Open CTA Modal
Skip to main content

The Bedford College Group Data Privacy Policy

Hair & Beauty Barbering Banner Tresham College

We understand that privacy and the security of your personal information is extremely important.

This policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over the personal information we hold about you.

This policy relates to The Bedford College Group (registered Bedford College) and includes the brands Bedford College, Central Bedfordshire College, National College for Motorsport, Shuttleworth College, The Bedford Sixth Form and Tresham College. It also includes any other brands we add to this group in the future.

This document applies to students, prospective students and employees, and visitors who attend one of our campuses, visit our website and social media pages or contact the College by other means.

Download our Privacy Policy

This policy was updated on Thursday 31 August 2023.

Privacy Policy

1. What sort of information do we collect?

We collect a variety of personal data and special category data.

  • Personal information data includes information such as: contact information, such as your name, username, address, email address and phone numbers; your date of birth and national identifiers (such as your National Insurance number or passport number), information about your employment.
  • Special category information includes information such as: information about your physical or mental health, including genetic information or biometric information, information about your race, ethnic origin and religion.

 

Further information on how, and why we process specific types of special category data can be found in our Policy on the Processing of Special Category data and Criminal Convictions located on our policies page. https://bedfordcollegegroup.ac.uk/about/policies-procedures/

 

We collect the following information about you:

1.1 If you apply for a course or enrol

a) Information about you including:

  • Personal details about yourself including your name, date of birth, unique learner number (if a student) and national insurance number
  • Contact details including address, telephone number and email address.
  • Details of your previous qualifications, employment and educational history
  • Information about your nationality and residency, and previous address if applicable
  • Information about medical or health conditions, including whether or not you have a learning disability or difficulty, ethnicity
  • Household information (this is collected only for the Education and Skills Funding Agency (ESFA) and is not used by the College)
  • Free school meals eligibility
  • Attendance marks such as sessions attended, number of absences and absence reasons
  • Information to monitor and report on student discipline and progress and support your learning
  • Your destination after College.
  • Your postcode for the provision of mapping geographical demographic information.

b) We collect parent/carer/emergency contacts. For those over age 18 at the start of the academic year, the information is optional.

c) We collect your bank details if you need to pay for your course or you are in receipt of a bursary. If you pay for a course online, your card information is not held by us. It is collected by our third party payment processors who specialise in the secure online capture and processing of credit/debit card transactions.

d) We collect the name of your last school.

e) We collect your consent to keep in touch with you about our products and services, future events and College news, and to take photography and record audio and video content to showcase the College to prospective students and the community.

f) We take your photograph to display on your College ID card.

g) We collect data about criminal convictions.

h) We collect your sexual orientation, gender identity and religion.

j) Test results from COVID tests (as appropriate)

 

1.2 If you make an enquiry, book to attend an event or enter a competition

a) We collect personal contact details including email address and mobile telephone number and postal address

b) Your date of birth

c) In some cases, we collect the name of your last school and your subject interests

d) We collect your consent to keep in touch with you about our products and services

 

1.3 If you visit our websites

a) We place cookies and text files on your computer to collect data on your behaviour on our websites

 

1.4 If you apply for a job

a) We collect personal information, such as name, address, contact details, employment history, and qualifications

b) We also collect special categories of data such as gender, age, ethnic group, religious beliefs, disability and sexual orientation, and information about your health

1.5 If you attend one of our campuses

a) We may capture your image on our CCTV systems

b) If you are a visitor, we will also collect your name, company (if applicable) and car registration

c) We monitor your internet browsing.

2. How do we collect information from you?

For students, most of the information above is collected directly from you via online forms on our websites, application forms, enrolment forms or in person over the telephone or face-to-face. However some information such as previous qualifications, or special needs, may be collected from other organisations such as the DfE, the Local Education Authority, or your previous school.

For staff, most of the information above is collected directly from you via application forms and submissions on to the HR systems in operation, in person, over the telephone or face-to-face. However some information such as medical information, DBS checks, pension’s information and references may be collected from other organisations such as the Pensions authorities/ provider, the Payroll provider or named referees.

3. Why do we collect your information?

The Bedford College Group needs to collect and process data so we can provide you with the highest standards of service we are able to give, and to meet its legal obligations from government organisations such as the DfE and Office for Students (OfS)

More specifically, we collect the following data for the following reasons:

How we use your information

 

Legal (Lawful) basis
If you apply for a Course Information about you

(See section 1.1a above)

In order to meet our legal obligations with the Education & Skills Funding Agency (ESFA), Office for Students (OfS)/Higher Education Statistics Agency (HESA part of JISC https://www.hesa.ac.uk/about/regulation/data-protection/notices ). They are also necessary in order for us to carry out our public task to provide education and training.

With regards, to your email address, to support you (i.e. your legitimate interest), we will share this with awarding bodies (if able to) to enable you to receive an e–certificates from them. This will facilitate timely receipt of your results.

Parent/carer/emergency contacts We collect this so that we can communicate with them if it is in your vital interest

For under 18-year olds, we collect this as part of our public task in order to support your education and learning as fully as possible

 

Bank details (if you need to pay for your course or you are in receipt of bursary)

 

 

We collect this so that we can fulfil our contract with you. If you pay for a course online, your card information is not held by us. It is collected by our third-party payment processors who specialise in the secure online capture and processing of credit/debit card transactions

 

The name of your last school

 

As part of our Legitimate Interests so that we can monitor progression from our feeder schools

 

Your consent

 

To keep in touch with you about our products and services, future events and College news, and to take photography and record audio and video

 

Take your Photograph to display on your college ID card

 

As part of our legitimate interests to ensure the safety of all our students and provide you access to our facilities.

 

Criminal Convictions

 

As a part of our Public Task in order to carry out our duty to safeguard our staff and students.

 

Information regarding your Sexual orientation, gender identity and religion

 

As part of our Public Task to ensure that you are not discriminated against in any way

You do however have the option not to provide this information (by using the prefer not to say option)

If you make an enquiry , book to attend an event or enter a competition

 

Personal contact details (email address, mobile telephone number and postal address)

 

As part of our legitimate interests so that we can respond to you.

 

(This does not only apply to current students)

Date of birth As part of our legitimate interests so that we can uniquely identify you if you wish to follow up your enquiry.

 

(This does not only apply to current students)

 

The name of your last school and your subject interests

 

As part of our Legitimate Interests so that we can monitor progression from our feeder schools

 

Your consent

 

To keep in touch with you about our products and services, future events and College news

 

If you visit our websites We place cookies and text files on your computer to collect data on your behaviour on our websites We use cookies on our website to give you the most relevant experience. By clicking “accept” you consent to our cookie policy. For more information on how we use cookies see our Cookies and Remarketing Policy via the following link: https://bedfordcollegegroup.ac.uk/cookies-and-re-marketing-policy/

 

If you apply for a job Personal information, such as name, address, contact details, employment history, qualifications achieved

 

We collect this under our legitimate interest so that we can process your job application.
Special categories of data such as gender, age, ethnic group, religious beliefs, disability and sexual orientation, and information about your health As part of our legal obligations in relation to equalities and non-discrimination.

 

Further information is contained within our Policy on processing special categories of personal data and criminal convictions data located via the following link: https://bedfordcollegegroup.ac.uk/about/policies-procedures/

 

If you attend one of our campuses Capture your image on CCTV

 

As part of our legitimate interest to ensure the safety of our students, staff and visitors, and the protection of our buildings and assets

 

Name, company (if applicable) and car registration  (if you are a visitor)

 

As part of our legitimate interest to ensure the safety of our students, staff and visitors, and the protection of our buildings and assets

 

Monitor your internet browsing As part of our legitimate interests to ensure the safety of our students and staff

 

 

4. How do we use your information?

We are committed to being transparent about what we collect, how we use your data and meeting our data protection obligations.

We collect and process your personal data to:

  • Meet our statutory obligations as a Further Education (FE) College
  • Deal with and respond to any enquiries you have made with us about our products and services
  • Process application or enrolment forms you’ve submitted for a course, study programme or apprenticeship programme
  • Effectively manage your learning, including:
    • monitoring and reporting on your progress
    • providing pastoral care
    • registering with awarding bodies (so that they provide your certification), and
    • administering learning loans
  • Deal with and respond to any events you have booked on to or competitions you’ve entered into
  • Seek your views, comments and feedback on our products and services, and notify you of changes
  • Send you communication which you have requested and that may be of interest on our products, services, news and events
  • Personalise your visits to our websites, including remarketing activities
  • Conduct market research, either ourselves or through reputable agencies
  • Support statistical analysis
  • Ensure the safety of our students, staff and visitors, and the protection of our buildings and assets
  • Process application forms you’ve submitted for a job vacancy.

The Bedford College Group needs to collect and process data so we can provide you with the highest standards of service we are able to give, and to meet its legal obligations from government organisations such as the DfE and OfS. Data regarding employment status and benefits is required to assess your eligibility for fee discounts, support or access to student bursaries.

Where the organisation processes other special categories of personal data, such as information about age, gender, ethnic origin, disability or health, this is done for the purposes of equal opportunities monitoring and monitor our service provision to improve our services to specific groups. We also use the data so we can personalise the provision to each student to provide them with the best possible opportunities to succeed.

5. What if I do not provide the personal information you require?

For Students: If you do not provide the data required to meet legal obligations, we will not be able to enrol you as a student.

For Staff: If you do not provide the data required to meet legal obligations, we will not be able to engage you at the college and/ or fulfil any contract between us.

If you do not provide the other information we request, for example whether you have a learning difficulty or disability, it may result in us being unable to provide support for any additional needs and may compromise on high standard.

6. Where do we store your personal information?

Your personal information is stored securely in a range of different places, including student information and recruitment management systems, on electronic documents within a secure network and on paper, stored in secure places and with restricted access by only those authorised.

7. Who has access to your personal information?

7 (a) Sharing data within the Bedford College Group (Internally)

Your information may be shared internally, including with any staff from The Bedford College Group who need the data to provide services to students. This will include special categories of data where appropriate.

 

7 (b) Sharing data with Third Parties 

The College will only share your data with third parties such as the Department of Education (DfE) / ESFA, OfS, Learner Records Service (LRS), awarding and examination bodies, Student Loans Company (SLC) and local authorities, where there is a legal basis to do so.

Where the Group receives a request from an appropriate body, we may share your personal data for law enforcement purposes, i.e. for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

From time to time, we engage non-statutory third parties to process personal data on our behalf, for example to follow up course applications during busy periods or undertake research. Where this happens, we require these parties to do so on the basis of written instructions, under a duty of confidentiality and an obligation to implement appropriate technical and organisational measures to ensure the security of data, and never to use it for their own direct marketing purposes. We will only disclose personal information that is necessary to carry out the task or provide the service to you on our behalf.

 

7(b)(i) Data used by / shared with the Department for Education (DfE) including the Education and Skills Funding Agency (ESFA)

For the purposes of relevant data protection legislation, the DfE is the data controller for personal data processed by Education and Skills Funding Agency (ESFA).

Your personal information in your Individualised Learner Record (ILR) is used by the DfE to exercise its functions under article 6(1)(e) of the UK GDPR and to meet our statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009.

The ILR collects data about learners and learning undertaken. We  must collect and return the data to the ESFA each year under the terms of a funding agreement, contract or grant agreement. This helps ensure that public money distributed through the DfE / ESFA is being spent in line with government targets. It is also used for education, training, employment, and well- being purposes, including research. We retain ILR learner data for 3 years for operational purposes and 66 years for research purposes. For more information about the ILR and the data collected, please see the ILR specification at https://www.gov.uk/government/collections/individualised-learner-record-ilr

For more information about how your personal data is used by the DfE and your individual rights, please see the DfE Personal Information Charter (https://www.gov.uk/government/organisations/department-for-education/about/personal-information-charter) and the “Privacy Notice for key stage 5 and adult education “ issued by DfE (https://www.gov.uk/government/publications/esfa-privacy-notice) 

For more information about how HESA use personal data then please access https://www.hesa.ac.uk/about/website/privacy .

7(b)(ii) Data used by / shared with the Learning Records Service (LRS)

The information you supply will be used by the Skills Funding Agency, an executive agency of the Department for Education (DfE), to issue you with a Unique Learner Number (ULN), and to create your Personal Learning Record. For more information about how your information is processed and shared refer to the Privacy Notice available on gov.uk (https://www.gov.uk/government/publications/lrs-privacy-notices)

7(b)(iii) Data shared with the Higher Education Statistics Agency (HESA)

Personal data is shared with the Higher Education Statistics Agency (HESA), part of Jisc, for the purposes of conducting the Graduate Outcomes survey, which is a UK-wide survey capturing information about the activities and perspectives of graduates 15 months after they finish their studies. All eligible graduates who complete a higher education course are asked to take part in the survey, in order to help current and future students gain an insight into career destinations and development.

More information about how Jisc processes your data can be found in the Graduate Outcomes Privacy Information.

8. International transfers of your personal data

From time to time we may transfer your personal information to our service providers based outside of the UK for the purposes described in this Privacy Policy. If we do this your personal information will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators.

9. How do we protect your personal information?

The organisation takes the security of your personal information very seriously. We have policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Our Data Protection Policy is available to view on our website via the following link:

https://bedfordcollegegroup.ac.uk/about/policies-procedures/

10. How long do we keep hold of your information?

We review our retention periods for personal information on a regular basis.

We are legally required to hold some types of information to fulfil our statutory obligations, for example all personal data collected and processed on behalf of the DfE, ESFA or OfS is held for as long as we are legally required to do so, currently until at least 2030.

Other data will be held as long as is necessary to fulfil our duty as a college and/or to undertake relevant activity. See our Retention Policy via the following link https://bedfordcollegegroup.ac.uk/about/policies-procedures/

11. Keeping you informed

From time to time, we would like to tell you about our products and services, events and College news we think you might be interested in. We will do this by post and, where you have consented to us doing so, we may also do this by email, text message or telephone. We will not send you marketing messages if you have not indicated to.

As a student, and where you have consented to us doing so, we may also take photographs, audio and video of your time here to showcase the College to prospective students and the community.

You can change your marketing preferences at any time by contacting us using the contact details outlined in the Contact us section (Section 15) below.

12. Websites and social media

Our websites contain links to other websites. This Privacy Statement only applies to this website so when you link to other websites you should read their own privacy statements.

When using one of our websites, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’ or ‘share’ a new story. When doing this your personal information may be visible to the providers of those social networks, their other users and/or The Bedford College Group. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

You can engage with us on social media through one of our official social media pages. To participate in these you will need to like our page and can opt-out at any time.

13. Your rights

Under the General Data Protection Regulations (GDPR) data subjects have several rights subject to certain exemptions: 

Subject Access Request as a Service

We are committed to providing the information you request as part of your Subject Access Request and have procedures in place to ensure this occurs in a timely fashion. We do not have agreements in place with any third-party platforms that offer “Subject Access Requests as a Service”. As a responsible data controller of your personal information, this represents significant risks when sharing data. The right of access afforded to you, does not obligate data controllers to share data with 3rd parties. It is our policy to provide the information directly to data subjects ensuring the safety and security of the information throughout the process.

  • The right to rectification: If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
  • The right to object: You have the right to object to the processing of your personal data where we are relying on a Legitimate Interest and there is something about your particular situation, which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. Please refer to section 3 for the lawful basis under which we process your data and section 10, for how long we retain your information.
  • The Right to Erasure: This enables you to ask the organisation to delete or stop processing your data, for example where the data is no longer necessary for the stated purposes of processing and where the organisation is relying on consent or its legitimate interests as the legal ground for processing. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons. Please refer to section 3, for the lawful basis under which we process your data and section 10 for how long we retain your information.
  • The Right to Restrict Processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios:

(i) if our use of the data is unlawful but you do not want us to erase it,

(ii) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it,

(iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims or

(iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Please refer to section 3 for the lawful basis under which we process your data.

  • The Right to Data Portability (request to transfer): We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right may only apply to automated information which you initially provided consent for the organisation to use or where the organisation used the information to perform a contract with you.
  • The Right to object to automated decision making. You have the right to object to any decision made by solely automated means. You can ask for human intervention on any decision, to express the Group’s point of view and to obtain an explanation of the Group’s decision. You also have the right to challenge the decision.

Where possible we will seek to comply with your request but we may be required to hold, retain or process information to comply with a legal obligation or as a public task. 

  • If you would like to exercise any of these rights, please contact us using the details in the contact us (section 15)

Please Note: We will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect your personal information against fraudulent requests.

We will monitor future guidance from the Information Commissioner’s Office but currently undertake our own reasonable measures to verify the identity of data subjects. We would like to assure you that the protection of your data is our main concern and we are committed to providing information as part of any valid request.

For more information on your rights, please refer to the website of the Information Commissioner’s Office (ICO).

14. Changes to this policy

We may occasionally make changes to the Policy, in particular when there are significant changes in related legislation or in Group’s strategy. When this happens we will place an updated version on the Group’s website and the date this has been amended.

15. Contact us

If you would like to:

  • Exercise one of your rights as set out above, or
  • Have a question regarding the way your personal information is processed

Please contact us using one of the methods below:

Email: Mydata@bedford.ac.uk

Post: 

The Data Protection Officer

The Bedford College Group,

Tresham College;

Windmill Avenue,

Kettering;

NN15 6ER

Should this still not be resolved, you have the right to complain to the supervisory authority – the Information Commissioner’s Office (ICO). Contact details for the ICO can be found on www.ico.org.uk

  • If you wish to raise a concern regarding a data breach please contact:

By Email: Dataprotection@bedford.ac.uk