Reaseheath College Privacy Notice

How we use Personal Information

Introduction

Reaseheath College is committed to data security and the fair and transparent processing of personal data.  This privacy notice sets out how we will treat the personal data which you provide to us in compliance with applicable data protection law, in particular the General Data Protection Regulation (EU) 2016/679 (GDPR).

Please read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.

The information published here applies to the personal information (also known as ‘personal data’) that we collect about:

  • Visitors to our Websites
  • Visitor to the College
  • Suppliers to the College
  • Clients of the College (Non Academic)
  • People who Contact the College

Where the College Website is referenced, this includes the main college website (www.reaseheath.ac.uk), the University Centre Reaseheath’s website (www.ucreaseheath.ac.uk), Reaseheath Food centre website (www.reaseheathfoodcentre.com), DART Apprenticeships (www.darttraining.co.uk) or any website within the Reaseheath College domain which has pointed you to this page.

Various other Privacy Notices are published in relation to our use of the personal information of applicants for programmes of study, students, staff, alumni, and others.

Who are we?

Reaseheath College is one of the leading specialist land-based colleges in the UK. The Corporation was established under the Further and Higher Education Act 1992 and is an exempt charity for the purposes of the Charities Act 2011. We are registered with Ofsted, with our registered address being: Reaseheath College, Reaseheath, Nantwich, Cheshire, CW5 6DF.

For the purposes of the GDPR, Reaseheath College is the ‘data controller’ of the personal data you provide to us from this site or as part of general business relations.

Reaseheath College is the Data Controller for all information collected by this website and is registered with the ICO, Registration Number: Z7450714

Information we may collect from you

If you are a Visitor to our Website we may collect the following information:

When you visit the Reaseheath websites we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. For information about how Google Analytics uses your personal information, please see http://www.google.com/intl/en/policies/privacy/ and https://support.google.com/analytics/answer/6004245.

We also collect the request made by your browser to the server hosting the website which includes the IP address, the date and time of connection and the page you ask for. We use this information to ensure the security of our websites and we delete it after a maximum of 3 months. We may use and disclose it as necessary in the event of a security concern or incident.

Like many websites, we also obtain certain types of information when your web browser accesses our website via the use of Cookies.

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit http://www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

The use of your personal information in the above ways is necessary for the legitimate interests of the College in operating and improving its website, analysing its use, and ensuring the security.

Our website collects very little personal information and we use it in ways that are compatible with your individual rights and freedoms.  Where you enter your personal information into an online form on any of our websites for any specified purpose, you will be told about the use we will make of that information (e.g. to enable your attendance at an event).

If you are a Client, Supplier, Visitor or have contacted the college with a General Enquiry.

If you are one of our clients or suppliers, or someone (not a student) who helps us to provide our business services, we may collect and process (where applicable) the following data about you:

  • If you are one of our clients or suppliers, or someone (not a candidate) who helps us to provide our business services, we may collect and process (where applicable) the following data about you:
  • Your full name, job title, contact telephone number and email or other contact details such as a website or Skype address.
  • Details about the business relationship between you and us.
  • Details of any calls, correspondence or meetings between you and us, including any business transactions.
  • Any references, opinions or statements you may provide about one of our candidates.
  • Any marketing preferences you may have provided to us.
  • If you participate in any discussion on our social media platforms, you may provide us with information such as your name and address, email or phone number.

What do we do with your data

If you are one of our clients or suppliers, or someone (not a student) who helps us to provide our business services, we will process your data (where applicable) in the following way:

  • We may collect and store (electronically or manually) your personal data. This may include any correspondence, telephone calls or meetings we have with you as a way of record keeping.
  • We will use your personal details to communicate with you.
  • To record any business transactions between us including all proper administration, i.e. issuing of contracts to meet the obligations that arise from contracts entered between you and us.
  • Providing information to the regulatory authorities (such as HMRC) or statutory bodies.
  • Providing details (as necessary) to our legal or other professional advisers including our insurers.
  • For quality, training and the purpose of best practice.
  • To send you information about our range of courses, and other services that we offer, which we feel may be of interest to you. If you have consented to receive promotional information from us, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click on the unsubscribe link at the bottom of our e-mails. We will not share your information for marketing purposes with third-party organisations.
  • The information you voluntarily offer if you take part in any of our competitions and surveys which we use for research or promotional purposes.
  • Non-personally identifiable details of your website usage data and computer when you visit our website.
  • To supply you with articles, insight, news, jobs, relevant information and products that we feel may be of interest to you.
  • To provide interactive features of our service that you choose to take part.
  • To notify you of significant changes to our service.

Our lawful basis for processing your personal data

Where you are a client, supplier or someone (not a candidate) who helps us provide our business services.

A. Compliance with legal obligations (regulatory and statutory obligations)

As a Further and Higher Education Provider, we are required by law to hold certain records, then we collect and hold those records to comply with that legal obligation.

We also need to comply with our statutory obligations which may include:

  • Data protection laws for keeping your data safe.
  • Tax obligations and reporting requirements to HMRC.
  • Anti-fraud or bribery laws for fraud/crime prevention.
  • Holding certain records for health and safety purposes

We are committed to cooperate with regulatory authorities such as HMRC or the Information Commissioner’s Office and will process data to meet such legal obligations.

B. Our legitimate interests

When we provide/receive services, we will process personal data where it is necessary for the purpose of our legitimate interests including:

Using your personal data:

  • to interact with you to manage and operate effectively our College.
  • to ensure that the College is safe and secure for all persons visiting;
  • Personalise your experience and our offering, whether via our website or otherwise.
  • Marketing – Where we have previously made contact to provide services, we may send relevant marketing information. We will comply with the requirements of the “soft opt in” and offer you an opportunity to refuse marketing when your details are first collected and in subsequent messages (by way of own unsubscribe)
  • Holding records of our business transactions and any relevant communication between us, for example, we will use such records (as applicable) for:
    • Ensuring we are meeting our contractual obligations with clients or suppliers.
    • Dealing with queries or disputes, and where necessary proving a transaction or defending a legal claim as necessary protecting our reputation.
    • Maintaining backups of our systems where required (i.e. a security breach) so that we can restore them up to a certain point where required.
    • Monitoring quality and compliance including compliance with this Privacy Notice.

C. Processing where you have given consent for a specific purpose for the use of your data.

In the event you provide your consent for a specific purpose, we will process your data based on such consent. An example of this may be where you have provided your contact details so that we may use these to provide you with further information about current projects, you may have consented to our processing of your data for that specific purpose. Another example may include where you have provided your written or verbal consent to the use of your data for a specific reason, for example, Company references.

You have the right to withdraw your consent to our processing of your personal data for a particular purpose at any time by letting us know. Where you withdraw such specific consent, this will not have a bearing on the lawfulness of processing such data before the withdrawal.

It is important to note while such specific consent may be withdrawn, we may be required to continue to process data where we have a legal obligation to do so, or where we are contractually obliged to do so, or where we have a legitimate interest to do so. We will limit the processing of your data as required to meet such legal or contractual obligations or legitimate interests.

D. Performance of a Contract

Where we have contracts with Suppliers or Clients, we will process Personal Information where it is necessary for the purpose of performing our contract with you or in preparation of performing a contract, including

  • Contact Details
  • Bank Details
  • to receive/provide the products and/or services to/from you;
  • to communicate with you in relation to the provision of the contracted products and services;
  • to provide you with administrative support such as account creation, security, and responding to issues

Who we share personal data with

Unless we are entitled to do so, we shall not share your personal information. We may share your personal information with the following categories of persons:

  • Individuals, candidates and other third-party suppliers where it is necessary as part of the function of being a Further and Higher Education Provider.
  • Any regulatory authority or statutory bodies such as HMRC or the Information Commissioner’s Office where we are required to do so.
  • Parties who process data on our behalf including (but not limited to) our IT and cloud or storage providers.
  • Insurers, legal and professional advisers.

Keeping your personal data secure

We take the safety and protection of your personal data very seriously and take all reasonable steps to ensure your data is protected. However, the transmission of information via the internet is never completely secure, and therefore we cannot give an absolute guarantee as to the safety of data transmitted to our site or any third party. While any transmission of data is taken at your own risk, we work with our IT and storage providers to ensure they can provide ongoing confidentiality, integrity, availability and resilience of processing systems and services, to make breaches far less likely.

Your data will only be accessed by our staff and third parties where authorised to do so. This will be in circumstances where access is required for us to effectively provide our provision business as a Further and Higher Education Provider.

We will work with our IT and storage providers and own internal staff to ensure appropriate organisational and technical measures are taken against any unauthorised or illegal processing of your personal data, including the accidental loss of or damage to it.

We have worked to ensure we have the technology, procedures and appropriate training of relevant individuals to keep your personal data secure and safe from when we collect it until it is no longer processed or required or removed at your request.

Where we share your personal data with a third party, we will ensure that they have appropriate technical and organisational measures to keep your personal data secure.

Your data processing rights

These rights apply to all data subjects, including our clients, suppliers and any third-party individual we may collect data about.

Where we process data, we understand that you have certain rights listed as follows:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

1. Right to be informed

Where you provide your personal data directly to us, we will communicate our Privacy Notice to you at the earliest opportunity or as soon as is reasonably practicable. We will usually do this at the first point we correspond with each other.

2. Right of access

If you wish to receive a copy of personally identifiable data we store about you, this can be made available on request. To do this, please email dpo@reaseheath.ac.uk and title your email ‘Data Subject Access Request’, including your name and contact details and your reason for requesting a copy of the data we store about you. To ensure we are sending your personal data to you, we may need to contact you to verify your identity. Once we have verified your identity, we will supply you with a digital record of all your personal data as soon as we can, but in any event, it will be within thirty days.

We will not charge you for supplying copies of your personal data in the first instance. However, in the event we find data subject access requests to be manifestly unfounded or excessive, particularly where repetitive, we will need to consider the effort required to handle such requests and charge a reasonable administrative fee.

3. Right to rectification

Where you feel the personal data, we hold about you is inaccurate or incomplete, you have the right to advise us, and we will rectify such data following your instructions. Please email dpo@reaseheath.ac.uk and title your email ‘Data Rectification Request’. We will endeavour to action your request as soon as is reasonably practicable after that.

4. Right to erasure

If you no longer want us to process your personal data, we can remove your personally identifiable data from our databases on request. To do this, please email dpo@reaseheath.ac.uk and title your email ‘Data Erasure Request’, including your name, telephone number and the reason why you no longer want us to process your data. For security reasons, we may need to contact you to verify your identity. Once we have verified your identity, we will aim to erase all related personal identifiable data as soon as we can. We will aim to action your request within two working days, though we will contact you to let you know once completed.

Please note we will need to store some basic information including your full name and basic contact details which may include your email address or your telephone number. This is to ensure we do not duplicate process and we have a sufficient record to ensure we do not unnecessarily contact you or further process your personal data. Should you change your mind or require our services at a later date, simply let us know.

5. Right to restrict processing

If at any point you object to us using your data in a particular way you have the right to suppress or block us processing your data.

For example, if you do not want us to use your data for marketing purposes simply let us know, or please ensure (where applicable) the form you submit to us does not have the ‘marketing’ sign-up option checked.

Please note we will not check the box on your behalf unless you ask us to do so. Please ensure you provide your express permission and check the relevant box manually if you wish to sign up to our marketing lists. If you wish to change your email marketing preference once you have signed up, you can simply unsubscribe where you will have the option to do so in related emails, or if you contact us, we can do this for you.

You can exercise this right at any time, please email dpo@reaseheath.ac.uk and title your email ‘Data Restriction Request’, including your name and contact details, the reason for your request and how you want us to restrict the processing of your data. We will attempt to action your request as soon as is reasonably practicable.

6. Right to data portability

Where you have provided your data directly to us, and it is processed by automated means, you have the right to receive personal data back from us in a structured, machine-readable format, and where you request (and if possible), we will transmit your personal data to another data controller. We will always try to facilitate such request where it is technically feasible to do so.

Please note this right is only applicable where the processing is based on the individual’s consent or for the performance of a contract.

Should you wish to exercise this right at any time, please email dpo@reaseheath.ac.uk and title your email ‘Data Portability Request’, including your name and contact details, and the reason for your request. Where possible, we will attempt to action your request as soon as is reasonably practicable to do so.

7. Right to object

In the event, you object to our processing of your data where we have identified that such processing is based upon legitimate interest and you believe there are no grounds for us to continue to process your data, then you have the right to object.

Should you wish to exercise this right at any time, please email dpo@reaseheath.ac.uk and title your email ‘Data Objection Request’, including your name and contact details, and the reason for your request. We will attempt to action your request as soon as is reasonably practicable to do so.

8. Rights in relation to automated decision making and profiling

We do not make automated decisions using this personal data.

How long do we keep your personal data?

While we understand your rights as detailed above and will assist you with them wherever possible, please note that we may continue to retain, or otherwise use your personal data where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary for the furtherance of those interests or obligations.

We may also need to retain a record where we help you with any of the rights detailed above to keep a record of the request along with the action taken, so that we can evidence our compliance, as well as to ensure that where we receive your data in the future

Where there is a contract between us, and we are the Data Controller we will retain your personal data for the duration of the contract, and for a period of six years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.

We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.

Where you have consented to marketing communications, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.