Where am I? Home > About the College > College Policies > Data protection policy

Data protection policy

Introduction

  • The College of Law is committed to protecting the rights of individuals to privacy with regard to the processing of personal data 
  • It is necessary for the College to process personal data in the normal and proper conduct of academic and business operations 
  • Such processing will be conducted fairly and lawfully in accordance with the Data Protection Act 1998 
  • If you have a query regarding the accuracy of your personal data then your query will be dealt with fairly and impartially

General use of personal data

  • The College holds data on: prospective, current and former students; prospective, current and former staff; other business and academic contacts; and other individuals interested in the College 
  • This personal data is held in a variety of formats, electronic and manual 
  • The processing of personal data is subject to the rules laid down under the Data Protection Act 1998. Your personal data will be used only for proper purposes that are considered by the College to be for your benefit 
  • For students this will include (but not be restricted to) monitoring academic performance, statistical reporting, awarding qualifications and the provision of general academic and business services 
  • For staff this will include (but not be restricted to) the conduct of normal business management and employment matters 
  • For other individuals this will include (but not be restricted to) the normal conduct of academic and business relationships 
  • The protection of your personal data will be governed by the provisions of the Data Protection Act 1998. Access to your data will be restricted to those personnel to whom it is necessary for proper purposes 
  • The College will not sell your personal data to third parties. Your personal data will only be transferred to third parties where this is for proper purposes related to academic and business matters, for example where this is required by professional bodies or where it is necessary for the delivery of services by third parties to you

The principles of data protection

There are eight Data Protection principles set out under the Act. In summary they are that personal data should be:

  1. obtained and processed fairly and lawfully 
  2. held and used only for specified purposes
  3. adequate, relevant and not excessive 
  4. accurate and kept up to date 
  5. kept only for as long as is necessary 
  6. processed according to the Act 
  7. held securely 
  8. held within the European Economic Area

The College is registered as a Data Controller under the Act and will adhere to these principles and the guidelines set out by the Information Commissioner.

Consent

  • The College seeks to use your personal data only for the purposes of legitimate interests and, where practicable, with your consent 
  • For students, it is a condition of acceptance onto College courses that you consent to the College processing your personal data. By enrolling, you signify your agreement 
  • For staff, it is a condition of employment that you consent to the College processing your personal data. By applying you signify your agreement 
  • For other individuals, the College may gather your data during the course of normal academic and business activities. It will be used only for legitimate interests 
  • You have the right to know what personal data the College holds about you and for this to be correct. Procedures for the management of personal data are in place and enquiries may be made as set out below

Student information 

  • The College will hold personal data relating to your academic performance and discipline. This data may be released to appropriate third parties including professional bodies, universities, academic partners, employers and prospective employers. This may include providing references on your behalf 
  • Academic awards are considered to be public information and the names of successful candidates will be published on open pass lists in various media

Examination results

  • You are entitled to know your examination marks but are not entitled to see your examination scripts

Confidential references

  • You are not entitled to see references provided by the College on your behalf 
  • You may be entitled to see references about you received by the College, although this will depend on whether it compromises the privacy of a third party

Sensitive personal data

  • Sensitive personal data is defined under the Act to include such matters as personal beliefs and health 
  •  If the College holds Sensitive Personal Data about you then this will only be disclosed with your explicit consent or if required by law

Accessing your personal data

  • You have the right to see the personal data that the College holds about you and for that data to be corrected if it is incorrect 
  • Minor requests about your personal data may be dealt with informally in the course of normal administration, at the sole discretion of the College. In the first instance, you should contact Student Services or your tutor 
  • If you wish to make a formal request for access to your personal data then this should be made in writing to the College Academic Registrar. There is a fee of £10 which must be paid in advance

Staff information

  • Further details on the use of staff personal data may be found in the Staff Handbook on the College intranet. All enquiries should be directed to Human Resources

Further information

  • For students
    • Informal enquiries may be made to Student Services or your tutor o Formal enquiries may be made in writing to the College Academic Registrar, Guildford

  • For alumni, external contacts and visitors
    • Enquiries may be made to the Marketing Department, Guildford 

  • For staff 
    • Enquiries may be made to Human Resources

Enquiries on Data Protection policy may be addressed to the College Academic Registrar, Guildford.