York College

The College is committed to meeting its data protection obligations and handling your information securely.  This Privacy Notice sets out what you need to know about how York College will use your information when you are employed by the College.

What information about you do we collect?

For the processing to which this notice relates to be carried out we use the following information:

  • Personal information – such as: your name, address, telephone number, working patterns, appraisal details, bank account details, etc.
  • Special category personal information – such as: information about your physical and mental health (e.g. sickness, and your ability to work) and your ethnicity, sexual orientation, and other details should you wish to share them with us
  • Criminal data - previous convictions, as working at the college involves working with to children and vulnerable adults

How do we collect information about you?

We generally collect your information from you directly (e.g. from your application form, ongoing appraisal assessments, holiday and sickness leave requests, etc.

How will your information be used?

Your information will be used to:

  • Maintain your human resources file
  • Process payment details (including making deductions)
  • To facilitate the pension scheme and record employee and employer contributions
  • Manage your working activities, sickness, annual & other leave (inc. maternity, paternity, etc.)
  • Ongoing or repeat checks to meet statutory of contractual requirements to confirm continued suitability for employment including right to work in the uk, driving licence validity, and professional registration
  • For equalities monitoring (where you choose to provide us with the relevant information, which will never be used to make decisions about you personally)
  • Training and development, including keeping records of employee attendance, completion of courses, outcomes and or grades and feedback
  • For health and safety purposes, such as accident records
  • Security purposes – taking photographs for id cards to enable employees to be identified and facilitate entry to buildings and restricted areas
  • Provision of it accounts to enable staff to access to the college network, ict systems, email, and to allow use of devices and telephones
  • Grievance, disciplinary or other proceedings
  • Leaving employment, including resignation, retirement, dismissal, redundancy and tupe processes including all associated payments and p45 records

The Legal Basis for using your information

We generally rely on processing being necessary for the performance of an employee’s contract, compliance with legal obligations which apply to the College, and in some cases that processing is in line with our legitimate interests (such as, maintaining the security of buildings and computer network).

Information required by contract (or information required to enter into a contract)

You are required to provide us with some of your information to work at the College – such as updating us of your sickness absence and annual leave requests.  The consequences of not providing the information requested are that you may be subject to disciplinary sanctions.

Information required by law

We are required to process some information for tax and immigration purposes.

Who will your information be shared with?

We sometimes need to share your information within the College or with other organisations. We will only share your information when necessary and when the law allows us to, and we will only share the minimum information we need to. For employment matters we may need to share your information with HMRC to record your tax payments.

In certain cases we may also share your information with other individuals and organisations. For example, if the sharing would help with a safeguarding issue, or help prevent a crime. Sometimes, we might share your information without your knowledge.

The College will never sell your information to anyone else.

How long will we keep your information?

We will keep your information for different periods of time, depending on what we are using it for. We only keep your information for as long as we need to, after which we will either securely delete the information. We will keep your information for only so long as is necessary

Your rights

The law gives you specific rights over your information.  These rights are:

  • To be informed of our use of information about you
  • Of access to information about you
  • Rectify information about you that is inaccurate
  • To have your information erased (the ‘right to be forgotten’)
  • To restrict how we use information about you
  • To move your information to a new service provider
  • To object to how we use information about you
  • Not to have decisions made about you on the basis of automated decision making
  • To object to direct marketing
  • To complain about anything the College does with your information (please see the ‘Complaints’ section below)
  • To judicial remedy – i.e. to take action through the courts

Some of the rights listed above apply only in certain situations, and some have a limited effect. 

You can exercise your data protection rights (such as making a request for information about yourself) by contacting the Data Protection Officer at This email address is being protected from spambots. You need JavaScript enabled to view it..

Changes to this privacy notice

This notice is kept under regular review to make sure it is up to date and accurate.

Data Protection Officer (DPO)

The College is required by law to have a DPO.  The DPO has a number of duties, including:

  • Monitoring the College’s compliance with data protection law
  • Providing expert advice and guidance on data protection
  • Acting as the point of contact for data subjects
  • Co-operating and consulting with the Information Commissioner’s Office (see ‘Complaints’ below)

 The College’s Data Protection Officer can be contacted by email at: This email address is being protected from spambots. You need JavaScript enabled to view it. 


If you are unhappy with the way in which your information has been handled you should contact the College’s Data Protection Officer so that we can try and put things right.

Alternatively, and if we have been unable to resolve your complaint, you can also refer the matter to the Information Commissioner’s Office (ICO).  The ICO is the UK's independent body set up to uphold information rights, and they can investigate and adjudicate on any data protection related concerns you raise with them.  They can be contacted via the methods below:

Website:  www.ico.org.uk

Telephone: 0303 123 1113

Post: Information Commissioner’s Office
Wycliffe House Water Lane

You also have the right to judicial remedy in relation to the College’s processing of personal data – for example, to stop the College from doing something, or to ensure that the College does do something with your data.

Cookies Policy

What are cookies?

Cookies are small text files of letters and numbers that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Why do we use them?

Cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. They also help us to resolve problems if things go wrong and understand how users use the site and improve your experience of using our the site.

Our cookies help us:

  • make our website work as you would expect
  • remember your settings during and between visits
  • improve the speed and security of the site
  • allow you to share pages with social networks like Twitter and Facebook
  • continuously improve our website for you.

We do not use cookies to:

  • collect any personally identifiable information (without your express permission)
  • collect any sensitive information (without your express permission)
  • pass personally identifiable data to third parties.

You can learn more about all the cookies we use below. Alternatively view a full list of the cookies and their uses.

Granting us permission to use cookies

If the settings on your software that you are using to view this website (your browser) are adjusted to accept cookies we take this, and your continued use of our website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.

Controlling Cookies

You can control the use and placing of any cookies on your computer through the settings you select on your internet browser. 

You can change your browser settings to accept or refuse all cookies, choose which cookies you want or don't want, or ask to be notified when a cookie is set. You can use the help feature in your browser to see how.

However, if you use your browser settings to block all cookies you may not be able to access all or parts of our site (and a large proportion of other websites), or you may experience reduced functionality when accessing certain services.

Useful information about controlling cookies can be found at http://www.aboutcookies.org/or at http://www.allaboutcookies.org.

Privacy mode

If you do not want this site to place a cookie on your browser and track your activity, you may browse the site using "Privacy Mode" in your web browser. To learn how to use privacy mode refer to the links below depending on the browser you use.

More about our cookies

Social website cookies

So you can easily 'Like' or share our content on the likes of Facebook and Twitter we have included sharing buttons on our site.

Cookies used by us:

The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.

Anonymous visitor statistics cookies

As explained above, we use cookies to compile visitor statistics and analyse user behaviour. This may include how many people have visited our website, where they go and what type of technology they're using (e.g. desktop or mobile). We do this so we can improve the website and better meet user needs. However, we do not collect Personally Identifiable Information (PII) and we cannot monitor these activities across sites we do not manage or own.

View our list of cookies for more details about anonymous visitor cookies that we use.

The following tables list and explain the purpose of the cookies that we use.

Cookie issued by Cookie namePurposeImpact of declining this cookie
GoogleAnalytics __utma This cookie is what's called a "persistent" cookie, as in, it never expires (technically, it does expire in the year 2038, but for the sake of explanation, let's pretend that it never expires). This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred. Google Analytics uses the information from this cookie to calculate things like Days and Visits to purchase. Less detailed information about customer visit. Still works as expected, but will reduce the truthfulness of our site usage statistics and thus affect how we develop to serve our users' needs.
__utmb and __utmc The B and C cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires. You see, __utmc has no way of knowing when a user closes their browser or leaves a website, so it waits 30 minutes for another pageview to happen, and if it doesn't, it expires.
__utmz Tracking how you came in to the website (campaigns).
Twitter guest_id This cookie is used to identify you to twitter, if you do not have a twitter account or never accessed the twitter.com website directly then twitter will assign you a unique code to track your visit to the Twitter feed. Twitter has the ability to track surfing habits (on Tweet button enabled websites) of users that have no Twitter account and have never visited a Twitter website before. When using the same browser to create an account at Twitter afterward this collected data of the past can theoretically be linked to the freshly created profile. This cookie will expire in two years' after creation. The Twitter functionality on the website may be restricted.
k We use the official Twitter API on the website. This API creates a cookie on your machine called "k". This cookie contains the IP address of the visitor. This cookie will expire in one week after creation. The Twitter functionality on the website may be restricted.

You can read more about Google's cookies and Twitter's cookies on their respective websites.

Need Help?