Privacy Notice For Members Of The Board Of Governors

Introduction

The Data Protection Act (2018) came into force on the 25th May 2018. It provides a comprehensive and modern framework for data protection in the UK, with stronger sanctions for malpractice. The Act sets new standards for protecting personal data, in accordance with the General Data Protection Regulation (GDPR), giving individual more control over use of their data, and providing them with new rights to move or delete personal data.

DCG is committed to a policy of protecting the rights and privacy of Data Subjects (including, governors’ employees, students and others) in accordance with the Act.

Transparency is a key element of the GDPR and this Privacy Notice is designed to inform you:

Data subject rights

One aim of the Act is to empower individuals and give them control over their personal data. The GDPR gives you the following rights:

For more information about these rights please visit our DCG Privacy Notice ay www.derby-college.ac.uk/gdpr

Which personal data do we collect and use?

The categories of governor information that we process are included in the table below:

 

Obtained fromPerson category
From your application (external governors and co-opted members of the Board's committees):
  • Names
  • Email address
  • Telephone number
  • Postal address
  • Educational background
  • Qualifications
  • Occupational/employment history
  • Public/voluntary appointments
  • Charity trustee declaration
  • Additional statement in support of your application

From the staff governor election process

  • Names
  • Faculty/Directorate
  • Charity trustee declaration
  • Statement to the electorate
  • Ballot details and results

From your Equality Monitoring Form:

  • Gender
  • Age
  • Date of Birth
  • Religion / belief*V
  • Ethnicity*V
  • Gender identity*V
  • Sexual Orientation*V
  • Nationality
  • Disability*V
  • Highest Qualification
  • Reasonable Adjustments/access requirements*V

Additional data collected during your term of office:

  • Bank account details
  • Car registration number
  • Name of partner/spouse
  • Dietary requirements
  • Additional contact details
  • Pen portrait#
  • Correspondence
  • Attendance at meetings
  • Photograph#
  • Reasonable adjustments/access requirements*

* Denotes information which may contain data classified as sensitive personal data/special categories of personal data under the GDPR
V Denotes information which you provide on a voluntary basis
# Denotes information which will be published/available to the public

DCG hold data securely for the set amount of time shown in our data retention schedule. For more information on our data retention schedule and how we keep your data safe, please visit www.derby-college.ac.uk/gdpr

Why we collect and use governor information

The personal data collected is essential for DCG to fulfil their official functions and meet legal requirements. DCG collect and use governor information, for the following purposes:


It may also be necessary for the Group to process your personal data in order to protect your vital interests or those of another individual i.e. in emergencies/life or death situations/where we believe that a governor member or another individual is at significant risk of harm.

There are also several legitimate business purposes for which the Group processes your data:

Where we process sensitive personal data/special categories of personal data, we will rely on the conditions in Article 9 of the GDPR: explicit consent, vital interests, substantial public interest, occupational medicine, archiving/research.

Under the General Data Protection Regulation (GDPR), the legal bases we rely on for processing personal information for general purposes are:

Who do we share your data with?

Governors should be aware that in order to provide our services we may need to share your personal or sensitive personal data within the organisation or outside Derby College Group. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. The Group NEVER sells personal data to third parties.

DCG routinely shares this information with:

  1. Group staff who need the information for administrative purposes. In the case of candidates for staff governor posts, the statement to the electorate will be shared with all Group staff.
  2. Contractors and suppliers, where the Group uses external services or has outsourced work which involves the use of governors' personal data on our behalf.
  3. Government bodies and departments, in the UK and overseas, responsible for:
    1. public funding
    2. statistical analysis, monitoring and auditing
    3. sponsorship
    4. regulatory matters, e.g. ESFA
  4. Hotels and external venues - for bookings, to confirm accommodation, dietary and access requirements
  5. Funding bodies and partner organisations - for contracts and funding bids
  6. Group's banks - copies of minutes of the Board and the Finance and Employment Committee which take the budget are provided to the bank within 14 days of the date of the meeting in line with loan agreement covenants and bank mandates.
  7. Companies House - for governors who are directors of one of the Group's subsidiary undertakings.
  8. Public domain:
    1. the Register of Interests which is available for consultation by members of the public
    2. the Group's website
    3. annual report and financial statements
    4. other Group publications.

PLEASE NOTE that equality and diversity information is only published in the form of anonymised reports

Security

The Group takes a robust approach to protecting the information it holds. This includes the installation and use of technical measures including firewalls and intrusion detection and prevention and regular assessment of the technical security of Group systems. Group staff monitor systems and respond to suspicious activity.

Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of Group information are aware of their obligations and responsibilities for the data they have access to.

Retention

Equality Monitoring data is updated annually and completed forms are destroyed once the updated form is received. Anonymised statistics are retained permanently in our archives.

Information relating to events bookings and parking permits will be retained for the period of office of each member.

The following records are retained for 6 years after the end of a member's period of office:

The following records are retained permanently in our archives:

Where a governor is also a director of a subsidiary undertaking, related records are retained for 10 years after the wind- up/disposal of the company.

Statements to the electorate made by successful candidates for staff governor posts are kept for their period of office. In the case of unsuccessful candidates, the retention period is 6 months after the completion of the election.

Election results (votes cast, turnout) have a retention period of completion of election plus 6 years.

Requesting access to your personal data

Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information please vist www.derby-college.ac.uk/gdpr or email dpo@derby-college.ac.uk

You also have the right to:

If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

Contact

If you would like to discuss anything in this privacy notice, please contact the Data Protection Office at DCG via email dpo@derby-college.ac.uk