Let us know who you are to generate an accurate course search
Full-time courses and apprenticeships to achieve your career or university goals
Part-time courses, Higher Education and apprenticeships to enhance your career
Apprenticeships and sector-focused courses to develop the skills of your workforce
1. IntroductionSouthampton City College (SCC) is committed to protecting the rights and privacy of individuals, including students, employees and others, in accordance with the Data Protection Act 2018.SCC needs to process certain information about its employees, governors, students, parents and guardians and other individuals with whom it has a relationship for various purposes such as, but not limited to:
To comply with various legal obligations SCC must ensure that all this information about individuals is collected and used fairly, stored safely and securely, and not disclosed to any third party unlawfully.
2. ComplianceThis policy applies to all employees, governors and students of SCC. Any breach of this policy or of the Regulation itself could be considered an offence and the College’s disciplinary procedures may be invoked.As a matter of best practice, other agencies and individuals, such as counselling services, working with SCC and who have access to personal information, will be expected to read and comply with this policy. College Managers who are responsible for dealing with external organisations will take the responsibility for ensuring that such bodies sign a contract which among other things will include an agreement to abide by this policy.This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments to the Data Protection Act and other relevant legislation.
3. Data Protection Act 2018The Data Protection Act 2018 is a UK Act of Parliament which complements the EU's General Data Protection Regulations (GDPR).
The Data Protection Act 2018 regulates the processing of personal data and protects the rights and privacy of all living individuals (including children), for example by giving all individuals who are the subject of personal data a general right of access to the personal data which relates to them. Individuals can exercise the right to gain access to their information by means of a 'subject access request'. Personal data is any information relating to a living individual and may be in hard or soft copy (paper/manual files; electronic records; photographs; CCTV images), and may include facts or opinions about a person.
4. Responsibilities under the GDPRSCC will be the ‘data controller’. Under the terms of the legislation, this means it is ultimately responsible for controlling the use and processing of the personal data.
5. Data Protection PrinciplesThe legislation places a responsibility on every data controller to adhere to the six principles of the Data Protection Act and ensure data is:
6. Lawful bases for collecting and processingSCC is able to process data if any ONE of the following lawful bases for collecting and processing that data is met.
Where consent is chosen as the lawful basis, the indication of consent must be unambiguous and involve a clear affirmative action (i.e. an opt-in).
SCC will ensure that forms (whether physical or electronic) used to gather data on an individual will explain the use of that data, how the data may be used and also clearly state when an individual needs to consent to the processing.SCC will include the specified DfE statement on its student enrolment form and update this when required following the ESFA’s technical guidance: ESFA Privacy Notice 2021-2022 (pdf)SCC will include a link to the Office for Students privacy notice on HE enrolment forms. Read the Office for Students Privacy Notice (new window).CCTV systems operate within SCC. Images are recorded for the purpose of crime prevention and public safety based on our legitimate interest of protecting the safety and wellbeing of employees, governors, students and visitors to the College. Images are erased after one month.
7. Subject Access RightsIndividuals have a right to access any personal data relating to them which are held by the College. Any individual wishing to exercise this right should apply in writing to the DPO. Any employee receiving a subject access request should forward this to the DPO.The College will provide the requested data free of charge, but reserves the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive, or requests further copies of the same information already provided.Under the terms of the legislation, any such requests must be met within one month of receipt.
8. Disclosure of DataSCC will only disclose data as notified in its Privacy Notice and where a data sharing agreement is in place with the third party. Therefore, employees and governors should exercise caution when asked to disclose personal data held on another individual or third party.Legitimate disclosures may occur in the following instances:
In no circumstances will SCC sell any of its databases to a third party.
9. Publication of College InformationSCC publishes various items which will include some personal data, e.g.• Internal telephone directory.• Event information.• Photos and information in marketing materials.It may be that in some circumstances an individual wishes their data processed for such reasons to be kept confidential or restricted to College access only. Therefore, SCC will offer an opportunity to opt-out of the publication of such data when collecting the information.
10. EmailIt is the policy of SCC to ensure that senders and recipients of email are made aware that under Data Protection and Freedom of Information Legislation, the contents of email may have to be disclosed in response to a request for information. One means by which this will be communicated will be by a disclaimer on the College’s email.Under the “Regulation of Investigatory Powers Act 2000, Lawful Business Practice Regulations” any email sent to or from the College may be accessed by authorised College employees, other than the recipient, for system management and security purposes.
11. Data Breach ReportingAs soon as a data breach is discovered it must be reported to the DPO who will notify the ICO within 72 hours. The Data Breach Procedure will be followed.
12. Data Protection Officer (DPO)The DPO can be contacted using the email address DP@shcg.ac.uk or in writing at:
13. Status of this PolicyThis policy was approved by the Board in December 2021.The operation of this policy will be kept under review by the Data Protection Officer and future reviews approved by the Senior Management Team.Date approved: May 2018Approved by: BoardDate of Review: December 2021Date of next review: December 2023