To Know Our Data Protection Policy
(Last reviewed: 23 May 2018)
Eynsford College holds and processes information about employees, learners, and other data subjects for academic, administrative and commercial purposes. When handling such information, Eynsford College, and all staff or others who process or use any personal information, must comply with the Data Protection Policy Principles which are set out in the Data Protection Act 1998 and from 25 May 2018 the General Data Protection Regulation (collectively, the Data Protection Legislation).
Anyone processing data must comply with the data protection principles, personal data must:
GDPR Legislation ensures that personal data processing is done fairly and without adversely affecting the rights of the data subject.
Personal data should be processed on the basis of one of the legal ground set out in Data protection Legislation. This includes
Whenever special categories of personal data or information about criminal offences (such as a DBS checks) are being processed, additional conditions must be met.
Personal data is sometimes collected with prior consent from persons visiting or phoning the College or electronically through visits to our website for the purposes.
In order to provide services, we may collect and process personal data for a variety of purposes, including: enrolment of our students, administration of our courses, provision of suitable homestay accommodation, recruitment of staff and staff administration, and compliance with our legal obligations.
Personal data may include information we receive directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and information we receive from other sources (including, for example, business partners, subcontractors in technical, payment and delivery services, the Disclosure and Barring Service and others)
We will only process personal data for the specific purposes set out in this policy or for any other purpose permitted by the Data Protection Legislation. We will notify those purposes to the data subject when we first collect the data or as soon as possible thereafter.
Further information about how we process personal data relating to our staff is contained in our Staff Handbooks.
If we collect personal data directly from data subjects, we inform the data subject of the purpose(s) for which we intend to process that personal data,
If we receive personal data about a data subject from other sources, we will provide the data subject with this information as soon as possible thereafter.
We will inform data subjects whose personal data we process that we are the data controller with regard to that data.
We will only collect personal data that is required for the purpose.
We will ensure that personal data we hold is accurate and kept up to date. Accuracy of any personal data is ensured at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
We will process all personal data in line with data subjects’ rights as:
A subject may request access to any data held about them by a data controller. The Data Protection Act 1998 (the “Act”) gives data subjects the right to access information held about them. This is subject to a fee of £10 to meet our costs for providing this.
A subject may prevent the processing of their data for direct-marketing purposes and request that any inaccurate personal data about them is corrected.
They may request that we stop using their personal information for certain purposes.
Personal data must be provided in a portable format and deleted on request by the data subject.
Decisions about them should not be made by wholly automated means
Some of the rights listed above are limited to certain defined circumstances and we may not be able to comply with requests.
If a data subject is unhappy with the way we are processing or have processed their personal data, they have a right to complain to the Information Commissioner’s Office. More information about this can be found at: https://ico.org.uk/concerns/
Eynsford College will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
Confidentiality: means that only people who are authorised to use the data can access it.
Integrity: means that personal data should be accurate and suitable for the purpose for which it is processed
How we use your personal information:
The personal information we collect from you is used by the College to help us provide a service which is suited to your needs and preferences.
The College will:
The College may also:
The College will not:
Your personal information provided for contact purposes (name, address, telephone number, email) may be removed from our database at any point on request.
Intellectual Property Rights
Unless otherwise stated, we are the owner or the licensee of all intellectual property rights in our site, and in the material published on it. Those works are protected by copyright laws. All such rights are reserved.
All materials on this site, including but not limited to images, text, audio clips, artwork, and video clips, are, unless otherwise stated, owned and controlled by us and may not be copied, reproduced, republished, uploaded, posted, transmitted or distributed in any way. Modification of the materials or unauthorized use of the materials for any purpose is a violation of our legal rights.
You may only use our site for lawful purposes. You may not use our site:
Data subjects: A person whose data is collected
Data controller: is the organisation which determines the purposes for which, and the manner in which, any personal data is processed.
Data: is information which is stored electronically or in certain paper-based filing systems.
Data processor: is an employee who processes personal data on behalf of the College.
Third parties: may include contractors, suppliers, contacts, referees, friends, or family members.
Processing refers to any action involving personal information, including obtaining, viewing, copying, amending, adding, deleting, storing, disclosing or destroying information.
—- —- —- —– —-
All staff shall:
When staff hold or process information about students, colleagues or other data subjects (for example, students’ course work, references to other academic institutions, or details of personal circumstances), they should comply with the Data Protection Policy Guidelines for Staff.
Staff shall ensure that
Unauthorised disclosure may be a disciplinary matter, and may be considered gross misconduct in some cases.
All learners shall
Students who use Eynsford College computer facilities may, from time to time, process personal information (for example, in course work or research). In those circumstances, they must notify the tutor or Director, who will provide further information about this requirement.
Staff, students and other data subjects in Eynsford College have the right to access any personal data that is being kept about them either on computer or in structured and accessible manual files. Any person may exercise this right by submitting a request in writing to the Managing Director.
Eynsford College aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 5 days unless there is good reason for delay. In such cases, the reason for the delay will be explained in writing by the Managing Director to the data subject making the request.
In some cases, such as the handling of sensitive information or the processing of research data, Eynsford College is entitled to process personal data only with the consent of the individual. Agreement to Eynsford College processing some specified classes of personal data is a condition of acceptance of a student on to any course, and a condition of employment for staff.
Eynsford College may process sensitive information about a person’s health, disabilities, criminal convictions, race or ethnic origin. For example, some jobs or courses will bring the applicants into contact with children, including young people between the ages of 16 and 18, and Eynsford College has a duty under the Children Act 1989 and other enactments to ensure that staff are suitable for the job, and learners for the courses offered. Eynsford College may also require such information for the administration of the sick pay policy, the absence policy or the equal opportunities policy, or for academic assessment.
Eynsford College also asks for information about particular health needs, such as allergies to particular forms of medication, or conditions such as asthma or diabetes. Eynsford College will only use such information to protect the health and safety of the individual, for example, in the event of a medical emergency.
Students shall be entitled to information about their marks for assessments, however this may take longer than other information to provide. Eynsford College may withhold enrolment, awards, certificates, accreditation or references in the event that monies are due to Eynsford College.
Eynsford College will keep different types of information for differing lengths of time, depending on legal, academic and operational requirements.
Monday-Friday: 8:45 am to 6:00 pm
3rd Floor, 2-4 Commercial Street, London E1 6LP
Phone: +44 (0) 20 7734 7774