activities undertaken during the day, work, development areas, daily diary such as sleeping and eating whilst at the centre, progress and development (including physical development), interests and likes/dislikes, attendance, any specialised learning plans, medical and health data, accident data, any areas for concern.
  • Where additional support is required we may collect further data. This will only be done with the knowledge and consent of the child and parent/carer; apart from where there are exceptional circumstances that are covered by the College’s legal obligations regarding safeguarding.
  • We may collect photographs of the children at the centre but this will only be done with the prior consent of the parent/carer and /or child.
  • In order to manage any financial arrangements related to the child’s attendance at the Children’s Centre we may also collect and process your funding information and bank details.

CCTV

We use CCTV in the Children’s Centre for the purposes of security and health and safety, and accordingly, will capture imagery of children, parents/carers and other visitors.

We have a CCTV code of practice which enables us to ensure that the data captured is managed securely and appropriately, and that it is only accessed by authorised staff for specified purposes.

The system was installed and is maintained by a third party service provider (D J Byers Ltd). They do not have remote access and can only access the system in the presence of the Children’s Centre Manager and only for the purposes of system maintenance and repair.

The College has written contract in place to ensure the protection of the data.

How we will use the data? 

We will use the personal data; 

  • to manage and process the child’s application to the Children’s Centre;
  • to manage and administer delivery of the child’s care whilst using the Children’s Centre.
  • for the purposes of teaching and measuring development;
  • to apply for and/or provide any additional support;
  • to meet our statutory obligations with regard to early years foundation stage delivery;
  • to meet our safeguarding obligations;
  • to ensure the place is appropriately funded, and where appropriate to receive payment.

We do not make automated decisions using the data outlined in this notice.

Our legal basis for processing 

Generally, the data we collect is processed as part of our public interest task of providing early years provision to children.

We process some data on the grounds of the statutory obligations placed on an early years foundation setting and in respect of our safeguarding obligations.

We will ask for explicit consent in relation to the taking and use of photographs.

How the data will be stored and secured

We do not store or transfer your personal data outside of Europe.

Data is held electronically in password protected systems which are accessed by authorised College staff only. Hard copy data is stored securely and accessed by authorised College staff only. Please see our data security statement for further information.

Will we share the data? 

We do not use any third party processors to undertake any processing of this data.

We do not share this data with anyone without consent unless the law and our policies allow us to do so.

We may share data with the following people or organisations (or types of organisation):

  • We will share daily diaries, work, development and progress and details of any accidents, incidents or issues with a child’s parent/carer;
  • We may share data with other appropriate agencies in relation to our safeguarding and child protection obligations;
  • We may share data with the appropriate council in relation to funding for additional support;
  • We may share data relating to a child’s health and welfare with their named health visitor;
  • If the child has a serious accident whilst at the centre we may need to share that data with the Health and Safety Executive and Ofsted;
  • We may share data with a child’s other or next educational setting.

 We may also share data with third parties who provide services to the College as follows:

  • Thomas Franks Ltd – we may share data with the company who provide our catering services, for example dietary requirements, in order to enable them to provide appropriate catering services;
  • Constant Security – we may share data with the company who provide our security services in order for them to be able to provide effective security services.

Where personal data is shared with a third party service provider we will have a written contract in place to ensure the protection of the data.

How long will we keep the data? 

We will not keep the data for any longer than we need it for the purposes outlined. Our Retention Schedule sets out the retention periods that we have set for the different types of data we hold.

We retain CCTV images in line with regulations.

This privacy notice sets out the personal data the College collects about its suppliers and how that data is used and protected.

What data will we collect? 

In order to engage and manage our suppliers, where you are a supplier (or where if it is a company, you are its representative) we collect and store your contact information and, where appropriate, your bank account details.

You may also be asked to provide details of your occupation and your CV.

How we will use the data? 

We store and use your data for the purposes of managing our suppliers in respect of the supply of goods and services that our College may need.

We do not make automated decisions using the data outlined in this notice.

Our legal basis for processing 

Except in the circumstances highlighted below, we process this information on the basis of our legitimate interests:

  • we have a legitimate interest in engaging and managing our suppliers; and
  • to be able to do so, we need to hold details of who those suppliers are.

Where we are required by law to hold certain records for health and safety purposes, then we hold those records to comply with that statutory obligation.

Where we hold your bank account details, we do so on the basis that it is necessary for us to perform our contract with you.

How the data will be stored and secured

We do not store or transfer your personal data outside of Europe.

Data is held electronically in password protected systems which are accessed by authorised College staff only. Hard copy data is stored securely and accessed by authorised College staff only. Please see our data security statement for further information.

Will we share the data? 

We do not use any third party processors to undertake any processing of this data.

We do not share this data with anyone without consent unless the law and our policies allow us to do so.

We may share data with third parties who provide services to the College as follows:

  • Bankers – we will share your bank account details with our bankers in order to process payments.

The College uses software systems to process some of its personnel data which are provided by the following third party suppliers:

Corero Resource 3200 – finance system.

Where appropriate the College has written agreements in place to ensure the protection of any data included which can be accessed by the provider. The providers do not have any routine access to the data processed by the software other than in the course of the provision of technical support and system development.

How long will we keep the data? 

We will not keep the data for any longer than we need it for the purposes outlined. Our Retention Schedule sets out the retention periods that we have set for the different types of data we hold.

In general we retain data related to the processing of financial transactions with suppliers for 7 years.

We have a range of policies and procedures in place that guide how we collect, process and store your data:

Our Data Protection Policy sets out the basis on which the College will collect and use personal data and the regulations governing how that data will be used, shared and stored. (Please note a revised policy is currently under consultation and will be published shortly, if you have any questions regarding the revised policy please contact the Data Protection Officer.)

Our Data Breach Protocol provides a framework for the identification, containment and management of potential data breaches. Its focus is on minimising risk, undertaking appropriate reporting and taking actions to secure data and prevent any further breach.

If you suspect a data breach is, or has taken place please let us know immediately by contacting the Data Protection Officer – Sarah Johnson. This can be done either in person at the College or by telephone on 01226 776005 or by email to dataprotectionofficer@northern.ac.uk. Emails should have the subject line “Data Breach Report – URGENT”. In the absence of the Data Protection Officer the breach should be reported to the Vice Principal or any other member of College staff.

Our Data Protection Impact Assessment Procedure enables us to systematically and thoroughly analyse how any project, system or business process could adversely impact on an individual’s right to the protection of their personal data. It enables us to explore any risks to data protection that could arise, set out appropriate controls and solutions to mitigate or eliminate the risks and ultimately be used to decide whether a project will go ahead.

Our CCTV Code of Practice regulates our management, operation and use of closed circuit television (CCTV) systems in the College.

We will only keep personal data for as long as it is required, once it is no longer required we will securely destroy it. Our Data Retention Statement and Data Retention Schedule set out the retention periods that we have set for the different types of data we hold.

Data protection law means that you have a range of rights over the personal data the College collects and processes about you.

  • You have the right to know what data we have about you and what we are doing with it; this is known as the right to be informed.
  • You have the right to make sure that the data we have about you is correct and complete; this is known as the right to rectification.
  • In some circumstances you have the right to have your data deleted; this is known as the right to erasure, sometimes referred to as the ‘right to be forgotten’.
  • In some circumstances you have the right to ask us to stop processing your data; this is known as the right to restrict processing.
  • For some of your data you have the right to ask us to provide you with an electronic version which you can then use elsewhere; this is known as the right to data portability.
  • In some circumstances you can ask us to stop using your data; this is known as the right to object.

The law also gives you the right not to have decisions made automatically about you without a person being involved in the decision making: this is known as the right not to be subject to automated decision making, including profiling.

Our A Guide to Your Rights – Personal Data explains these rights in more detail and how you can exercise them, including how to make a request to access your data. The above rights are not always available to you in every circumstance, the guide explains when and how they apply.

If you have any concerns or questions about how we look after your personal data please talk to us.

Our Data Protection Officer is appointed to make sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal data, please contact the Data Protection Officer, Sarah Johnson, at dpofficer@northern.ac.uk or ring 01226 776000.

Further information about data protection and your rights is available from www.ico.org.uk 

The College is registered as a data controller under the Data Protection Act 2018 – registration number Z6656286. This means that the purposes for which we collect and process personal data are notified to and registered with the Information Commissioner’s Office.

If you have a concern about how your personal data is being handled you may contact the ICO, please see the information on their website about raising your concerns. www.ico.org.uk

Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.