Privacy Notice

Our Privacy Notice

How we use your information
This privacy notice tells you what to expect when City College Southampton collects personal information. It applies to information we collect about:

  • People who study at City College Southampton (including those who apply for courses or apprenticeships)
  • Job applicants and our current and former employees
  • Visitors to our websites
  • People who wish to enquire or complain about data protection or freedom of information

How to contact us
If you want to request information about our privacy policy you can email the DPO or write to: Data Protection Officer, City College Southampton, St Mary Street, Southampton, Hampshire, SO14 1AR

People who study at City College Southampton (including those who apply for courses or apprenticeships). For information we collect, process, hold and share and why we collect and share this click here.

We also use this information to:

  • Report within the College to make decisions and to track organisational performance
  • Share with funding agencies, such as the Education and Skills Funding Agency (ESFA) and the Office for Students (OFS), as part of our contracts with them to deliver education and training
  • Share with other organisations who pay us to deliver specific training e.g. Southampton City Council and CITB
  • Share with other organisations who may provide work experience or work placements
  • Report to Local Authorities, where students live, so that they can ensure education with training is provided to all students age 16-18
  • Inform relevant agencies where a student has safeguarding (including Prevent), care or welfare needs or
  • Update student/apprentice progress and performance to parents (of children under 18) and employers (who have asked their employee to attend training as part of their work)

The lawful basis on which we use this information
We hold the legal right to collect and use personal information relating to students and apprentices and their parents and guardians. We may also receive information shared by their previous school, Local Authority, the Department for Education (DFE), and the ESFA.

We collect and use personal data in order to meet legal requirements and legitimate interests set out in the GDPR and UK Law including:

  • Article 6, and Article 9 of the GDPR (Year)
  • The Education Act 1996
  • The Further and Higher Education Act 1992
  • The Apprenticeships, Skills Children and Learning Act 2009
  • DfE’s statutory guidance on “Working Together to Safeguard Children” 2015
  • The terms and conditions of funding in contracts for education and training with the ESFA and OFS

Further information about why the ESFA requires the college to collect personal data can be found at

Collecting this information
Whilst the majority of information students and apprentices provide to us is mandatory, some is voluntary. We will inform you whether you are required to provide certain information to us or if you have a choice in this.

As an example: during enrolment, of a student or an apprentice, we will take a photograph for use on their College ID Card, which is to help with security and safeguarding. This is compulsory. We will also ask for consent to use future photographs for marketing and publicity materials, this is voluntary and individuals will be made aware of this and asked to opt in to us using photographs of them.

Storing this information
The records of individuals who apply but do not enrol with the college, will be deleted after one year.

The records of students and apprentices who study at the College are kept for a minimum of six years after the year in which you finished studying at City College. This is a contractual requirement set by our funding agencies (the ESFA and the Office for Students).

As good practice, the College reviews the retention period of our data in line with the JISC retention schedules for Further Education – further information can be found at

The National Pupil Database (NPD)
The NPD is owned and managed by the DfE and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

The law requires us to provide information about our students to the DfE as part of statutory data collections. Some of this information is then stored in the NPD to show how pupils progress as 16-18 students at key stage 5. The legislation that requires this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the NPD, go to

The DfE may share information about our students from the NPD with third parties who promote the education or well-being of children in England by:

  • Conducting research or analysis
  • Producing statistics
  • Providing information, advice or guidance

The DfE has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

  • Who is requesting the data
  • The purpose for which it is required
  • The level and sensitivity of data requested: and

The arrangements in place to store and handle the data. To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the DfE’s data sharing process, please visit:

For information about which organisations the DFE provides pupil information to, (and for which project), please visit the following website:
To contact DfE:

Current and former City College employees and job applicants
A specific privacy notice is in place for current and former employees and applicants for roles at City College.

Visitors to our websites
When someone visits we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we wish to collect personally identifiable information through our website, we will be clear about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies by City College Southampton
You can read more about how we use cookies on our Cookies page.

Events update E-Newsletter
We use a third party provider, MailChimp, to deliver our regular e-newsletter. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice.

Event registration
We use a third party provider, Akero, to register your attendance for our open events. We gather this information to register attendees as they arrive at our events and to keep them informed of future events and courses that might be of interest to them. This information will be retained for two years and will not be shared with any other organisations. For more information, please see Net Native's privacy notice.

Security and performance
City College Southampton uses a third party service to help maintain the security and performance of the City College Southampton website. To deliver this service it processes the IP addresses of visitors to the City College Southampton website.

We use a third party service,, to publish our blog. This site is hosted at, which is run by Automattic Inc. We use a standard WordPress service to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic's privacy notice.

People who contact us via social media
We use a third party provider, Hootsuite to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months. It will not be shared with any other organisations.

People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

People who make a complaint to us
When we receive a complaint from a person we create a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Complaints or queries
City College Southampton tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice does not provide exhaustive detail of all aspects of City College’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

Access to personal information
City College Southampton tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the General Data Protection Regulations. If we do hold information about you we will:

  • Give you a description of it;
  • Tell you why we are holding it;
  • Tell you who it could be disclosed to; and
  • Let you have a copy of the information in an intelligible form

To make a request to City College Southampton for any personal information we may hold about you, individuals can submit a request in writing which we would prefer was sent via, or in writing to the address at the end marked for the attention of the Data Protection Officer.

Individuals can request information verbally however, the college will seek to confirm the request in writing to ensure we have understood the request correctly. This will be for our mutual benefit.

If we do hold information about you, you can ask us to correct any mistakes by contacting the Data Protection Officer.

Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However sometimes, for example when we investigate a complaint, we will need to share personal information with those concerned and with other relevant bodies. Further information is available in our Information Charter about the factors we shall consider when deciding whether information should be disclosed.

You can also get further information on:

  • Agreements we have with other organisations for sharing information;
  • Circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
  • Our instructions to staff on how to collect, use and delete personal data; and
  • How we check that the information we hold is accurate and up to date

Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 30 April 2018.