This privacy notice is intended to be read by prospective and current students, alumni and anyone who has been listed as a permitted contact by a student inclusive of parents, guardians and carers. The term students is inclusive of all provisions including further education, higher education, part and full time courses and apprenticeships.
This privacy notice describes how we, Chichester College Group (the Group), collect, use and protect your information. In this context we are called a Data Controller.
You should refer to this document for the full details of our privacy notice. If you prefer, this information is also summarised in our visual student privacy notice. To access this privacy notice in an alternative format please contact the data protection team.
About the Group
Chichester College Group is a General Further Education College consisting of Brighton Metropolitan College, Brinsbury College, Chichester College, Crawley College, Haywards Heath College, Northbrook College and Worthing College.
Name: Chichester College Group
Address: Westgate Fields, Chichester, West Sussex, PO19 1SB
Phone Number: (+44) (0)1243 768 321
Data Protection Officer: Benjamin Phillips
How we collect your information
The information we hold about you comes from the way you engage with the college. This includes information you provide on your course application form, course enrolment form, by engaging with our in class and out of class support provision and other services provided by the college. We may also collect information from your previous school, the local authority and external safeguarding or wellbeing support agencies.
Student data is essential for the Group’s operational use. Whilst the majority of student information you provide to us is mandatory, some of it is requested on a voluntary basis. In order to comply with data protection legislation, we will inform you at the point of collection, whether you are required to provide certain student information to us or if you have a choice in this.
Storing student data
We hold student data securely for the set amount of time shown in our data retention policy. Different types of data and documents are kept for different lengths of time depending on a number of factors including the course you enrol upon. If you apply but do not enrol on a course, your details will be held for one academic year.
Your data is stored in the UK and EEA. If there is a need to process personal data in another territory, the Group will ensure that relevant security measures are in place to protect your personal data. This will be achieved by placing contractual obligations on those receiving your personal data or by ensuring that the recipients have subscribed to relevant international frameworks that aim to ensure adequate protection.
Who we share student information with and why we share it
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We routinely share student information with:
- The educational provider that the student attended before joining the Group
- The educational provider the student attends after leaving the Group
- Other educational providers involved in the joint delivery of a course
- Local authorities
- The Department for Education (DfE)
- The Education and Skills Funding Agency (ESFA)
- The Office for Students (OfS)
- The Learner Records Service (LRS)
- The National Careers Service
- The Higher Education Statistics Agency (HESA)
- The awarding body for the qualification the student is enrolled on
- Permitted contacts (e.g. parents, guardians, carers)
- Employers that sponsor a student on a course or study (e.g. apprenticeship)
- Agencies who are required to audit our student and financial records
- Agencies who support the collection of unpaid / outstanding course fees
- National Health Service and local NHS Trusts
- Law enforcement agencies
- Youth support services
- The Home Office (immigration and UKVI visa applications)
Information will be shared with third parties to facilitate trips and work experience placements where these are facilitated by the Group.
Students have the option to provide permitted contacts. Permitted contacts could be parents, guardians, carers, another family member or any other individual in the student’s personal life. If a student provides one or more permitted contacts, they are providing their consent for the Group to share details of their performance and progress with these named individuals. This information could be shared verbally, in writing or through our parental portal. The student can add or remove permitted contacts at any time by speaking to their student tutor, student records or the data protection team.
Student information available under the Freedom of Information Act
The Group also has obligations under the Freedom of Information Act. It is the Group’s policy to make information as public as possible. Full details of what information is made available to the public for inspection can be found in our publication scheme published on our website. The following student information will be made public:
- Summary details of student achievement and examination successes
- Student participation in productions and events related to or resulting from their studies. This may include, but is not limited to photographs, videos, spoken records and documents. Where practical and required by regulations the permission of the individual will be obtained before this is done.
Any individual who has reason for wishing that any of these details should remain confidential should contact the Data Protection Officer.
Youth support services
We share certain information about students aged 16+ with our local authority and providers of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.
This enables them to provide services as follows:
- post-16 education and training providers
- youth support services
- careers advisers
For more information about services for young people, please visit the West Sussex County Council website.
Department for Education
The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our students with the Department for Education (DfE) either directly or via our local authority for the purpose of those data collections, under The Education (Information About Individual Pupils) (England) Regulations 2013.
All data is transferred securely and held by DfE under a combination of software and hardware controls, which meet the current government security policy framework. For more information, please see the ‘How Government uses your data’ section.
The National Pupil Database
Much of the data about students in England goes on to be held in the National Pupil Database (NPD).
The NPD is owned and managed by the Department for Education and contains information about students in schools and colleges in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department.
It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, colleges, local authorities and awarding bodies.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
Data sharing by the Department for Education
The law allows the Department to share student’s personal data with certain third parties, including:
- schools, colleges and local authorities
- organisations connected with promoting the education or wellbeing of children in England
- other government departments and agencies
- organisations fighting or identifying crime
For more information about the Department’s NPD data sharing process, please visit:
Organisations fighting or identifying crime may use their legal powers to contact DfE to request access to individual level information relevant to detecting that crime.
For information about which organisations the Department has provided student information, (and for which project) or to access a monthly breakdown of data share volumes with Home Office and the Police please visit the following website: https://www.gov.uk/government/publications/dfe-external-data-shares.
Requesting personal data held by the Department for Education
Under the terms of the Data Protection Act 2018, you are entitled to ask the Department:
- if they are processing your personal data
- for a description of the data they hold about you
- the reasons they’re holding it and any recipient it may be disclosed to
- for a copy of your personal data and any details of its source
If you want to see the personal data held about you by the Department, you should make a ‘subject access request’. Further information on how to do this can be found within the Department’s personal information charter that is published at the address below:
To contact DfE visit: https://www.gov.uk/contact-dfe.
Office for Students
We will share information about students enrolled on higher education courses with the Office for Students (OfS). OfS collects personal data on students to fulfil their public tasks under the Higher Education and Research Act (HERA) 2017, including their responsibilities as the lead regulator for higher education in England.
For more information on the data OfS collect and how they process that data, please view their privacy notice published at the address below:
If you want to see the personal data held about you by the OfS, you should make a ‘subject access request’. Further information on how to do this can be found published at the address below:
The Higher Education Statistics Agency
We will share information about students enrolled on higher education courses with The Higher Education Statistics Agency (HESA). HESA is the body responsible for collecting and disseminating information about higher education in the UK and the designated data body for England.
For more information on the data HESA collect and how they process that data, please view their student collection notice published at the address below:
If you want to see the personal data held about you by the HESA, you should make a ‘subject access request’. Further information on how to do this can be found published at the address below:
Your data protection rights
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information. If you want to see the personal data held about you by the Group, you should make a ‘subject access request’.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. Where information is processed as part of our legal obligations or under public task this right does not apply. This includes information we are required to share with DfE, ESFA, OfS and HESA.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any fee to use any of your data protection rights. The Group will respond to your request within one calendar month from the date we receive your request.
Requests can be received in any format however, the easiest way to make a request is to email email@example.com. You can also make your request in person to any staff member. Your request should include your details, for example your name and either student number or date of birth. When making a ‘subject access request’, the request should also specify what information you would like to receive. We are required to verify your identity and therefore ask, where possible, you include a copy of official identification with your request.
How to complain
If you have any concerns about how the Group collects or processes your personal information, you can make a complaint to the Group by emailing firstname.lastname@example.org.
We ask that in the first instance you give us the chance to put things right. However, you can also raise any complaint with the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Privacy notice revisions
This privacy notice will be kept under review and changes will be published to our website. This document was last updated in August 2022.