This page explains what the College does with the personal information you provide us.
From time to time you will be asked to tell us personal information about yourself (e.g. name and email address etc) in order to become a student or a client, to use College systems and services and so on. At the point of collecting the information we aim to clearly explain what it is going to be used for and who we may share it with. Generally, the information is processed as part of our public task of providing education.
We would only use it for marketing with your prior consent.
Any sensitive personal information will never be supplied to anyone outside the College without first obtaining your consent, unless required or permitted by law. We comply with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR), including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.
Whenever you provide such personal information, we will treat that information in accordance with this statement, current legislation and our Data Protection Registration (Registration Number: Z7197213). We also aim to meet current best practice.
Individuals whose personal information the College holds have certain rights under the law. More information can be found on the Information Commissioner’s website.
This section explains how the College uses the personal information that you give us on the enrolment form.
How the College uses your information
The information will be used for purposes relating to education, training, employment, general advice services, well-being and research. The College may share non-sensitive personal information about you with other organisations, for example the Local Authority, for these purposes. We do not share your information for purposes that are incompatible, such as product marketing.
Sensitive personal information you provide (eg. disability or ethnicity) may be used by the College for the purposes of equality of opportunity, support for your studies and to minimise risk. It may also be used anonymously for statistical purposes. The College will ask your permission before sharing sensitive information with other organisations, unless the sharing is permitted by law and necessary.
How government departments use your information
We pass most of the information to government agencies to meet funding arrangements. The College is a Data Processor for the Education and Skills Funding Agency. This means that the College will pass most of the personal information and some of the sensitive information you provide to the Education and Skills Funding Agency (ESFA), and where necessary it is also shared with the Department for Education (DfE).
The information is used for the exercise of functions of these government departments and to meet statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009. It is also used to create and maintain a unique learner number (ULN) and a Personal Learning Record (PLR).
The information provided may be shared with other organisations for purposes of administration, the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and well-being. This will only take place where the sharing is in compliance with the Data Protection Act 1998 and GDPR 2018.
You may be contacted after you have completed your programme of learning to establish whether you have entered employment or gone onto further training or education.
You may be contacted by the English European Social Fund (ESF) Managing Authority, or its agents, to carry out research and evaluation to inform the effectiveness of the programme.
Further information about use of and access to your personal data, and details of organisations with whom the data is regularly shared are available at: https://www.gov.uk/government/publications/esfa-privacy-notice
The legal basis for collecting the information
Most of the information on the form is collected because it is necessary for your enrolment as a student or is required by law. You must provide it in order to enrol at the College.
The following information we are collecting based on your consent, and you may withdraw your consent without this affecting your status as a student: emergency contact details and parent/carer contact details.
Parents, carers and guardians
Under the GDPR and the Data Protection Act 2018, young people aged 16 and over can decide for themselves and give consent for the processing of their personal information. Parental consent is not required. There may be exceptions in regards of students with severe learning difficulties, school link students and those who are otherwise unable to decide for themselves.
The College has found that it is very beneficial to the young person’s progress as a student if the College is able to engage with the parents (or guardian/carer). Therefore it is very important that we have the parents’ details recorded on our systems.
When a student is in Further Education, parents/carers/guardians (or any other third party) are not automatically entitled to the student’s information. We can only release information about our students if we have their consent for this recorded on the College system. Students are asked for their consent for sharing information with parents/others on the enrolment form or when enrolling face-to-face. Students can also inform the College later on of who the College may discuss with about their College matters.
Students may withdraw their consent the same way which they gave it.
In general, we can only share information if we have the person’s consent, or there is a particular piece of legislation or agreement allowing us to share it without consent.
Websites and Cookies
This section applies to anyone accessing College websites.
A cookie is a small file, typically of letters and numbers, downloaded on to your device (e.g. your PC) when you access the College website. Cookies allow the website to recognise your device and so distinguish between the different users that access the site.
Session cookies will remember your selections as you browse the site. These cookies are for the browsing session and not stored long term. No personal information is collected by these cookies.
Google Analytics cookies help us to make the website better for you by providing us with user statistics, for example: which pages are the most visited; how a user navigates the site. No personal information is collected by these cookies.
To find out more about cookies and what cookies might be stored on your device, visit www.aboutcookies.org or www.allaboutcookies.org
During the course of your study you may be asked to use third party websites or services or access linked content (eg. Youtube, Mahara) which may collect personal data about you. That site’s own privacy notice will explain you how they use your data.
The College as a corporate body is the data controller under the Data Protection Act, and the Board of Governors is therefore ultimately responsible for implementation.
The designated Data Controller who is appointed to ensure compliance with the Act is the Director of Strategic MIS; and appointed to deal with day-to-day matters are the Corporate Services Manager and the Director of Human Resources and Organisational Development.
The Data Protection Officer (DPO) is Joanne Ward. If you have any questions about Data Protection at the College, please contact:
City of Bristol College
College Green Centre
PO Box 3158
Bristol, BS6 9JS
If you have a data protection concern that cannot or has not been resolved by the College, you have the right to raise it with the Information Commissioner’s Office.
Privacy notices by audience
Privacy notice (students)
General privacy notice (general public)