Next Open Day:  Thursday, 26th September 5:30pm - 8:00pm
Privacy


Privacy StatementYour Privacy Matters to Us

We are South Gloucestershire and Stroud College (also known as SGS). Here's a summary of how we respect your privacy and protect your data.

Learn more about how we manage data SGS Sport Community and Junior Clubs Privacy Statement SGS College - COVID-19 Testing Privacy Statement

The data we collect about youSGS collects and processes personal data about prospective, current and former learners and their parents; suppliers and contractors; and other individuals connected to or visiting the College.

The personal data we process takes different forms - it may be demographic information (such as names and addresses), factual information, expressions of interest and opinion, images or other recorded information which identifies or relates to a living individual. Examples include:

  • names, addresses, telephone numbers, email addresses and other contact details;
  • names and contact details of parents and guardians;
  • admissions, academic, disciplinary and other education-related records, information about special educational and other support needs, references, examination scripts and marks;
  • education and employment data, including progression data;
  • images, audio and video recordings;
  • financial information (including for bursary assessment or for educational funding); and
  • courses, meetings or events attended.

As a further education college, we also need to process special category personal data (including, for example, health, ethnicity, religion or biometric data) and criminal record information about some individuals (particularly learners on health and social care courses, or courses of study which come into contact with children or vulnerable adults). We always collect special category data in accordance with applicable law (including with respect to safeguarding, employment and the Public Sector Equality Duty) or by explicit consent.


Collecting, processing and sharing personal dataHow we use the data we collect about you We aim to collect most of the personal data we process directly from the individual concerned (or in the case of learners, from their parents or guardians). In some cases, we collect data from third parties (for example, previous schools, referees from the Disclosure and Barring Service, or professionals or authorities working with the individual) or from publicly available resources.

Personal data held by us is only processed by trained members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around the use of technology and devices, and access to college systems.

We process personal data to support the College's operations and in particular for:

  • the recruitment, selection and enrolment of learners;
  • the provision of education to learners, including the administration of the curriculum and timetable, and monitoring learner progress and educational needs;
  • reporting upon progress and attainment internally and to parents; making administration entries to public examinations; publishing results and providing references;
  • the provision of educational support and related services to learners (and parents), including the maintenance of discipline; the provision of careers and library services; the administration of sports fixtures, trips and educational study visits; and the provision of the IT and communication systems and our virtual learning environment (these are all administered in accordance with our IT policies);
  • the safeguarding of learner's welfare and the provision of pastoral care, welfare and, where appropriate, health care;
  • research into and development of effective teaching, learning and assessment;
  • compliance with legislation and regulation, including the preparation of information for inspections by the Office for Standards in Education (Ofsted) and the Office for Students (OfS), and for the submission of periodic census data;
  • operational management, including the compilation of learner records; the administration of invoices, fees and accounts (including outstanding debt); the management of the College’s property; the management of security and safety arrangements (including the use of CCTV in accordance with our CCTV policies); management planning and forecasting; research and statistical analysis; the administration and implementation of the College's rules and policies for learners and staff; the maintenance of historic archives and other operational purposes;
  • staff administration, including the recruitment of staff and engagement of contractors (including compliance with DBS procedures); administration of payroll, pensions and sick leave; review and appraisal of staff performance; conduct of any grievance, capability or disciplinary procedures; maintenance of appropriate human resources records for current and former staff; the provision of references; and
  • the advertisement and promotion of the College through its own websites and prospectuses and other publications and communications (including through our social media channels).

The processing set out above is carried out in order to fulfil our legal and contractual obligations (including those related to our staff employment contracts). These purposes also form part of our legitimate interests.

How we share the data we collect about youIn the course of providing education, support or other services, we may need to share personal data (including special category personal data, where appropriate) with third parties such as awarding bodies, the Department for Education, the Education and Skills Funding Agency, local authorities (including the West of England Combined Authority, WECA) and other relevant authorities (such as the Local Children Safeguarding Board, the Disclosure and Barring Service, UK Visas and Immigration and HM Revenue and Customs). Some of our systems are provided by third parties or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.

We may share your data with:

  • organisations operating anti-plagiarism software on our behalf (such as Turnitin);
  • third parties who work with us to provide student accommodation;
  • third parties who provide parking services to the SGS Group (for further details, see CPM UK Ltd);
  • third parties who work with us to provide student support services (e.g. counselling and occupational health);
  • third parties who provide online portfolio systems (such as Smart Assessor for further details, click here);
  • internal and external auditors;
  • the European Social Fund and the European Regional Development Fund (for projects funded by them to open doors to skills, to work, to qualifications and to a more inclusive society for all Europeans');
  • those with an interest in tracking student progress and attendance, including student sponsors, the Student Loan Company and Research Councils and the National Apprenticeship service);
  • current or potential education providers (for example, where you take part in an exchange programme as part of your course);
  • current or potential employers (to provide references and, where students are sponsored by their employer and/or where you take part in a placement, to provide details of progress/attendance);
  • crime prevention or detection agencies (e.g. the police, the Department for Work and Pensions and Trading Standards);
  • parents, guardians and next of kin (where there is a legitimate reason for disclosure);
  • third parties conducting surveys (for example, the National Student Survey and the FE Choices Survey; the College uses Questback to conduct internal surveys);
  • the Student Union at SGS
  • third parties who provide services, including, for example, the provision of credit control, debt collection and payment plan services (such as Oriel Collections Limited; for further details, click here); and
  • parent(s) or guardian(s) if under the age of 18 for the purposes outlined in the 'How We Share Your Data' section and in the event of an outstanding debt for a course of any academic year that has failed to have been paid within 30 days of the start date of said course.

We do not transfer personal data outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.

South Gloucestershire and Stroud College does not share or sell personal data to other organisations for its own purposes.

We will share ordinary personal data with the parents (or guardians) of learners under the age of 18 for the purposes of keeping parents (or guardians) informed about activities, progress and behaviour, and in the interests of a learner's welfare, unless, in our opinion, there is a good reason to do otherwise.

We use technology and third party service providers to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser or where you are geographically located.

We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find interesting. As when using all websites, we recommend that to read the cookie notice carefully before consenting to the use of cookies.

Security of your data

We retain personal data only for a legitimate and lawful reason and only for as long as necessary or as required by law. The College has also adopted Data Retention Guidelines, which set out the time period for which different categories of data are kept.

We have physical, electronic and managerial procedures to safeguard and secure the information we collect.

But please remember

  • You provide personal data at your own risk; unfortunately no data transmission is guaranteed to be 100% secure.
  • When using college systems, you are responsible for your username and password; keep them safe and secret!
  • If you believe your privacy has been breached, please contact us immediately by emailing DataPrivacy@sgscol.ac.uk.

Your RightsYou have various rights under data protection law to know and understand what personal data we hold about you, and in some cases to ask for it to be erased or amended, or for us to stop processing it, subject to certain exemptions and limitations.

View our Data Privacy & Protection Policy

You always have the right to withdraw consent, where given, or to otherwise object to receiving marketing communications. Please be aware, however, that the school may have another lawful reason to process the personal data in question, even without your consent. That reason will usually have been asserted under this Privacy Notice, or may exist under some form of contract or agreement with you (e.g. an employment contract, or because you have purchased goods or services from the College).

If you would like to know what personal data we hold or request that the College amend it, or you would like it to be transferred to another person or organisation, or you have some other objection to how your personal data is used, please contact the College.

We will respond to any such written requests as soon as is reasonably practicable and in any event within statutory time limits, which is one month in the case of requests for access to information. The College will always be better able to respond more quickly to smaller, targeted requests for information. If we consider a request to be manifestly excessive or similar to previous requests, we may ask you to reconsider it.

You should be aware that the right of access provides a right to know what information we hold and for what purpose, but it does not provide an automatic right to assess the documents your personal data may be contained within, and certain data is exempt from the right of access. This may include information which identifies other individuals, is commercially sensitive or is subject to legal privilege. We are also not required to disclose examination scripts, or any confidential reference given by us for the purposes of the education, training or employment of any individual.

Your choices

View our Data Privacy & Protection Policy

The rights under data protection legislation belong to the individual to whom the data relates. However, we will often rely on parental consent to process personal data relating to learners (if consent is required) unless, given the nature of the processing in question and the learner's age and understanding, it is more appropriate to rely on the learner's consent.

Parents should be aware that in such situations they may not be consulted, depending on the interests of the child, the parents’ rights at law or under their contract, and all the circumstances.

However, where a learner seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement for their personal data to be disclosed to their parents, we may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise for example, where we believe that disclosure is in the best interests of the learner, others or is required by law.

Access to and correction of your information

Learners, and other individuals, can make subject access requests for their own personal data. A person with parental responsibility is also entitled to make a subject access request on behalf of a learner, but the information in question is always considered to be the learner's. Where a parent or other representative seeks to make a subject access request on behalf of a learner, the College will act to obtain the consent of that learner before disclosing personal data.

You may request that we confirm whether or not we are processing your personal data. If we are, you may request a copy of your personal data, which we will provide free of charge, together with information about how we process it, such as the purposes of the processing and the categories of personal data concerned. However, this is not an absolute right and the interests of other individuals may restrict your right of access. For further copies, we may charge a reasonable fee based on administrative costs. We may decline requests that are excessive or repetitive.

Rectification: You may edit some of the personal data we hold about you. You can also ask us to change, update or fix your personal data in certain cases for example, if it is inaccurate.

Erasure: You can request that we erase your personal data. However, this is not an absolute right and we may be unable to erase personal data that we are required to retain for statutory, contractual or other purposes.

Restrict processing: You can ask us to restrict our processing of your personal data, but only under certain circumstances, such as if your personal data is inaccurate or unlawfully held.

Data portability: You may ask for a copy of the personal data you provided to us in a structured, commonly used and machine-readable format, and you may have the right to transmit this data to another entity.

Objections: You may object to the processing of your personal data on grounds relating to your particular situation under certain circumstances for example, for direct marketing. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us, unless there are over-riding compelling legitimate grounds for the processing, or as otherwise provided under applicable law.

Please note that we may need to retain certain information for record-keeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or permitted by applicable law.

Changes of details: The College takes all reasonable steps to ensure that personal data held in relation to an individual is as up-to-date and accurate as possible. However, the College expects that individuals will notify us of any significant changes to important information, such as contact details.

Our Data Privacy and Protection Policy

View our Data Privacy & Protection Policy

This privacy notice should be read in conjunction with our other policies, procedures and terms and conditions which make reference to personal data, including but not limited to our Data Privacy and Protection Policy and our IT Acceptable Use Policy. The College may update this privacy notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website and to you directly, as far as practicable.

If you believe that we have not complied with this policy or have acted otherwise than in accordance with data protection law, you should notify us at DataPrivacy@sgscol.ac.uk. You can also make a referral to or lodge a complaint with the United Kingdom's Information Commissioner's Office (ICO), although the ICO recommends that you seek to resolve concerns with us directly before involving them.

The purposes for processing personal data

View our Data Privacy & Protection Policy

SGS Group and its subsidiaries will only process personal data where that processing is a necessary, targeted and proportionate way of achieving the Group or its subsidiaries' mission.

By way of general guidance

The SGS Group's lawful basis for processing personal data in respect of employee information is that the processing is necessary to fulfil contractual and HMRC obligations, and those within the 'keeping children safe in education' statutory guidance.

The lawful basis for processing personal data in respect of enrolment, funding, awarding body registration, teaching, student support, performance monitoring and research is that the processing is necessary for the organisation to perform a task in the public interest and for its official functions; these tasks and functions have a clear basis in law.

The lawful basis for processing personal data in respect of alumni relations, internal events, fundraising purposes, direct marketing and marketing research is the pursuit of the Group's legitimate interests. (This includes the intra-SGS Group transfer of data for administrative purposes, where those purposes are not detrimental to the rights of the data subject.) SGS Group and its subsidiaries have a lawful basis for further processing, where that processing assists the Trust in achieving its mission and is compatible with the purpose for which the data was initially collected.

SGS Group and its subsidiaries will further process personal data for archiving purposes in the public interest and for research and statistical purposes. The processing of personal data in respect of keeping children safe in education is a legal obligation under the Education Act 2002.

When undertaking any major project concerning the processing of personal data, or considering processing that is likely to result in a high risk to individuals interests, SGS Group will undertake a Data Protection Impact Assessment (DPIA).

SGS Group will share data with the Department for Education (DfE), the Education and Skills Funding Agency and the Office for Students on a statutory basis. This data sharing underpins educational funding and educational attainment policy and monitoring.

Where required, SGS Group will share information about students with our local authority (LA) and the Department for Education (DfE) under section 3 of the Education (Information about Individual Pupils) (England) Regulations 2013.

For academies and free schools, and where required, SGS Group will share information about pupils with the (DfE) under Regulation 5 of the Education (Information about Individual Pupils) (England) Regulations 2013.

SGS Group will share information about students, including special category data, with the Fisher Family Trust or Alps. This information is shared for the purpose of educational attainment monitoring. Information shared with the Fisher Family Trust is subject to a data-sharing agreement for schools using Aspire and is covered through the end user license agreement, which is aligned to GDPR.

For higher education learners, and where required, SGS Group will share information about students with the Office for Students (OfS), the Higher Education Funding Council for England (HEFCE), the Higher Education Statistics Agency (HESA), the Home Office (in connection with UK visas and immigration) and council tax and electoral registration officers at relevant local authorities (for the purpose of assessing liability for council tax and for electoral registration purposes).

Data Breach Notification Guidance

Read our Data Breach Notification Guidance Document.

If you're concerned about your privacy or worried that there may have been a data breach, please contact us.

Our Data Protection Officer can be contacted at:

Data Protection Office
South Gloucestershire and Stroud College
Filton Campus, Filton Avenue
Bristol, BS34 7AT

DataPrivacy@sgscol.ac.uk
0800 0567 253 / 0117 931 2121 / 01453 763 424

We can be reached at any of our campuses (just ask at Reception).

Help us make this good statement great

We designed this privacy notice to be as transparent, useful and informative as possible and we would love to hear any feedback on how we can make it even better. Please contact us at talktous@sgscol.ac.uk, and one final plea: please don't let this be the last time you read this notice. We may make changes to it from time to time and in response to your feedback - remember, it's your data and your privacy that we're trying to protect!

SGS Sport Community and Junior Clubs

We currently collect and process information about individuals registered on an SGS Sport Community or Junior Sport Club.

View our SGS Sport Community and Junior Clubs Privacy Statement

COVID-19 Testing Privacy Statement

View our COVID-19 Testing Privacy Statement