• 1. What information do we hold about you?

    Information we collect from you

    • 1.1. When you applied to the College you provided us with personal data via the online or paper based application routes. This included your name, address, date of birth, contact information, gender, next of kin, previous education, previous employment and medical information including whether you have a disability. We also collected sensitive information about ethnicity, religion, nationality and sexual orientation.

    • 1.2. When you became an employee we collected additional information including your bank account details, medical history and previous attendance at work, references from previous employers and information on background checks and criminal records checks, this may be stored in a paper or electronic personal file or in the HR Database.

    Other information

    • 1.3. During your employment we also hold other information about you including your attendance, disciplinary, capability or grievance records, staff development, appraisal and performance data, this may be stored in a paper or electronic personal file or in the HR Database.

    • 1.4. We may keep information contained in any correspondence by post or email. We may record phone calls. We will also monitor the use of the College’s IT systems in line with the College’s E- Communications Policy, Safeguarding and Prevent Policy and other College policies.

    • 1.5. If you leave the College we will provide access to your One Drive files to your immediate line manager.

    • 1.6. We may record access to College buildings using the secure key card system. These records are deleted each week and would only be used in the event of an emergency evacuation.

    • 1.7. There may be occasions at College events, when photographs are taken to be used for business purpose including publicity. Notices will be displayed at such events to remind you that this is the case and asking that you let us know if you do not wish your photograph to be included.

    • 1.8. We may also obtain other information about you permitted by law from other sources. This may include social services, the police or other agencies.

  • 2. Why do we collect this information?

    • 2.1. We collect information in order to enable us to fulfil our legal obligations in relation to your employment contract. For example we need to pay you in accordance with your contract and to administer pension entitlements.

    • 2.2. In other cases we may need to process personal data, before, during and after the end of the employment relationship in order to enable us to fulfil our legal obligations in relation to providing further education in line with the Further and Higher Education Act 1992, to comply with the requirements of government funding agencies, and to meet other statutory requirements. For example, to maintain employment records, obtain occupational health advice, arrange staff development activities, provide references on request for current or former employees and to respond to and defend against legal claims.

    • 2.3. Where we process other personal data such as information about ethnicity, sexual orientation or belief, this is done for the purposes of equal opportunities monitoring. Data that we use for these purposes is anonymised or will be collected with your express consent, which can be withdrawn at any time. You are free to decide whether or not to provide such data and there are no consequences for failing to do so.

    • 3. Who might we share your information with?

      • 3.1. Your information may be shared internally, including with members of the HR team, (including recruitment and payroll), your line manager, managers in the area in which you work and IT staff if access to the data is necessary for the performance of their roles.

      • 3.2. Sensitive information such ethnicity, disability, religion, nationality and sexual orientation will only be shared internally within the HR Department. 3.3. We will keep this information about you confidential.

      • 3.4. We will share the information with third parties such as HMRC, in order to comply with our legal duties. We may also share the information in an anonymised format, with national bodies for the purposes of monitoring and research.

      • 3.5. We will share your data with third parties in order to obtain pre-employment references from other employers, obtain employment background checks from third party providers and obtain necessary criminal record checks from the Disclosure and Barring Service. We may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.

      • 3.6. We also share your data with third parties that process data on our behalf, for example in connection with payroll, the provision of benefits and the provision of occupational health services.

      • 3.7. We may be asked to share data with other third parties where there is a lawful reason for their request. These may include: the police, social services, legal firms acting on your or the College’s behalf, insurance companies acting on your or the College’s behalf and other government agencies.

    • 4. What do we do with your information?

      • 4.1. We collect this information in order to administer your contract of employment. 2

      • 4.2. The information is held on College data management systems and may be used by teaching and support staff in order to support your education and training, to report on overall College performance and to safeguard you and other students, staff and visitors.

      • 4.3. As part of the overall data we hold about all employees, we will use the information to analyse and report, in line with Government requirements, on the College’s overall performance against several indicators. As aggregated and anonymised data it will be used by the Department for Education and its agencies to calculate and publish performance data about the College.

      Transfer of your personal data outside of the European Economic Area (EEA)

      • 4.4. We do not transfer your personal data outside the EEA.

    • 5. How do we protect your data?

      • 5.1. We take the security of your data seriously and have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed inappropriately.

      • 5.2. Where we engage third parties to process personal data on our behalf, we do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

    • 6. How long do we keep this information about you?

      • 6.1. We keep information in accordance with our document retention policy. Retention periods are in line with the length of time we need to keep your personal information in order to manage and administer your contract of employment and handle any future information issues. They also take into account our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.

    • 7. How can I access the information you hold about me?

      Subject access requests

      • 7.1. The General Data Protection Regulation (GDPR) grants you the right to access particular personal data that we hold about you. This is referred to as a subject access request. We will respond within one month from the point of receiving the request and all necessary information from you. Our formal response will include details of the personal data we hold about you, including the following:

        • Sources from which we acquired the information

        • The purposes for processing the information, and

        • Persons or entities with whom we are sharing the information.

      • 7.2. You can make a subject access request by completing the request form or by emailing it to dpo@leicestercollege.ac.uk.

    • 8. What are my rights?

      Subject access requests

      • 8.1. The General Data Protection Regulation (GDPR) grants you the right to access particular personal data that we hold about you.

        Right to rectification

      • 8.2. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

        Right to erasure

      • 8.3. You have the right to obtain from us the erasure of personal data concerning you without undue delay.

        Right to restriction of processing

      • 8.4. Subject to exemptions, you have the right to obtain from us restriction of processing where one of the following applies:

        • The accuracy of the personal data is contested by you and is restricted until the accuracy of the data has been verified;

        • The processing is unlawful and you oppose the erasure of the personal data and instead request the restriction in its use;

        • We no longer need the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims;

        • You have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.

          Notification obligation regarding rectification or erasure of personal data or restriction of processing

        • 8.5. We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.

          Right to data portability

        • 8.6. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.

          Right to object

        • 8.7. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you or for the establishment exercise or defence of legal claims.

          Right to not be subject to decisions based solely on automated processing

        • 8.8. We do not carry out any automated processing, which may lead to an automated decision based on your personal data.

          Accuracy of information

        • 8.9. In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure that accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.

      • 9. Who can I contact if I have any questions or concerns?

        • 9.1. If you have any questions or queries which are not answered by this Privacy Notice, or have any potential concerns about how we may use the personal data we hold, please write to the Data Protection Officer at Leicester College, Freemen’s Park Campus, Welford Road, Leicester, LE2 7LW or email dpo@leicestercollege.ac.uk.

        • 9.2. If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation

      • 10. Privacy notice changes

        • 10.1. This Privacy Notice is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right at all times, to update, modify or amend this Notice. We suggest that you review this Privacy Notice from time to time to ensure you are aware of any changes we may have made, however, we will not significantly change how we use information you have already given to us without your prior agreement. The latest version of this Notice can be found at on the College’s website.

May 2018

Revised October 2019

Revised September 2020

Revised July 2021

Revised October 2022

Reviewed August 2023

Information relating to monitoring We use this information to assess your compliance with corporate policies and procedures and to ensure the security of our premises, IT systems and employees.

  • Information about your access to data held by us for the purposes of criminal enforcement if you are involved with this work.

  • Information derived from monitoring IT acceptable use standards.

  • Photos and CCTV images.