Brockenhurst College is committed to protecting your privacy.
This privacy notice explains: how the College collects, uses and shares your personal data; your rights in relation to the personal data we hold; and how we protect your privacy.
Brockenhurst College is the controller of your personal data and complies with the requirements of the General Data Protection Regulation (GDPR) and related UK data protection legislation.
The information that you give us
We will collect personal information from you when you become and while you are a student of the College. This might include your: name, address, date of birth, phone number, email address, parent/guardian/next of kin and contact details, ethnicity, health information, exam results, photos.
The legal basis for processing your information and how we use it
We may process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
- To interact with you before you are enrolled as a student, as part of the admissions process (e.g. to send you a prospectus or answer enquiries about our courses) and once you have enrolled, to provide you with the services as set out in our Learner Agreement;
- To provide support for special requirements and medical conditions;
- To deal with any concerns or feedback you may have;
- For any other purpose for which you provide us with your personal data.
We may also process your personal data because it is necessary for the performance of our tasks carried out in the public interest or because it is necessary for our or a third party’s legitimate interests. In this respect, we may use your personal data for the following:
- To provide you with educational services, including communicating with you in relation to your course;
- To monitor and evaluate the performance and effectiveness of the College;
- To maintain and improve the academic, corporate, financial, estate and human resource management of the College;
- To promote equality and diversity throughout the College;
- To seek advice on our rights and obligations, such as where we require our own legal advice;
- Recovering money you owe to us;
- For fundraising purposes.
We may also process your personal data in order to comply with our legal obligations. In this respect, we may use your personal data for the following:
- To meet our compliance and regulatory obligations, including Ofsted inspections and providing Destinations Data including Graduate Outcomes;
- To meet our compliance with anti-money laundering laws and safeguarding requirements;
- For the prevention and detection of crime;
- In order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
We may also process your personal data where we have your specific, explicit consent to do so. In this respect, we may use your personal data for the following:
- Contact you for direct marketing purposes;
We may also process your personal data where it is necessary to protect your or another person’s vital interests.
Special category personal information
Where we collect your special category personal information, we do this on the basis that there is a substantial public interest for us to do so as it is necessary for the purposes of carrying out our obligations to the funding bodies. Special categories of personal data are personal data that reveal a person’s racial or ethnic origin, political opinions, religions or philosophical beliefs, trade union membership, genetic data (i.e. information about their inherited or acquired genetic characteristics, information about their physical, physiological or behavioural characteristics (such as facial images and fingerprints), physical or mental health, sexual life or sexual orientation and criminal records).
Sharing information with others
For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we may share your personal data with certain third parties. We do not share personal information with anyone unless the law and our policies in accordance with the GDPR allow us to do so, or if we have specifically obtained consent. Otherwise, there will always be an agreement or contract in place to ensure that your data is handled in accordance with the College’s Data Protection Policy by the third party. We may disclose limited personal data to a variety of recipients including:
- Our employees;
- Agents and contractors where there is a legitimate reason for their receiving the information, including:
- third parties who work with us to provide student accommodation;
- third parties who work with us to provide student support services (e.g. counselling);
- third parties who work with us to provide work placements;
- internal and external auditors.
- Those with a legitimate or legal interest in tracking student progress and attendance, including:
- student sponsors (e.g. the Student Loan Company, research sponsors, Research Councils, NHS);
- current or potential education providers (for example, where you take part in an exchange programme as part of your course);
- current or potential employers (to provide references and, where students are sponsored by their employer and/or where you take part in a placement, to provide details of progress/attendance);
- Awarding bodies (e.g. City & Guilds, BPEC, CACHE, OCR, VTCT, Ascentis) in relation to the confirmation of qualifications, and conduct and the accreditation of courses;
- Government departments and funding bodies where we have a statutory obligation to provide information (e.g. HEFCE, ESFA, the Home Office (in connection with UK visas and immigration));
- Crime prevention or detection agencies, including the police and the Department for Work and Pensions and Trading Standards;
- Legitimate health authorities for the purposes of protecting public health and safety (e.g. infectious disease control measures)
- Parents, guardians, next-of-kin and with those that make applications on your behalf.
- Legitimate authorities or public bodies for the purposes of safeguarding
You are given the opportunity to opt out of some of these data sharing arrangements, for example when you register with us, but you should carefully consider the possible impact of doing this.
International data transfers
Some of the personal data we process about you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), for example where it is processed by staff operating outside the EEA who work for us or for one of our suppliers, or where personal data is processed by one of our suppliers who is based outside the EEA or who uses storage facilities outside the EEA. There will always be an agreement or contract in place to ensure that your data is handled in accordance with the College’s Data Protection Policy.
In these circumstances, your personal data will only be transferred on one of the following bases:
- Where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (e.g. standard data protection clauses adopted by the European Commission);
- A European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
- There exists another situation where the transfer is permitted under applicable law (e.g. where we have your explicit consent)
Education and Skills Funding Agency (ESFA) Data Notice
This privacy notice is issued by the Education and Skills Funding Agency (ESFA) on behalf of the Secretary of State for the Department of Education (DfE) to inform learners about the Individualised Learner Record (ILR) and how their personal information is used in the ILR. Your personal information is used by the DfE to exercise our functions under article 6(1)(e) of the UK GDPR and to meet our statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009.
The ILR collects data about learners and learning undertaken. Publicly funded colleges, training organisations, local authorities, and employers (FE providers) must collect and return the data to the ESFA each year under the terms of a funding agreement, contract or grant agreement. It helps ensure that public money distributed through the ESFA is being spent in line with government targets. It is also used for education, training, employment, and well being purposes, including research. We retain ILR learner data for 3 years for operational purposes and 66 years for research purposes. For more information about the ILR and the data collected, please see the ILR specification at https://www.gov.uk/government/collections/individualised-learner-record-ilr
ILR data is shared with third parties where it complies with DfE data sharing procedures and where the law allows it. The DfE and the English European Social Fund (ESF) Managing Authority (or agents acting on their behalf) may contact learners to carry out research and evaluation to inform the effectiveness of training. In these cases, it is part of our statutory duties and we do not need your consent.
For more information about how your personal data is used and your individual rights, please see the DfE Personal Information Charter (https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter) and the ESFA Privacy Notice (https://www.gov.uk/government/publications/esfa-privacy-notice)
If you would like to get in touch with us, you can contact the DfE in the following ways:
- Using our online contact form at https://form.education.gov.uk/service/Contact_the_Department_for_Education
- By telephoning the DfE Helpline on 0370 000 2288
- Or in writing to – Data Protection Officer, Ministerial and Public Communications Division, Department for Education, Piccadilly Gate, Store Street, Manchester, M1 2WD
If you are unhappy with how we have used your personal data, you can complain to the Information Commissioner’s Office (ICO) at – Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can also call their helpline on 0303 123 1113 or visit https://www.ico.org.uk
Date last updated: 13 May 2021
Under the GDPR you have the following rights:
- To obtain access to, and copies of, the personal data that we hold about you – when fulfilling your request for a copy of your information, we remove information about other individuals;
- To require us to correct the personal data we hold about you if it is incorrect;
- To require us to, in certain circumstances such as where our use of your personal information is based on your consent and we have no other legal basis to use your personal information, erase your personal data;
- To require us to restrict our data processing activities
- To withdraw consent: where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal. Where our processing is in accordance with one of the legal bases outlined above you will not be able to withdraw consent;
- To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
You can lodge a complaint
If you have a problem with the way we process your data that we are unable to help you resolve, you have a right to lodge a complaint with the supervisory authority, which is the Information Commissioner’s Office (ICO). Please see their website for information www.ico.org.uk. If you are dissatisfied, please talk to us in the first instance where we will do our utmost to help.
How long your information is kept
We will not keep your personal information for longer than we need it for the purposes we have explained above. Subject to any other notices that we may provide to you, we may retain your personal data for the following periods of time after your association with us has come to an end, after which time your information will be destroyed or deleted confidentially: up to one year for any teachers notes; six years for your full student record; and we will retain any Safeguarding records until you reach age 25.
The College can be contacted at:
Tel: 01590 625555
If you have any queries about this privacy notice or how we process your personal data, you can contact our Data Protection Officer: firstname.lastname@example.org.
You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website available at: www.ico.org.uk.