Skip to main content

Privacy Notice for DCG Students


The Data Protection Act (2018) came into force on the 25th May 2018. It provides a comprehensive and modern framework for data protection in the UK, with stronger sanctions for malpractice. The Act sets new standards for protecting personal data, in accordance with the General Data Protection Regulation (GDPR), giving individual more control over use of their data, and providing them with new rights to move or delete personal data.

DCG is committed to a policy of protecting the rights and privacy of Data Subjects (including, governors’ employees, students and others) in accordance with the Act.

Transparency is a key element of the GDPR and this Privacy Notice is designed to inform you:

  • how and why the Group uses your personal data,
  • what your rights are under GDPR, and,
  • how to contact us so that you can exercise those rights

Data Subject Rights

One aim of the Act is to empower individuals and give them control over their personal data. The GDPR gives you the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erase
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

For more information about these rights please visit our DCG Privacy Notice ay

Which Personal Data do we collect and use?

The categories of personal information that we process are included in the table below:

Obtained From Person Category
From your application
  • Names
  • Email address
  • Telephone number
  • Postal address
  • Educational background
  • Qualifications
  • Occupational/employment history
  • Additional statement in support of your application
From your Equality Monitoring Form:
  • Gender
  • Age
  • Date of Birth
  • Religion / belief*V
  • Ethnicity*V
  • Gender identity*V
  • Sexual Orientation*V
  • Nationality
  • Disability*V
  • Highest Qualification
  • Reasonable Adjustments/access requirements*V
Additional data collected during your studies at the DCG
  • Bank account details
  • Name of partner/spouse
  • Dietary requirements
  • Additional contact details
  • Correspondence
  • Photograph#
  • Reasonable adjustments/access requirements*

* Denotes information which may contain data classified as sensitive personal data/special categories of personal data under the GDPR

V Denotes information which you provide on a voluntary basis

# Denotes information which will be published/available to the public

DCG hold data securely for the set amount of time shown in our data retention schedule. For more information on our data retention schedule and how we keep your data safe, please visit DCG Data Protection

Why we collect and use student information

The personal data collected is essential for DCG to fulfil their official functions and meet legal requirements. DCG collect and use student information, for the following purposes:

  • to support student learning
  • to monitor and report on student attainment progress
  • to provide appropriate pastoral care
  • to assess the quality of our services
  • to keep students safe (food allergies, or emergency contact details)
  • to meet the statutory duties placed upon us for DfE and ESFA data collections
  • to provide reports and returns required by funding agencies, government departments, and public bodies
  • to monitor and promote equality and diversity within the Group in accordance with the Equality Act 2010
  • for inclusion in the Group’s Publication Scheme which is a requirement of the Freedom of Information Act 2000
  • to meet the requirements of the Office for Students
  • and production of ballot papers (staff seeking election to the Board)
  • to add you to relevant mailing lists for Group publications.

It may also be necessary for the Group to process your personal data in order to protect your vital interests or those of another individual i.e. in emergencies/life or death situations/where we believe that a governor member or another individual is at significant risk of harm.

Where we process sensitive personal data/special categories of personal data, we will rely on the conditions in Article 9 of the GDPR: explicit consent, vital interests, substantial public interest, occupational medicine, archiving/research.

Under the General Data Protection Regulation (GDPR), the legal bases we rely on for processing personal information for general purposes are:

  • Consent
  • Contract
  • Legal Obligation
  • Vital interest
  • Public task
  • Legitimate interest

Who do we share your data with?

Students should be aware that in order to provide our services we may need to share your personal or sensitive personal data within the organisation or outside Derby College Group. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. The Group NEVER sells personal data to third parties.

DCG routinely shares this information with:

  1. Group staff who need the information for administrative purposes.
  2. Government bodies and departments, in the UK and overseas, responsible for:
    • public funding
    • statistical analysis, monitoring and auditing
    • sponsorship
    • regulatory matters, e.g. ESFA, Department for Education
  3. Funding bodies and partner organisations – for contracts and funding bids
  4. Public domain:
    • the Register of Interests which is available for consultation by members of the public
    • the Group’s website
    • annual report and financial statements
    • other Group publications.
  5. The Local Authority. The Local Authority has responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996.

PLEASE NOTE that equality and diversity information is only published in the form of anonymised reports

  • Equality and Diversity data is also shared with the Nominations Committee of the Board to inform its review of the balance of Board memberships and with the Board in relevant reports
  • the Group’s insurers, legal advisers and auditors


The Group takes a robust approach to protecting the information it holds. This includes the installation and use of technical measures including firewalls and intrusion detection and prevention and regular assessment of the technical security of Group systems. Group staff monitor systems and respond to suspicious activity.

Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of Group information are aware of their obligations and responsibilities for the data they have access to.


Equality Monitoring data is updated annually and completed forms are destroyed once the updated form is received. Anonymised statistics are retained permanently in our archives.

The following records are retained by DCG (in line with the organisations Records Management & Archiving Policy) for a period of time have a student has left the college:

  • Enrolment forms/Learner Agreements (hard copy) (current + 6 years)
  • Attendance records (hard copy) (current + 6 years)
  • Minimum data required for references (electronic) (current + 6 years)
  • Individual student files (6 years after leaving college)
  • HE applications and HE reference (6 years after leaving college)
  • References (excluding HE) (completion of request + 1 year)

Requesting access to your personal data

Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information please visit or email

You also have the right to:

  • to ask us for access to information about you that we hold
  • to have your personal data rectified, if it is inaccurate or incomplete
  • to request the deletion or removal of personal data where there is no compelling reason for its continued processing
  • to restrict our processing of your personal data (i.e. permitting its storage but no further processing)
  • to object to direct marketing (including profiling) and processing for the purposes of scientific/historical research and statistics
  • not to be subject to decisions based purely on automated processing where it produces a legal or similarly significant effect on you

If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at


If you would like to discuss anything in this privacy notice, please contact the Data Protection Office at DCG via email