Data Usage and Privacy Statement

How we use your data

22nd January 2024

New College Swindon is committed to protecting your privacy. We are a registered data controller under the Data Protection Act 2018 and GDPR. The information we collect is essential in order for us to carry out our legal responsibilities, functions and tasks. We hold personal information about you electronically and in paper format, under the requirements of the Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR). We follow security procedures regarding the storage and disclosure of information which you have given us in order to avoid unauthorised loss or access. As such we have security systems and procedures to protect information from unauthorised disclosure, misuse or destruction.

Why does the College collect personal information?

New College Swindon collects and processes your personal data to;

  • Process your application
  • Effectively manage your learning,
  • Facilitate, support and deliver your education,
  • Improve the services and facilities we provide, and to
  • Meet its statutory obligations as a Further Education college.

New College Swindon is committed to being transparent about how it collects and uses data and protects your privacy.

What is our lawful basis for processing your information?

The lawful basis for holding personal data about you is:

  • Article 6c (Legal Obligation), and
  • Personal data is held in order to meet our legal obligations with the Education and Skills Funding Agency (ESFA) and the Office for Students (OFS).
  • Article 6e (Public Task)

Where we require your consent to process your information, we will obtain this from you at the point we collect your information and provide you with details on how long we retain the data, how we store it, who access to it and your rights.

Where there is any other legal basis for processing your information, we will inform you of this at the point we collect it.

What personal information does the organisation collect?

During the course of your involvement with the College, your personal information is collected, stored and processed securely by us. Much of the information we ask you to provide is linked to government requirements for funding courses. The information we collect includes, but is not limited to:

  • Details about yourself including your title, name, date of birth, National Insurance Number (if applicable), Disclosure and Barring Service number (if applicable), gender and photo identification.
  • Contact details – including address, telephone numbers and personal email address.
  • Details of your previous qualifications, employment and educational history.
  • Information about your nationality and residency, and previous address if applicable.
  • Information about medical or health conditions, including whether or not you have a learning disability or difficulty.
  • Ethnicity for the purposes of monitoring equality of opportunity.
  • Sensitive information such as health information, sexual orientation and gender re-assignment, faith or belief and pregnancy or maternity for the purposes of monitoring equality of opportunity.
  • Information about your family or personal circumstances.
  • Household information (this is collected only for ESFA and is not used by the College).
  • Employment / Unemployment status and length.
  • State Benefits for the purpose of fee remission, free school meals and bursary.
  • Financial information for the purpose of administering financial assistance, refunds and student loans.
  • Employer name and address for Apprentices.
  • Enrolment, attendance, English and maths assessment, progress monitoring, achievement, reasons for leaving and destination data.
  • Awarding Body registration and University and Colleges Administration Service (UCAS) Number.

Other data we collect:

  • Criminal convictions in order to protect students and staff GDPR Article 6d (Vital Interest) and also in order to carry out our duty to support those with a conviction GDPR Article 6e (Public Task)
  • Emergency contacts – GDPR Article 6d (Vital Interests).
  • Parent/carer details for those under 18 at the start of the academic year under GDPR Article 6e (Public Task) in order to fulfil our duty to support the education and learning as fully as possible.
  • Information from schools, Youth Offending Teams, Social Services, Police and other education providers if required for the purposes of safeguarding students and staff in line with ‘Keeping Children Safe in Education 2018’.
  • Use of college services such as the Learning and Resource Centre (library) and Wellbeing Centre to monitor how well they are used.
  • Provision of support and welfare services such as counselling, careers advice and nursing / medical.
  • CCTV – We record images of students, staff and visitors in the college on CCTV for crime prevention and detection, safety, security and safeguarding purposes.
  • Virtual Tour – We occasionally record images of cars that may include visible registration plates within our car parks as part of promotional videos or virtual tours (legitimate interest)

How is this collected?

Most of the information above is collected directly from yourself via an application, enrolment or other college form. However, some information such as previous qualifications, or special needs, may be collected from other organisations such as the Department for Education (DfE), the Local Education Authority, your previous school, Youth Offending Team, Social Services, Police, Awarding Bodies and other education providers.

Where do we store data?

Data will be stored on:

  • the central college systems
  • paper in secure offices or on-site storage
  • electronic documents within a secure network

How does the College use your information?

  • To provide you with the best possible opportunities to succeed.
  • Process your application, arrange and provide support at interview, and inform decisions about suitability of course.
  • Process your enrolment.
  • Assess your eligibility for fee remission, financial support and student loans.
  • Set targets and monitor your progress
  • Monitor your attendance on your course.
  • Monitor your health, safety and well-being through monitoring attendance, changes to appearance and behaviour and reporting any concerns to the appropriate departments such as safeguarding or ALS.
  • Register you with the appropriate awarding body.
  • Organise professional placements.
  • Arrange examinations, exam access arrangements and college certification. Administer and monitor your use of facilities such as the LRC and Wellbeing Centre, College events and enrichment activity.
  • Administration of complaints.
  • Enlist participation in student surveys and student feedback reporting. Fulfil statutory reporting requirements for government organisations such as the Department for Education and the Office for Students.
  • Monitor our responsibilities under equality and diversity legislation.
  • Assess and provide learning and learner support and services to students such as Learning Support Assistance, counselling and medical care.
  • Monitor compliance with college regulations and policies.
  • College reporting/ performance monitoring.
  • Administration of the college CCTV system.
  • Monitor your outcome / progression.
  • Contact you for marketing purposes if you have provided consent.
  • Use your image for marketing purposes if you have provided your consent.

Who has access to your data?

Not all of your information is shared. Information will only be shared where necessary.

  • New College Swindon staff who need the data to provide services to you.
    Education and Skills Funding Agency (ESFA). This is a Government department which funds courses and monitor the performance of the college.
  • Office for Students (OFS). This is a Government department which fund Higher education Courses and monitors the performance of the College.
  • Learner Records Service (LRS). This is a Government database of student education history which students can update and allow employers and educational providers to view previous educational history.
  • Local Authorities
  • Special Educational Needs Assessment Team (SENAT). This is only applicable for students with Special Educational needs to ensure they are fully supported.
  • Youth Offending Team (YOT). This is only applicable if a student is an offender and data shared will be to support the student.
  • Police, Social Services, Multi Agency Safeguarding Hub (MASH). Data is only shared the College feels the student is at risk of harm.
  • Awarding Bodies, Joint Council for Qualifications (JCQ) to register students for qualifications so they can receive the certificates for the qualification.
  • Validating Universities to register students for qualifications so they can receive the certificates for the qualification.
  • Your previous school to ensure you have any necessary support during your students
  • Parents and guardians (if under 18).
  • Universities and Colleges Admissions Service (UCAS) where a student is applying to a University.
  • Employers and providers of external work placements to support students in the workplace.
  • Employers and providers of Apprenticeship work placements to support students in the workplace
  • Employers sponsoring tuition fees as they are paying for the course.
  • Apprentice employers support students in the workplace
  • Employers and educational providers who have requested references (with your consent)
  • Debt collection agencies for outstanding fees if applicable
  • Aramark (catering providers for students in receipt of free college meals)
  • ALPs (software to monitor student performance against target)
  • Auditors who audit colleges to ensure government funding is used appropriately
  • Third party software providers required to facilitate applicant and enrolled student data functions – Tribal (student data record system), Heritage (library record system), Office 365, PageOne (text messaging), dot mailer (email messaging), One Advanced (achievement rate and progress monitoring software), Smart Assessor (Apprenticeship performance monitoring), WPM & Global Payment Realex (credit card payment system), HODDER & STOUGHTON LIMITED, (on behalf of its business division HODDER EDUCATION GROUP (eBooks provider). These organisations may be based outside of the UK or the European Union. We have ensured these organisations have safeguards in place, which meet appropriate standards, to protect your personal data.
  • Unite (for all those learning through UNITE interventions where consent has been given by learner)
  • Unifrog – to register user accounts for access to this platform; part of our careers programme, fulfilling our statutory duty to secure careers guidance and information on all available opportunities for all students. You can read more about your information being shared with Unifrog here

We will not normally disclose any other personal information about you to other external organisations without your consent unless it is in your vital interests to do so (for example an emergency situation).

Why is it shared? What are each of these?

Where the College engages non-statutory third parties to process personal data on its behalf, we require them to do so on the basis of written instructions. The third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. Contract and written instruction.

The College shares your data with third parties where there is a legal obligation, including Education Funding Agency, Office for Students, Learner Records Service (LRS), Local Authorities for learners aged 16-18, Police, Social Services and other education providers.

ESFA (Education Funding Agency) Data Sharing Agreement

This privacy notice is issued by the Education and Skills Funding Agency (ESFA), on behalf of the Secretary of State for the Department of Education (DfE). It is to inform the College learners their personal information will be used by the DfE, the ESFA (an executive agency of the DfE) and any successor bodies to these organisations. For the purposes of relevant data protection legislation, the DfE is the data controller for personal data processed by the ESFA.

Your personal information is used by the DfE to exercise its functions and to meet its statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009 and to create and maintain a unique learner number (ULN) and a personal learning record (PLR). Your information will be securely destroyed after it is no longer required for these purposes.

Your information may be shared with third parties for education, training, employment and well-being related purposes, including for research. This will only take place where the law allows it and the sharing is in compliance with data protection legislation.

The English European Social Fund (ESF) Managing Authority (or agents acting on its behalf) may contact you in order for them to carry out research and evaluation to inform the effectiveness of training. Further information about use of and access to your personal data, and details of organisations with whom we regularly share data, Find out more information at GOV.UK – ESFA: privacy notice

Office for Students Data Sharing Agreement

If you are undertaking a Higher Education course with us, your information may be passed to the Office for Students (OfS) for funding purposes. Find out more information at Office for Students: privacy notice

Learner Record Service Data Sharing Agreement

The information you supply will be used by the Skills Funding Agency, an executive agency of the Department for Education (DfE), to issue you with a Unique Learner Number (ULN), and to create your Personal Learning Record (PLR). For more information about how your information is processed and shared refer to the Extended Privacy Notice. Find out more information at GOV.UK – LRS: privacy notice

Unite – only for those learning through UNITE interventions where consent has been given by learner

Information is shared with UNITE as this is a reporting requirement to meet condition of Government Funding for all those learning through UNITE interventions where consent has been given by learner. The information shared will be student:

  • Surname
  • Forename
  • Title
  • DOB
  • Contact Information
  • Gender
  • Ethnicity
  • Disability
  • First Language

Find out more information at Unite the union: privacy notice

Does the College process data outside the European Economic Area?

The College may transfer your information outside of the EEA only in the instance of website or social media. Your consent will be obtained for this.

How does the College protect data?

The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

How long does the College keep data?

All data collected and processed on behalf of the ESFA and OFS will be held for as long as we are legally required to do so. Other data will be held as long as is necessary to fulfil our duty as a college in line with the Data Protection Retention Schedule CCTV footage is retained for 30 days.

What rights do you have?

As a data subject, you have a number of rights. You can:

Access and obtain a copy of your data and information on what the College does with this data; request the College to change incorrect or incomplete data; Request the College to delete or stop processing your data, for example where the data is no longer necessary for the stated purposes of processing; Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing. If you would like to exercise any of these rights, please contact the Data Protection Officer with details of the data you require, feel is incorrect or would like deleted email or contact the college reception; Request that your data is transferred to another organisation or to you in commonly used electronic format.

Who can I complain to?

If you believe that the College has not complied with your data protection rights, you can bring this to the attention of our Data Protection Officer by emailing

If you are not happy with how your information is processed and used you can contact the Information Commissioner’s Office or call 0303 123 1113.

What if I do not provide personal data?

If you do not provide the data required to meet legal obligations, you will not be able to enrol on a course.

If you do not provide other information requested for example learning difficulty information, we may be unable to provide the standard of service we would like to provide, to help you succeed.

Does the College use automated decision-making?

We do not make decisions solely based on automated decision-making.

Changes to our Privacy Policy

Our Privacy Policy is regularly reviewed and you will be notified of any changes on the College website.