Golders Green College GDPR Notice
The new General Data Protection Regulation (GDPR) requires that we issue this Privacy Notice to explain who we are, what personal data we hold about you and why, how we collect, store and process it and how we may share or retain the information. It will also explain your rights in relation to your personal data, how to contact us and the supervisory authorities in the event of a complaint.
Golders Green College fully endorses and adheres to the principles of GDPR. Because we respect the individual’s right to privacy, good data protection is fundamental to our business. We have examined our procedures and will continue to consider, adapt, invest, train and communicate to maximize privacy and remain respectful of others and compliant with the GDPR.
All personal information– whether relevant to the people we serve or as part of our business, or those that work with us and our clients – however collected, stored or recorded will be treated lawfully, correctly and appropriately. All data will be processed fairly and in a transparent manner.
Who are we?
The data controller is Golders Green College, otherwise referred to as “the Company”, “we”, or “us” within this document.
It is the data controller who decides how our personal data is processed and for what purpose.
Your Personal Data– What is it?
Personal data relates to a ‘data subject’ (living individual) who can be identified from that data. Data subjects may include current, recent former and prospective students,, staff, agents, contractors or professionals. .
Personal data will usually include:
• Name, address, telephone, email, UK address, overseas address, visa details, date and place of birth.
• Restricted financial information , next of kin details, UK emergency contact details and parents contact information.
• Course information such as length and time of course, teacher, level and payment of tuition.
• Host family details such as name and address, occupation, members of family and payments received from students and paid to hosts.
• Agents details such as name and address, telephone, fax and email, commission rates and other discounts.
It is very important that data subjects keep us updated on any changes required to the data held such as changes in contact information, UK address and emergency contact information. Please contact Golders Green College with any amendments as early as possible.
How Do We Process Your Personal Data?
We comply with our obligations by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate measures are in place to protect your personal data.
We are committed to investing in security measures to ensure personal data is protected from abuse and rising cyber-crime. We have procedures in place to manage any suspected data security breach. We will notify you and the ICO regarding any suspected data security breach likely to result in a high risk to your rights and freedoms.
We take your privacy seriously and will only use your personal data as provided to us solely for the purposes of administering your account and to provide contracted services in carrying out our business and/or to conform to statutory or regulatory requirements.
Having assigned a Data protection Officer for processing data to fulfil our obligations, we are satisfied that we maintain a lawful basis for processing the personal data held. As such, specific consent is not required.
Personal details provided to and collected by us are processed:
• To inform individuals and agents of news and important information regarding the student’s course or marketing material
• To process personal and accounting information.
• To act as a managing agent on behalf of our students where they have requested us to do so.
If no lawful basis applies for processing the data, we will seek the data subject’s specific and individual consent, such as may be required for the marketing of products or services. We conduct regular quality reviews to ensure that data standards are maintained.
Where and How Data is Held
We maintain paper files, secured for confidentiality as well as digitally either on internal or external servers. Additional personal data (particularly names, telephone numbers and email addresses) may be held on staff’s mobile or smart phones.
Personal information is stored as above as well on database and software system to process personal and accounting information.
We conduct data quality reviews to ensure that data standards are maintained. Where there is no longer any legal or legitimate basis for holding data, it will be erased or destroyed.
Sharing your Personal Data
Your personal data will be treated as strictly confidential. However, we may be required to disclose certain data to third parties for the purpose of operating our business.
The circumstances leading to such disclosures will always be classified as having a legitimate reason and include:
• Disclosing personal information to the British Embassy in relation to visa and immigration matters;
• Professional and Trade bodies (English UK, British Council, ICO or Ombudsman);
• Solicitors, agents and others in relation to pre-sale enquiries or assessments
• Authorities seeking personal data or CCTV footage where available for the prevention of crime.
We will also engage third parties to process data on our behalf whether staff or student related. In doing so, we will seek confirmation that the third party is GDPR compliant. Such organisations include:
• Payroll agencies handling salaries and payments, HMRC, Department of Work and Pensions
• Banks, financial institutions, including pension providers
• Cloud based storage solutions and software providers
• Agents providing social and entertainment or educational services.
We may be required to transfer personal data to a country outside the EEA, such as by use of Dropbox, Mailchimp or SurveyMonkey. The transfer of personal data to a company in the United States of America is governed by the EU-US Privacy Shield Framework and is permitted under the Article 46(5) of GDPR.
How Long Will We Hold Information For?
We will retain data for as long as the data subject is working or studying with us. Once the data subject ceases employment, studies or collaboration, we will retain the data for a specified time as below:
• Personal data will only be retained for as long as is necessary in order to conduct our business and in accordance with statutory or regulatory requirements;
• Student related information will be retained for 5 years after their course end date at the college.
Your Rights and Your Personal Data
You have the following rights with respect to your personal data in respect of the information addressed by this Privacy Notice:
• Fair processing of information and transparency over how we use your information;
• The right to request a copy of your personal data which we hold about you;
• The right to request that we correct any personal data if it is found to be inaccurate or out of date;
• Require the removal of personal information concerning you in certain situations;
• The right to request that we provide you or a third-party with information on your personal data;
• The right to lodge a complaint with the Information Commissioner’s Office.
Guidance to all individuals’ rights and circumstances in which they apply under GDPR can be obtained from the UK Information Commissioner’s Office (ICO).
To exercise all relevant rights, queries or complaints please in the first instance contact Mr George Delmonte. He is the Data Protection Officer and may be contacted as follows:
Tel: +44 (0) 20 8905 5467
Mail: 11 Golders Green Road
You can also contact the Information Commissioners Office (ICO):
Tel: +44 (0) 303 123 1113 or
+44 (0) 1625 545 745 if you prefer to use a national rate number
Via Web: https://ico.org.uk
Mail: Information Commissioners Office
Wycliff house, Water Lane
Wilmslow, Cheshire SK9 5AF