College students privacy notice
How we use your personal information
West Nottinghamshire College are the data controller of personal information about you.
Our address is:
West Nottinghamshire College,
Derby Road,
Mansfield,
Notts,
NG18 5BH
If you have any questions about this policy or the ways in which we use your personal information, please contact our Data Protection Officer:
This privacy notice has been prepared in accordance with the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
Please note the college engages the services of 3rd party operators eg vending machine and payment systems, where the college is not the data controller and the service is provided for the convenience of our learners, staff and visitors. We follow strict due diligence procedures with all of our suppliers. If you would like more information, please contact dataprotection@wnc.ac.uk
Which college department would you like more information about?
Admissions
What would you like to learn more about?
-
The information that you give us
As part of your admission to the college we may collect your personal details including: name, address, date of birth, siblings, email address, first and second language, work assessment data, dates of attendance, exam/test results, religion, ethnicity, health information, doctor’s details, behaviour record, sex-related information, genetic data, special needs details, biometric data (thumb print) and criminal records data (CRB check if required). For those under the age of 18 we will ask for parent/guardian name and contact details (phone number and email address).
-
The uses made of your personal information
We will use your information to manage and administer your education. This will include putting together class lists, for sending event invitations, for communicating with you, for dealing with admissions, for putting together reports and registers, to check entrance exam results, to allocate you to the correct classes for assessments, to make arrangements for exams or visits, to consider whether to offer places to students, to consider whether special provision or assistance is required for exams and visits, to arrange work experience and to be able to tell other colleges your attendance dates if you leave. Parent / Guardian information will be used to keep in touch and advise of progress for students under the age of 18.
We may be asked to participate in Department for Education research projects where your data will be transferred to the DfE. Students will be given the option to opt out of this trial.
-
The legal basis on which we collect and use your personal information
Generally, the information is processed as part of our public interest task of providing education to you.
Where that information is special category personal information (e.g. medical information) we will process it because there is a substantial public interest for us to do so.
Where that information is criminal records data, we will process it because we have a legal obligation to do so.
The lawful basis the Department for Education (DfE) rely on for collecting and processing personal data in the Multiply Research Trials is public task, under article 6(1)(e) of the UK GDPR. This allows them to process personal data when this is necessary to do their work as a government department. Section 11 of the Education Act 1996 allows them to do this.
-
How long we keep your personal information
We will only use and store information for so long as it is required for the purposes it was originally collected or for legal and regulatory reasons. How long information will be stored depends upon the information in question and what it is being used for.
-
How we share your personal information
We may share the personal information that you give us with the following types of organisation for the following purposes.
Organisation / type of organisation:
Relevant government departments to whom we have a statutory obligation to release information (including the Department for Education, ESFA, HEFCE, the Higher Education Statistics Agency).
Examining bodies, other educational establishments and other relevant academic bodies.
Potential providers of placements and/or education to our students.
UK Visas and Immigration.
Police (upon presentation of a completed ‘Request for Disclosure of Personal Information’ form checked by BSSS, or a warrant).
Disclosures will be made to other organisations, not listed above, in specific legitimate circumstances. Consent from the student will be sought where necessary
Data will be transferred to EMWPREP for the purposes of assessing aspirations.
We transmit personal information using a secure file transfer service. No information is sent by insecure means. We only send the minimum amount of data required for the data processing task.
-
How we transfer your personal information outside the UK and the EEA
We may transfer the personal information we collect about you outside the UK and the EEA (e.g. USA), in order to perform our contract with you. Some countries are deemed to have adequacy as they provide an adequate level of protection for your personal information and other countries, like the US, require additional measures.
When a country is not deemed as having an adequate level of protection, we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects UK Data Protection Laws; for example we mainly rely on the EU Standard Contractual Clauses (SCCs) with the UK Addendum or the UK International Data Transfer Agreement (IDTA). If you require further information about these protective measures, please email us at dataprotection@wnc.ac.uk
Finance
What would you like to learn more about?
-
The information that you give us
To manage the financial affairs of the College we collect and hold the following information about you: funding information, contact details, bank details, card information for direct debits, cashless payments, invoices.
-
The uses made of your personal information
We will use your information in respect of making/receiving payment to/from you.
-
The legal basis on which we collect and use your personal information.
Generally, the information is processed as part of our public interest task of providing education related services to you.
-
How long we keep your personal information.
We will only use and store information for so long as it is required for the purposes it was originally collected or for legal and regulatory reasons. How long information will be stored depends upon the information in question and what it is being used for.
-
How we share your personal information
We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes.
Organisation / type of organisation:
Government agencies
Insurnace companies
Law enforcement agencies
Internal and external auditors
Debt Collection agencies
Employers of students
Financial software providers
External providers for collecting direct debit payments and card payments
Bank
Health & Safety
Purpose:
To comply with statutory reporting
Reporting and/or investigation of criminal and/or antisocial behaviour
In the event of an insurance claim
Cashless Catering Service
Direct Debit payments
Credit/Debit card transactions
Special Needs Support
Making payments for supplies and grants
Receiving or making payments
To pursue unpaid amounts
-
How we transfer your personal information outside Europe
We do not store or transfer your personal data outside Europe.
Marketing
What would you like to learn more about?
-
The information that you give us
For marketing purposes we collect: name, address, date of birth, email address, phone number. For those under the age of 18 we will ask for Parent/ Guardian contact name, phone number and email address.
-
The uses made of your personal information
We will use your information to: inform you of courses and/or qualifications available from the college which we believe you may be interested, inform you of events you may be interested in, inform you of offers, inform you about college activities and news. Where a student is under the age of 18, Parent/Guardians may be contacted with details of application / admissions information events.
-
The legal basis on which we collect and use your personal information
Where you have previously studied at the college or commenced an application process with us before, then we will send you information about the courses we provide on the basis of our legitimate business interests. In doing so, we will comply with the requirements of the “soft opt in” and offer you an opportunity to refuse marketing when your details are first collected and in subsequent messages (by way of unsubscribe).
Any other marketing we carry out will be on the basis of consent.
-
How long we keep your personal information
We will retain your information until you withdraw your consent to the processing.
-
How we share your personal information
We do not share your information in a way that allows other organisations to market to you. However, we do share your details with various marketing partners to enable us to communicate with you; these are also referred to as third party data processors.
We only share your personal data with marketing partners where they have confirmed they apply appropriate data protection and security controls. The information we provide will be limited to only that necessary to complete the processing for which they have been engaged. They will not be permitted to use your information for any purposes other than those outlined in this Privacy Notice. Examples of the types of marketing partners we use include:
- Live chat software to talk to clients via the college website (e.g. Tawk.to).
- Marketing automation platforms (e.g. Force24)
- Email platforms (e.g. Mailchimp)
- Event ticketing websites (e.g. Eventbrite)
- SMS messaging services (e.g. Esendex)
-
How we transfer your personal information outside the UK and the EEA
We may transfer the personal information we collect about you outside the UK and the EEA (e.g. USA), in order to perform our contract with you. Some countries are deemed to have adequacy as they provide an adequate level of protection for your personal information and other countries, like the US, require additional measures.
When a country is not deemed as having an adequate level of protection, we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects UK Data Protection Laws; for example we mainly rely on the EU Standard Contractual Clauses (SCCs) with the UK Addendum or the UK International Data Transfer Agreement (IDTA). If you require further information about these protective measures, please email us at dataprotection@wnc.ac.uk
Monitoring of college's computers
-
Will we monitor your use of the college’s computers?
We keep an eye on how you use the college’s equipment and computers and what websites you go on when you are browsing the internet at college. This is because we have legal obligations to protect you, and we also have a legitimate interest in making sure you are using our computer equipment correctly and that you are not looking at any inappropriate content.
If you want to browse the internet privately, you will need to use your own devices which are not linked to the college’s network or internet connection.
Teaching
What would you like to learn more about?
-
The information that you give us
As part of the delivery of our courses to you, our staff will collect (e.g. for marking purposes), the work that you create as well as any feedback you give or comments you make relating to your course. In addition, when you use the IT systems we provide you with access to, we will process the data you input.
-
The uses made of your personal information
We will use your information for the purposes of teaching you and measuring your achievements.
-
The legal basis on which we collect and use your personal information
Generally, the information is processed as part of our public interest task of providing education to you.
-
How long we keep your personal information
We will only use and store information for so long as it is required for the purposes it was originally collected or for legal and regulatory reasons. How long information will be stored depends upon the information in question and what it is being used for.
-
How we share your personal information
We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes.
Organisation / type of organisation:
Relevant government departments to whom we have a statutory obligation to release information (including the Department for Education, the Education and Skills Funding Agency, HEFCE, the Higher Education Statistics Agency)Examining bodies, other educational establishments and other relevant academic bodies
Potential providers of placements and/or education to our students
Purpose:
Course or examining body requirements
Credit/Debit card transactions
Registration for qualifications, examinations and awards
We may also share your personal information with third parties who provide services to the college.
-
How we transfer your personal information outside the UK and the EEA
We may transfer the personal information we collect about you outside the UK and the EEA (e.g. USA), in order to perform our contract with you. Some countries are deemed to have adequacy as they provide an adequate level of protection for your personal information and other countries, like the US, require additional measures.
When a country is not deemed as having an adequate level of protection, we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects UK Data Protection Laws; for example we mainly rely on the EU Standard Contractual Clauses (SCCs) with the UK Addendum or the UK International Data Transfer Agreement (IDTA). If you require further information about these protective measures, please email us at dataprotection@wnc.ac.uk
Your Rights
-
Your rights over your personal information
You have a number of rights over your personal information, which are:
- 1.1.1 The right to be informed about our collection and use of personal data;
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website policy. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
- 1.1.2 Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
- 1.1.3 Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
- 1.1.4 Right to restrict processing
You have the right to ask us to restrict the processing of your personal data. For example, this may be because you have issues with the accuracy of the data we hold or the way we have processed your data. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
- 1.1.5 Right to Erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
- 1.1.6 Right to Portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.
If you would like to exercise this right, please contact us as set out below.
- 1.1.7 Right to object
You have the right to object to our processing of some or all of the personal data that we hold about you. This is an absolute right when we use your data for direct marketing, but may not apply in other circumstances where we have a compelling reason to do so, e.g., a legal obligation.
Changes to our privacy notice
-
Changes
We keep our privacy notice under regular review. Any changes we make to our privacy notice in the future will be notified to you in ‘News and Announcements’ on the student portal (https://studentportal.wnc.ac.uk/ ).
Giving your reviews and sharing your thoughts
-
Sharing information on social media
When using our website or other online presence, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts, so you are comfortable with how your information is used and shared on them.
Data Security
-
Your Data Security
Data security is of great importance to West Notts College and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
- Limiting access to our buildings to those that we have determined are entitled to be there (by use of passes, key card access and other related technologies);
- Implementing access controls to our information technology
- We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.
- Never asking you for your passwords;
- Advising you never to enter your College ID number or password into an email or after following a link from an email.
Last reviewed Dec 2024