Privacy Statement

Education Training Collective processes personal information about its staff, students, visitors and wider community under a lawful basis, as defined in the UK Data Protection Act 2018 and UK GDPR.

In all our operations as a Further Education College Group, we use the ‘legitimate interest’ lawful basis for processing in relation to delivering our services and meeting the high expectations of our staff, students and visitors.

Sometimes, there will be situations where a staff member, student, or visitor may wish to engage with additional services or opportunities. For processing personal information in this way, we seek direct consent. This may be consent from the individual or consent from a parent or carer (depending on the individual’s ability to understand how giving consent might affect them).

We will always use ‘opted in’ consent to send you targeted marketing information. We will ensure that our marketing practices comply with the Privacy and Electronic Communications Regulation (PECR).

Some of our work with third parties (commercial or otherwise) requires us to create data sharing relationships. Whether either party is acting in a Controller or Processor role, we will always aim to use a Contract as a basis for sharing personal data and will apply data sharing compliance through a Data Sharing Agreement (the Contract, or written form of how we’ll do things).

Some information will be processed under a Legal Obligation and this usually relates to financial information, governance and corporate functions. In reference to students, we are under a legal obligation to share personal information with Local Authorities (Section 72 of the Education and Skills Act 2008).

Such information includes:
(a) the name, address and date of birth of the pupil or student;
(b) the name and address of a parent of the pupil or student;
(c) information in the institution’s possession about the pupil or student.

Where a student has not reached the age of 16, their own and their parents’ information will not be shared.

We may be relied upon to provide personal information to the Emergency Services or other agencies in order for them to save a life or where an imminent or potential threat to life or health exists. We will disclose (only the required) information to these agencies under these circumstances.

On occasion, we will be required to disclose personal information to the police for the purpose of the prevention or detection of a crime. As this purpose would be to protect the general public, we will share such information under the legal basis of a Public Task. Where special category personal data is involved and we decide to disclose information, we will also rely on the Condition of a ‘substantial public interest’ (in the prevention or detection of an unlawful act). We will not always be able to let data subjects know that we have disclosed their personal information to the police, but we will keep a record of this decision.

Education Training Collective may collect your personal information.

The methods we use (electronic form, application form, enrolment form, etc) will inform users at the point of data collection that they are submitting personal information to the College. When personal information is collected (in Enquiry Forms or Application Forms, etc), the College will provide the reason for collecting the information and how the information will be used.

Where all such data collection takes place online, a secure, encrypted connection is presented to users to protect the data they are submitting. Furthermore, once that data has been safely collected by the system, only authorised personnel will have access to that data, offering additional security.

Our student loan devices contain software that monitors compliance with our Acceptable Use Policy and helps to keep our IT estate from being misused (whether for criminal activity or for inappropriate usage).

Staff Recruitment: Please note that we will carry out online searches for all successful candidates in line with Keeping Children Safe In Education.

We may also collect personal information, submitted voluntarily, about users from their use of our own social media pages. Users should note that information submitted to social media pages is not, in the first instance, collected by us, or held on our servers, but by the third party service provider such as Facebook, X, Instagram, TikTok, etc. However, once we have collected such personal information from the external service provider, only appropriately authorised personnel will have access to this information.

We may share personal information with third party organisations (data processors) that we have engaged to provide services to us (safeguarding and cyber security service providers, etc), or with whom we have a legal duty to share information, such as funding bodies, examination boards, local authorities, etc. Such organisations are bound by the same regulations as us to use personal information only for the performance of a legal or authorised purpose.

We do not process personal data for any purposes or under any bases not listed here. If we wish to use your personal data for new purposes, we will ask for your permission directly first (via explicit and informed consent).

Under the ‘legitimate interest’ lawful basis for processing personal data we will sometimes share the personal information of employees, students, visitors, etc with third parties.

We share information in two ways:

• • One off sharing: we share information with a third parties once a year or rarely (ad hoc).

• • Systematic sharing: we share information on a regular or ongoing basis.

In all cases, we will use the most relevant method for sharing personal information and will aim to have an agreed Data Sharing Agreement in place in the form of a contract, agreement or other formal arrangement, so that each party understands how, when, why and by whom data can be shared.

We may share personal information with a range of third parties. The categories of which are as follows:

• • Local authorities (and their associated services)

• • Schools (to support transitions)

• • Employment agencies (to facilitate non-salaried staff)

• • Employers (and potential employers, re: references, work experience, placements, etc)

• • ESFA (funding body – attendance, achievement, actual destinations, etc – legal duty)

• • The Police (prevention and detection of crime, investigations)

• • DBS and background check agencies (for safeguarding)

• • Exam boards (certification, results, access arrangements)

• • Safeguarding and Security service / software providers

• • Third parties engaged to support the collection of debts

• • Other agencies where the sharing is in the best interests of the data subject.

---

The people you live with, or know you well are the best people to support you during your time in Further Education. With this in mind we may need to send out information relating to your attendance, achievement and any general information which relates specifically to your course or place of study. The types of general information may include details of college closure, updates regarding parent/carer events, updates relating to impact of external issues such as with the COVID pandemic. We will never use this information to send promotional content. We share this information under a lawful basis of legitimate interests.

---

We may be required to share personal information before, during or after your relationship with us is established (employee, student, visitor, etc).

An example of data shared afterwards is Actual Destination data, which we must provide to the Education and Skills Funding Agency (ESFA). We contact ex-students between October (after the course ends) and March (of the following calendar year). We have a legal duty to provide this information. We may call, email, text or write to you. This is not a marketing communication, but one which allows us to meet our legal duty.

We use an authorised third party to offer transport services to our staff and students, where available. To safeguard travellers, each journey can be tracked. This tracking information will be visible to parents and carers of students (for student travel) and authorised ETC personnel (for student and staff travel). We do not retain this data for longer than we need it.

To comply with government legislation and rules, we may be required to take non-contact body temperatures, manage records of those suffering coronavirus (or other) symptoms (and those who have come into close contact with a person suffering from a virus), record class seating arrangements, or process other personal and sensitive information in order to monitor Coronavirus or other situations in our buildings. We process this personal information under the lawful basis of a legal duty.

We want to protect your personal data, but we do not wish to hinder your chances of establishing or moving on with your career or life goals. If we have shared your personal information in a way that you do not like, please let us know and we will do our best to fix the issue. You can find more information about your data rights and how to contact us by viewing the ‘Your Rights’ section below.

We maintain strict physical, electronic and administrative safeguards to protect users’ personal information from unauthorised or inappropriate access. Employees, business partners and affiliates who misuse a user’s personal information are subject to disciplinary actions.

Our campuses and buildings utilise fixed-camera Closed Circuit Television systems (CCTV). These are in place for the safety and security of our staff, students, visitors and property. We store images on our CCTV systems for up to 30 days. We may be required to securely store captured images for longer to support internal or external investigations conducted by ‘competent authorities’ such as the police, etc.

Some of our staff are authorised to use portable, College-owned devices as an extension of our fixed CCTV cameras in order to safeguard persons and property. These images are captured in line with current regulations, our CCTV procedures and the facility to capture images in this way was introduced subsequent to guidance from the UK data protection regulator, the Information Commissioner’s Office (ICO).

Where Access Barriers are used across our sites, it is for the purpose of safeguarding the students, staff and visitors on our campuses. We do not use the barriers for general or targeted surveillance of individuals. However, we may use the data to help support the emergency services during emergency situations (ie, where a person may be unaccounted for in the building).

We always give our website visitors a secure connection to allow them to submit personal data to us via our online forms. We also make sure, through our use of cookie permissions, that we do not collect personal information from you until you allow us. You always have the option to say ‘no’ to cookies (which are little text files that sit on your device to remind our website how you prefer to use it) and we will respect your wishes.

Additionally, visitors will always be given access to a secure website such as WorldPay in order to submit financial data for reasons of paying for services. We do not retain your credit / debit card numbers in these instances; you are sharing this financial data directly with WorldPay, etc. We have implemented industry standard security codes of practice, rules and technical measures to protect the personal data that we have under our control to prevent:

• • unauthorised access

• • improper use or disclosure

• • unauthorised modification

• • unlawful destruction or accidental loss

All our employees and data processors (others with whom we share personal information [exam boards, employers, local authority, care agencies, financial support agencies, higher education institutes, etc]) are required to respect the confidentiality of your personal data under the strict regulation of the UK General Data Protection Regulation ( UK GDPR) and the UK Data Protection Act 2018. We have Data Sharing Agreements in place with appropriate third-parties. We ensure that your personal data will not be disclosed to third-party institutions and authorities except if permitted by a data sharing agreement, or where we are required to share by law, statutory regulation, or court order.

The free wireless connectivity available to all staff, students and guests is secured by industry standard technology to safeguard users’ personal information. In order to do this, the connection is monitored and protected by our firewall, which is made possible when users install our security certificate on their device. The types of ‘personal information’ our wireless network firewall processes is:

• • Websites visited

• • Device ID (IP address and MAC address)

• • Associated activity

Users’ non-network email account usernames and passwords (Gmail, Hotmail, etc) and other online accounts (banking, etc), including passwords, are not stored on our systems, they are kept on the users’ device.

In addition, we do not collect personal information, or track usage when users are not connecting to the internet through our firewall or controlled devices. The security certificate only grants users access through our wireless service, it does not collect or retain information from a user’s device, or track users’ device activity generally.

We monitor both inbound and outbound traffic in order to protect users’ personal information, their device and its contents.

In connecting to our wireless network, users will be expected to abide by our service terms of use and agree to have the information mentioned above monitored and recorded in the firewall logs. These logs are only kept for as long as we need them and no longer.

In line with legislation and/or government guidance and our own safeguarding procedures, we may process personal information by using safe, authenticated digital technologies to share conversations, learning content and other digitised content which may take the form of text, links, audio, video or all media formats. Our lawful basis for processing in this way remains the same: Legitimate Interest. Typically, we use Microsoft Teams to share these interactions. We may, at times, use other software for this purpose. Advice and guidance is available from tutors in relation to the safety and security of platforms. Information is also available from the software vendor: https://www.microsoft.com/en-gb/trust-center?rtc=1