Sunderland College including Hartlepool 6th Form.
Privacy Notice General
In accordance with Data Protection Law and specifically with General Data Protection Regulations (GDPR), we will only collect and use personal data you have given to us for the purposes we tell you about.
The college processes your personal data both directly and on behalf of the Education & Skills Funding Agency. In both cases, the college only processes your data where there is a lawful purpose for doing so. Under GDPR, the lawful purpose/s for which we process your personal data are:-
- The processing is necessary for a contract the college has with you, or because you have asked us to take specific steps before entering into a contract. For example when you join a course at the college, your provide us with information in order that we can provide you with the course you have requested. This is called your Learning Agreement.
- The processing is necessary for the college’s legitimate interests or the legitimate interests of a third party. For example, we might contact you in relation to other opportunities that you may be interested in or we may keep in touch with you after you leave to see how you are getting on and if your course had been helpful to you.
- The processing is necessary for the college to perform a task in the public interest or for its official functions, and the task or function has a clear basis in law. For example we will process your data and may share it with the Local Authority as they have a statutory obligation under the Education Act 1996 and the Education & Skills Act 2008 to undertake follow up of all young people after leaving school, in order to ensure that they have the opportunity to progress into appropriate education, training or employment.
- We have a Data Protection Policy that you are welcome to review.
Application to the college When you make an enquiry or application to the college, either on paper, by phone or on line, we process the personal information that you have supplied in order to respond to your enquiry and progress your application. Your employment history, qualifications and references provided on the Application Form will be used to help to determine the offer we make to you.
If you don’t choose to join a course of study within 6 years of making an enquiry, or if you tell us that you don’t want us to keep your information anymore, we will remove your details from our system. If you wish us to delete your application information, you can request this by contacting firstname.lastname@example.org.
Enrolment and course delivery If you go on to enrol with the College we will collect and use further Personal Data in order to process your enrolment and deliver your chosen course or learning programme.
We will store, use and share the information you have provided on the enrolment form for the lawful purposes referred to above.
Occasionally we may share your data if we are required to do so by law e.g. in connection with criminal investigations.
All of the information collected at enrolment is required by us to deliver your course to you, to monitor your progress and to provide evidence to funding agencies in order to draw down funding on your behalf or in order to facilitate bursary or other support payments, or the collection of tuition fees.
At enrolment you will also be asked how you prefer to be contacted by us e.g. email, phone, written. We will contact you via your chosen media, unless you decide to opt out of being contacted for surveys, follow up and marketing.
During your course we will process additional data about you including your attendance history, your progress, your grades and any learning support you may require including support during examinations. This information is important in enabling the college’s staff to provide you with a high quality service to meet your individual needs.
At enrolment we will ask you to allow us to take a photo of you to record on our computer system and replicate on your college ID badge. The reason we ask for this is to help us to ensure that only authorised persons gain access to college premises in order that we can provide you with a secure and safe learning environment. Sometimes during the course of your studies with Sunderland College, we may take photographs of you which will be held in a database of photographs/videos. These may be used to record learning and within publicity materials such as brochures, prospectuses, advertisements or on the College’s Website, YouTube and social networking pages. Sunderland College fully recognises its duties and obligations under GDPR and undertakes that all steps will be taken to ensure that the photographs will be used in an appropriate manner, stored in a controlled location and that personal data regarding identities and locations of the subjects will not be printed.
At, or soon after enrolment we may request banking details or card details in order to facilitate the collection of tuition fees, or the processing of support payments. These details will be included within the College finance system and will not be able to be deleted.
CCTV is used in some parts of the college for the purpose of safeguarding and crime prevention. Digital images are securely stored with access restricted to specific security staff. CCTV digital images are retained for 6 weeks and then they are destroyed.
We will normally retain your personal data for six years after you have completed a course at the college. If your course has been funded through the European Social Fund, we are required to retain your data for up to 15 years after you leave us. Any information that you have stored on the College email and network will be deleted 90 days after the end of the academic year in which you completed your course.
Security of your personal data The security of your personal data is of paramount importance to the college.
At all times the college ensures that technical and organisational measures are in place in order to protect against unauthorised or unlawful processing of your data and to protect against its accidental loss, destruction or damage.
To ensure the confidentiality, integrity and availability of College information, a number of technical and administrative controls are in place; these include the use of software and hardware to monitor network activity to identify unauthorised attempts to gain access to systems, modify information or cause damage and ensuring that information is encrypted following industry best practices.
Unauthorized attempts to modify College services and information are strictly prohibited and may be punishable by law.
Shared data We will share your data with specific other organisations such as our Funding Provider (ESFA), Exam Awarding Organisations, and our sub-contracted partners who may process your data on our behalf. We will share data with the other organisations, such as your previous school (for young people), the Local Authority and Connexions service in order that they are able to fulfil their statutory duties e.g. following up the destination of school leavers, confirming eligibility for Council Tax Benefit.
The College records and shares information regarding any safeguarding concerns relating to children, young people or vulnerable adults. This is in line with legislative and statutory responsibilities for safeguarding.
At enrolment, 16-18 year olds students are asked to provide parental contact details including name, address, phone number and email. The reason for this is that we normally provide feedback to parents in relation to your progress and attendance. Similarly, all students are asked for an emergency contact number in case of an emergency situation which risks the health or wellbeing of students. These contact details will be used for no other reason.
The progress and attendance of apprentices is shared with their employers and this data sharing is part of the Apprenticeship Agreement that Apprentices, employers and the college sign together at the outset of training.
When we share data with a partner or 3rd party organisation, a Data Sharing Agreement is in place. This specifies the nature of the data and the purpose of sharing the data. We only share data where there is a lawful reason to do so. Sharing of data is controlled by strict security protocols which are specified in the Data Sharing Agreement.
Subject access You have the right to make a request for the personal data that the college holds about you so that you are sure we are accurately processing that which we have told you about. If you wish, you can request electronic copies of your personal data. Usually there will be no charge for this but occasionally it may require a nominal administrative charge
If you want to update or remove any of the personal data that you have provided you can make a request to do so by contacting us at email@example.com.
If you require any further information about the content of this Privacy Notice, please contact:-
Data Controller, Nigel Harrett Tel 0191 511 6000 firstname.lastname@example.org
Other college policies are detailed below: