Thank you for visiting West Suffolk College (www.wsc.ac.uk). West Suffolk College is committed to respecting your privacy and the privacy of every visitor to our website and we strive to take the appropriate measures to protect your personal information.
Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the General Data Protection Regulation which is the governing legislation that regulates data protection across the EEA. This includes any replacement legislation coming into effect from time to time.
West Suffolk College is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under Data Protection Legislation to notify you of the information contained in this privacy notice.
This policy applies to students, prospective students and employees, and visitors who attend one of our campuses, visit our website and social media pages or contact the College by other means.
The information we collect and when
We only collect information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of information that we will collect on you, and you voluntarily provide to us on this website includes:
- Your name
- Telephone number(s)
- Email address
- Survey responses
- IP address
If you apply for a course or enrol at the College
When you apply for a course or enrol at West Suffolk College, we have a (Legal Obligation) under Article 6.1c and 6.1e (Public Task) to process your data and to share your data with the Education & Skills Funding Agency (ESFA), the FIS (Funding Information System - which is a desktop service application element of the Education and Skills Funding Agency’s data collections system) and the Office for Students (OfS). The processing of your personal data is also necessary in order for us to carry out our public task to provide education and training. We are required by ESFA to retain this data until at least 2030.
The data that we process when you apply for a course or enrol at West Suffolk College includes:
- Details about yourself including your name, date of birth, unique learner number and gender
- Contact details – including address, telephone number and email address
- Details of your previous qualifications, employment and educational history
- Information about your nationality and residency, and previous address if applicable
- Information about medical or health conditions, including whether or not you have a learning disability or difficulty, ethnicity
- Household information (this is collected only for the ESFA and is not used by the College)
- Free school meals eligibility
- Attendance marks such as sessions attended, number of absences and absence reasons
- Information to monitor and report on student discipline and progress and support your learning
- Your destination after College.
- To enable the college to support your learning we collect and process parent/carer/emergency contacts under Article 6.1d GDPR (Vital Interests) and Article 6.1e (Public Task.
- In the instance you pay for your course or receive a bursary we will need to process and collect your bank details under Article 6.1b GDPR Article (Contracts).
- To enable us to monitor performance from our feeder schools we collect and store the name of your last school under Article 6.1f GDPR (Legitimate Interests).
- To enable us to keep you informed about our latest products and services, including future events and informative college news, we collect your consent under Article 6.1a (Consent). We also rely on the lawful basis of consent to take photography and record audio and video content to showcase the College to prospective students and the community.
- To ensure you can access all of the college facilities and for us to ensure your safety. We take your photograph to display on your College ID card under Article 6.1b GDPR (Contract).
- As a college we have a duty of care and a responsibility to protect the vital interests of others. To enable us to protect these interests we will collect data about criminal convictions under Article 6.1d GDPR.
If you attend our campus
To ensure the safety of our staff, students and visitors while on our campus, your image maybe captured and stored on our CCTV systems under Article 6.1f GDPR (Legitimate Interests). If your require further information on how we process images collected from our CCTV please request a copy of our CCTV Policy.
If you are a visitor to the College, we will also collect your name, company (if applicable) and car registration number under Article 6.1f GDPR Article (Legitimate interests) for the safety of our visitors and staff while on the College premises.
Parent / Guardian Communication
Your Parent / Guardian will only be contacted with important information relating to your safety, wellbeing and education whilst you study with us. As a key influencer in a young person’s decision making, from time to time we may contact parents of students with details of upcoming events that may be of interest when their young person is considering next steps after college
We may also occasionally contact your parent/guardian with information about relevant events and opportunities, but only
where you or they have indicated they would like to receive these communications.
All parent/guardian data is held securely on a college system with restricted access. The data is held on this system for the duration of the time the student studies with us and is then deleted within three months.
How we use your information
We collect and process your personal data to:
- Meet our statutory obligations as an FE College
- Deal with and respond to any enquiries you have made with us about our products and services
- Process application or enrolment forms you’ve submitted for a course, study programme or apprenticeship programme
- Effectively manage your learning, including monitoring and reporting on your progress, providing pastoral care, registering with awarding bodies, and administering learning loans
- Deal with and respond to any events you have booked on to or competitions you’ve entered into
- Seek your views, comments and feedback on our products and services, and notify you of changes
- Send you communication which you have requested and that may be of interest on our products, services, news and events
- Personalise your visits to our websites, including remarketing activities
- For statistical analysis
- Ensure the safety of our students, staff and visitors, and the protection of our buildings and assets
- Process application forms you’ve submitted for a job vacancy
- From time to time we may contact students with details of upcoming events that may be of interest to them when considering their next steps after college, i.e. Apprenticeships events, University Studies events
Where the College processes other special categories of personal data, such as information about age, gender, ethnic origin, disability or health, this is done for the purposes of equal opportunities monitoring and monitor our service provision to improve our services to specific groups. We also use the data so we can personalise the provision to each student to provide them with the best possible opportunities to succeed.
Who we might share your information with
We will only share your data with third parties where there is a legal obligation to do so, including ESFA, OfS, Learner Records Service (LRS), examination bodies, Student Loans Company (SLC) and local authorities.
We may also share your personal data with other organisations in the following circumstances:
- If the law or a public authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
- From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
- We also engage non-statutory third parties to process personal data on our behalf, for example to follow up course applications during busy periods, help us deliver our services to you or undertake research. When we do this, we require these parties (data processors) to do so on the basis of written instructions, under a duty of confidentiality and an obligation to implement appropriate technical and organisational measures to ensure the security of data, and to never use it for their own direct marketing purposes. We will only disclose the personal information that is necessary to carry out the task or provide the service to you on our behalf.
West Suffolk College will also share your data with the University of East Anglia to facilitate the delivery and evaluation of the programmes they run with students in the College as a part of the Network for East Anglian Collaborative Outreach (neaco) programme. The data will only be shared if a student attends an activity within the programme of Outreach at the College.
How long we keep your information for
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation, and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored for a period of [2 years] after [our last contact with you/some other identifiable action or period], at which point it will be deleted.
Your rights over your information
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 30 days from when your identity has been confirmed.
We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
For more information about your privacy rights
The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here ico.org.uk/for-the-public
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
Data security is of great importance to West Suffolk College and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
- Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
- Implementing access controls to our information technology
- We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.
- Never asking you for your passwords;
- Advising you never to enter your account number or password into an email or after following a link from an email
Protection of Personal Information
West Suffolk College takes precautions, including administrative, technical, and physical measures, to safeguard your data against loss, theft, and misuse, as well as against unauthorised access, disclosure, alteration, and destruction.
West Suffolk College uses industry-standard efforts to safeguard the confidentiality of data, including encryption, firewalls and SSL (Secure Sockets Layer). We have implemented reasonable administrative, technical, and physical security controls to protect against the loss, misuse, or alteration of your data.
ClickDimensions is a marketing automation software that we use as part of our CRM (Customer Relationship Management) system. It helps us in designing emails that we send to our subscribers and allows subscribers to easily unsubscribe from receiving any more emails from us if they choose to do so. When you click on a link from an email, we have sent to the college website, the system is able to see which link you have clicked on.
We also use Twilio with ClickDimensions and our CRM. While there are no Twilio cookies used on our website, using Twilio allows us to send text messages to specific groups of people such as a specific group of students for those who have opted in to receive communications, and also in times of need such as during a closure due to severe weather such as snow.
We want as many people as possible to be able to use this website. To this end we have ReachDeck software on the site that allows you to use the site for speech, reading and translation support. Find out more about how we're making this website accessible.
You will be able to see on your screen a button with an icon that looks like an ear. This is ReachDeck, and by clicking on it, this allows you to do a range of things including enlarging the size of text, changing the colour and contrast of a page, letting it read the text on a page to you or highlighting text and allowing the reader to read it back out loud, among many other useful features. We use this to make sure our website is as accessible to as many people as possible, including those with reading, visual or hearing impairments. The cookie used by ReachDeck is Google Analytics.
We use the iBoss cloud to secure your internet access on any device, from any location, in the cloud. iBoss is a cloud-based platform with a focus on following you instead of perimeters to ensure that internet access is always secure regardless of your location. Since you are always connected to iBoss cloud at the College, your access to the cloud and internet is always protected.
We use the Meraki service to give us visibility into the devices and networks being used at the College, the devices that you may bring into the College and the applications that you may use. It provides you with easy-to-deploy networking solutions while you are here that we can centrally manage from the cloud and it lets us check-in the devices that are secure and lock out those that are not from our network.
We use the Facebook Pixel on the website. This conversion tracking helps us measure the return on investment of our Facebook Ads by reporting on the actions people take after viewing those ads. Advertisers can create pixels that track conversions, add them to the pages of their website where the conversions will happen, and then track these conversions back to ads they are running on Facebook. We use the conversion pixel to retarget adverts towards people who have visited the college website on occasion.
To opt out of these, click here to update your settings on Facebook.
You can opt out of specific cookies in different ways depending on your browser. However, this may affect the performance and functionality of the website on the device, which you opt out from.
If you have a concern about how we handle your data, or you would like to make a complaint it will be dealt with in accordance with the College’s Complaints Procedure which can be viewed on request or found here. If the College is unable to satisfactorily resolve the complaint, enquirers have the right to complain to the Office of the Information Commissioner at the following address:
- The Information Commission, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you would like to exercise one of your rights as set out above, or have a question or complaint about this Policy, the way your personal information is processed, please contact us:
For data breaches
For all other enquiries
By post: Data Protection Lead, West Suffolk College, Out Risbygate, Bury St Edmunds, Suffolk, IP33 3RL