PRESTON’S COLLEGE PRIVACY NOTICE FOR STUDENTS
We believe that you should know what data we collect from you, how we use it and how we keep it safe.
This Privacy Notice describes how Preston’s College does this.
Preston’s College (‘the College’) is the data controller for the purposes of data protection laws and responsible for the data we collect from you.
Our address is:
St Vincent’s Road
Our Data Protection Officer is Iain Stott, Head of MIS, ICT & Data Services. If you have any questions about this policy or the ways in which we use your personal information, please contact our Data Protection Officer at the address above or by e-mail: firstname.lastname@example.org
This privacy notice has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018.
Preston’s College is responsible for ensuring that this notice is made available to students prior to the collecting/processing of their personal data. Preston’s College are responsible for ensuring that this notice is drawn to student’s attention and their consent to processing of their data is secured.
THE INFORMATION THAT YOU GIVE US
Students are required to provide information to the College, to enable the College to carry out its legal duty under the Education Act 2011 and Education and Inspections Act 2006 and contractual obligations with other funding agencies and awarding bodies.
The College collects a range of personal data in order to fulfil its duty as a provider of education. The personal details we may collect from you includes: name, address, date of birth, next of kin, phone number, national insurance number, Unique Learner Number (ULN), household situation, email address, work assessment data, dates of attendance, exam results, religion, ethnicity, health information, nationality, previous education establishment, doctor’s details, funding information, bank details, behaviour record, sex-related information, photo, genetic data, health records/conditions (inc. mental health) and special needs details.
As part of the delivery of our courses to you, our staff will collect (e.g. for marking purposes), the work that you create as well as attendance records, assessment marks and exam results. In addition, when you use the IT systems we provide you with access to, we will process the data you input.
THE USES MADE OF YOUR PERSONAL INFORMATION
We will use your information to manage and administer your education. This will include putting together class lists, for communicating with you, for dealing with admissions, for putting together reports and registers, to check entrance exam results, to allocate you to the correct classes for assessments, to make arrangements for exams or visits, to consider whether to offer places to students, to consider whether special provision or assistance is required for exams and visits and to be able to tell other colleges your attendance dates if you leave.
The College will also use your information for the purposes of teaching you and measuring your achievements. This will include processing information to provide assessment marks to awarding bodies, student reports, and employer information (for example for apprentices).
We will use your information to ensure your place is appropriately funded and to pay/receive payment from you or your employer/sponsor. The College will process student data by submitting statutory returns or provide information to the following external agencies/bodies; Education and Skills Funding Agency (ESFA), Office for Students (OFS), Department for Education (DfE), OFSTED, Student Loan Company (SLC), Awarding Bodies, Institute for Apprenticeships (IoA) and Local Authority (LA).
THE LEGAL BASIS ON WHICH WE COLLECT AND USE YOUR PERSONAL INFORMATION
The College has a legal obligation to process information about students under the Education Act 2011, the Education & Inspections Act 2006. The College is also contractually obliged to process data with other funding agencies to secure funding for the provision of education and training and awarding bodies to enable qualifications and certificates to be awarded to students.
Generally, the information is processed as part of our public interest task of providing education to you. In providing an education service the lawful basis that the College processes data under is: Legal obligations, contractual necessity and public interest.
Any marketing we carry out will be on the basis of explicit consent. If you have made a specific enquiry to the College, we will send you additional and relevant information relating to your initial enquiry under legitimate interests.
The College does not ordinarily store or transfer your personal data outside of European Economic Area (EEA). If there was a requirement to do so, the College would seek consent from individuals prior to transfer.
At no time will we assume your permission to use information that you provide for anything other than the reasons stated here.
WHO DO WE SHARE YOUR INFORMATION WITH
The College will at times need to share the information we collect and process with yourself and also with other organisations. Where this is necessary, we are required to comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018.
Preston’s College is required to share data to fulfil its legal and contractual obligations with the following organisations;
- Education and Skills Funding Agency (ESFA)
- Higher Education Funding Council For England (HEFCE)
- Student Loans Company (SLC)
- Lancashire County Council (LCC)
- Exam Awarding Bodies (AAT, ABC, ACTIVE IQ, AQA, ACENTIS, BCS, CACHE, City and Guilds, CPCAB, EAL, FISS, Gateway, Highfield, IMI, ILM, IOSH, ISTD, LAMDA, Logic, LIBF, NCFE, NOCN, OCR, Pearson, Edexcel, Prince’s Trust, Rock School Ltd, TCL, TQUK, TWI, UoL, WJEC, YMCA)
- Healthcare, social and welfare organisations
- Police forces, courts and tribunals
- Local and central government
We will only share your personal information with other people e.g. parents or carers, or with agencies such as the Department of Work and Pensions with your permission.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
The College will retain your personal information for periods of time consistent with regulatory, statutory and legal requirements as detailed in the College’s Document Retention Schedule (a copy of which is available on request or via the College website). Records that are no longer required are disposed of securely and in a timely fashion.
WE DO MONITOR YOUR USE OF THE COLLEGE’S COMPUTERS AND NETWORK
We keep an eye on how you use the College’s equipment and computers and what websites you go on when you are browsing the internet at College. This is because we have legal obligations to protect you and we also have a legitimate interest in making sure you are using our computer equipment correctly and that you are not looking at any inappropriate content.
If you want to browse the internet privately, you will need to use your own devices which are not linked to the College’s network or Wi-Fi.
YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You have a number of rights over your personal information, which are:
- You have the right to ask for a copy of any of your personal information held by Preston’s College. You can make a ‘subject access request’ under the General Data Protection Regulations, via e-mail to dpfoi@Preston.ac.uk
- You have the right to ask for your information to be corrected or updated
- You have the right to ask (in certain circumstances) for your information to be deleted
- You have the right to data portability
- You have the right to object to or restrict the processing of your information, in circumstances where we no longer need your personal information
- You have the right to withdraw your consent at any time
- You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy about the way your personal data is being used – please refer to the ICO’s website for further information about this (https://ico.org.uk/)