Halesowen College Privacy Statement – Notice about how we use your personal information (students)

We are the data controller of personal information about you. We are: Halesowen College. Our address is: Halesowen College, Whittingham Road, Halesowen, West Midlands, B63 3NA.

Our Data Protection Officer is Ruth Broome. If you have any questions about this policy or the ways in which we use your personal information, please contact our Data Protection Officer at Halesowen College, Whittingham Road, Halesowen B63 3NA. email: rbroome@halesowen.ac.uk. Telephone: 0121 602 7777. 

This privacy notice has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018. 

1.1 The information that you give us

As part of your admission to the College we may collect your personal details including: name, address, date of birth, email address, work assessment data, dates of attendance, exam/test results, religion, ethnicity, former school, health information, behaviour record, sex-related information, genetic data, funding information, bank details and special needs details.

1.2 The uses made of your personal information 

We will use your information to manage and administer your education. This will include putting together class lists, for sending event invitations, for communicating with you, for dealing with admissions, for putting together reports and registers, to check entrance exam results, to allocate you to the correct classes for assessments, to make arrangements for exams or visits, to consider whether to offer places to students, to consider whether special provision or assistance is required for exams and visits and to be able to tell other colleges your attendance dates if you leave.

1.3 The legal basis on which we collect and use your personal information. 

Generally, the information is processed as part of our public interest task of providing education to you. Where that information is special category personal information (e.g. medical information) we will process it because there is a substantial public interest for us to do so. 

1.4 How long we keep your personal information. 

Halesowen College will hold your personal data as outlined above for the duration of your course and 6 years thereafter.

1.5 How we share your personal information.

We may share the personal information that you give us with the following organisations (or types of organisation) for the following purposes.

Organisation / type of organisation: Statutory bodies such as funding agencies, exam boards and local authorities plus organisations that the College works in partnership with or alongside such as schools, universities, careers services and other educational providers. Data will also be sent to the Police and other agencies for the detection or prevention of crime purposes. Where debts are owed to the College your data may be shared with organisation to recover monies owed.

Purpose: We will share your data with the organisations listed above to provide support during your studies and enable you to complete your qualification and progress to a further course of study and/or sustainable employment. We may also share your personal information with third parties who provide services to the College. 

Organisation / type of organisation: Specialised support organisations, external educational consultants and similar organisations

Service: To provide designated support for individuals.

1.6 How we transfer your personal information outside Europe. 

We do not store or transfer your personal data outside Europe.

1.7 Will we monitor your use of the College’s computers?

We keep an eye on how you use the College’s equipment and computers and what websites you go on when you are browsing the internet at College. This is because we have legal obligations to protect you, and we also have a legitimate interest in making sure you are using our computer equipment correctly and that you are not looking at any inappropriate content. 

If you want to browse the internet privately, you will need to use your own devices which are not linked to the College’s network or internet connection. 

1.8 Your rights over your personal

You have a number of rights over your personal information, which are:

  • the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy about the way your personal data is being used – please refer to the ICO’s website for further information about this (https://ico.org.uk/); 
  • the right to ask us what personal information about you we are holding and to have access to a copy of your personal information;
  • the right to ask us to correct any errors in your personal information;
  • the right, in certain circumstances such as where our use of your personal information is based on your consent and we have no other legal basis to use your personal information, to ask us to delete your personal information;
  • the right, in certain circumstances such as where we no longer need your personal information, to request that we restrict the use that we are making of your personal information;
  • the right, in certain circumstances, to ask us to review and explain our legitimate interests to you; and
  • the right, where our use of your personal information is carried out for the purposes of an agreement with us and is carried out by automated means, to ask us to provide you with a copy of your personal information in a structured, commonly-used, machine-readable format.

1.9 Changes to our privacy policy

We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be notified to you by email.

Department for Education Privacy notice for Key Stage 5 and adult education

For the purposes of relevant data protection legislation, the DfE is the data controller for personal data that we provide to the Education and Skills Funding Agency (ESFA). Below is a copy of their privacy notice as of 20/06/2022. They may change this from time to time and we encourage you to check their website from time to time. 

https://www.gov.uk/government/publications/privacy-notice-for-key-stage-5-and-adult-education/privacy-notice-for-key-stage-5-and-adult-education

This privacy notice explains how the Department for Education (DfE) uses (processes) any personal data you give to us, or any that we may collect about you in relation to Key Stage 5 and adult education.

Key Stage 5 and adult education includes learners that stay in full-time education in schools, sixth-forth colleges, further education colleges or University Technical College; or learners that start an apprenticeship or traineeship.

For the purposes of relevant data protection legislation, the DfE is the data controller for personal data, this includes personal data processed by Education and Skills Funding Agency (ESFA).

If you would like:

  • more information about how we process your personal data or your data protection rights
  • to make a request about your information – for example to request a copy of your information or to ask for your information to be changed
  • to contact our Data Protection Officer

You can contact us in the following ways:

Data Protection Officer
Department for Education (B2.28)
7 & 8 Wellington Place
Wellington Street
Leeds
LS1 4AW

The kinds of personal data we process about you

When we ask you for personal data, we will:

  • tell you the reasons we’re asking for it
  • only ask for the information we need
  • make sure we don’t keep it for longer than necessary
  • protect it and make sure only the appropriate people have access to it
  • let you know if we’ll share it with other organisations
  • keep it up to date where necessary
  • consider privacy risks when we’re planning to change the way we use or hold it
  • train our staff to ensure we use and protect it properly

In return, we ask you to:

  • give us accurate information
  • tell us as soon as possible if there are any changes

We may process the following types of personal data about you:

  • your personal contact details
  • your date of birth
  • your nationality and ethnicity
  • equality, diversity and inclusion information
  • information about your career, workplace, employer
  • data and information about your learning, including courses and qualifications you are taking or have taken

We may also process images and recordings for the purposes of engaging and communicating with the general public. This is done in accordance with codes of practice and guidelines laid down by the Information Commissioner’s Office.

More information about how the DfE handles personal data is available.

How and why we get personal information

We collect your personal data where the law allows, or we have a legal duty to do so. We may also receive your personal data from third parties including other government departments. Your personal data is collected to enable us to carry out our functions.

The lawful basis we often rely on for processing your personal data is to perform our public task. We may also rely on the following lawful bases:

  • your consent – where this is relied upon, you can ask to remove your consent at any time – you can do this by using our contact form
  • a contractual obligation
  • a legal obligation
  • to protect a person’s vital interest
  • legitimate interest

Personal data collected from you directly

We may collect information from you:

  • face to face like when you fill in a form or survey at our careers fairs.
  • over the telephone like when you contact our helpdesks
  • in correspondence that you send to us, like emails, letters and social media posts

We may use personal data we collect directly from you to:

  • send you information about our work
  • improve the services we offer to you
  • operate our complaints policy
  • contact you for feedback on services we provide to you
  • ensure the protection of public funds
  • prevent and detect fraud

Personal data collected from DfE and ESFA websites and social media channels

We may collect and process the following information:

  • details of your visits to our website including the resources that you access, weblogs and other communication data
  • subscriptions to our mailing lists

We may use personal data we collect from DfE and ESFA websites and social media channels to:

  • ensure that our website content is presented in the best way for you
  • provide you with information, products or services that you request from us or which we feel may interest you, where you have given us your consent
  • allow you to participate in interactive features of our service, when you choose to do so
  • notify you about changes to our website or services

Personal data about learners and apprentices

We collect personal data about learners from you, and third parties, including other government departments and agencies and from organisations funded by DfE and ESFA to provide learning. We collect information about you and what you are studying.

This includes:

  • information on enrolment and achievements which is collected from learning providers following their funding terms and conditions (learning providers include further education colleges and private training companies where you undertake learning)
  • information about you and what you are studying is collected by the Individualised Learner Record (ILR) – see the ILR privacy notice for more details
  • information from the Learning Records Service (LRS) to issue you with a Unique Learner Number (ULN), and to create and keep your Personal Learning Record – see the LRS privacy notice for more details
  • the National Careers Service – see the National Careers Service privacy notice for more details
  • the Bursary for Vulnerable Group Scheme which uses the information you give to your educational institution (for example. your college) to decide if you are eligible for a bursary under the scheme eligibility criteria
  • if you start an apprenticeship, your information is supplied to us by your employer – we collect information about you and what you are studying, see the manage apprenticeship service privacy notice and apprenticeship website privacy notice for more details

Information is collected from and shared by third parties so DfE and ESFA can deliver their obligations to safeguard children and young people.

Sharing your personal data

We share your personal data with other parts of DfE and ESFA, and third parties, including other government departments, agencies, local authorities and organisations, where the law allows it or we have a legal duty to do this.

These organisations can include:

  • an organisation who is working for ESFA or DfE under contract
  • organisations who provide:
  • administration services
    • careers and other guidance
    • statistics and research about education, training, employment and well-being, this includes the Higher Education Statistics Agency (HESA) so that you can take part in the graduate outcomes survey
  • organisations that request information to help prevent and detect crime, including sharing personal information for law enforcement purposes to prevent fraud and to assist organisations involved in the prevention of fraud where it is necessary and proportionate

We may share your personal data with other organisations where:

We may share your personal data with other organisations where learning is funded by another public authority. This information is shared to help those organisations do their work. These include Department for Work and Pensions managing the European Social Fund, and combined authorities in city regions and the Greater London Authority managing devolved adult education budget funding.

We may also share your personal data with other organisations where a further education college or other training provider can no longer deliver your training funded by DfE or ESFA. This may be where a training provider has stopped trading. To help you continue learning, DfE will arrange to securely transfer your information from your last training provider to your next training provider or to DfE if your learning does not continue straight away. To do this:

  • the DfE and training providers share data to make sure information held about you and your funded learning is accurate
  • DfE and your training provider may need to share your information with another training provider (for example, to confirm a claim for funding from ESFA) and with an awarding organisation (for example, to confirm what stage your learning has reached)

We may also share your personal data with other organisations where DfE and ESFA are notified of an issue regarding safeguarding of children and young people.

Other people and organisations may also share personal data with DfE and ESFA, for example when they make a complaint or raise a concern with us. This can include information shared in accordance with the statutory guidance keeping children safe in education and working together to safeguard children. This information will be used to investigate complaints and to ensure trusts and academies comply with the regulations (Education (Independent School Standards) Regulations 2014) and their funding agreement.

How long we will keep your personal data

We will only keep your personal data for as long as we need it. DfE has a disposal schedule for personal data based on the needs of the department and the law. We may need to keep some of your personal data for 66 years for research and producing statistics.

We will take the necessary steps to keep your information safe. It will then be securely destroyed when it is no longer needed.

If you want to know how long we keep your information, please write to DfE Departmental Records Officer using our secure contact form.

Storing personal data outside the UK

When DfE stores personal data outside the UK, we will make sure we comply with the data protection law and take additional steps to keep your personal data safe, which can include additional technical and security arrangements, contractual agreements and data sharing agreements.

Your data protection rights

Under data protection law, you have rights including:

  • your right of access – you have the right to ask us for copies of your personal information
  • your right to rectification – you have the right to ask us to rectify personal information you think is inaccurate, you also have the right to ask us to complete information you think is incomplete
  • your right to erasure – you have the right to ask us to erase your personal information in certain circumstances
  • your right to restriction of processing – you have the right to ask us to restrict the processing of your personal information in certain circumstances
  • your right to object to processing – you have the right to object to the processing of your personal information in certain circumstances
  • your right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances

You are not required to pay any charge for exercising your rights. If you make a request we have 1 month to respond to you.

How to make a subject access request

You have the right to ask for access to your personal information, known as a subject access request. See the DfE Personal Information Charter for further details

To make a subject access request you can use the DfE contact form.

Alternatively, you can make a subject access request in writing. Post your request to:

Data Protection Officer
Department for Education (B2.28)
7 & 8 Wellington Place
Wellington Street
Leeds
LS1 4AW

Include as much information as you can about what information you need and the years you need the information for. If possible tell us which part of the department holds the information. You’ll also need to tell us your telephone number and address.

We may need to check your identity and your right to access the information you’re requesting. This means we might ask for a copy of the identification pages of your passport or photo driving licence and proof of your current address.

We’ll try to respond to your request within 1 month. However, if your request is complex we may extend the period by a further 2 months, but we’ll tell you if this is the case.

How to complain

If you have any concerns about our use of your personal information you can make a complaint to the Data Protection Officer at:

Data Protection Officer
Department for Education (B2.28)
7 & 8 Wellington Place
Wellington Street
Leeds
LS1 4AW

You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data by writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Information Commissioner’s Office website

Changes to this privacy notice

We may change this privacy notice and we encourage you to check this privacy notice from time to time.

WMCA Privacy Notice 2021 to 2022

Your data maybe shored with the WMCA and below is a copy of their privacy notice as of March 2022. They may change this from time to time and we encourage you to check their website from time to time. 

https://www.wmca.org.uk/what-we-do/productivity-skills/adult-education-budget/aeb-documents/

Adult Education Budget Privacy Notice for the Purpose of Data Collection

How we use your personal information

The West Midlands Combined Authority (WMCA) is responsible for commissioning and funding adult education budget provision for learners within the West Midlands. We may use your personal information in our delivery of this work. The privacy notice below describes how we will treat the personal information. 

We are responsible for managing the information that we hold, and we recognise that this information is important to you. We take our responsibilities seriously and use personal information fairly, correctly and safely in line with the UK’s data protection laws.

Anyone who receives information from us is also under a legal obligation to do the same and will have a set of data protection clauses included in any contract with us.

Where we need to share sensitive or confidential information, we will do so only with your consent, or where we are legally able to do so.

How and why we collect your personal information

We collect your personal information where the law allows it, or we have a legal duty to do so. We may also receive your personal data from third parties, including other government departments.

Your personal information is collected to enable us to carry out the functions of the WMCA. The lawful basis for collecting and using your personal information will depend on the service and will normally be:

  • Where we have a contractual obligation
  • where we need to for the purposes of WMCA functions
  • where we have your consent to do so
  • where we have a legal obligation

Personal data collected from you directly

We may collect information from you:

  • face to face like when you fill in a form or survey at our careers fairs
  • over the telephone like when you contact our helpdesks
  • in correspondence that you send to us, like emails, letters and social media posts.

We may use personal data we collect directly from you to:

  • send you information about our work
  • improve the services we offer to you
  • operate our complaints policy
  • contact you for feedback on services we provide
  • ensure the protection of public funds
  • prevent and detect fraud.

Personal data collected from WMCA websites and social media channels

We may collect and process the following information:

  • details of your visits to our website including the resources that you access, weblogs and other communication data
  • subscriptions to our mailing lists.

We may use personal data we collect from websites and social media channels to:

  • ensure that our website content is presented in the best way for you 
  • provide you with information, products or services that you request from us or which we feel may interest you, where you have given us your consent
  • allow you to participate in interactive features of our service, when you choose to do so notify you about changes to our website or services.

Provider Information

During the life of your contract, we will ask Provider for the following information (either directly or via the provider’s ILR return to the Education Skills Funding Agency):

  • Data and evidence held by the provider are necessary to ensure compliance with the AEB funding rules and secure the delivery of education and training of a reasonable quality by the Provider.

This is to ensure that the resources provided by WMCA are being used effectively and efficiently and includes but is not limited to; Application Data, Performance data, Delivery profiles and Financial statement.

Personal data about learners

We collect personal data about learners from you, and third parties, including other government departments/agencies and from organisations funded by WMCA to provide learning. 

Your personal information is processed by WMCA directly and/or the ESFA, who pass it to us when they process your information on behalf of the Department for Education (DfE), to enable the DfE to carry out its functions. 

We collect and process the following information:

  • Enrolment and achievements – this is collected from learning providers following their funding terms and conditions. Learning providers include further education colleges and private training companies where you undertake learning. 
  • Individualised Learner Record (ILR) – information about you and what you are studying is collected by the ILR. See the ILR privacy notice for more details. 
  • Learning Records Service (LRS) – information about you is used by ESFA to issue you with a Unique Learner Number (ULN) and to create and keep your Personal Learning Record. See the LRS privacy notice for more details.

How we share your personal information

We may share your personal information with other services run by the WMCA, and other organisations, where the law allows it or we have a legal obligation to do so:

  • with a third party who is working for WMCA under contract
  • with organisations for the purposes of:
    • administration
    • provision of career and other guidance
    • statistical and research purposes, relating to education, training, employment and well-being prevention or detection of crime

Other organisations include:

  • Education and Skills Funding Agency
  • Department for Education
  • Department for Work and Pensions
  • Local and Combined Authorities in England

How long we will keep your personal information

We will take necessary steps to keep your information safe. It will then be securely destroyed when it is no longer needed.

We will only keep your personal data for as long as we need it. WMCA has a disposal schedule for personal data based on the needs and the law.

We may need to keep some of your personal data for 66 years for research and producing statistics.

We may need to keep your personal information indefinitely for research and statistical purposes. We will put in place necessary measures to safeguard this information.

Your data protection rights

Under the Data Protection Act, you as the Data Subject, have the following rights. Each request will be reviewed and actioned wherever possible. However, you should be aware that, due to the reasons that WMCA may be processing your information we may not be able to comply with some requests due to legal obligations. You have the right to:

  • to ask for access to information about you that we hold 
  • to have your personal data rectified, if it is inaccurate or incomplete
  • to request the deletion or removal of personal data where there is no compelling reason for its continued processing
  • to restrict our processing of your personal data (i.e. permitting its storage but no further processing)
  • to object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics
  • not to be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you

If we are processing your personal information using your consent, you can withdraw your consent at any time. 

If you need access to any of your data protection rights regarding any of the above, please do so by following the process as detailed in ESFA’s Privacy Notice.

If you would like a copy of the personal information we hold about you please contact us at:

Email: Information.officer@wmca.org.uk

Address: Data Protection Officer, 16 Summer Lane, Birmingham, B19 3SD

Further information on processing your information 

Learner information

Personal information is collected by the WMCA in accordance with the terms and conditions of funding imposed on providers of learning, for example, further education colleges and private training organisations. Your personal information is processed by the ESFA, and passed to us when they process your information on behalf of the DfE, to enable the DfE to carry out its functions.

Learner information collected by the ESFA is known as the Individualised Learner Record (ILR). The specification and standards for the ILR are published for each academic year (1 August to 31 July) by the ESFA. This specification provides more information about the use of your information.

Learner contact information collected by the ESFA may be used for the purposes of research and surveys to enable the DfE to carry out its functions or, where learning is funded by the European Social Fund (ESF), for the Department for Work and Pensions to carry out its functions. This contact information will only be used for the purposes of other research and surveys with the consent of the learner.

Learner information is also collected and supplied to the Learning Records Service, a part of the ESFA. Your information is used by the ESFA to issue learners with a Unique Learner Number, and to create and maintain your Personal Learning Record. More information about this use of learner information is published by the Learning Record Service.

Sharing data

In order for the DfE to carry out its functions:

  • the ESFA and training providers share data to ensure accuracy of information held in relation to the funding of learning – a training provider may need to share your information with another training provider in order to verify accuracy of information in relation to a claim for funding from the ESFA
  • your personal information may be shared with another training provider for the purposes of your continued learning

In the event that a further education college or other training provider is unable to continue the delivery of training funded by the ESFA (for example, where a training provider is a limited company that is dissolved) the ESFA will endeavour to make arrangements for the secure transfer of information, including your personal data, from the former training provider to another training provider to support your continued learning. It may also request information from Awarding Organisations to establish at what stage your learning has reached according to their records.

Complaints

If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer who will investigate the matter. Contact details are provided above. 

We hope that we can address any concerns you may have, but if you remain unhappy you can you can contact the Information Commissioner’s Office (ICO). For more information, visit: ico.org.uk  

More Information

For more information on WMCA’s privacy notice please visit the privacy notice on our website.

Changes to this privacy notice

We may change this privacy notice and we encourage you to check this privacy notice from time to time.

Useful documents

Our accreditation and awards

AWARDS

Ofsted Matrix Standard Quality Assurance Agency Disability Confident Campaign Black Country LEP Autism Education Trust College of Sanctuary Mindful Charter Society for Education and Training Leaders in Diversity Leaders in Safeguarding The Rainbow Flag Award National Network for the Education of Care Leavers The Alliance for Sustainability Leadership in Education HSBC Smart Money Award The Quality in Careers Standard Biaza Ragdale Hall Spa Gold College of Excellence