You may have heard about an outbreak of Meningitis in the county, and we can understand that you may be worried about this. In response to this, we want to ensure that you are aware of what symptoms to look out for and understand what you need to do if you or your young person develops symptoms.
Please note, our Colleges and Training Centres remain open as usual, and at present, we have not recorded any confirmed cases.
East Kent Colleges Group processes a substantial amount of personal data in relation to students, staff and other individuals that we work with. In all cases, we commit to ensuring that personal data is handled, stored and disposed of confidentially and securely. We will always undertake to tell individuals how we use their data and why we collect it through our privacy notices, (for further details please see the right to be informed). This page tells you about how we protect personal data, what your rights are and where you can get help.
Our status:
East Kent Colleges Group is the Data Controller.
Our registered address is:
Ramsgate Road
Broadstairs
Kent
CT10 1PN
Our Data Protection Policy outlines the technical and organisational measure that we take to protect personal data.
We will only process your data if it meets one or more of the following lawful bases:
We have a records retention schedule in place and will not keep personal data for any longer than we need to. When we dispose of personal data, we use a secure, confidential waste service.
The Data Protection Officer is Jack Collison, Group Director of Corporate Services. He can be contacted at DPO@eastkent.ac.uk or on 01843 605024.
If you’re a data subject and you want to request your personal data, please go to the ‘your rights‘ tab above.
Please note that East Kent Colleges Group does not need to gain consent from a data subject in order in these circumstances.
If you are a parent, carer or guardian wherever possible, we encourage you to use ProPortal to make any enquiries about your child or young person’s course and progress. If you request further information staff will always check whether they are permitted to share this information and must not share data in circumstances where the safety and welfare of a student may be compromised. Staff will always verify the identity of the requestor before releasing any data. This will be done by ensuring the contact number or email address of the requestor matches that on the system before responding. If the caller’s telephone number does not match that on the system, staff will verify identity by asking the caller to verify 3 personal identifiers from the list below:
Callers must answer 3 of the above personal identifier questions correctly for staff to release data to them.
If you have a complaint about how we’ve handled your personal data, you should firstly contact DPO@eastkent.ac.uk. If you’re still not satisfied, you may complain to the Information Commissioner’s Office.
We have Privacy Notices for each stage of data processing so that you’re clear about how your data is used. Our Privacy Notices tell you:
If we need to process your data for any purpose not detailed in our Privacy Notice, we will give you further information and obtain your consent where appropriate.
Our main Privacy Notices are as follows:
East Kent Colleges Group’s Colleges and business units have Privacy Notices in place for specific services such as the Canterbury Sports Centre, counselling etc.
We also publish a Register of Processing Activities which gives details about the personal data we collect and use in respect of our students and staff.
If you wish to request personal data that we hold about you, you can make your request verbally or in writing. To enable us to provide you with the information in a timely manner, we would prefer you to complete this form and submit it to the department that you’re requesting the information from.
If you are not known to us, we will have to validate your identity which can be done by showing us one or more of the following original documents:
We won’t normally charge to provide information but there may be certain circumstances when a charge can be made: for example, where the request is manifestly unfounded or excessive, we may charge a ‘reasonable fee’ for the administrative costs of complying with the request.
We can also charge a reasonable fee if you request further copies of your data when we’ve already responded to your request. In all cases, we will follow guidance from the Information Commissioner’s Officer and will tell you if any charges apply.
When you ask for your personal data to be amended we will do this within 20 working days of you telling us. You may advise us verbally of any changes to your personal data (address, telephone number, emergency contact details etc) but we would prefer it if you put it in writing to the relevant department. Please ensure that you tell us when your personal data needs to be amended so that we can maintain accurate records for you.
You have the right to ask for your personal data to be deleted if there is no lawful basis for its continued processing. All requests should be made, preferably in writing, to the relevant department. Please note that we do have the right to refuse a request for erasure/deletion if we are obliged to continuing processing your data to meet a lawful basis. Requests for erasure/deletion will be actioned within 20 working days. We will not process data deletion requests from third party websites due to the security implications involved. Please contact us directly if you would like your data erased so we can verify your identity before we action the request for you.
Requests to restrict us from processing your personal data can be made, however there may be reasons why we may not be able to comply, for example if we need to continue processing the data to meet a lawful basis.
You may object to processing under certain circumstances and requests should be made to the relevant department, preferably in writing
East Kent Colleges Group (EKC Group, “the Group”) is a data controller as defined by the UK General Data Protection Regulation and the Data Protection Act 2018. Our ROPA describes how and why we use personal information. As a data subject, you have a number of rights. You can:
If you would like to exercise any of these rights, please contact your College or training provider.
The Group needs to collect and process personal data in order to provide services to students, manage its operations effectively, and meet legal requirements. The Record of Processing Activity (ROPA) details the categories of data subjects and personal data that we process, as well as the purpose of the processing along with any recipients the personal data may be shared with.
Personal data is information that relates to an identifiable individual. It can also include ‘special category data’, which is sensitive information for example data related to your racial or ethnic origin, religious or other beliefs, physical or mental health, the processing of which is subject to strict requirements. Similarly, information about criminal convictions and offences is also subject to strict requirements.
The Group processes large volumes of personal data for several purposes, for example:
Through all stages of our data processing, we remain compliant with the Data Protection Act 2018 (‘DPA’).
We may also process the following special categories of personal data (for example, in the case that you choose to provide these to us or for us to meet our statutory obligations):
In certain circumstances we must share personal data with a third party if this is required by law or because it otherwise deems it to be necessary to achieve a specified purpose. The Group complies with the UK General Data Protection Regulation and the Data Protection Act 2018 when disclosing personal data.
The types of people and organisations that we may be required to share personal data with is as follows:
It may be necessary for us to transfer personal data outside the UK where our data processors hold servers outside the UK or where suppliers, service providers and research partners are based outside the UK.
Where we transfer personal data outside of the UK as part of these relationships, we ensure appropriate contracts or other safeguards are in place.
The Group only holds personal data for as long as is necessary for the purpose(s) for which it is collected. The Group have a detailed Record Retention Policy in place.
The Group takes the security of your data seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place as appropriate to protect the data and to comply with our data protection, confidentiality and security standards.
Privacy notices exist within the Group in respect of data held, you will be presented with these as and when you access services or use facilities. You will also find them here.
The Data Protection Officer is responsible for advising the Group on compliance with data protection legislation and monitoring its performance against it. If you have any concerns regarding the way in which the Group is processing your personal data, please contact the DPO named below.
| ROPA for | EKC Group (“The Group”) |
| ICO Registration Number | Z7597166 |
| Date Registered | 2018 |
| Data Controller | EKC Group |
| Data Protection Officer (DPO) | Jack Collison
01843 605034 |
If you are unsatisfied with the way we have processed your personal data, or have any questions or concerns about your data please contact the DPO (details above). If we are not able to resolve the issue to your satisfaction, you have the right to apply to the Information Commissioner’s Office (ICO).
Last review: 04/12/2024
