General privacy notice

How we use your personal information

West Nottinghamshire College are the data controller of personal information about you.

Our address is:
West Nottinghamshire College,
Derby Road,
Mansfield,
Notts,
NG18 5BH

If you have any questions about this policy or the ways in which we use your personal information, please contact our Data Protection Officer:

This privacy notice has been prepared in accordance with the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

Please note the college engages the services of 3^rd party operators eg vending machine and payment systems, where the college is not the data controller and the service is provided for the convenience of our learners, staff and visitors. We follow strict due diligence procedures with all of our suppliers. If you would like more information, please contact dataprotection@wnc.ac.uk

Who are you?

• Visitor to our college
• One of our suppliers to the college
• One of our customers
• Your Rights

Visitor to our college

What would you like to learn more about?

• The information we collect about you and why we collect it

  As part of your visit to the college we store and use your personal details and information about your visit for the purposes of managing and operating the college. We collect full name, vehicle registration number and mobile phone number.

  We use CCTV at our buildings for the purposes of crime prevention, security and health and safety and, accordingly, will capture imagery of visitors to the college.

  We may use your data to contact you in an emergency using your mobile number and to identify your vehicle while in our car parks.

• The legal basis on which we collect and use your personal information

  Except in the circumstances highlighted below, we process this information on the basis of our legitimate interests:

  • we have a legitimate interest in wishing to interact with you to manage and operate effectively our college and to ensure that the college is safe and secure for all persons visiting; and
  • to be able to do so, we need to understand details of who is in the building and to be able to communicate with them.
  • Where we are required by law to hold certain records, then we collect and hold those records to comply with that legal obligation.
• How long we keep your personal information

  We will only use and store information for so long as it is required for the purposes it was originally collected or for legal and regulatory reasons. How long information will be stored, depends upon the information in question and what it is being used for.

  CCTV: CCTV footage is deleted after 28 days on a rolling basis unless it is required as part of an investigation, in which case it will be kept until the completion of the investigation. Visitor’s record: The daily visitors’ record book pages are destroyed after two working days.

  Health and Safety: Up to 40 years, to comply with legislation

  We will always retain your personal information in accordance with the prevailing data protection legislation and will never retain your information for longer than is necessary.

• How we share your personal information

  We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes.

  Organisation / type of organisation:

  Law enforcement agencies
  Insurance Companies

  Purpose:

  Reporting and/or investigation of criminal and/or antisocial behaviour
  In the event of an insurance claim

• How we transfer your personal information outside Europe

  We do not store or transfer your personal data outside Europe.

• Automated decisions we take about you

  We do not make automated decisions using this information.

One of our suppliers to the college

We store and use your information for the purposes of managing our suppliers in respect of the supply of goods and services that our college may need.

What would you like to learn more about?

• The information we collect about you and why we collect it

  In order to engage and manage our suppliers, where you are a supplier (or where if it is a company, you are its representative) we collect and store your contact information and, where appropriate, your bank account details. We hold this information in order to arrange payments and exchange financial details with yourselves.

  You may also be asked to provide details of your occupation and your CV.

  In addition, where you visit a building we will collect and process the information set out in the “A visitor to our college” section above.

• The legal basis on which we collect and use your personal information

  Except in the circumstances highlighted below, we process this information on the basis of our legitimate interests:

  • we have a contractual obligation we have entered into which involves engaging and managing our suppliers; and
  • to be able to do so, we need to hold details of who those suppliers are.

  Where we are required by law to hold certain records for health and safety purposes, then we hold those records to comply with that statutory obligation.

  Where we hold your bank account details, we do so on the basis that it is necessary for us to perform our contract with you.

• How long we keep your personal information

  Financial information is usually kept for 6 years after the end of the financial year. However, certain financial information may be kept longer if it is a condition of a grant that the college has received or on occasion and where necessary data may be kept longer if there is a dispute with a supplier.

  Health & Safety – 40 years

  We will always retain your personal information in accordance with the prevailing data protection legislation and will never retain your information for longer than is necessary.

• How we share your personal information

  We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes.

  Organisation / type of organisation:

  Government agencies
  Insurance companies
  Law enforcement agenices
  Internal and external auditors
  Insurance companies
  Bank
  Health & Safety

  Purpose:

  Reporting and/or investigation of criminal and/or antisocial behaviour in the event of an insurance claim.

• How we transfer your personal information outside Europe

  We do not store or transfer your personal data outside Europe.

• Automated decisions we take about you

  We do not make automated decisions using this personal data.

One of our customers

We store and use your information for the purposes of managing and charging for the services that our college offers.

What would you like to learn more about?

• The information we collect about you and why we collect it

  In order to engage and best serve our customers, we may collect information to meet service requirements and assess the fees that we will charge for the services provided. We may also collect financial information such as credit or debit card details and contact information in order to charge for services.

  In addition, where you visit a building we will collect and process the information set out in the “visitor to our college” and “College students” sections above (if relavent).

• The legal basis on which we collect and use your personal information

  Except in the circumstances highlighted below, we process this information on the basis of our legitimate interests:

  Where we are required by law to hold certain records for health and safety purposes, then we hold those records to comply with that statutory obligation.

  Where we hold your bank account details, we do so on the basis that it is necessary for us to perform our contract with you

• How long we keep your personal information

  Financial information is usually kept for 6 years after the end of the financial year. However, certain financial information may be kept longer if it is a condition of a grant that the college has received or on occasion and where necessary data may be kept longer if there is a dispute with a customer.

  We will always retain your personal information in accordance with the prevailing data protection legislation and will never retain your information for longer than is necessary.

• How we share your personal information

  We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes:

  Organisation / type of organisation:

  Government agencies
  Insurance companies
  Law enforcement agencies
  Internal and external auditors
  Debt collection agencies
  Financial software providers
  Banks

  Purpose:

  To comply with statutory reporting
  Reporting and/or investigation of criminal and/or antisocial behaviour
  In the event of an insurance claim
  To pursue unpaid amounts
  Receiving or making payments

  We may also use your information to send you details of other courses which may be of interest to you. You can opt out of this marketing information by contacting the college general number (01623 627191) or by contacting enquiries@wnc.ac.uk.

• How we transfer your personal information outside Europe

  We do not store or transfer your personal data outside Europe.

• Automated decisions we take about you

  We do not make automated decisions using this information.

Your Rights

• In each case, you have certain rights, including how to get a copy of your data, how to get it corrected or deleted, and how to complain.

  Please note that on occasions we may process “special categories” of information about you. This is information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

  You have a number of rights over your personal information, which are:

  • 1.1.1 The right to be informed about our collection and use of personal data;

    You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website policy. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.

  • 1.1.2 Right to Access Your Personal Information

    You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.

    We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

    If you would like to exercise this right, please contact us as set out below.

  • 1.1.3 Right to Correction Your Personal Information

    If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.

    If you would like to exercise this right, please contact us as set out below.

  • 1.1.4 Right to restrict processing

    You have the right to ask us to restrict the processing of your personal data. For example, this may be because you have issues with the accuracy of the data we hold or the way we have processed your data. The right is not absolute and only applies in certain circumstances.

    If you would like to exercise this right, please contact us as set out below.

  • 1.1.5 Right to Erasure

    You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

    If you would like to exercise this right, please contact us as set out below.

  • 1.1.6 Right to Portability

    The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.

    If you would like to exercise this right, please contact us as set out below.

  • 1.1.7 Right to object

    You have the right to object to our processing of some or all of the personal data that we hold about you. This is an absolute right when we use your data for direct marketing, but may not apply in other circumstances where we have a compelling reason to do so, e.g., a legal obligation.

  • 1.1.8 For more information about your privacy rights

    The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here https://ico.org.uk/for-the-public.

    You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

• Changes to our Privacy Policy

  We keep our privacy policy under regular review and will update it from time to time to make sure it remains up-to-date and accurate.

Data Security

• Your Data Security

  Data security is of great importance to West Notts College and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

  We take security measures to protect your information including:

  • Limiting access to our buildings to those that we have determined are entitled to be there (by use of passes, key card access and other related technologies);
  • Implementing access controls to our information technology
  • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.
  • Never asking you for your passwords;
  • Advising you never to enter your College ID number or password into an email or after following a link from an email.

Last reviewed Dec 2024