Reaseheath College Privacy Notice for Student Applicants
How we use Personal Information
Reaseheath College is committed to data security and the fair and transparent processing of personal data. This privacy notice sets out how we will treat the personal data which you provide to us in compliance with applicable data protection law, in particular the General Data Protection Regulation (EU) 2016/679 (GDPR).
Please read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.
This page provides information about the use of personal information provided by prospective students of Reaseheath College (http://www.reaseheath.ac.uk/) and the University Centre Reaseheath (https://www.ucreaseheath.ac.uk) and DART Apprenticeships (www.darttraining.co.uk) during the Application and Enquiries process.
During this process you will be asked to tell us personal information about yourself (e.g. name and email address etc) in order to become a student or a client, to use College systems and services and so on. At the point of collecting the information we aim to clearly explain what it is going to be used for and who we may share it with. Unless required or permitted by law, we will always ask you before we use it for any other reason.
Who are we?
Reaseheath College is one of the leading specialist land-based colleges in the UK. The Corporation was established under the Further and Higher Education Act 1992 and is an exempt charity for the purposes of the Charities Act 2011. We are registered with Ofsted, with our registered address being: Reaseheath College, Reaseheath, Nantwich, CW5 6DF.
In relation to our processing of data and for the purposes of the GDPR, Reaseheath College is the ‘Data controller’ of the personal information you provide us in relation to the recruitment process at Reaseheath College.
Reaseheath College is the Data Controller for all information collected and is registered with the ICO, Registration Number: Z7450714.
What is ‘personal information’?
‘Personal information’ means any information which relates to or identifies you as an individual.
What personal information will be processed?
The College will keep a record of the details you provided on any enquiry and application forms, UCAS forms, any supporting documents and forms (Bursary, Accommodation forms etc) and additional details provided by any external sources, such as schools and other supporting agencies and any records following any interview process.
Your personal information is created, stored and transmitted securely in a variety of paper and electronic formats, including some databases. Access to your personal information is limited to staff who have a legitimate interest in it for the purpose of carrying out their contractual duties, and our use of your personal information will not be excessive.
In addition to this, the College may process some information about you that is classed as ‘sensitive’ or ‘special category’ personal data, and which requires additional protections. This includes information concerning your ethnicity, sexual orientation, religious beliefs or health/disability for planning and monitoring purposes, or in order to provide care, help or suitable adjustments.
What is the purpose and legal basis of the processing?
The College, University Centre and DART will process the personal information provided on your enquiry and application forms and the other information referred to above for the purposes of identifying you, inviting you to events, processing your application, verifying the information provided, deciding whether to offer you a place for the course you have applied for, and communicating that outcome (together with any feedback).
We may also use or disclose the information provided for the following statutory or public interest purposes:
- To prevent or detect fraud.
- For equal opportunities monitoring.
- To help us to make reasonable adjustments for any disability, as requested by you.
- To allow us to consider any future accommodation requirements.
- To provide statutory returns required by applicable legislation.
- For research and statistical purposes, but no information which could identify you will be published.
We consider the processing of your personal information for the above purposes to be either necessary for us to take steps with a view to creating a contractual relationship with you (e.g. to assess your application to study with us), or necessary for compliance with a legal obligation (e.g. equal opportunities monitoring), or necessary for the performance of tasks we carry out in the public interest task of providing education to you.
Where that information is special category personal information (e.g. medical information) we will process it because there is a substantial public interest for us to do so. This is to provide relevant supports and safeguarding during your time as a student.
We require you to provide us with the information we ask for during the application process in order to assess your application properly except where its supply is marked as optional.
Please Note: Admissions decisions are not automated.
Where you have previously studied at the College or commenced an application process with us before, then we will send you information about the courses we provide on the basis of our legitimate business interests. In doing so, we will comply with the requirements of the “soft opt in” and offer you an opportunity to refuse marketing when your details are first collected and in subsequent messages (by way of own unsubscribe).
Any other marketing we carry out will be on the basis of consent.
Who will my personal information be shared with?
As well as circulating your application and related materials to the appropriate staff, we will share your personal information for the above purposes as relevant and necessary with:
- Educational Government Bodies including the Education and Skills Funding Agency and the Department for Education. The ESFA is responsible for funding education and skills in England for children, young people and adults. It is also responsible for delivery of key services in the education and skills sector in England including the apprenticeship service, the provision of information, advice and guidance through the National Careers Service, and the Learning Records Service. This information is used by these government departments to meet their statutory responsibilities and to create and maintain the unique learner number (ULN) and personal learning record (PLR). You can find the ESFA’s Privacy notice at https://www.gov.uk/government/publications/esfa-privacy-notice/education-and-skills-funding-agency-privacy-notice-may-2018
- The information you provide may also be shared with other organisations for education, training, employment and well-being related purposes, including for research.
- Your referees.
- Where relevant and as required and/or notified to you, your school/college, training organisation or employer.
- Where relevant and as required and/or notified to you, your parent/guardian.
- Your examination boards or awarding bodies.
- Your student support assessment body.
- Your funders and/or potential funders.
- In the case of international applicants, the British Council or appropriate agencies.
- Where relevant and as required, UK Visas and Immigration in order to act as your sponsor for visa purposes.
- Where relevant and as required, governmental bodies including local authorities, the Home Office, and the Department for Work and Pensions and its agencies.
- Other Further and Higher Education organisations, in order to assist with tracking and research into access to Further Education and Higher Education.
- Companies or organisations providing specific services to, or on behalf of, the University and/or one or more Colleges.
- For the purposes of event management, Eventbrite
- For the purpose of managing student enquiries and applications SalesForce, SurveyMonkey and MailChimp.
Service Providers: For security, service operation and management purposes, Reaseheath College also uses third-party services for its managed IT Services. We ensure that these providers provide the same level of protection as Reaseheath College. Third-party vendors and providers supply the necessary software, networking and storage to the IT Systems. These third parties have access to your Personal Information only for purposes of performing these tasks on our behalf.
We ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.
No sensitive personal information will be supplied to anyone outside the College without first obtaining your consent, unless required or permitted by law.
How we transfer your personal Information outside Europe
EventBrite, SurveyMonkey and MailChimp can all potentially transfer your Data out of the EU to storage areas in the United States. All three providers are members of the Privacy Shield Framework which has been approved for Data Transfers by the EU.
You can find out more about Privacy Shield here https://www.privacyshield.gov/welcome
How long is my information kept?
We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
If you are unsuccessful, your information will be normally kept for one year after the completion of the application process.
Your Data Processing Rights
These rights apply to all data subjects, including our clients, suppliers and any third-party individual we may collect data about.
Where we process data, we understand that you have certain rights listed as follows:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
1. Right to be informed
Where you provide your personal data directly to us, we will communicate our Privacy Notice to you at the earliest opportunity or as soon as is reasonably practicable. We will usually do this at the first point we correspond with each other.
2. Right of access
If you wish to receive a copy of personally identifiable data we store about you, this can be made available on request. To do this, please email firstname.lastname@example.org and title your email ‘Data Subject Access Request’, including your name and contact details and your reason for requesting a copy of the data we store about you.
To ensure we are sending your personal data to you, we may need to contact you to verify your identity. Once we have verified your identity, we will supply you with a digital record of all your personal data as soon as we can, but in any event, it will be within thirty days.
We will not charge you for supplying copies of your personal data in the first instance. However, in the event we find data subject access requests to be manifestly unfounded or excessive, particularly where repetitive, we will need to consider the effort required to handle such requests and charge a reasonable administrative fee.
3. Right to rectification
Where you feel the personal data, we hold about you is inaccurate or incomplete, you have the right to advise us, and we will rectify such data following your instructions. Please email email@example.com and title your email ‘Data Rectification Request’. We will endeavour to action your request as soon as is reasonably practicable after that.
4. Right to erasure
If you no longer want us to process your personal data, we can remove your personally identifiable data from our databases on request. To do this, please email firstname.lastname@example.org and title your email ‘Data Erasure Request’, including your name, telephone number and the reason why you no longer want us to process your data.
For security reasons, we may need to contact you to verify your identity. Once we have verified your identity, we will aim to erase all related personal identifiable data as soon as we can. We will aim to action your request within two working days, though we will contact you to let you know once completed.
Please note we will need to store some basic information including your full name and basic contact details which may include your email address or your telephone number. This is to ensure we do not duplicate process and we have a sufficient record to ensure we do not unnecessarily contact you or further process your personal data. Should you change your mind or require our services at a later date, simply let us know.
5. Right to restrict processing
If at any point you object to us using your data in a particular way you have the right to suppress or block us processing your data.
This may be due to you having some concerns over the accuracy of the data or our use of it, or where it is no longer needed for its original purpose but it may be needed to create, exercise or defend legal claims
You can exercise this right at any time, please email email@example.com and title your email ‘Data Restriction Request’, including your name and contact details, the reason for your request and how you want us to restrict the processing of your data. We will attempt to action your request as soon as is reasonably practicable.
6. Right to data portability
Where you have provided your data directly to us, and it is processed by automated means, you have the right to receive personal data back from us in a structured, machine-readable format, and where you request (and if possible), we will transmit your personal data to another data controller. We will always try to facilitate such request where it is technically feasible to do so.
Please note this right is only applicable where the processing is based on the individual’s consent or for the performance of a contract.
Should you wish to exercise this right at any time, please email firstname.lastname@example.org and title your email ‘Data Portability Request’, including your name and contact details, and the reason for your request. Where possible, we will attempt to action your request as soon as is reasonably practicable to do so.
7. Right to object
In the event, you object to our processing of your data where we have identified that such processing is based upon legitimate interest and you believe there are no grounds for us to continue to process your data, then you have the right to object.
Should you wish to exercise this right at any time, please email email@example.com and title your email ‘Data Objection Request’, including your name and contact details, and the reason for your request. We will attempt to action your request as soon as is reasonably practicable to do so.
8. Rights in relation to automated decision making and profiling
We do not make automated decisions using this personal data.
If you have any questions about how your personal information is used please consult the College’s data protection webpages at www.reaseheath.ac.uk/data-protection.
The Data Protection Officer is the Chief Financial Officer and Director of Resources: Graeme Lavery
The Data Protection Officer
If you are not happy with the way your information is being handled, or with the response received from us, you have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (https://ico.org.uk/).