Privacy Statement

 

1. Overview 

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and how to contact us and the Information Commissioners Office in the event you have a complaint.  From 25 May 2018, NCG shall process your personal data in accordance with the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

NCG are made up of the following colleges and training providers: 

 

  • Newcastle College
  • West Lancashire College
  • Kidderminster College
  • Carlisle College
  • Lewisham and Southwark College
  • Newcastle Sixth Form College
  • Intraining
  • Rathbone

Our main establishment is based at:  

 

NCG 

Rye Hill House 

Scotswood Road 

Newcastle Upon Tyne  

NE4 7SA 

 

2. Types of personal data we process  

We process personal data about prospective, current and past pupils, their parents or employers, also staff, suppliers and contractors, donors, friends and supporters and other individuals connected to or visiting NCG. The personal data we process takes different forms, it may be factual information, expressions of opinion, images or other recorded information which identifies or relates to a living natural individual. Examples include: 

  • names, addresses, telephone numbers, e‐mail addresses and other contact details
  • family details
  • nationality
  • qualifications, prior attainment examination and assessment results, attendance information and details of study, fee receipts, outstanding debts and details of any grants received as applicable
  • admissions, academic, disciplinary and other education related records, information about special educational needs, references, examination scripts and marks;
  • education and employment data
  • images, audio and video recordings
  • financial information
  • courses, meetings or events attended.

 

3. Special category of personal data 

Some of your personal data is considered to be special category of personal data under the GDPR. Examples of special category of personal data include: 

racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation, health and the processing of genetic and biometric data.  We would only process and share these categories of personal data with your express permission or if there is a special legal reason (such as a request for the information by a court). 

  

4. Why we hold and process personal data 

When you enrol at your chosen college or training provider, you enter into a contractual agreement however on occasion we may require your consent to process your personal data. NCG holds personal data for the following reasons:

  • information we are required to collect by law or to claim funding;
  • information we need to deliver your chosen course of study and monitor progress;
  • information we need to confirm prior attainment;
  • additional information that will allow us to personalise our support to meet your individual needs;
  • information we use for marketing, communications, event registrations and advice; • information we gather to provide facilities and ensure security (such as CCTV video).

The first data protection principle requires that NCG must have a legal basis for processing your personal data.  Under GDPR, this “legal basis” for processing conditions must be communicated to you, alongside the type of processing they relate to, as part of this privacy notice. As GDPR is a new law, the conditions identified below may be subject to change as more guidance is given or precedents are set. NCG will process your data under the following legal basis:

  • Consent
  • Contract
  • Compliance with a legal obligation
  • Legitimate interest

 

5. When we will share personal data 

As an education institution receiving public funding, we may be required to share personal data with awarding organisations, local and national government bodies and public sector agencies such as: 

  • Department for Education (DfE)
  • Department for Business, Innovation, and Skills (BIS)
  • Ofsted
  • Connexions
  • Department of Health (DH)/Primary Care Trusts (PCT)
  • Higher Education Funding Council for England (HEFCE)
  • National Careers Service (NCS)

 

We may disclose your information to our third-party service providers and agents for the purposes of providing services to us, or directly to you on our behalf. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service. We have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions. 

We may share your information with third parties who provide a service for those eligible for support fund awards. When you enrol at the college or training provider you enter into an agreement and are responsible for the payment of any fees, therefore if necessary, we may transfer your personal data to an agent for the purposes of debt collection.  On occasion we may also be required to share your information with the police or other law enforcement agencies.  At no time will your personal data be passed to other organisations for marketing or sales purposes.

 

  • ESFA Privacy Notice

This privacy notice is issued by the Education and Skills Funding Agency (ESFA), on behalf of the Secretary of State for the Department of Education (DfE). It is to inform learners how their personal information will be used by the DfE, the ESFA (an executive agency of the DfE) and any successor bodies to these organisations.  For the purposes of relevant data protection legislation, the DfE is the data controller for personal data processed by the ESFA.   

Your personal information is used by the DfE to exercise its functions and to meet its statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009 and to create and maintain a unique learner number (ULN) and a personal learning record (PLR). Your information will be securely destroyed after it is no longer required for these purposes. 

Your information may be shared with third parties for education, training, employment and well-being related purposes, including for research. This will only take place where the law allows it and the sharing is in compliance with data protection legislation.  

The English European Social Fund (ESF) Managing Authority (or agents acting on its behalf) may contact you in order for them to carry out research and evaluation to inform the effectiveness of training.  

Further information about use of and access to your personal data, details of organisations with whom we regularly share data, information about how long we retain your data, and how to change your consent to being contacted, please visit:   

https://www.gov.uk/government/publications/esfa-privacy-notice

 

  • LRS Privacy Notice

The information you supply is used by the Education and Skills Funding Agency, an executive agency of the Department for Education (DfE), to issue you with a Unique Learner Number (ULN) and to create your Personal Learning Record, as part of the functions of the DfE. For more information about how your information is processed, and to access your Personal Learning Record, please refer to:

https://www.gov.uk/government/publications/lrs-privacy-notices  

 

 6. Transfer of data out of the European Economic Area (EEA)

NCG do not transfer your personal data outside of the EEA. 

 

7. How long we retain your personal data  

A retention schedule of personal data can be viewed at Appendix A

 

8. Your rights 

When exercising your rights as a data subject it will be necessary for NCG to confirm your identity, the following are examples that NCG would accept in facilitating your request:

photocopy of driving licence or birth certification, passport, etc.  

 

  • Access to information

At any point you can contact us to request details concerning the information we hold about you, why we have that information, who has access to the information and where we got the information. In most cases you may be entitled to copies of the information we hold concerning you. Once we have received your request we will respond within 30 days.

  • Rectifying data

If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated.

  • Erasing data

If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted.

  • Restricting processing

You have the right to request that NCG stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights.

  • Data portability

You have the right to request that we transfer your data to another organisation. Once we have received your request, we will comply where it is feasible to do so.

  • Object to direct marketing

All communication with you, including in relation to updates to this privacy notice, will be made via the preferred method of communication that you have registered with us and you will be able to select the type of correspondence you receive. If, at any stage, you are concerned about the content (e.g.  unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or notify us of your decision at any time. 

  • The right to object to automated decision making / profiling

You have the right not to be subject to automated decision making (making a decision solely based on automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about the individual).

  • Withdrawing consent

In those cases where we need your consent to process your information, we will ask you to make a positive indication (e.g. to tick a box or insert your contact details on the relevant form or web page requiring consent). By actively providing us with your consent, you are stating that you have been informed as to the type of personal information that will be processed, the reasons for such processing, how it will be used, for how long it will be kept, who else will have access to it and what your rights are as a data subject and that you have read and understood this privacy policy. Where processing is based on consent, you have the right to withdraw consent at any time.

 

9.  Lodging a complaint with the Information Commissioners Office  

Should you be dissatisfied with NCG’s processing of your personal data, you have the right to complain to the Information Commissioner’s Office. For more information, please see the Information Commissioner’s web site: https://ico.org.uk/  

  

10. Data Protection Officer

If you have any questions which you feel have not been covered by this Privacy Notice, or if you have concerns or a complaint in relation to NCG processing your personal data, please do not hesitate to email us at dpo@ncgrp.co.uk 

              

Appendix A – Retention Schedule 

Personal data type       

Description 

Minimum period data is retained 

Maximum period  data is retained 

Recruitment data  

Expressions of interest in courses and open day information 

 12 months

Up to 24 months after cessation of  relationship 

For recruitment data collected at school events, data will be stored until the pupil is in year 11

Application data 

Application forms,  interview information 

 

24 months after cessation of  relationship (unsuccessful applicants only)

6 years after student leaves (successful applicants) 

DBS disclosure 

Information relating to criminal records 

 6 months after checking

3 years for applications processed up until

February 2018

 

6 months after checking for applications processed after February 2018

Core academic data 

Transcript like information and basic verification

information relating to the individual 

Perpetuity 

Perpetuity 

Financial data 

Information relating to student debt and  student payments 

6 years after student leaves 

6 years after student leaves 

Reference data in addition to core academic data. 

Contents of student file e.g. attendance date, emails etc. 

1 year after student leaves 

6 years after student leaves 

Audit/professional/ statutory data 

Health and safety records, verification data required by professional body or  HEFCE audit 

As required 

As required 

Appeals and complaints/anticipated or ongoing legal action 

Academic and disciplinary appeals, student complaints and litigation 

1 year after student leaves for all students

For Cases: 6 years after exhaustion of internal process or after the student leaves

Course information 

Programme and

Module specifications 

Perpetuity 

Perpetuity 

Quality Assurance 

Student surveys, module reviews, programme reviews, minutes of meetings, exam papers etc. 

Current academic year plus 1 

None unless individuals are identified 

Student assessments and evidence submitted for mitigation, disability notification. 

Assessments, exam scripts, and any item that identifies the student e.g. mitigating circumstances minutes, exam board

minutes 

1 year after student leaves 

6 years after student leaves 

Learning resources  that identify students 

 

Current academic year plus 1 

 

Learning agreements for young people

Further information can be found within the ESFA’s funding guidance document ‘Funding guidance for young people 2018 to 2019 Funding’

6 years after student leaves

6 years after student leaves

Learning agreements for adults

(Attended between 2007 and 2013)

 

Until 2020

Until 2020

Learning agreements for adults (Attended between 2014 and 2020)

 

Until 2030

Until 2030

Safeguarding

Contents of student file transferred from school or created at NSFC

7 years after student leaves

Until the students 26th birthday

Safeguarding

Documents relating to allegations against staff members

10 years

Until the staff member retires

Biometric Data

 

1 academic year

1 academic year