(Last reviewed: January 2017)
Eynsford College holds and processes information about employees, learners, and other data subjects for academic, administrative and commercial purposes. When handling such information, Eynsford College, and all staff or others who process or use any personal information, must comply with the Data Protection Policy Principles which are set out in the Data Protection Act 1998 (the Act). In summary these state that personal data shall
“Staff”, “students” and “other data subjects”
may include past, present and potential members of those groups.
“Other data subjects” and “third parties”
may include contractors, suppliers, contacts, referees, friends or family members.
refers to any action involving personal information, including obtaining, viewing, copying, amending, adding, deleting, extracting, storing, disclosing or destroying information.
Eynsford College shall notify all staff and learners and other relevant data subjects of the types of data held and processed by Eynsford College concerning them, and the reasons for which it is processed. When processing for a new or different purpose is introduced the ndividuals affected by that change will be informed.
All staff shall
When staff hold or process information about students, colleagues or other data subjects (for example, students’ course work, references to other academic institutions, or details of personal circumstances), they should comply with the Data Protection Policy Guidelines for Staff.
Staff shall ensure that
All learners shall
Students who use Eynsford College computer facilities may, from time to time, process personal information (for example, in course work or research). In those circumstances, they must notify the tutor or Director, who will provide further information about this requirement.
Staff, students and other data subjects in Eynsford College have the right to access any personal data that is being kept about them either on computer or in structured and accessible manual files. Any person may exercise this right by submitting a request in writing to the Managing Director.
Eynsford College aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 5 days unless there is good reason for delay. In such cases, the reason for the delay will be explained in writing by the Managing Director to the data subject making the request.
In some cases, such as the handling of sensitive information or the processing of research data, Eynsford College is entitled to process personal data only with the consent of the individual. Agreement to Eynsford College processing some specified classes of personal data is a condition of acceptance of a student on to any course, and a condition of employment for staff.
Eynsford College may process sensitive information about a person’s health, disabilities, criminal convictions, race or ethnic origin. For example, some jobs or courses will bring the applicants into contact with children, including young people between the ages of 16 and 18, and Eynsford College has a duty under the Children Act 1989 and other enactments to ensure that staff are suitable for the job, and learners for the courses offered. Eynsford College may also require such information for the administration of the sick pay policy, the absence policy or the equal opportunities policy, or for academic assessment.
Eynsford College also asks for information about particular health needs, such as allergies to particular forms of medication, or conditions such as asthma or diabetes. Eynsford College will only use such information to protect the health and safety of the individual, for example, in the event of a medical emergency.
Students shall be entitled to information about their marks for assessments, however this may take longer than other information to provide. Eynsford College may withhold enrolment, awards, certificates, accreditation or references in the event that monies are due to Eynsford College.
Eynsford College will keep different types of information for differing lengths of time, depending on legal, academic and operational requirements.
Compliance with the Act is the responsibility of all students and members of staff. Any deliberate or reckless breach of this Policy may lead to disciplinary, and where appropriate, legal proceedings. Any questions or concerns about the interpretation or operation of this policy should be taken up with the Managing Director.
Any individual, who considers that the policy has not been followed in respect of personal data about him/herself, should raise the matter with the Director who is the designated data controller.