List of active policies

Name Type User consent
Personal Information Privacy policy All users

Summary

We need to hold your personal details for course administration, registration and certification purposes and guarantee not to pass your information onto a third party, except for the Awarding body for your course, or if required to do so by Law.


Full policy

Data Protection Policy

 These are:

 Principle One - Personal data shall be processed fairly and lawfully, and in particular:

 Personal data shall not be processed unless at least one of the following conditions is met:

 ·         The Data Subject has given consent;

·         Processing is necessary for the performance of a contract or with a view to entering into a contract;

·         Processing is necessary to comply with a legal obligation;

·         Processing is necessary to protect the vital interests of the Data Subject;

·         Processing is necessary for the administration of justice or the administration of public functions;

·         Processing is necessary for the purposes of legitimate interests pursued by the data controller, except in cases that prejudice the rights and freedom of the Data Subject.

 Sensitive personal data shall not be processed unless at least one of the following conditions is also met:

 ·         The Data Subject has given explicit consent;

·         Processing is necessary to perform legal obligations imposed by law in connection with employment;

·         Processing is necessary to protect the vital interests of a person in a situation where consent cannot be reasonably obtained;

·         Processing is carried out for the legitimate purposes of a non-profit making body established for political, philosophical, religious or trade union activities;

·         The information has already been made public by the Data Subject;

·         Processing is necessary in connection with legal proceedings;

·         Processing is necessary for the administration of justice or the administration of public functions;

·         Processing is necessary for medical purposes;

·         Processing is of information as to racial or ethnic origin and is necessary for equal opportunities monitoring.

 

Principle Two - Personal data shall be obtained only for the purposes specified and shall only be processed for those purposes.

 

Principle Three - Personal data shall be adequate, relevant and not excessive for the purpose for which they are processed.

 

Principle Four - Personal data shall be accurate and, where necessary, kept up to date.

 

Principle Five - Personal data shall not be kept for longer than is necessary.

 

Principle Six - Personal data shall be processed in accordance with the rights of Data Subjects under the Data Protection Act (1998). In particular, Data Subjects have the right:

 To be informed whether personal data about them is being processed, its source and nature, the purposes of processing and the likely users/recipient(s);

  • To be informed of the logic of any purely automated decision which significantly affects them [in an educational institution this may apply to multiple-choice tests marked by computer].

 Institutions holding personal data have the right to ask for proof of identification and to charge a reasonable fee before releasing it to a Data Subject.

 Principle Seven - Appropriate measures shall be taken against unauthorized processing of personal data and against accidental loss or destruction to personal data.

 Principle Eight - Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

 

 Data for which the College is responsible

 This policy is based on the model Notification developed for the UK higher education sector.

 Data belonging to the School - whether it be administrative data, admissions and enrolment data, coursework data which students have submitted for assessment, or data staff have collected in the course of employment with the School - falls within this policy regardless of whether it is gathered and-or processed on or off School premises or via online channels.

 Activities carried out by members of the School at home, or when travelling with a laptop or tablet, may therefore fall under this policy; conversely some processing carried out on School premises may be the responsibility solely of the individual concerned.

 

 Data for which the School is not responsible

 The following categories of data are excluded from the requirements of this policy:

Personal data for personal and domestic use (such as, for example, addresses of personal friends) held and processed by staff and students - even if it is done using College computing facilities.

 

  • Personal data processed in the course of a member of staff's activities not directly related to their employment with the School, and where this activity is likely to lead to commercial exploitation.

    The School is not responsible for this and it would not normally be appropriate for such activities to be carried out using School facilities without special arrangements being made.

 

  • Personal data processed on behalf of another organisation with which a member of staff or student is associated in a private capacity or in the course of wider academic or professional activities (eg a managing a local community group or organising a conference for a professional body or national student group) - even if it is done using College computing facilities.

 

The School is not responsible for this and it would not normally be appropriate for such activities to be carried out using School facilities without special arrangements being made.