S7 Privacy Notice

1  The Purpose of this Privacy Notice

S7 is a Peer Review and Development Group comprising nine sixth form colleges in the South East of England – Bexhill, BHASVIC, Collyer’s, Coulsdon ( leaving the group from September 1st 2018) Esher, Godalming, Reigate, Varndean, Woking.  You can find more about us at www.s7colleges.com

The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018 and will strengthen the rights which individuals have over the collection, processing and storage of personal data. This Privacy Notice is intended to inform you about personal information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (‘personal data’) and information that could not. In the context of the law and this notice, ‘process’ means collect, store, transfer, use or otherwise act on information.

2  How we use your personal Information

S7 promises to collect, store and process your personal data only for legitimate purposes. This Privacy Notice explains how we do this and tells you about your privacy rights and how the law protects you.

3  S7’s Privacy Promise

We promise to keep your personal data safe and private and give you a regular opportunity, at least once a year, to update it.  We promise not to sell your personal data to a third party and we will not transfer your personal data to a third party unless there is a legal requirement to do so or a legitimate business need, for example for the purpose of processing payroll.  We will give you access to your personal data within a reasonable time limit should you require it.

4  How the Law protects you

This Privacy Notice explains in some detail what kinds of personal information we collect, why we collect it, why and how we process it and how and for how long we store it. The Data Protection Act permits S7 to process your personal information if we have a legitimate reason, business reason or legal requirement to do so.  Please see Table 1.  For example, the personal information of the S7 Director and Assistant will be shared with the HR and Finance Departments of one of the S7 colleges for pay roll and employment purposes and also for the purpose of staff development and appraisal. The college may have a legal duty to share your information, for example in relation to safeguarding or PREVENT or we may ask you to consent to us sharing or processing your personal information for advertising purposes or reporting purposes, for example attendance at meetings.

5  How We Collect Your Personal Data

We collect personal data from you when you take on a particular role at college or attend a training or staff development session.  The type of personal data we collect depends on your role with us.  Please see Table 1.

Table 1

Personal Information Type*

This list is not exhaustive

Description

Reasons for requesting Personal Data which lie within business and legitimate interests and legal duties*

This list is not exhaustive

Contact Your name and how to contact you e.g., home and mobile phone numbers, email address

Staff in S7 colleges, S7 Director and S7 Officer

There are a number of business and legitimate reasons it is necessary to contact you or for us to hold this information.   For example, to let you know details about a particular course you have signed up for.

This information will be held securely and not shared with anyone else or made public.  Some internal email groups will be created in which you will be able to see other members’ email addresses

Contractual Details about your employee’s contract including qualifications and references

S7 Director and S7 Officer

 

 

To manage employee and employer relationships.

Fulfilling contractual obligations is a legal duty

Special types of personal data The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so: racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic and bio-metric data, health data including gender, criminal convictions and offences

S7 Director and S7 Officer

 

 

In order to monitor diversity effectively, it is necessary to collect personal information across all nine of the protected characteristics under the Equality Act 2010.  You may be asked to complete an Equal Opportunities Form, although completion is voluntary.
Financial Your bank details.

S7 Director and S7 Officer

 

 

This may be to pay staff or reimburse expenses.
Transactional Details about payments to and from your accounts with us, and salary payments

S7 Director and S7 Officer

 

 

 

Details about professional progress

S7 Director and S7 Officer, staff attending S7 training courses

 

 

S7 also has a legal duty to make additional employer payments relating to salary for example National Insurance contributions and LGPS and TPS pension contributions

 

We share this information between line managers for the purposes of monitoring professional progress (appraisal and more widely performance management) and for the purposes of reference writing

Documentary Data Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, driver’s licence, birth certificate or qualification certificates.

S7 Director and S7 Officer

 

 

We collect this information to ensure you are qualified or have the residency status to take up the job role for which you have been employed.
Open Data and Public Records Details about you that are in public records, such as the Electoral Register, and information about you that is openly available on the internet

Students, Staff, Volunteers, Governors

Public interest.  We may store this information if you work with us in a voluntary capacity in order to inform how we can best make use of your skills and experience
National Identifier A number or code given to you by a government to identify who you are, such as a National Insurance number

 

S7 Director and S7 Officer

 

We need National Insurance Numbers for legal reasons

6  Sharing your personal information with third parties

A staff member’s information may be shared internally, for example college email address and S7 courses previously attended.   Where S7 engages non-statutory third parties to process personal data on its behalf, for example payroll for staff, S7 requires them to do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of personal data.  For S7 staff we will share some of your personal information such as your name, address and date of birth with the Disclosure and Barring Service (DBS) so that they can check whether you have any previous convictions which would make you unsuitable for working with young people.

7  How we store your data

Data will be stored in a range of different places, including the password protected computer hard drives of the S7 Director and S7 Assistant and on paper in secure places. S7 takes the security of personal data seriously.

Sending data outside of the EEA                     

We will not send your personal data outside of the European Economic Area (‘EEA’).

Marketing                    

We may use your personal information, including images of you (photos or videos) in publicity material such as advertisements, information leaflets, newsletters, press releases or on our website to raise awareness of the services provided by S7.  We will always ask your consent to use your personal information for specific marketing purposes.

8  Use of our Website

Wherever possible, we aim to obtain your explicit consent to process information gleaned from your use of the S7 website, for example, by asking you to agree to our use of cookies.

Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.

Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally. We may aggregate it in a general way and use it to provide class information, for example to monitor the performance of a particular page on our website.

9  Personal Information and Automated Decisions

We sometimes use systems to make automated decisions for example regarding staff attendance at S7 training sessions.

10 How long we keep your personal information

We will keep your personal information for as long as you are an S7 member of staff or for 3 years whichever is the longer.

Letting us know if your personal information is incorrect       

You have the right to question any personal information we hold that you think is wrong or incomplete. Staff should update their personal data via the S7 Director or S7 Officer.

11 How to get a copy of the personal information we hold

You can request to see the personal information we hold by contacting the S7 Director or S7 Officer.  Under GDPR, from 25 May 2018, you will have the right to request your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information in this format to other organisations.

12 What if you choose to withhold your personal information or withdraw your consent for us to hold and process your information?

If you choose not to give us this personal information, or withdraw your consent to us holding or processing your personal information, it may delay or prevent us from meeting our obligations to you as a member of S7.

What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’.

13 Complaints

If you have a complaint about the way we are processing your data or any aspect of this Privacy Notice, please address your complaint in the first instance to the S7 Director.  You also have the right to complain to the Information Commissioner’s Office if you believe we are processing your personal data without a legitimate reason to do so.  The complaints form is available from their website.  https://ico.org.uk/concerns/.

14 Legal Framework

The College of Richard Collyer is the Data Controller as defined by the Data Protection Act 1998 for The College of Richard Collyer Governing Body.  If you have any questions, or want more details about how we use your personal information, you can email DPO@collyers.ac.uk  or you can telephone us on 01403 210 822

 

Date:                April 2018

Author:             Sally Bromley, Chair of S7