Policy
This policy
applies to all members of London Graduate College (LGC) including students, who
could be from different countries. For the purposes of this policy, the term
“Staff” means all members of College staff including permanent, fixed term, and
temporary staff, governors, any third-party representatives, agency workers,
volunteers, interns, agents and sponsors engaged with the College.
This policy
applies to all personal and sensitive personal data processed on computers and
stored in manual (paper based) files. It aims to protect and promote the rights
of individuals and the College.
Personal Data
This is any information which relates to a living individual who can be
identified from the information. Examples of personal data:
·
A person’s name and address (postal and
email)
·
Date of birth
·
Any expression or opinion communicated
about an individual
·
Minutes of meetings, reports
·
Emails, file notes, handwritten notes,
sticky notes
·
Employment and student applications
·
Spreadsheets and/or databases with any
list of people set up by code or student/staff number
·
Employment or education history
Sensitive Personal Data
Any information relating to an individual’s:
·
Ethnicity
·
Gender
·
Religious or other beliefs
·
Political opinions
·
Membership of a trade union
·
Sexual orientation
·
Medical history
·
Offences committed or alleged to have
been committed by that individual
Definition
The Data
Protection Act 1998 is designed to protect individuals and personal data, which
is held and processed on their behalf. The Act defines the individual as
the ‘data subject’ and their personal information as ‘data’. These are
further defined as:
·
Data Subject: Any
living individual who is the subject of personal data whether in a personal or
business capacity
·
Data: Any
personal information which relates to a living individual who can be
identified. This includes any expression of opinion about the individual.
Data is
information stored electronically i.e. on computer, including word processing
documents, emails, computer records, CCTV images, microfilmed documents, backed
up files or databases, faxes and information recorded on telephone logging
systems.
Manual records
are files which are structured, accessible and form part of a ‘relevant filing
systems’ (filed by subject, reference, dividers or content), where individuals
can be identified and personal data easily accessed without the need to trawl
through a file.
General
Principles
The Data
Protection Act 1998 and new GDBR 2018 sets legislative requirements for
organisations processing personal data. The College will be open and
transparent when processing and using private and confidential information by
ensuring we follow the 8 Data Protection Principles of good data handling:
Principle 1: Personal
data shall be obtained and processed fairly and lawfully.
Principle 2: Personal
data shall be obtained only for the specified and lawful purposes and shall be
processed for limited purposes.
Principle 3: Personal
data shall be adequate, relevant and not excessive in relation to the purpose
for which it is obtained.
Principle 4: Personal
data shall be accurate and kept up to date.
Principle 5: Personal
data shall not be kept for longer than necessary.
Principle 6: Personal
data shall be processed in accordance with the rights of the data subject under
the Data Protection Act 1998.
Principle 7: Personal
data (manual and electronic) must be kept secure.
Principle 8: Personal
data shall not be transferred outside the European Union unless that country
provides adequate levels of protection for the rights of the data subject.
The College
recognises and understands the consequences of failure to comply with the
requirements of the Data Protection Act 1998 may result in:
·
Criminal and civil action;
·
Fines and damages;
·
Personal accountability and liability;
·
Suspension/withdrawal of the right to
process personal at by the Information Commissioners Office (ICO);
·
Loss of confidence in the integrity of
the College’s systems and procedures;
·
Irreparable damage to the College’s
reputation.
Roles and
Responsibilities
Staff will not
attempt to gain access to information that is not necessary to hold, know or
process. All information which is held will be relevant and accurate for the
purpose for which it is required. The information will not be kept for longer
than is necessary and will be kept secure at all times. The College will ensure
that all personal or sensitive personal information is anonymous as part of any
evaluation of assets and liability assessments except as required by law. Staff
who manage and process personal or sensitive personal information will ensure
that it is kept secure and where necessary confidential. Sensitive personal
information will only be processed fairly and lawfully and in line with the
provisions set out in the Data Protection Act 1998 and only processed in
accordance with instructions set out by the respective Data Controllers. The
College will ensure that all staff are made aware of the reasons why personal
and sensitive personal data is being processed.
Data Subjects
Rights
The College
acknowledges individuals’ rights under the Data Protection Act to access any
personal data held on our systems and in our files upon their request, or to
delete and/or correct this information if it is proven to be inaccurate,
excessive or out of date. The College recognises that individuals have the
right to make a request in writing to obtain a copy of their personal
information, if held on our systems and files. The College recognises that
individuals have the right to prevent data processing where it is causing them
damage or distress, or to opt out of automated decision making and stop direct
marketing.
College
Obligations
The College
will follow Code of Practice issued by the ICO when developing policies and
procedure in relation to data protection. The College will ensure that Data
Processing Agreements are applied to all contracts and management agreements
where the College is the data controller contracting out services and
processing of personal data to third parties (data processors). The
College will ensure this agreement clearly outlines the roles and
responsibilities of both the data controller and the data processor. The
College will adhere to and follow the 8 principles of data protection when
conducting surveys, marketing activities etc., where the College collects,
processes, stores and records all types of personal data. The College will not
transfer or share personal information with countries outside of the United
Kingdom unless that country has a recognised adequate level of protection in
place in line with the recommendations outlined in the Data Protection Act.
Complaints
Complaints
relating to breaches of the Data Protection Act 1998 and/or complaints that an
individual’s personal information is not being processed in line with the 8
principles of data protection will be managed and processed by the
Administrator. All complaints of dissatisfaction will also be processed
in accordance with the College’s Complaints Process.
Confidentiality
and Information Sharing
The College
will only share information in accordance with the provisions set out in the
Data Protection Act 1998. Where applicable the College will inform individuals
of the identity of third parties to whom we may share, disclose or be required
to pass on information to, whilst accounting for any exemptions which may apply
under the Data Protection Act 1998.
Privacy Notice
We are committed to safeguarding the
confidentiality of information provided by all employers, students, and users
of our website in compliance with legislation and regulation in force at the
moment and in the future. We shall be open and transparent in all our dealings
regarding the use of data and act in accordance with all codes of practice.
1)
What
information will we collect and store both computerized and manual?
Similar information will be
collected for both staff and students as follows:
Name:
Address:
Telephone No:
Date of birth:
Sex:
Nationality:
Disabilities (if any):
Ethnic Origin:
Educational qualification:
Work experience:
References:
Next of kin:
Visa status:
Passport No:
2)
How
will we use your personal data?
The personal data that we
collect from you will only be used in the necessary running of the college. In
relation to employees we need to provide various government authorities with
details about you e.g. HMRC. In relation to students we may need to provide
details to eg HEFC, awarding bodies local authorities and the Home Office. We
shall not sell/give your data to third parties for marketing purposes without
your consent. We would only disclose information on you if required to do so
legally. We will only retain your data as long as is necessary either for legal
reasons or the requirements of official bodies. However, the cvs of
unsuccessful applicants or students will only be kept for 9 months.
3)
How
will we secure your data?
Some data will be held in
metal/ wooden cabinets which will be locked when unattended and held in secured
offices. Personal data held on computerized systems will be protected by
firewalls anti-virus software and passwords which are regularly changed. The
college will keep back up files securely held in the event of corruption of
data on computerized systems. All staff with access to your required data will
receive training in their legal responsibilities to safeguard your data. In the
event of a data breach that is likely to harm by putting your personal data at
risk we would notify the ICO within 72 hours of becoming aware of it. We would
also notify individuals if they had been put at high risk.
4)
How
long will your data be held?
Your data will only be held
as long as is necessary either for statutory requirements or for your benefit
e.g. so request for references can be provided. We will review on a regular
basis our data requirements.
5)
Cookie
policy
We do not collect cookies.
6)
What
rights do you have regarding data held by London Graduate College (LGC)?
You entitled to request to
see information that we hold about you within a month of asking for it. We will
not charge you for providing this.
7)
Who
should I contact If I have question about this privacy policy and data
protection?
Registrar
London Graduate College (LGC)
Suite 6,
The Generator Business Centre
95 Miles
Road, Mitcham, Surrey
United
Kingdom, CR4 3FH
Email:
info@lgc.ac
Phone:
+442084081546