East Kent Colleges Group is committed to ensuring the privacy of any personal data that it processes.
East Kent Colleges Group processes a substantial amount of personal data in relation to students, staff and other individuals that we work with. In all cases, we commit to ensuring that personal data is handled, stored and disposed of confidentially and securely. We will always undertake to tell individuals how we use their data and why we collect it through our privacy notices, (for further details please see the right to be informed). This page tells you about how we protect personal data, what your rights are and where you can get help.
East Kent Colleges Group is the Data Controller.
Our registered address is:
Our Data Protection policy outlines the technical and organisational measure that we take to protect personal data.
We will only process your data if it meets one or more of the following lawful bases:
- Consent – where an individual has given their consent via clear, affirmative action e.g. providing a signature or ticking a box;
- Performance of a contract e.g. an employment contract, learning agreement etc;
- Legal obligation – because the law requires the data to be processed e.g. for the purposes of HMRC payments;
- Vital interest – to protect the individual in the case of an emergency;
- Public interest or exercise of official authority e.g. provision of statistical returns, to comply with government funding requirements etc;
We have a records retention schedule in place and will not keep personal data for any longer than we need to. When we dispose of personal data, we use a secure, confidential waste service.
The Data Protection Officer is Jack Collison, Group Head of Corporate Services. He can be contacted at DPO@eastkent.ac.uk or on 01843 605024.
If you’re a data subject and you want to request your personal data, go to the ‘right to access’ tab below.
Please note that East Kent Colleges Group does not need to gain consent from a data subject in order in these circumstances.
If you are a parent, carer or guardian wherever possible, we encourage you to use ProPortal to make any enquiries about your child or young person’s course and progress. If you request further information staff will always check whether they are permitted to share this information and must not share data in circumstances where the safety and welfare of a student may be compromised. Staff will always verify the identity of the requestor before releasing any data. This will be done by ensuring the contact number or email address of the requestor matches that on the system before responding. If the caller’s telephone number does not match that on the system, staff will verify identity by asking the caller to verify 3 personal identifiers from the list below:
- Student’s Date of Birth
- Student’s phone number
- Student’s email address
- The course the student is enrolled on
- Student’s first line of address
- Student’s postcode
Callers must answer 3 of the above personal identifier questions correctly for staff to release data to them.
If you have a complaint about how we’ve handled your personal data, you should firstly contact DPO@eastkent.ac.uk. If you’re still not satisfied, you may complain to the Information Commissioner’s Office.
The right to be informed
We have Privacy Notices for each stage of data processing so that you’re clear about how your data is used. Our Privacy Notices tell you:
- What personal data we collect
- How we use it
- The legal basis for collecting and using your data
- Who may have access to your data
- How long we keep your data for
- What your rights are
- Who to contact
If we need to process your data for any purpose not detailed in our Privacy Notice, we will give you further information and obtain your consent where appropriate.
Our main Privacy Notices are as follows:
- Student enrolment
- Staff application
- Student Bursary
- Eshop goods purchase
- Student Images
- Marketing Privacy Notice
- Student Application Privacy Notice
- DBS confirmation privacy notice
East Kent Colleges Group’s Colleges and business units have Privacy Notices in place for specific services such as the Canterbury Sports Centre, counselling etc.
We also publish a Register of Processing Activities which gives details about the personal data we collect and use in respect of our students and staff.
The right to access (Subject Access Request)
If you wish to request personal data that we hold about you, you can make your request verbally or in writing. To enable us to provide you with the information in a timely manner, we would prefer you to complete this form and submit it to the department that you’re requesting the information from.
If you are not known to us, we will have to validate your identity which can be done by showing us one or more of the following original documents:
- Driving licence
- Bank statement
- Utilities bill
We won’t normally charge to provide information but there may be certain circumstances when a charge can be made: for example, where the request is manifestly unfounded or excessive, we may charge a ‘reasonable fee’ for the administrative costs of complying with the request.
We can also charge a reasonable fee if you request further copies of your data when we’ve already responded to your request. In all cases, we will follow guidance from the Information Commissioner’s Officer and will tell you if any charges apply.
The right to rectification
When you ask for your personal data to be amended we will do this within 20 working days of you telling us. You may advise us verbally of any changes to your personal data (address, telephone number, emergency contact details etc) but we would prefer it if you put it in writing to the relevant department. Please ensure that you tell us when your personal data needs to be amended so that we can maintain accurate records for you.
The right to erasure/deletion
You have the right to ask for your personal data to be deleted if there is no lawful basis for its continued processing. All requests should be made, preferably in writing, to the relevant department. Please note that we do have the right to refuse a request for erasure/deletion if we are obliged to continuing processing your data to meet a lawful basis. Requests for erasure/deletion will be actioned within 20 working days. We will not process data deletion requests from third party websites due to the security implications involved. Please contact us directly if you would like your data erased so we can verify your identity before we action the request for you.
Right to restriction
Requests to restrict us from processing your personal data can be made, however there may be reasons why we may not be able to comply, for example if we need to continue processing the data to meet a lawful basis.
Right to objection
You may object to processing under certain circumstances and requests should be made to the relevant department, preferably in writing