1. What information do we hold about you?
Information we collect from you
1.1. Personal details submitted on your application or enrolment form, such as name, address, date of birth, contact information, next of kin/parents/carers for under 18’s, disability/learning difficulty, any medical or support needs, previous school, your ethnicity and if you have declared an unspent criminal conviction, or are under Police investigation.
Other Information- Purpose of Collecting Data
1.2. When you declare you have an unspent conviction, or when you are referred to the Risk Assessment Team, it starts a process of finding out whether you have an unspent conviction/s, the circumstances of the conviction, details of your supervision and progress, risks related to your conviction/s, whether these could impact you attending College, how we can mitigate and manage those risks, and whether you have any support needs. If you are involved in a police investigation, we also collect information on the alleged pending matter, which, could involve an interim Risk Assessment. We may need to contact the police or other agencies that are involved with the investigation, and we may need to add temporary safeguarding measures. All information collected as part of this process is kept securely away from general College information. Only staff involved directly with Risk Assessments can routinely access this; please refer to the Student Risk Assessment Policy. If information needs to be shared to mitigate and manage risk, or as part of support needs, it is only shared on a strict ‘need to know’ basis, as decided by the Risk Assessment Manager or Director of Student Services. For full details on how Risk Assessments are administered, you can either request a copy or our Policy, or access a copy of the Student Risk Assessment (criminal convictions) Policy (SS012)from the Risk Assessment Team, or www.leicestercollege.ac.uk
1.3. If you are on a course where a work placement with young and or vulnerable adults is a mandatory requirement, we also collect ‘spent’ conviction information that isn’t ‘protected’ in line with the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (as amended in 2013) and the Protection of Freedoms Act 2012 ‘filtering’ rules. If you are on a DMU awarded course where DBS checks are required, and you study at Leicester College, we share your Declaration form with DMU who will complete their own Risk Assessment under the Universities procedures.
1.4. The information Leicester College may collect as part of the Risk Assessment process is:
An electronic or paper Declaration of Previous Convictions form; a description of the previous and current offences, the name and contact of your Youth Justice worker, Probation Offender Manager, supervising Police Officer, or if referred by a Secure Hospital your Occupational Therapist, member of College support staff, and your signed consent for us to contact agencies and process the information. The form can be completed by the agency referring you to us and these instances, they will record their details on the form.
Details of any referrals made to the Risk Assessment team by external agencies, staff or parents/ guardians. This could include emails, details of phone calls, Teams chats, face to face record of conversation.
A Multiagency Risk Reference from any agency that you have been involved with, such as the Children and Young People’s Justice Service (formally the Youth Offending Service) /the Probation Service, or other agencies such as the Police, Leicestershire Cares, Secure Units/Hospitals, Social Care, or Prisons. The reference is completed by the agency, and generally includes information on your unspent offences and sentences, any known pending matters / pending court proceedings risk management and levels of risk, including Information which is relevant to the assessment and management of risks of young and vulnerable people within an education environment behaviours or circumstances that led to or have impacted offending, details of any orders, supervision and licence detail, progression, health and wellbeing including any support that maybe beneficial, and previous education/ history, .
If we need to meet with you to complete a Risk Assessment, we will send you an invite letter or email with your appointment date and time, and Information sheets which explain the process in more detail and a copy of this Privacy Notice. If you have an Offender Manager, we may send them a copy of the letter, and if requested will update them on the Risk Assessment date and outcome.
During your Risk Assessment, the Risk Assessment Administrator will be documenting the conversation on our Student Risk Assessment form. This is because we need to have a written record of what was discussed. At the end of the Risk Assessment, you will be given the Risk Assessment record to read to check it’s correct, and you will also need to read and sign the Student Declaration Confirmation which tells you how we handle your data, and confirms that all required information is correct, and has been disclosed to us, or it could lead to your application being withdrawn, or If on a course, being removed from the College
You may have been referred to us by our Additional Learning Support Team who provide us with a copy of your EHCP, or if you have declared and have an EHCP, we will keep this in your file as part of your Risk Assessment as there is information in your EHCP that is relevant to your Risk Assessment and, or support needs.
Information about your course, if relevant your attendance and progress record. We may refer you to other teams for support, and we will keep all details and subsequent conversations about referrals we receive. We keep information on any Disciplinaries/exclusions or incidents you may be involved in, or have been involved in at School, as they may impact the Risk Assessment, and we keep details of any emails or conversations with your previous school.
We may also have safeguarding information either from your old school or college, an agency, secure hospital or if there is current safeguarding information at the College that may impact your Risk Assessment.
If you have been referred by a member of staff, we will have any information relating to the referral in your file.
If you have disclosed that you are under investigation by the Police, or if we have been contacted by the Police, we will have all correspondence with the Police, letters, emails, telephone conversations, records from meeting/s, and if required a copy of your interim Risk Assessment. If you are coming to us from a Secure Unit, we will have details of the referral from the Unit, notes from meetings, your Care Plan, your Risk Management Plan, and any other documents related to your care and risk management that is relevant to your college application. We are usually involved in Information Sharing meetings with the Secure Unit for the duration of your course, and will have copies of updated Care Plans, risk assessment reviews and details of any conditions related to your attendance. If you are involved with the Children Using Abusive Behaviour (CUAB)or the Harmful Sexual Behaviour (HSB) processes, or are under Multi Agency Public Protection Arrangements, we will attend those meetings and have minutes and notes of those meetings, and any relevant information relating to the case which we keep in your file and use to make any required adjustments to your risk management, or support. In some cases, we may need to re-assess your attendance at college, if your risk has changed.
We may be invited to multi-agency CYPJS Risk Management Reviews that you may be involved in. We will have details of any notes, or documents shared at the meeting, which may include minutes from the last meeting or updated interventions.
We hold both electronic and paper records of your details, including name, date of birth, age, course, dates of interviews, type of offence, agencies involved, risk, risk management, support referrals, summary of contact which is kept on a secure area with access strictly limited to the Risk Assessment Team. In line with the Rehabilitation of Offenders Act as amended, we keep your information until the end of the academic year in which it became Spent, and then delete both the electronic file and confidentially shred the paper file. If your conviction is never spent, we keep it for up to 7 years (current academic year plus 6 years) and then confidentially dispose of your paper file, and we delete the electronic file.
We will also keep in the files the Declaration Form and Multi-Agency Risk Reference if applicable. The file will have copies of all the letters, forms, meetings, telephone conversations, secure emails, emails, agency references, and if you have one, the Risk Assessment Interview form and report, where applicable, Conditions, Condition meetings, termly reviews, any correspondence or paperwork that has been provided, or completed as part of your Risk assessment will also be kept in your file. In line with the Rehabilitation of Offenders Act as amended, we keep your information until the end of the academic year in which it became Spent, and then delete it. If your conviction is never spent, we keep it for the maximum 7 years (current academic year plus 6 years) and then confidentially dispose of your paper file, and we delete the electronic file.
If you have a positive DBS Disclosure Certificate, and have not declared the offences, we will need to conduct a Risk Assessment, we will have your signed Declaration Form and a Risk Assessment interview form, we may also have a Multi-Agency Reference and any other information as detailed above. As offences covered by the Exceptions Order of the Rehabilitation of Offenders Act, mean that convictions not covered by the Filtering rules, do not become Spent, we will keep until you leave the College.
2. Why do we collect this information?
2.1. We collect this information to ensure we comply with our legal obligation of ‘Duty of Care’ as a Public Body to provide a safe and inclusive environment for all students, staff and visitors of the College. Leicester College has a statutory and moral duty to ensure that the College functions with a view to safeguarding, and promoting the welfare of children, and vulnerable adults receiving education and training at the College. The Risk Assessment Policy and procedures sit within the College’s Safeguarding framework and Policy and are subject to safeguarding requirements at all time.
3. Who might we share your information with?
3.1 We keep information about your offences confidential and separate from general College information. In some instances, it may be necessary to share certain Risk Assessment information with other staff. For example, if support needs have been raised as part of the process, or if it is necessary to share certain information to mitigate and manage known or potential risk, to keep you and others safe.
3.2. In these circumstances, information is only shared on a strict ‘need to know’ basis and we always ensure staff are aware of the confidentiality of the data. There may also be the need to share certain information such as your progress and attendance on course, and any disciplinaries or incidences with external partners such as the Children and Youth Justice Service, the Probation Service, the Public Protection Team, or secure Hospital. In these circumstances, with any request we have either obtained your consent to share this information, or we have a Data Sharing Agreement in place. In some circumstances, we may be approached by the Police to provide information on a student as part of an ongoing police investigation. In these cases, we obtain a Request for Personal Data from the Police, which is signed by the Police officer requesting the information. It explains the information, which is sought, and the reason; usually being for the prevention, detection, and prosecution of crime. In these cases, they will state what data they need, and the College will decide the lawful basis for releasing that data. Similarly, if the Police share any information with us, on the grounds that it is deemed to be of importance for the protection of self or others, they would have obtained the necessary consent from you, and we are obliged to adhere to the confidentiality and safekeeping of that information and use it only as outlined within this Notice.
4. What do we do with your information?
4.1. We collect this information in order to complete the Risk Assessment process of identifying, assessing, mitigating and managing risk and to identify, implement support needs, and as part of any ongoing support and risk management, to safeguard you, other students, the college environment, its visitors and staff. kept
4.2. The information is held by the Risk Assessment Team on a confidential secure database, along with confidential hard-copy files and secure electronic files. Paper files are in a non-portable locked cabinet and in a secured drive. At the end of each academic year we provide activity reports by collating data from Risk Assessments on the activity of the team. This information is anonymous, i.e. no names are used, and is used to contribute to overall College and student performance, and risk management. We will use the information to analyse and improve our processes, systems, and overall experience of going through the process.
5. How do we protect your data?
5.1. We take the security of your data seriously and have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused, or disclosed inappropriately.
5.2. Where we engage third parties to process personal data on our behalf, we do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
6. How long do we keep this information from you?
6.1. We keep this in accordance with our document retention policy of up to 7 years. Retention periods are in line with the length of time we need to keep your personal information, in order to manage and administer your education and training, and to handle any future information issues. They also consider our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece to the next. In all cases our need to use your personal information will be readdressed on a regular basis, in accordance with legislative parameters and information which is no longer required will be disposed of.
7. How can I access the information you hold about me?
7.1. Subject access requests
The Data Protection Act 2018 grants you the right to access particular personal data that we hold about you. This is referred to as a subject access request. We will respond within one months from the point of receiving the request and all necessary information from you. Our formal response will include details of the personal data we hold about you, including the following:
Sources from which we acquired the information
The purposes for processing the information, and
Persons or entities with whom we are sharing the information
7.2. You can make a subject access request by completing the request form or by emailing it to dpo@leicestercollege.ac.uk.
8. WHAT ARE MY RIGHTS?
8.1. Subject access requests
The Data Protection Act 2018 grants you the right to access particular personal data that we hold about you.
Right to rectification
8.2. You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed. Including by means of providing a supplementary statement.
Right to erasure
8.3. You have the right to obtain from us the erasure of personal data concerning you without undue delay.
Right to restriction of processing
8.4. Subject to exemptions, you have the right to obtain from us restriction of processing where one of the following applies:
The accuracy of the personal data is contested by you and is restricted until the accuracy of the data has been verified;
The processing is unlawful and you oppose the erasure of the personal data and instead request the restriction in its use;
We no longer need the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims;
You have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections. Notification obligation regarding rectification or erasure of personal data or restriction of processing
8.5. We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effect. We shall provide you with information about those recipients if you request it.
Right to data portability
8.6. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
8.7. You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you or for the establishment exercise or defence of legal claims.
Right to not be subject to decisions based solely on automated processing
8.8. We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Accuracy of information
8.9. In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take responsible steps to ensure that accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear, and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
9. Who can I contact if I have any questions or concerns?
9.1. If you have any concerns or queries which are not answered by this Privacy Policy, or have any potential concerns about how we may use the personal data we hold, please write to the Data Protection Officer at Leicester College, Freemen’s Park Campus, Welford Road, Leicester, LE2 7LW or email dpo@leicestercollege.ac.uk.
9.2. If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing or your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.
10. Privacy notice changes
10.1. This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right at all times, to update, modify or amend this Policy. We suggest that you review this Privacy Policy from time to time to ensure you are aware of any changes we may have made, however, we will not significantly change how we use information you have already given to us without your prior agreement. The latest version of this Policy can be found on the College’s website.
Updated August 2023