Award Crest
    York College

    Student Privacy Notice

    The College is committed to meeting its data protection obligations and handling Student information securely.  You should make sure you read and understand this notice before submitting your information to us.

    This Student Privacy Notice sets out what you need to know about how York College will use your information for student enquiries, application and enrolment.

    What information about you do we collect?

    When you enquire, apply or enrol at the college as a Further Education of Higher Education student we may collect and process the following kinds of information:

    • personal information – such as: your name, address, telephone number, academic attainment, your course choices, employment, etc.
    • special category personal information – such as: your ethnicity, information about your physical and mental health
    • In some cases, we need to ask you about previous convictions (for example, to enrol on courses that might require working with children)

     

    How do we collect information about you?

    We collect your information from when you enquire about making an application, make an application or register as a student.

    If you make an enquiry, we will collect your information via email or telephone.

    If you apply or register we will collect your information when you complete one of our forms (often through our website).

     

    How will your information be used?

    Your information will, or might be, used for the below purposes.  The specific examples given are not exhaustive.  We sometimes need to share information about students with other organisations.

    For academic purposes, such as administering academic courses, keeping a record of your achievement, creating an IT account for you, register you with the College’s library, examining for and conferring awards.  We may also use your information to investigate and resolve complaints and disciplinary matters.

    For student support services, such as careers advice and Free School Meals.  We will also record special category information if you use our counselling service, or to make reasonable adjustments if you make us aware of a disability.

    For payment and management purposes, such as to collect course fees (from you or someone paying for you), funding claims, to collect payment for college services (such as for printing or library fines) or to manage any debts that might be incurred. 

    We also use your information to manage our service, such as conducting statistical analysis to monitor and improve our services and for audit purposes. 

    We are also required by law to process student data for various legal and statutory duties and responsibilities, such as promoting good attendance, safeguarding and promoting the welfare of children, etc.

    For marketing purposes.

    For public safety and the prevention and detection of crime.   The College uses CCTV to collect and record images for these purposes.  The College also monitors use of its IT services to prevent access to certain websites, or types of website.  More information can be found in the College’s IT Security Policy.

    Where you choose to provide it, we also use your special category data (such as, disability, ethnicity and sexual orientation) to ensure we’re advancing equality of opportunity and treatment for all.  We will never use this information to make decisions in respect of you as an individual, and it will be held in the strictest confidence.

     

    The Legal Basis for using your information

    The table at the bottom of this page sets out the legal basis for each of the activities that this Privacy Notice covers.

    Special conditions that apply for processing under some of these conditions is explained below:

    Information required by contract (or information required to enter into a contract)

    Further and Higher Education students are required to provide us with your information to enter into a contract with the College for their course.  The consequences of not providing the information requested are that we would not be able to offer you a place, or enrol you into the College.

    Information required by law

    The law means that you have to give us some of the information we have asked for on this form.  If you don’t give us this information then we will be unable to offer you a place on a course with the College.

     

    Who will your information be shared with?

    We sometimes need to share your information within the College or with other organisations. We will only share your information when necessary and when the law allows us to, and we will only share the minimum information we need to. For student enrolment matters we may need to share your information with:

    • Parent/Carer/Legal Guardian or other family member or associate or representative students and apprentices choose to nominate as a contact or emergency contact. If you are under 18 we will share details of your education with those who have parental responsibility for you unless you opt out of the sharing, or we are aware of a valid reason not to do so.

    The information shared will include behaviour, attendance, academic progress, learner support, wellbeing and other details required to keep you safe whilst you attend college. 

    • Education, local and central government departments and agencies for audits, reviews, to comply with legal, funding and data collection requirements e.g.
    • Data Processors - businesses and organisations that we ask to process data on our behalf, such as store data (e.g. Microsoft Office 365).

    In certain cases we may also share your information with other individuals and organisations. For example, if the sharing would help with a safeguarding issue, or help prevent a crime. Sometimes, we might share your information without your knowledge.

    The College will never sell your information to anyone else.

    International transfers

    We may share your personal information with a recipient in a country outside the European Economic Area (EEA), when this is necessary to provide you with academic and support services, or fulfil a contract with you.

    When doing so we will always make sure that appropriate safeguards are in place to protect your information and your rights under privacy law.

     

    How long will we keep your information?

    We will keep your information for different periods of time, depending on what we are using it for. We only keep your information for as long as we need to, after which we will either securely delete the information.  We will keep your information for only so long as is necessary.

     

    Your rights

    The law gives you specific rights over your information.  These rights are:

    • to be informed of our use of information about you
    • of access to information about you
    • rectify information about you that is inaccurate
    • to have your information erased (the ‘right to be forgotten’)
    • to restrict how we use information about you
    • to move your information to a new service provider
    • to object to how we use information about you
    • not to have decisions made about you on the basis of automated decision making
    • to object to direct marketing
    • to complain about anything the College does with your information (please see the ‘Complaints’ section below)
    • to judicial remedy – i.e. to take action through the courts

    Some of the rights listed above apply only in certain situations, and some have a limited effect. 

    You can exercise your data protection rights (such as making a request for information about yourself) by contacting the Data Protection Officer at This email address is being protected from spambots. You need JavaScript enabled to view it..

     

    Changes to this privacy notice

    This notice is kept under regular review to make sure it is up to date and accurate.

     

    Data Protection Officer (DPO)

    The College is required by law to have a DPO.  The DPO has a number of duties, including:

    • monitoring the College’s compliance with data protection law
    • providing expert advice and guidance on data protection
    • acting as the point of contact for data subjects
    • co-operating and consulting with the Information Commissioner’s Office (see ‘Complaints’ below)

     The College’s Data Protection Officer can be contacted by email at: This email address is being protected from spambots. You need JavaScript enabled to view it..

     

    Complaints

    If you are unhappy with the way in which your information has been handled, you should contact the College’s Data Protection Officer so that we can try and put things right.

    Alternatively, and if we have been unable to resolve your complaint, you can also refer the matter to the Information Commissioner’s Office (ICO).  The ICO is the UK's independent body set up to uphold information rights, and they can investigate and adjudicate on any data protection related concerns you raise with them.  They can be contacted via the methods below:

    Website:  www.ico.org.uk

    Telephone: 0303 123 1113

    Post: Information Commissioner’s Office
    Wycliffe House Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

    You also have the right to judicial remedy in relation to the College’s processing of personal data – for example, to stop the College from doing something, or to ensure that the College does do something with your data.

     

    Cookies Policy

    What are cookies?

    Cookies are small text files of letters and numbers that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

    Why do we use them?

    Cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. They also help us to resolve problems if things go wrong and understand how users use the site and improve your experience of using our the site.

    Our cookies help us:

    • make our website work as you would expect
    • remember your settings during and between visits
    • improve the speed and security of the site
    • allow you to share pages with social networks like Twitter and Facebook
    • continuously improve our website for you.

    We do not use cookies to:

    • collect any personally identifiable information (without your express permission)
    • collect any sensitive information (without your express permission)
    • pass personally identifiable data to third parties.

    You can learn more about all the cookies we use below. Alternatively view a full list of the cookies and their uses.

    Granting us permission to use cookies

    If the settings on your software that you are using to view this website (your browser) are adjusted to accept cookies we take this, and your continued use of our website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.

    Controlling Cookies

    You can control the use and placing of any cookies on your computer through the settings you select on your internet browser. 

    You can change your browser settings to accept or refuse all cookies, choose which cookies you want or don't want, or ask to be notified when a cookie is set. You can use the help feature in your browser to see how.

    However, if you use your browser settings to block all cookies you may not be able to access all or parts of our site (and a large proportion of other websites), or you may experience reduced functionality when accessing certain services.

    Useful information about controlling cookies can be found at http://www.aboutcookies.org/or at http://www.allaboutcookies.org.

    Privacy mode

    If you do not want this site to place a cookie on your browser and track your activity, you may browse the site using "Privacy Mode" in your web browser. To learn how to use privacy mode refer to the links below depending on the browser you use.

    More about our cookies

    Social website cookies

    So you can easily 'Like' or share our content on the likes of Facebook and Twitter we have included sharing buttons on our site.

    Cookies used by us:

    The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.

    Anonymous visitor statistics cookies

    As explained above, we use cookies to compile visitor statistics and analyse user behaviour. This may include how many people have visited our website, where they go and what type of technology they're using (e.g. desktop or mobile). We do this so we can improve the website and better meet user needs. However, we do not collect Personally Identifiable Information (PII) and we cannot monitor these activities across sites we do not manage or own.

    View our list of cookies for more details about anonymous visitor cookies that we use.

    The following tables list and explain the purpose of the cookies that we use.

    Cookie issued by Cookie namePurposeImpact of declining this cookie
    GoogleAnalytics __utma This cookie is what's called a "persistent" cookie, as in, it never expires (technically, it does expire in the year 2038, but for the sake of explanation, let's pretend that it never expires). This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred. Google Analytics uses the information from this cookie to calculate things like Days and Visits to purchase. Less detailed information about customer visit. Still works as expected, but will reduce the truthfulness of our site usage statistics and thus affect how we develop to serve our users' needs.
    __utmb and __utmc The B and C cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires. You see, __utmc has no way of knowing when a user closes their browser or leaves a website, so it waits 30 minutes for another pageview to happen, and if it doesn't, it expires.
    __utmz Tracking how you came in to the website (campaigns).
    Twitter guest_id This cookie is used to identify you to twitter, if you do not have a twitter account or never accessed the twitter.com website directly then twitter will assign you a unique code to track your visit to the Twitter feed. Twitter has the ability to track surfing habits (on Tweet button enabled websites) of users that have no Twitter account and have never visited a Twitter website before. When using the same browser to create an account at Twitter afterward this collected data of the past can theoretically be linked to the freshly created profile. This cookie will expire in two years' after creation. The Twitter functionality on the website may be restricted.
    k We use the official Twitter API on the website. This API creates a cookie on your machine called "k". This cookie contains the IP address of the visitor. This cookie will expire in one week after creation. The Twitter functionality on the website may be restricted.

    You can read more about Google's cookies and Twitter's cookies on their respective websites.

    Need Help?