Privacy Statement

This page explains what the College does with the personal information you provide us.

General

From time to time you will be asked to tell us personal information about yourself (e.g. name and email address etc) in order to become a student or a client, to use College systems and services and so on. At the point of collecting the information we aim to clearly explain what it is going to be used for and who we may share it with. Unless required or permitted by law, we will always ask you before we use it for any other reason. We would only use it for marketing with your prior consent.

Any sensitive personal information will never be supplied to anyone outside the College without first obtaining your consent, unless required or permitted by law. We comply with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR), including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.

Whenever you provide such personal information, we will treat that information in accordance with this statement, current legislation and our Data Protection Registration (Registration Number: Z7197213). We also aim to meet current best practice.

Individuals whose personal information the College holds have certain rights under the law. More information can be found on the Information Commissioner’s website.

Enrolment

This section explains how the College uses the personal information that you give us on the enrolment form.

How the College uses your information

The information will be used for purposes relating to education, training, employment, general advice services, well-being and research. The College may share non-sensitive personal information about you with other organisations, for example the Local Authority (see below), for these purposes. We do not share your information for purposes that are incompatible, such as product marketing.

Sensitive personal information you provide (eg. disability or ethnicity) may be used by the College for the purposes of equality of opportunity, support for your studies and to minimise risk. It may also be used anonymously for statistical purposes. The College will ask your permission before sharing sensitive information with other organisations, unless the sharing is permitted by law and necessary.

How government departments use your information

We pass most of the information to government agencies to meet funding arrangements. The College is a Data Processor for the Education and Skills Funding Agency. This means that the College will pass most of the personal information and some of the sensitive information you provide to the Education and Skills Funding Agency and the Department for Business, Innovation and Skills (BIS). Where necessary it is also shared with the Department for Education (DfE).

The information is used for the exercise of functions of these government departments and to meet statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009. It is also used to create and maintain a unique learner number (ULN) and a Personal Learning Record (PLR).

The information provided may be shared with other organisations for purposes of administration, the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and well-being. This will only take place where the sharing is in compliance with the Data Protection Act 1998.

You may be contacted after you have completed your programme of learning to establish whether you have entered employment or gone onto further training or education.

You may be contacted by the English European Social Fund (ESF) Managing Authority, or its agents, to carry out research and evaluation to inform the effectiveness of the programme.

Further information about use of and access to your personal data, and details of organisations with whom the data is regularly shared are available at: http://www.gov.uk/government/publications/sfa-privacy-notice

The legal basis for collecting the information

Most of the information on the form is collected because it is necessary for your enrolment as a student or is required by law. You must provide it in order to enrol at the College.

The following information we are collecting based on your consent, and you may withdraw your consent without this affecting your status as a student: emergency contact details and parent/carer contact details.

Parents, carers and guardians

Under the GDPR (General Data Protection Regulation), young people aged 16 and over can decide for themselves and give consent for the processing of their personal information. Parental consent is not required. There may be exceptions in regards of students with severe learning difficulties, school link students and those who are otherwise unable to decide for themselves.

The College has found that it is very beneficial to the young person’s progress as a student if the College is able to engage with the parents (or guardian/carer). Therefore it is very important that we have the parents’ details recorded on our systems.

When a student is in Further Education, parents/carers/guardians (or any other third party) are not automatically entitled to the student’s information. We can only release information about our students if we have their consent for this recorded on the College system. Students are asked for their consent for sharing information with parents/others on the enrolment form or when enrolling face-to-face. Students can also inform the College later on of who the College may discuss with about their College matters. Students may withdraw their consent the same way which they gave it.

In general, we can only share information if we have the person’s consent, or there is a particular piece of legislation or agreement allowing us to share it without consent.

Participation in Learning: Sharing information with Local Authorities

This section applies to:

  • 16 and 17 year olds

  • Vulnerable 18 year olds (‘vulnerable’ is defined locally by individual Local Authorities)

  • 18-25 year olds with an Education Health Care Plan (EHCP)

    in the local authorities (LAs) of Bath and North East Somerset, Bristol, North Somerset and South Gloucestershire.

    The Education and Skills Act 2008 (the Act) places duties on LAs to promote the effective participation in education or training of all 16 and 17 year olds resident in their area, and to make arrangements to identify young people resident in their area who are not participating. It is part of the LA’s duties to secure sufficient suitable education and training provision for all 16-19 year olds, and to encourage, enable and assist young people to participate in learning.

    Under the Act, it is the College’s duty to provide relevant information about their students to the LA of each student’s residence, when requested to do so, and notify local LAs when a young person leaves learning at the College. All educational institutions are required to share information with LAs as part of their duty under the Act.

    Section 72 of the Act provides the legal basis for sharing information between LAs and educational institutions. Link to relevant section is referenced here: www.legislation.gov.uk/ukpga/2008/25/section/14

    When you give us your information we will use your details to inform the LA where you live about the learning that you are participating in so that they are able to report monthly to the Department of Education and deliver their duties listed above.

    Please note that some of the services for young people provided by the LA to fulfil their duties are provided by commissioned external contractors and organisations and they are required to use the same security standards as the LA.

    If you wish to opt out of the sharing of your basic details for this purpose, or wish to see information held by the College about you for this purpose, please contact Bristol City Council: foi@bristol.gov.uk or by writing to The Data Protection Officer, Bristol City Council, City Hall, College Green, Bristol, BS1 5TR.

Websites and Cookies

This section applies to anyone accessing College websites.

A cookie is a small file, typically of letters and numbers, downloaded on to your device (e.g. your PC) when you access the College website. Cookies allow the website to recognise your device and so distinguish between the different users that access the site.

Session cookies will remember your selections as you browse the site. These cookies are for the browsing session and not stored long term. No personal information is collected by these cookies.

Google Analytics cookies help us to make the website better for you by providing us with user statistics, for example: which pages are the most visited; how a user navigates the site. No personal information is collected by these cookies.

You may delete or control the use of cookies through your browser settings. Here's the full details of the cookies that are used on our website.

To find out more about cookies and what cookies might be stored on your device, visit www.aboutcookies.org or www.allaboutcookies.org

During the course of your study you may be asked to use third party websites or services or access linked content (eg. Youtube, Mahara) which may collect personal data about you. That site’s own privacy notice will explain you how they use your data.

Responsibilities

The College as a corporate body is the data controller under the Data Protection Act, and the Board of Governors is therefore ultimately responsible for implementation.

The designated data controller who is appointed to ensure compliance with the Act is the Executive Director of Finance; and appointed to deal with day-to-day matters are the Corporate Services Manager and the Director of Human Resources and Organisational Development.

Further information

If you have any questions about Data Protection at the College, please contact:

corporate.services@cityofbristol.ac.uk

Corporate Services
City of Bristol College
College Green Centre
PO Box 3158
Bristol, BS6 9JS

If you have a data protection concern that cannot or have not been resolved by the College, you have the right to raise it with the Information Commissioner’s Office.