Commercial Student Privacy Notice
Glasgow Clyde College takes its data protection responsibilities seriously. The purpose of this Privacy Notice is to inform you of how we will process your personal information, setting out our responsibilities and obligations as a Data Controller.
The Data Controller for your information is Glasgow Clyde College, 690 Mosspark Road, Cardonald, Glasgow, G52 3AY, registered with the ICO, registration number Z7497735.
All your personal information will be treated in accordance with data protection law including the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
For any queries or concerns about how your personal data is being processed you can contact the Data Protection Officer at email@example.com
What information do we collect?
Most of the information collected by the College is provided directly by you. The College may also receive your contact details directly from your employer, for example where they have paid for your learning. The College collects the information you provide on your enrolment form, including:
- Personal information, for example your name, date of birth, address, email, phone number;
- Emergency contact details, including name and telephone number;
- Special category ‘sensitive’ data, for example details of any learning disability you have so that any additional support needs can be met by the College; ethnicity and disability information for equal opportunities monitoring, statistical and reporting purposes;
- UK residency details such as country of birth, nationality, residency, country you normally live in;
The College will use your personal data for the following purpose(s):
The College undertakes a number of functions in its role as Data Controller, which may include but is not limited to:
- Recruitment, application, admissions, and enrolment purposes and to provide you with information about IT and other support service;
- Making and keeping student records on central systems, maintaining your student record and managing academic processes.
- Educational, assessment and training purposes, including providing you with technology to assist you to undertake and manage your studies, and assessment and to record and reflect on your learning, (e.g Virtual Learning Environment). This may include registering and providing access to third party systems carrying out assessments on our behalf under contract, for example online testing.
- Registering you with the relevant nationally accredited certifying bodies (for example the Scottish Qualifications Agency (SQA), City and Guilds, BPEC, CITB), recording your exam result and providing national accreditation.
- Support purposes, including the provision of advice and support to you, academic services, welfare including counseling and pastoral services, academic support, health care services, health and safety, attendance monitoring, vacancy information and careers guidance, where you need or choose to access these services.
- Managing college services including IT services, library services and events.
- Sending assessment results, certificates and confirmation of awards to your employer, for example where they have paid for your training or as part of their contract with you.
- Undertaking enquiries and investigations in relation to complaints and appeals, student conduct, fitness to study, academic appeals, and any other enquiries and investigations in line with college policies and procedures.
- Administering financial matters to appropriately manage public funds through crime prevention, detection investigation and reporting and for the recovery of overpayments. This includes your liability for payment of fees.
- Communication purposes including email, text messages and other electronic communications.
- Providing statistical reports to education sector bodies, such as the Scottish Funding Council, Skills Development Scotland and the Glasgow Regional Colleges Board, and for audit purposes, where these organisations provide funding to Glasgow Clyde College.
- For the purposes of ensuring that our College community remains safe and inclusive, including the management of behavioural or disciplinary issues (including use or misuse of electronic and communication systems and social media) and use of CCTV.
- Research including monitoring quality and performance and improving our services.
- Contacting your emergency contacts.
- Confirmation of awards.
- Where you provide written consent, providing references to future employers or Further or Higher Education Institutes.
- Statistical and archive purposes.
Our lawful basis for using the data is/are:
- necessary for the performance of a contract between the College and the individual
- necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, where the College is legally obliged to provide information about the individual to an organization, for example the Scottish Funding Council.
The data being used may include special category (sensitive) data where necessary, as underpinned by law and with appropriate safeguards in place. Our legal reason for using this sensitive data where necessary is/are:
- for reasons of substantial public interest, underpinned by law and is proportionate, respects data protection rights and safeguards the rights of the individual
If you were to withhold the personal information we require for this process, the consequences would be:
you would be unable to study with us. We need to process your data to deliver your learning as part of your contract with us and to meet our statutory obligations.
Your data will, or may, be shared with the following recipients or categories of recipient:
We need to disclose personal and special category ‘sensitive’ personal data to some external bodies as part of our statutory functions as required by law. These organisations are Data Controllers for your data, except where explicitly stated otherwise. Under these conditions, your data may be provided to organisations including but not limited to:
To meet its legal obligations and as part of its contract with you, the College is required to share the minimum amount of data provided by you in your application with a select number of organisations. The organisations we will share data with include:
- your employer, for example where they have paid for your training or as part of their contract with you.
- Awarding and/or National Accreditation bodies, for example Scottish Qualifications Agency (SQA), City and Guilds, BPEC, CITB.
- The Scottish Funding Council (SFC). Statistical personal information will be shared with the Scottish Funding Council to allow them to allocate appropriate funding to colleges in line with Scottish Government strategies and their statutory duties. For more information on how the Scottish Funding Council use your personal data please see their College Student Privacy Notice on their website. Information you give us at enrolment about your disability status, ethnicity, sexual orientation, gender reassignment or religion, will be included in information we send to SFC and it will be used to assist with monitoring equality of opportunity and eliminating unlawful discrimination in accordance with the Equality Act. Some other sensitive information is used to enable research into the provision of fair access to education, for example, whether you are care experienced.
- The Glasgow College’s Regional Board (GCRB), where anonymised data is sent from the College to the Board for financial audit, reporting and research and statistical purposes.
- Home Office/UK Visas and Immigration (UKVI).
- Law enforcement agencies and debt controllers.
- Local authorities, for example Glasgow City Council in relation to Council Tax and Electoral Registration. To meet legal obligations, we may provide information to Councils for exemption of Council Tax. In addition, your information will be shared with the Electoral Registration Office in accordance with the Representation of the People Act 1983.
- Other Colleges and Universities in relation to entry applications or Pathways Programmes.
- Software Service Providers, for example Capita, Microsoft and Canvas, where the provider is acting as a Data Processor on behalf of the College under contract.
This process does not involve your data being sent outside of the European Union.
The processing of your data does not involve automated decision-making.
Can the College contact me when my certificate is about to expire?
The College may contact you in relation to the course you are enrolled on during your period of study. The College will only contact you directly after you have finished your course to remind you when your certificate is about to expire or to provide marketing information about our courses where you have provided consent for us to do so.
Your data will be retained for the following length of time:
The College holds your details and the outcome of your training for current +1 year to fulfil its contract with you, the awarding and national accreditation bodies and for audit purposes. Following this, your records will be deleted.
Under data protection law, you have legal rights in relation to your information, including:
- your right to be informed of how your data is being processed, (as in this privacy notice);
- your right to access and obtain a copy of your data on request, often referred to as a subject access request;
- your right to ask an organisation to change incorrect or incomplete data;
- your right to ask an organisation to delete or stop processing your data under certain circumstances;
- your right to object to the processing of your data under certain circumstances;
- your right to data portability and in relation to automated decision making and profiling.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. Further details about your privacy rights can be found on the Information Commissioner’s Office website www.ico.org.uk
If you would like further information about how your personal data is processed by the College or you have any concerns, please contact our Data Protection Officer (DPO) in the first instance at firstname.lastname@example.org
If you are dissatisfied with the response, you have the right to lodge a complaint with the Information Commissioner’s Office using their website https://ico.org.uk/make-a-complaint/ by email: email@example.com or by phone on 0303 123 1113. Alternatively, you can write to:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We review our privacy notices regularly.