Student Privacy Notice
Student Privacy Notice
Glasgow Clyde College, 690 Mosspark Road, Cardonald, Glasgow, G52 3AY, is a Data Controller in terms of Data Protection Legislation. Glasgow Clyde College is registered with the Information Commissioner’s Office.
We need to process and retain certain information relating to you by virtue of you enquiring about, applying to be or being a student. All your personal information will be treated in accordance with data protection law including the Data Protection Act and the General Data Protection Regulation.
2. Purpose of this Privacy Notice
The purpose of this Privacy Notice is to inform students how their personal information will be used, setting out our responsibilities and obligations as a Data Controller and:
- Explains the legal basis relied on when using your personal data;
- Provides an overview of the purposes for which your personal data will be used;
- Explains the sources of the information which we hold:
- Sets out the types of information which are used;
- Informs you who has access to your personal data and the limited conditions under which your personal data may be shared with third parties;
- Explains your privacy rights and the steps you can take to exercise these;
- Explains how we will protect your personal data, keeping it safe and secure.
3. Personal information processed under contract
We are required to explain that your personal data is being processed as you have or are taking steps to become party to a contract with us. This is because when you apply and/or accept an offer at the College, you enter into a contract with us. The College must use your personal information to fulfil its contractual obligations to you (outlined below). Without processing your information, it will not be possible for you to become a student.
We also process your personal data where we are legally required to, for example in the prevention and detection of crimes, or during our performance of a task carried out in the public interest or in the exercise of official authority, for example reporting to the Scottish Funding Council.
Special category ‘sensitive’ data including information collected during equalities monitoring such as ethnicity or religion, are collected under substantial public interest as underpinned by equality law. Where you course requires you to have a PVG check, the College may request and process criminal conviction data on you.
4. Why we use your personal information?
The purpose of processing your information is to deliver a programme of learning to you. This includes, but is not limited to:
- Recruitment, application, admissions and enrolment purposes, and to provide you with information about IT and other support services.
- Making and keeping student records on central systems, maintaining your student record and managing academic processes.
- Educational, assessment, placement, work experience and training purposes, including providing you with technology which assist you to undertake and manage your studies, and assessments, and to record and reflect on your learning (e.g. Moodle Virtual Learning Environment). This includes using an online plagiarism checking service.
- Support purposes, including the provision of advice and support to you, academic services, welfare including counselling and pastoral services, academic support, health care services, health and safety, attendance monitoring, vacancy information and careers guidance, where you need or choose to access these services.
- Undertaking enquiries and investigations in relation to complaints, student conduct, fitness to practice, fitness to study, academic appeals, and any other enquiries and investigations in line with college policies.
- Carrying out criminal record checks for students who wish to work with children and/or protected adults through Disclosure Scotland’s Protecting Vulnerable Groups (PVG) membership scheme.
- Managing college services including IT services, library services and events.
- Administering financial matters including payment of fees, administering grants and loans. This includes your liability for fees, and payment of, student fees, grants and loans. Financial information may be shared outside including sharing information with organisations such as the Student Loans Company (SLC), Student Awards Agency Scotland (SAAS) and other providers.
- Communication purposes including email, text messages and other electronic communications.
- Providing reports to education sector bodies, such as the Scottish Funding Council and Glasgow Regional Colleges Board, which provides funding to Glasgow Clyde College.
- For the purposes of ensuring that our College community remains safe and inclusive, including the management of behavioural or disciplinary issues (including use or misuse of electronic and communication systems and social media) and use of CCTV.
- Research including monitoring quality and performance.
- Contacting your emergency contacts.
- Graduation and confirmation of awards.
- Where you provide written consent, providing references to future employers or Further or Higher Education Institutes.
- Statistical and archive purposes.
5. Sources of information
The personal information held about you is obtained from several sources including the following:
- Personal data provided by you in person, by letter, by telephone or by email when enquiring and discussing, applying to and enrolling.
- Personal data provided by your previous educational institutes, by letter, by telephone or by email in relation to your application, enrolment and/or ongoing support where appropriate.
- Personal data provided by your employer by letter, by telephone or by email in relation to your application and enrolment.
- Personal data built up about you during your studies e.g. marks and grades; assessments; conduct; your use of IT systems and Information Services; and learning analytics.
- Financial and fees information provided by you and from funding organisations such as Student Awards Agency for Scotland, or other education authority or your sponsors.
- Criminal record checks from Disclosure Scotland if you plan to work with children and/or protected adults.
6. Personal Information that we use
We hold personal information relating to you including but not limited to your name, data of birth, student ID number, contract details (address, telephone number, email addresses), application support letters and references, qualifications, learning plans, personal statements, financial information when applying for financial support, copies of ID to check who you say you are and information about your child if you access our nursery facilities. Both Student Finance and our Nurseries have their own detail Privacy Notice about how your data is processed by the College in these areas.
We also operate CCTV in various locations across our campuses for the protection of staff, students, visitors and premises and in the prevention and detection of crime. This is done in accordance with the Information Commissioner’s Office (ICO) CCTV Code of Practice and our College CCTV Procedure.
7. Special categories of personal information that we use
As part of the application process, we ask you to provide special categories of ‘sensitive’ personal information which are given an extra level of security and confidentiality. This includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning sexual orientation. We are required to collect this information under substantial public interest underpinned by equalities law and provide it to our funders so that they may produce statistical reports as part of their equalities monitoring. We also use this information for our own internal equalities monitoring. We also process special category information when you access our support services, for example, where you request reasonable adjustments to be made to support you while at the College.
8. Sharing information with other people
8.1 Using your Emergency Contact Details
Emergency contact details will only be used in exceptional circumstances, for example when we believe that there are significant concerns about your health or well-being.
8.2 Access to and Disclosure of Information
We will manage your information securely. Access to your information by College staff or other individuals acting on our behalf, for example contractors or service providers, is on a need-to-know basis and will only be processed in accordance with data protection legislation, under our instructions and in-line with this privacy notice. We have technical and organisational measures in place to safeguard your information as required under data protection law.
We will only disclose your information to third parties where it is necessary and we:
- Have your consent; or
- Are required to under a statutory or regulatory obligation; or
- Are permitted to do so under the data protection legislation.
Under data protection law, where you have provided consent for data processing, you can withdraw your consent at any time, effectively preventing your data from being disclosed where consent is required. For example, you may provide consent to the College to share your information with a parent or third party or for marketing purposes. This sharing can be stopped at any time by withdrawing your consent.
8.3 Sharing your Personal Data
We need to disclose personal and special category ‘sensitive’ personal data to some external bodies as part of our statutory functions as required by law. These organisations are Data Controllers for your data, except where explicitly stated otherwise. Under these conditions, your data may be provided to organisations including but not limited to:
- The Scottish Funding Council (SFC). Statistical personal information will be shared with the Scottish Funding Council to allow them to allocate appropriate funding to colleges in line with Scottish Government strategies and their statutory duties. For more information on how the Scottish Funding Council use your personal data please see their College Student Privacy Notice on their website. Information you give us at enrolment about your disability status, ethnicity, sexual orientation, gender reassignment or religion, will be included in information we send to SFC and it will be used to assist with monitoring equality of opportunity and eliminating unlawful discrimination in accordance with the Equality Act. Some other sensitive information is used to enable research into the provision of fair access to education, for example, whether you are care experienced.
- Skills Development Scotland (SDS) if you are undertaking an Apprenticeship or receiving funding.
- Awarding bodies, for example the Scottish Qualifications Agency (SQA) and Sector Skills Agencies for example SNIPEF.
- Regulatory Bodies who regulate Awarding Bodies, for example SQA Accreditation or Ofqual.
- The Glasgow College’s Regional Board (GCRB), where anonymised data is sent from the College to the Board for financial audit, reporting and research and statistical purposes.
- The Student Loans Company (SLC) .
- The Student Awards Agency for Scotland (SAAS).
- Home Office/UK Visas and Immigration (UKVI).
- Law enforcement agencies and debt controllers.
- Local authorities, for example Glasgow City Council in relation to Council Tax and Electoral Registration. To meet legal obligations, we may provide information to Councils for exemption of Council Tax. In addition, your information will be shared with the Electoral Registration Office in accordance with the Representation of the People Act 1983.
- Other Colleges and Universities in relation to entry applications or Pathways Programmes.
- Software Service Providers, for example Capita and Moodle, where the provider is acting as a Data Processor on behalf of the College under contract.
If your course is sponsored by a third party, we may share information about your attendance, participation and progression with your sponsor including your employer or school.
9. Protecting your information
We put in place a series of technical and organisational measures to protect and safeguard all the information that it holds. The College has several policies and procedures in place to support this. For example, data is securely stored in dedicated data centres, where appropriate data and devices are encrypted, staff receive training and briefings on information security and data handling and staff only access data on a ‘need-to-know’ basis.
11. Retention of your personal information
We will retain your personal data for the minimum amount of time necessary for the purposes for which it was collected as described in this privacy notice. Please note, however, that even after termination of your student relationship with us, we may still need to retain some of your personal data to meet our business and legal obligations. For example, we need to keep certain records for specific periods of time under applicable law to show that your funding paid for your place at the College as part of an audit. We also keep a limited amount of data as part of a permanent record of you being a student for archival purposes – this will be for up to fifteen years after your course ends – and is often used as evidence of your qualification by your future employers. We have a Data Retention Schedule in place across the College to ensure that we only hold the minimum data for the minimum time necessary to meet our legal obligations and business needs.
12. Making sure your personal information is accurate
Glasgow Clyde College strives to ensure that all personal data remain current and accurate. If you become aware of any incorrect information held, you have the right to request that this is rectified. There are certain areas where we rely upon you to inform us of any changes to your personal data, for example contact and emergency contact details. It is your responsibility to inform us of these changes.
13. International data transfers
Almost all your data is held by the College within the UK. There are some instances where your data may also be held within the European Economic Area (EEA). There are very limited instances where your data is shared beyond the EEA, for example sharing of information to partner institutes to support exchange trips or where a software service provider may have a specialist team based outside the EEA. When doing so, we ensure that appropriate safeguards are in place to protect your information and your rights under data protection law.
14. Your privacy rights
Under data protection law, you have legal rights in relation to your information, including:
- your right to be informed of how your data is being processed, (as in this privacy notice);
- your right to access and obtain a copy of your data on request, often referred to as a subject access request;
- your right to ask an organisation to change incorrect or incomplete data;
- your right to ask an organisation to delete or stop processing your data under certain circumstances;
- your right to object to the processing of your data under certain circumstances;
- your right to data portability and in relation to automated decision making and profiling.
Further details about your privacy rights can be found on the Information Commissioner’s Office website here.
15. Data protection contact details and further information
If you would like further information about how the College processes your personal data or you have a concern about how your data is being processed, please contact our Data Protection Officer (DPO). You can do this by:
Telephone: 0141 272 0770
If you are dissatisfied with the response, you have the right to lodge a complaint with the Information Commissioner’s Office using their website https://ico.org.uk/make-a-complaint/ or by phone on 0303-123-1113. Alternatively, you can write to them:
Information Commissioner’s Office
Telephone: 0303 123 1113
We review our privacy information annually to coincide with the academic year. If we anticipate that substantial changes will be made to the way we process your data, we will update our privacy information and communicate the changes to you before starting any new processing.