- your name, address and contact details, including email address and telephone number;
- details of your qualifications, skills, experience and employment history;
- information about your current level of remuneration, including benefit entitlements;
- information regarding your criminal record, including enhanced criminal record certificate and whether you are barred from working in regulated activity:
- whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
- information about your right to work in the UK.
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where Colchester Institute is relying on its legitimate interests as the legal ground for processing;
- restrict the organisations processing of your personal data;
- request a copy of the personal information you have provided to the organisation and this can be transferred to someone else (if processing within the organisation is based on your consent or necessary to carry out the organisation’s contract with you, and is carried out by automated means); and
- complain to the Information Commissioner if you believe that the organisation has not complied with your GDPR rights – ico.org.uk/global/contact-us/
Email Confidentiality
Emails sent by Colchester Institute and any accompanying attachments are intended for the named recipient(s) only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to the email and highlight the error.
Security Warning
Please note that emails have been created in the knowledge that Internet email is not a 100% secure communications medium. We advise that you understand and observe this lack of security when e-mailing us.
Viruses
Although we have taken steps to ensure that email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. Any views expressed in email messages are those of the individual and not necessarily those of the company or any of its subsidiaries.
Introduction
Colchester Institute needs to retain information about its staff, students and other stakeholders to allow it to carry out its day to day business activities and deliver its strategic objectives, as well as meet legal obligations including data requirements of funding agencies and statutory bodies.
The lawful and correct treatment of personal information is of paramount importance to the organisation and to maintain confidence with all our stakeholders, whoever they are in the wide range of activities we undertake. Through dissemination of this policy we will ensure that the College treats all personal information, including special category data (sensitive personal information) lawfully and correctly.
With the emergence of the General Data Protection Regulation (GDPR), the Government aligned UK law with new EU requirements through the adoption of the Data Protection Act 2018 (‘the Act’) in May 2018. To comply with the provisions of the Act, the College takes steps to ensure that personal information is collected only where necessary, is stored securely, and is used in accordance with the data protection principles which state that personal data must be – fairly and lawfully processed;
- processed for limited purposes and not in any manner incompatible with those purposes;
- adequate, relevant and not excessive;
- accurate;
- not kept for longer than is necessary;
- processed in accordance with individual’s rights;
- held as securely as possible
- not transferred to countries without adequate protection.
Purpose
The purpose of this policy is to ensure that everyone handing personal information is:
- Aware of the Data Protection Act 2018
- Compliant with data protection procedures in all that they do; and
- Ensures that data subjects within their area of management or control are aware of their rights under the Act.
Definitions and interpretation
Scope (information covered by the Act)
‘Personal data’ covered by the Act is essentially any recorded information (paper and electronic) which identifies a living individual.
Personal Data
To identify an individual, Colchester Institute considers ‘Personal data’ to be:
- The name of an individual plus any one of the following:
- Date of Birth, Home address, National Insurance Number, Bank Account Details, telephone contact information, next of kin, personal location data (e.g. IP address, cookie identifier, photograph) or any other unique identifier
Special Category Data (previously referred to as Sensitive Personal Data)
As this type of data could create more significant risks to a person’s fundamental rights and freedoms, it requires more protection. Generally speaking, in order to process such data there must be a lawful basis in addition to satisfying a condition under article 9 (2) of the GDPR** (See below). The College will generally use explicit consent to process the following special category data:
Any information relating to an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, physical disabilities, medical, geometric or biometric data, sexual life, sexual orientation
Whilst details of criminal convictions, care needs, physical disabilities are no longer included under the strict definition (GDPR), for the purposes of Colchester Institute these and any other data of equivalent personal standing, shall be included as ‘Special Category Data’ and require special protection.
Individual Rights
The College understands its requirements with regard to the Act and supporting individuals rights when it comes to personal data held or processed by the College.
- Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the UK GDPR.
- The College will provide individuals with information they are entitled to under the Act when requested, including: the purposes for processing their personal data, the retention periods for that personal data, and who it will be shared with. This is called ‘privacy information’.
- The College will provide privacy information to individuals at the time personal data is collected from them.
- If personal data is obtained from other sources, we will provide individuals with privacy information within a reasonable period of obtaining the data and no later than one month.
- We understand that there are a few circumstances when we do not need to provide people with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort or if any request is manifestly excessive.
- The information we provide under a request will be concise, transparent, intelligible, easily accessible, and use clear and plain language.
- We understand there is a need to regularly review, and where necessary, update our privacy information.
Responsibilities
In order to respond to the requirements of the Act, Colchester Institute will:
- fully observe conditions regarding the fair collection and use of information
- meet its legal obligations to specify the purposes for which information is used
- collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
- ensure the quality of the information used e.g. accurate and relevant.
- hold personal information on Management Information Systems for as long as is necessary for the relevant purpose, or as long as is set out in any relevant contract held by the College and in the Retention of Records Policy (which defines which records should be kept and for how long).
- ensure that the rights of people (see above) about whom information is held can be fully exercised under the Act (these include:
- the right to be informed that processing is being undertaken;
- the right of access to their personal information;
- the right to rectification of information
- the right to erasure of information
- the right to restrict processing in certain circumstances;
- the right to data portability
- the right to object
- rights in relation to automated decision making and profiling
- take appropriate technical and organisational security measures to safeguard personal information
- ensure that personal information is not transferred without suitable safeguards.
- report any breach or loss of personal data to the Information Commissioner Office (ICO), where it is right to do so and in accordance with prescribed procedures.
- maintain a data breach log and report this frequently to the Corporation Board
- provide appropriate training to staff to ensure they are aware of this policy and their responsibilities in accordance with the Act.
- Not use Artificial Intelligence to process personal data until clear guidelines and procedures are in place
Processes
All personal data will be obtained, as far as possible, from the individual and they will be informed at the time of providing the information, as to how their personal data will be used, in support of the provision of college education and training services and any other related activities.
- Personal data will only be collected for justified reasons and specified purposes. These will normally be communicated, in advance, to the person concerned.
- Personal data processed should be accurate, valid and restricted to that which is necessary to satisfy requirements.
- Special Category Data (Sensitive personal data) may normally only be processed if the person has given their explicit consent. (See page 3)
Important
The security of employee and student data should be comprehensively protected against unauthorised access, improper use, accidental loss, destruction and/or damage, by being kept in locked storage, password protected, or by using other suitable precautions.
Electronic Special Category Data must be password protected and/or encrypted. External hard drives, memory sticks, unencrypted laptops and personal cloud storage must not be used to store sensitive data. Staff must take all precautions necessary to maintain confidentiality of all such information whilst in their possession, whether in soft copy or hard copy. The IT Security policy must be followed at all times and staff must exercise extreme care when transmitting special category data by email (internally or externally – password protection must always be used).
Personal information should not be disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party. Staff should note that unauthorised disclosure will usually be a disciplinary matter and may be considered gross misconduct in some cases.
Information on authorised access and disclosure for students is included on the College enrolment form. All staff must ensure they confirm any disclosure is authorised and ensure they follow appropriate processes. (Appendix B “Procedure for Police Enquiries/Attendance on Site)
Colchester Institute will ensure:
- all staff are aware of the Data Protection Act and of their required responsibilities.
- all staff are aware of what to do in the event of discovering an actual or suspected breach or loss of information
- everyone managing and handling personal information understands that they are responsible for following good data protection practice
- this policy is available to every member of staff via college portal and changes are communicated as appropriate
- queries about handling personal information are promptly and courteously dealt with and clear information is available to all staff
- a Data Protection Officer is appointed
- all staff receive appropriate training
Obligation of Staff
- staff should be aware of the Act and how the rules apply to them.
- managers must ensure their staff are aware of the rules, and the onus is on them to recognise any data protection risks and tailor training for their staff accordingly.
- staff must complete data protection induction and training, including a three-year refresher course.
- staff have a responsibility to ensure that they respect confidential information in their possession and maintain information security. Unauthorised disclosure of confidential information to a third party, or assisting others in disclosure, will be viewed by Colchester Institute with the utmost seriousness. Staff should ensure extra vigilance when working off site and/or at home.
- staff must assure themselves that any personal data being disclosed is done so for a legitimate business purpose and that the person or agency in receipt of such information is entitled to receive it.
- where authorised to disclose information, staff are responsible for ensuring that all personal data provided supplied is accurate and for notifying any errors or changes as these arise
- staff are responsible for ensuring information is kept no longer than necessary and held in accordance with the retention of records policy.
- staff will ensure measures are taken to lock computers when not in use, and prevent monitors from being viewed by others if used in open access areas where personal data could be viewed.
- information containing personal or special category data not be left out on desks where it can be viewed and cleared from desks at the end of each working day.
- staff will immediately report any breach or suspected breach or loss of personal information as detailed below.
- staff must not use personal cloud storage, external hard drives, memory sticks or any other unencrypted devices (eg laptops) to store or transfer special category data.
Obligation of students
- ensuring personal data provided to the College is accurate and up to date
- notification of any errors or changes as these arise e.g. changes of address
Technical Security
The College has in place appropriate security measures as required by the Act. Information systems are installed with adequate security controls and all employees who use these systems will be properly authorised to use them for college business.
The IT Security Policy will be published on the College portal. The College relies on computer servers to store data, and will maintain up-to-date antivirus software and appropriate firewalls. Regular back-ups and robust processes for disabling accounts as people leave are in place. Accounts are controlled via groups to ensure only those that need to know certain information have access to that information. A Mobile Device Acceptable Use Policy covers mobile security access control. The wireless access points used at the College all require authentication to be used and cannot be accessed by unauthorised persons. The College ensures all emails are scanned with appropriate software and staff training records are maintained by Human Resources. The College will test the strength of its IT Security Controls from time to time using external expertise and will secure Cyber Essentials Certification annually as a minimum.
Designated Data Controllers
The College has designated Data Controllers with responsibilities for employee and student records as detailed below. Data Controllers determine the purposes for which and the manner in which personal data is processed. They also ensure the sharing of information is undertaken in accordance with this policy.
Director of Human Resources – employee records
Head of Admissions, Registrations and Exams – student records
Director of Estates – CCTV
Breach Reporting
The College is required to notify the ICO in the event of a data security breach. Any staff member who is concerned about data loss must immediately contact the College’s nominated Data Protection Officer (DPO). This is Alison Bennett, Head of Governance. Contact details are reproduced below:
Email: dpo@colchester.ac.uk
Tel: 01206 712606
The Data Protection Officer will investigate any concern from the details provided. The person reporting the breach must provide as much information as possible in order for the investigation to take place. The DPO will involve Data Controllers and members of the College Executive as required. The outcome of the investigation will determine whether there will be a requirement to report the breach to the ICO under relevant guidelines.
https://icosearch.ico.org.uk/s/search.html?query=general+data+breaches&collection=ico-meta&profile=_default
Entitlement to Access to Personal Data
Employees and students are entitled to make a formal request to access any personal data which is being used or “processed” by a computerised system and personal information kept about them as part of a “relevant filing system”. Requests must be made in writing as stated below. The College aims to comply with requests for access to personal information as quickly as possible and will ensure that it is provided within 40 days of the request.
Employees
Employees wishing to access such personal data must complete the Subject Access Request Form (see appendix A) and submit to the Director of HR (Data Controller – employees).
Students
Students wishing to access such personal data should complete the Subject Access Request form (see Appendix A) which is also available from the Registry Department at the Colchester campus or Information Centre at Braintree. In some cases we may need to ask for proof of identification before the request can be processed
Rights of people (detailed on page 5 under responsibilities)
To ask the organisation to take any of these steps, the individual should send the request to dpo@colchester.ac.uk
Sharing information with parents
The student declaration on the enrolment form includes the statement “I understand that Colchester Institute may contact my parent/guardian regarding my attendance, progress, achievement, wellbeing, welfare and personal safety until the end of the academic year in which I turn 18 years of age”, which provides consent for us to share appropriate information, including following up attendance, sending reports home and discussions at parent events.
If a parent/guardian of a student in this age range requests information about their son or daughter than this can be released provided they are named as the next of kin on EBS or ProMonitor and that the member of staff releasing the information has taken steps to ensure the authenticity of the enquirer, and the accuracy of the information given. To eliminate errors as many checks as possible relating to the subject of the inquiry must be made, e.g.
- Full name (not just initials)
- Spelling of name
- Address
- Date of birth
- Course attended
- Next of kin – name and address / phone number
If the staff member is not satisfied that the enquirer is not genuine, or the named next of kin, then they must not release the information.
A student can provide up to date information about their next of kin at Registry or one of the Information Centres.
Students 19 and over
No information can be shared with the parent/guardian of a student aged 19 or over without the express consent of the student.
Third Party requests for student data (including parents not listed as Next of Kin)
Personal Data and Academic References
All requests must be in in writing. The student’s permission will be required before the information is released. This will either be by the consent given at enrolment on the enrolment form, or if outside the remit of the criteria on the privacy statement additional written consent from the student will be required before any information is released. All written requests should be sent to:-
Personal Data:- Registry Department, Colchester Institute, Sheepen Road, Colchester, CO3 3LL
Academic References:- Requests should be emailed to academic.references@colchester.ac.uk
Any query regarding the implementation of this procedure or if individual cases occur where a member of staff is uncertain, reference must be made in the first instance to the relevant Data Controller. In no circumstances should students or other enquirers be given private addresses or telephone numbers of staff or other students.
See Appendix A, Procedures for the Release of Student Data for more information, including requests from individuals or agencies
Any other requests for information from external agencies should be referred in
the first instance to Registry for action under these procedures.
College Publications
Personal information in the public domain for genuine business purposes, such as names, job titles, etc. included in marketing publications, telephone directory, notice boards, is exempt from the Act. However, any employee or student who has good reason for wishing to be excluded from such public information should contact the relevant Data Controller.
Use of CCTV
The College’s Closed Circuit Television Code of Practice complies with the ICO’s CCTV Code of Practice and is the responsibility of the Security Manager. Please refer to the College’s CCTV Code of Practice
Disposal of Confidential Waste
Employees must ensure that they dispose of all personal and sensitive data securely.
E.g. Using the confidential waste bags or shredders. Documentation containing special category data must be kept secure whilst waiting to be confidentially shredded (eg Shredding sacks half-filled must be locked away). No documentation containing sensitive personal data will be placed in waste paper or re-cycling bins.
Other Relevant / Associated Policies Documents:
- CCTV Code of Practice
- IT Security Policy
- Mobile Device Acceptable Use Policy
- Retention of Records Policy
- Staff Disciplinary Policy
This Privacy Notice describes how Colchester Institute (and its subsidiary and related companies*) protects and makes use of the information you provide us with.
*The Privacy Notice relates to Colchester Institute Corporation, Colchester Institute Enterprises Limited, and Colchester Institute Foundation Trust
About this document
This privacy notice explains how Colchester Institute (“we”, “our”, “us”) collects, uses and shares your personal data, and your rights in relation to the personal data we hold. This privacy notice concerns our processing of personal data of past, present and prospective students of Colchester Institute (“you”, “your”)
Colchester Institute is the data controller of your personal data and is subject to Data Protection Law. This includes the Data Protection Act 2018 (“DPA”) and any successor Data Protection Legislation under which the General Data Protection Regulation (“GDPR”)) has been incorporated.
Who does this apply to?
People who use or may use our services. This includes for example:
- visitors to our website
- individuals who study a course with us
- employers who purchase training from us
- employers who take a student on work experience or placement
- employers who employ an Apprentice
- individuals who are customers of the College’s commercial operations
- individuals who request information from us.
If you are asked to provide information to us, it will only be used in the ways described in this Privacy Notice. This Privacy Notice is updated from time-to-time. The latest version is published on our website.
If you have any questions about this policy, please e-mail gary.horne@colchester.ac.uk or write to him at Gary Horne, Deputy Chief Executive, Colchester Institute, Sheepen Road, Colchester, Essex CO3 3LL
How we collect your information
We may collect your personal data in a number of ways, for example:
- from the information you provide to us when you interact with us before joining, for example when you express your interest in studying at Colchester Institute;
- when you apply to study at Colchester Institute and complete enrolment forms via the admissions processes and procedures and\or the Universities and Colleges Admissions Service (UCAS) and;
- when you communicate with us by telephone, email or via our website or social media, for example in order to make enquiries or raise concerns;
- in various other ways as you interact with us during your time as a student of Colchester Institute, for the various purposes set out below;
- from third parties, for example from your previous or current school, sixth form college, FE college or university or employers who may provide a reference about you or who may sponsor your studies.
The types of information we collect
We may collect the following types of personal data about you:
- your name, and contact information such as address, email address and telephone number, as well as your date of birth, national insurance number (or other tax identification number) and your passport number or national identity card details, country of domicile and your nationality. We will also allocate you a unique student number;
- financial information i.e. bank details
- company information e.g. financial, staff, training needs analysis
- website usage data
- information relating to your education and employment history, the school(s), sixth form college(s) and other colleges or universities you have attended and places where you have worked, the courses you have completed, dates of study and examination results. We will also keep records relating to assessments of your work, details of examinations taken, your predicted and actual examination grades and other information in your student record;
- information about your family or personal circumstances, and both academic and extracurricular interests, for example where this is relevant to the assessment of your suitability to receive a bursary or in order to provide you with appropriate pastoral care;
- location information – We may collect and process information that may reveal your location. We use various technologies to determine location including CCTV, GPS, building access control, attendance registers and device identifiers such as IP, MAC address and computer name.
- sensitive personal data and information about criminal convictions and offences, including:
- information concerning your health and medical conditions (e.g. disability and dietary needs);
- certain criminal convictions (e.g. for students on nursing programs, following completion of an annual declaration of “good character”); and
- information about your sex, disability, racial or ethnic origin; religion or similar beliefs; and sexual orientation.
How we use that information
Collecting this data helps us provide you with a service which meets your needs.
Specifically, we may use data:
- to meet our legal and statutory duties and responsibilities
- to process applications, enrolments and workforce development programmes and contracts
- for our own internal records so that we can provide you with a high quality service
- to contact you in response to a specific enquiry
- to customise our services so they work better for you
- to contact you about services, products, offers and other things provided by us which we think may be relevant to you
- to contact you via e-mail telephone or mail for research purposes
- to be shared with other organisations for education, training, employment and well-being related purposes, including for research
- to register your learning with an awarding body for the purposes of learning, assessment and certification
- we may use location data to track classroom and exam attendance, building security and IT security. We also use your location data to provide a convenient way to locate your colleagues. Such as revealing what campus a staff member is working from in Skype for Business. In certain situations we may use the GPS of College assets to reveal is location in the event of theft.
At no time will we assume your permission to use information that you provide for anything other than the reasons stated here.
How we use information about our students
The purposes for which we may use personal data (including sensitive personal data) we collect during a student’s association with us include:
- recruitment and admissions;
- academic matters, including:
- the provision of our core teaching and learning services (e.g. registration, assessment, attendance, managing progress, academic misconduct investigations, certification, graduation);
- maintaining student records;
- assessing your eligibility for bursaries and scholarships, etc.
- providing library, IT and information services;
- non-academic matters in support of our core services, including: o providing student support services (e.g. through Additional Learning Support, academic departments);
- monitoring equal opportunities;
- safeguarding and promoting the welfare of students;
- ensuring students’ safety and security;
- managing student accommodation;
- managing the use of social media;
- managing car parking on campus;
- administering finance (e.g. fees, scholarships and bursaries);
- other administrative purposes, including: carrying out research and statistical analysis;
- carrying out audits (e.g. to ensure compliance with our regulatory and legal obligations);
- providing operational information (e.g. providing IT support, information about building closures or access restrictions on campus, or safety advice);
- promoting our services (e.g. providing information about summer schools or other events happening on and off campus);
- preventing and detecting crime;
- dealing with grievances and disciplinary actions;
- dealing with complaints and enquiries.
Graduation and degree information
Personal data (including award and classification) will be published in the award ceremony booklet. This information will also be passed to third parties involved in the ceremonies (including our local paper and commemorative clothing suppliers). All published details will be available following the relevant graduation events.
You may withhold your consent to your name being published for these purposes when you register online to attend the award ceremony or graduate in absentia.
All award ceremonies may be recorded and, if so, will be available to view online afterwards.
Security
We will hold your information securely.
To prevent unauthorised disclosure or access to your information, we have implemented strong organisational and technical security safeguards.
If information is shared with another organisation (reasons for this are given in the section below) we will ensure an Information Sharing Agreement is in place.
We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Law.
The lawful basis for processing your information and how we use it
We may process your personal data because it is necessary for the legitimate performance of a contract with you (or a third party) or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
- to interact with you before you are enrolled as a student, as part of the admissions process (e.g. to send you a prospectus or answer enquiries about our courses);
- once you have enrolled, to provide you with the services as set out in our learning or student agreement;
- to deal with any concerns or feedback you may have;
- for any other purpose for which you provide us with your personal data.
We may also process your personal data because it is necessary for the performance of our tasks carried out in the public interest or because it is necessary for our or a third party’s legitimate interests. In this respect, we may use your personal data for the following:
- to provide you with educational services which may not be set out in our learning or student agreement but which are nevertheless a part of our academic and educational mission;
- to monitor and evaluate the performance and effectiveness of the organisation, including by training our staff or monitoring their performance;
- to maintain and improve the academic, corporate, financial, estate and human resource management of the College;
- to promote equality and diversity throughout the College;
- to seek advice on our rights and obligations, such as where we require our own legal advice;
- recovering money owed to us;
- for fundraising purposes.
We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:
- to meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws and safeguarding requirements;
- for the prevention and detection of crime;
- in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
We may also process your personal data where:
- it is necessary for medical purposes (e.g. medical diagnosis, provision of health or social care or treatment, or a contract with a health professional);
- it is necessary to protect your or another person’s vital interests; or
- we have your specific or, where necessary, explicit consent to do so.
Sharing information with others
We do not sell or rent your personal information.
Your information may by necessity be disclosed to appropriate staff members of Colchester Institute and to government bodies to fulfil our statutory responsibilities such as the Education and Skills Funding Agency, the Office for Students, Ofsted, Essex County Council, the Learning Records Service or with local partners such as Department for Work and Pensions.
We may need to share your information with other organisations and we will take steps to ensure that these organisations operate within the requirements of Data Protection Law. This includes the following organisations who in some circumstances may act as data processor on our behalf:
- our employees, agents and contractors where there is a legitimate reason for their receiving the information, including: third parties who work with us (for example to provide student accommodation or security services);
- third parties who work with us to provide student support services (e.g. counselling);
- third parties who deliver training services on our behalf (e.g. subcontractor training organisations)
- organisations operating anti-plagiarism software on our behalf
- internal and external auditors.
- those with an interest in tracking student progress and attendance, including: student sponsors (e.g. the Student Loan Company); current or potential education providers (for example, where you take part in an exchange programme as part of your course or withdraw from a course with us a start with another provider); current or potential employers (to provide references and, where students are sponsored by their employer and/or where you take part in a placement, to provide details of progress/attendance);
- professional and regulatory bodies (e.g. Association of Chartered Certified Accountants) in relation to the confirmation of qualifications, professional registration and conduct and the accreditation of courses;
- government departments and agencies where we have a statutory obligation to provide information (e.g. the Office for Students, the Higher Education Statistics Agency (HESA), the Home Office (in connection with UK visas and immigration), Council Tax and Electoral Registration Officers at relevant local authorities (for the purpose of assessing liability for Council Tax and for electoral registration purposes));
- Colchester Institute International Admissions team (so they can contact you to offer a pre-sessional or preparatory course relevant to your application to us);
- crime prevention or detection agencies (e.g. the police, the Department for Work and Pensions and Trading Standards);
- next-of-kin (where there is a legitimate reason for disclosure);
Information may be shared with third parties if it is in connection with the service we are providing to you, for example we might share information with market research companies contracted to undertake work on our behalf to assess your satisfaction with our service. When we do this will ensure there is an Information Sharing Agreement in place.
We will only share your personal information with other people e.g. parents or carers, or with agencies such as the Benefits Department with your permission.
If you are a student at college, the information you supply is used by the Learning Records Service (LRS). The LRS issues Unique Learner Numbers (ULN) and creates Personal Learning records across England, Wales and Northern Ireland, and is operated by the Education and Skills Funding Agency, an executive agency of the Department for Education (DfE).For more information about how your information is processed, and to access your Personal Learning Record, please refer to: https://www.gov.uk/government/publications/lrs-privacy-notices
If, as part of the entry requirements for your course or if you are applying for a job with us, we need to take up a reference or obtain ‘disclosure’ from the Disclosure and Barring Service, we will inform you beforehand.
Any personal information we hold about you is processed in accordance with the Data Protection Act 2018.
For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we may share your personal data with certain third parties. You are given the opportunity not to opt in to of some of these data sharing arrangements, but you should carefully consider the possible impact of doing this.
Website Privacy Policy and Terms and Conditions
Your privacy – the use of personal information
When supplying information you are consenting to the College holding this data in order to process your request and for our own research.
The information may be used by the College to monitor student interest in the courses offered, attainment and retention levels.
Data Protection Act 2018
All personal information is held by Colchester Institute in accordance with the Data Protection Act 2018 and any successor legislation and is kept for as long as is necessary to fulfil your request or process your enquiry or application.
Keeping your information safe
All personal data collected from users completing an online form on this website will be treated as confidential and will not be passed on to any third party for marketing purposes.
Collection of personal information
The Colchester Institute website collects only personal information provided to us by visitors through submitting a web form. This information usually consists of, but is not limited to, name, personal or company address and contact details.
Web forms on our website are used for reasons such as allowing visitors to:
- Request specific materials such as a prospectus or guide
- Submit an enquiry form
- Register to attend a Colchester Institute or University Centre Colchester Open event
- Register to receive email communications in the form of newsletters or updates on new courses/services
The information required is necessary for us to be able to deal with your enquiry, but on occasions there might be additional information that we may request in order to help us to provide the most appropriate response.
Sensitive information is only sought through a form on the website if it is required or necessary as part of a process. Sensitive personal data means personal data consisting of information as to race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record.
Where sensitive information is provided this will be accepted as explicit consent for the College to use the information in connection with the purpose for which it has been provided.
Sensitive personal data is collected by certain web forms on our website in order to allow visitors to:
- Provide information about a disability or disabled access requirements
- Provide information about physical or mental health in order to submit a Colchester Institute Counselling Service Self-Referral form
- State possession of a Criminal conviction, but not the nature of the conviction or any further details related to the conviction, as part of the application form for Full-Time English Language Courses for international and overseas students
How we use your data
When users of our site send us personal information, such as their email address, Colchester Institute will only use the information in order to resolve and reply to your enquiry and shape and improve the services we offer. As part of this process, submitted information may be used for statistical analysis in order to improve our web services.
Where users have submitted a web form registering an interest in a course or service, it may be necessary for the College to add your email address to a mailing list in order to notify you of information relating to the enquiry. All emails you receive from us will offer the option to unsubscribe from the mailing list.
About our Website
The website contains information about the services and courses offered by Colchester Institute, University Centre Colchester and CI Business Solutions.
Every effort has been made to ensure the accuracy of the information contained within this website but Colchester Institute cannot accept any responsibility for errors or omissions in website content, or for any consequences that arise from the use of information contained within the website. Colchester Institute also reserves the right to update our terms and conditions and privacy policy without notice.
The College reserves the right to update and amend information as and when necessary. Colchester Institute will do its best to provide the courses shown, but may have to modify or withdraw a course depending on customer demand and other factors
Course information describes programmes offered by Colchester Institute, University Centre Colchester at Colchester Institute and CI Business Solutions. The College takes all reasonable steps to provide courses as described, but cannot guarantee provision. The information is for guidance and does not form any part of a contract. Colchester Institute reserves the right to introduce changes to the information given, including the addition of new courses or withdrawal, relocation or restructuring of courses listed on the website at any given time.
Changes to web content
On occasion it is necessary for us to make changes to website content. This might include changes to information about courses, campuses, services to the public, facilities or course fees due to legitimate staffing, financial, regulatory or academic reasons.
Examples of why we may need to make changes to content include:
- changes to the law or regulatory requirements
- industrial action
- departure of key personnel
- changes in government policy
Fees are correct at the time of entering/printing information, but may be subject to change. The College cannot accept legal or financial liability as a result of any such changes.
Changes to courses may include:
- variations to the content/modules and delivery method for course programmes
- the cancellation, removal or discontinuation of course programmes due to lack of demand, obsolescence or changes to curriculum
- the merger or combining of programmes or courses
- the withdrawal or reduction of funding
Reporting Errors
The College cannot guarantee that the use of this website will be uninterrupted or error free. If you do encounter problems please report them by contacting our Web Team.
Viruses
Although every effort is made ensure that this website is virus free, it is the responsibility of the end user to check for viruses before downloading any content.
Third party Websites
Colchester Institute cannot accept responsibility for the content of third party websites which we have linked to; these links are provided solely for your convenience.
Copyright
This website and its contents (design, images, text, etc) are the property of Colchester Institute unless stated otherwise. You may not download, retain or copy website content other than for personal, non-commercial use.
Although Colchester Institute takes all reasonable steps to ensure that the content on this website is accurate it is for guidance only and does not form any part of any contract. It is the responsibility of the user to check the accuracy of relevant information before entering into any type of commitment.
Statistical Data Collection
The College collects statistical data about visitors to this site which is used to monitor web page popularity and the overall effectiveness of the website; this sometimes involves placing small amounts of information on your device (computer, mobile phone, etc.). These include small files known as cookies.
We also do this for security and in order to detect and prevent abuse. The data collected includes information on browser type, operating system, page visits, geographic data and clicks through to other websites.
This data is totally anonymous and cannot be traced to an individual in any way by us. Data collected is only used to help us understand how the website is used so that we can improve how our website works and its user experience. The information collected does not contain any personal information and will not identify individual users.
The software we use to collect statistical data is Google Analytics, you can read more about how Google uses the data it collects or download the ‘Google Analytics Opt-out Browser Add-on’ to control data collection. The anonymous data is stored safely and securely, is only available to Colchester Institute and will only be viewed by us or our approved website developers when required.
Colchester Institute uses cookies with Google to show adverts on sites on the internet, based upon your previous interactions with the College’s website. To opt out of customized Google Display Network ads, please click here.
To find out more about how Google uses any data it collects please visit //www.google.com/privacy_ads.html. Any information collected is used only for remarketing purposes and will not be used for any other purpose.
What Are Cookies
This website uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality.
For more general information on cookies see Information Commissioner’s Office page at: ico.org.uk/for-the-public/online/cookies/
How We Use Cookies
We use cookies for the reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.
Disabling Cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies
The Cookies We Set
Cookies Name(s) | Description | |
WordPress | Session PHPSESSID wordpress_test_cookie wp-<name of setting> wordpress_logged_in_<unique id> wordpress_sec_<unique id> | We use WordPress as our content management system which uses cookies for authentication. That means that in order to log in to your website, you must have cookies enabled in your browser.Information about the cookies wordpress sets can be found at: codex.wordpress.org/WordPress_Cookies |
Jetpack | comment_author_ comment_author_email_ comment_author_url_ akm_mobile jetpack_comments_subscribe_ jetpack_blog_subscribe_ jetpackstate jpp_math_pass jetpack_sso_redirect_to jetpack_sso_remember_me stnojs | Jetpack extend wordpress features which we have turned on. The cookies are only set when a user interacts with one of these.Information about the cookies used by Jetpack can be found at: jetpack.com/support/cookies/ |
Cookie Notice | cookie_notice_accepted | A cookie to hide the the cookie notice notifcation after accepting it. |
Timely’s WordPress Core Calendar | ai1ec_<setting> | Cookies are only set when a user interacts with the event calendar settings. |
Ninja Forms | NF_WP_<setting> | Cookies are only set when a user interacts with one of our contact forms. |
Third Party Cookies
Cookies Name(s) | |
Google Analytics | _ga _gid _gat AMP_TOKEN _gac_<property-id> __utma __utmt __utmb __utmc __utmz __utmv __utmx __utmxx _gaexp |
Description | Google Analytics is a simple, easy-to-use tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics provides website owners information about the page a user has seen, for example the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to “remember” what a user has done on previous pages / interactions with the website.If you want to opt out, download and install the add-on for your web browser: tools.google.com/dlpage/gaoptout/ Cookies expire after 2 years. More infomation about the cookies set by Google Analytics can be found at: developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage |
DoubleClickGoogle AdWords Google AdSense | test_cookie IDE __gads _gali |
Description | The Google AdSense service we use to serve our advertising on other websites and Google uses a DoubleClick cookie to limit the number of times that a given ad is shown to you.Cookies expire after 2 years. More information about the cookies and how to opt-out can be found at: https://support.google.com/adsense?source=404#topic=3373519 |
GoogleGoogle Cloud Google Maps | NID |
Description | The NID cookie contains a unique ID which Google sets to remember your preferences and other information on Google websites/services.This can used to personalise how you view Google Maps and other Google services that we use on our website. More information can be found at: www.google.com/policies/technologies/types/ |
Duo | duo_wordpress_auth_cookie duo_secure_wordpress_auth_cookie |
Description | Duo is a third party two-factor authentication that we used for access to the website control panel. |
Controlling Information About You
When you fill in a form or provide your details on our website, you may see one or more tick boxes allowing you to:
- opt in to receive marketing communications from us by e-mail, telephone, text message or post
- opt in to receive marketing from our sponsors, third party partners by e-mail telephone, text message or post.
If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:
- send an e-mail to marketing@colchester.ac.uk
- write to us – Marketing Manager, Colchester Institute, Sheepen Road, Colchester, Essex CO3 3LL
We will not lease, distribute or sell your personal information to third parties unless we have your permission or the law requires us to.
Links From Our Site
Our website may contain links to other websites. Please note that we have no control of websites outside of www.gateshead.ac.uk. If you provide information to a website to which we link, we are not responsible for its protection and privacy. You are advised to read the privacy policy or statement of other websites prior to using them.
People who use our services
We hold the details you provide us with in order to deliver programmes of study, Apprenticeships, workforce development programmes and other services which meet your specific needs.
We only use these details to provide the service you have requested and for other closely related purposes. For example, we might use information about people who have enquired about a course to carry out a survey to find out if they are happy with the level of service they have received or we might use information about an employer offering a student work experience to contact them about a new Apprenticeship scheme or grant.
You are able to request that we stop contacting you at any time.
Information may by necessity be disclosed to appropriate staff members of Colchester Institute and to government bodies (to fulfil our statutory responsibilities) such as the Skills Funding Agency, the Education Funding Agency, Ofsted, the Department for Education and auditors or to local partners
If, as part of the entry requirements for your course, we need to take up a reference or obtain ‘disclosure’ from the Disclosure and Barring Service, we will inform you beforehand.
Any personal information we hold about you is processed in accordance with Data Protection Law.
People who use our commercial services
If you are a customer of a commercial operations of the College eg CH&FS Restaurants, Salons, Refectories and Minories Galleries, the information you provide us to enable us to deliver that service will only be held and used for that purpose or for other closely related purposes eg we might use information about people who use the Hair Salons to send out offers about the Beauty Therapy Services.
People who request information from us
If you request information from us by letter, telephone, email, submitting an enquiry card or from a sales appointment, we will make a record of that enquiry and will use the information you give us to provide you with a response. We will only use the information for these purposes and to provide a follow up service to ensure that we provided you with what you asked for.
You are able to request that we stop contacting you at any time.
Any emails sent to us, including attachments, may be monitored. Please be aware that you have a responsibility to ensure that any email you send us is in the bounds of the law.
Students’ Union
We share some of the information we hold about you (including your name, date of birth, nationality, student email address and programme of study) with the Students’ Union at Colchester Institute unless you notify us that you wish to opt out of student union membership.
The Student Union use this information to administer membership of the Students’ Union. The Student Union may also send some of the student data we provide to the National Union of Students (“NUS”) .
The Student Union and the NUS will give students the chance to opt out of various categories of processing when they register with the Student Union
HESA.
We will send some of the student information we hold to the Higher Education Statistics Agency (“HESA”). HESA collects and is responsible for the database in which HESA student records are stored. Details of how HESA will process this information can be found at: https://www.hesa.ac.uk/about/regulation/data-protection/notices.
National Student Survey and Leaver Surveys
We may pass student contact details to survey contractors to carry out the National Student Survey and surveys of student finances for the organisations identified by HESA in their data protection notices referred to above. These organisations and their contractors will use student’s details only for this purpose, and will then delete them.
About six months after graduation, we will contact each student to ask him or her to fill in the HESA “Destination of Leavers from HE” questionnaire. Students may also be contacted as part of an audit to check that we have undertaken this survey properly. We will not give your contact details to HESA.
Students may also be included in surveys that track the progress of leavers in the years after they graduate. If so, we will pass your contact details to the organisation that has been contracted to carry out that survey. The organisation will use your details only for that purpose and will then delete them.
If you do not want to take part in any of these surveys, please let us know.
Changes to your personal data
Please tell us promptly about any changes to the information we hold about you. This is particularly important for your contact details.
How long your information is kept
Data will be retained under an Information Asset Register schedule of approved retention periods. Subject to any other notices that we may provide to you, we may retain your personal data for a period of ten years after your association with us has come to an end. This may be longer in the case of European Social Fund programmes and in some cases, some information may be retained indefinitely by us in order to maintain your academic record for archiving purposes (or by the Marketing team for the purposes of supporting your lifelong relationship with Colchester Institute).
Your rights
Under Data Protection Law you have the following rights:
- to obtain access to, and copies of, the personal data that we hold about you;
- to require that we cease processing your personal data if the processing is causing you damage or distress;
- to require us not to send you marketing communications.
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data;
- to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
Accessing Your Own Personal Information
You have the right to ask for a copy of any of your personal information held by Colchester Institute. You can make a ‘subject access request’ under the Data Protection Act 2018.
To make a request contact one of the College’s data controllers:
Student Records
Registry
Email: Registry@colchester.ac.uk
Post: Colchester Institute, Sheepen Road, Colchester, Essex CO3 3LL
Employee Records
Mr G Horne, Deputy Chief Executive
Email: dpo@colchester.ac.uk
Post: Colchester Institute, Sheepen Road, Colchester, Essex CO3 3LL
Complaints or Queries
If you have any questions about our collection and use of personal data please contact us. We are happy to provide additional information if it is required.
Changes to This Privacy Notice
We will keep this Privacy Notice under regular review and reserve the right to change it as necessary from time-to-time or if required by law. Any changes will be immediately posted on the website.
Data Protection Officer
Alison Bennett
Email: alison.bennett@colchester.ac.uk
or
Email: DPO@colchester.ac.uk
Post: Colchester Institute, Sheepen Road, Colchester, Essex CO3 3LL