The Data Protection Act (2018) came into force on the 25th May 2018. It provides a comprehensive and modern framework for data protection in the UK, with stronger sanctions for malpractice. The Act sets new standards for protecting personal data, in accordance with the General Data Protection Regulation (GDPR), giving individual more control over use of their data, and providing them with new rights to move or delete personal data.
DCG is committed to a policy of protecting the rights and privacy of Data Subjects (including, governors’, employees, students and others) in accordance with the Act.
Transparency is a key element of the GDPR and this Privacy Notice is designed to inform you:
One aim of the Act is to empower individuals and give them control over their personal data. The GDPR gives you the following rights:
For more information about these rights please visit our DCG Privacy Notice at www.derby-college.ac.uk/gdpr
The categories of workforce information that we process are included in the table below:
* Denotes information which may contain data classified as sensitive personal data/special categories of personal data under the GDPR
V Denotes information which you provide on a voluntary basis
# Denotes information which will be published/available to the public
DCG hold data securely for the set amount of time shown in our data retention schedule. For more information on our data retention schedule and how we keep your data safe, please visit www.derby-college.ac.uk/gdpr
Workforce data is essential for the College’s operational use. Whilst the majority of personal information you provide to us is mandatory, some of it is requested on a voluntary basis. In order to comply with GDPR, we will inform you at the point of collection, whether you are required to provide certain information to us or if you have a choice in this.
It may also be necessary for the Group to process your personal data in order to protect your vital interests or those of another individual i.e. in emergencies/life or death situations/where we believe that a governor member or another individual is at significant risk of harm.
Where we process sensitive personal data/special categories of personal data, we will rely on the conditions in Article 9 of the GDPR: explicit consent, vital interests, substantial public interest, occupational medicine, archiving/research.
Under the General Data Protection Regulation (GDPR), the legal bases we rely on for processing personal information for general purposes are:
All DCG employees should be aware that in order to provide our services we may need to share your personal or sensitive personal data within the organisation or outside Derby College Group. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. The Group NEVER sells personal data to third parties.
DCG routinely shares this information with:
The Group takes a robust approach to protecting the information it holds. This includes the installation and use of technical measures including firewalls and intrusion detection and prevention and regular assessment of the technical security of Group systems. Group staff monitor systems and respond to suspicious activity.
Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of Group information are aware of their obligations and responsibilities for the data they have access to.
Equality Monitoring data is updated annually and completed forms are destroyed once the updated form is received. Anonymised statistics are retained permanently in our archives.
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information please vist www.derby-college.ac.uk/gdpr or email firstname.lastname@example.org
You also have the right to:
If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact the Data Protection Office at DCG via email email@example.com