The Bishop Auckland College Group’s reputation and future growth are dependent on the way the Organisation manages and protects personal data. Protecting the confidentiality and integrity of personal data is a key responsibility of everyone within the Organisation.
The Organisation recognises that having controls around the collection, use, retention and destruction of its stakeholder’s personal data is important inorder to comply with the Organisation obligations under Data Protection Lawsand in particular article 5 of the General Data Protection Regulation (GDPR).
The Organisation has implemented the General Data Protection Regulation Policy (ref POL-DP-01) to ensure all organisation personnel are aware of what they must do, to ensure the correct and lawful treatment of personal data. This will maintain confidence in the Organisation and will provide for a successful working and learning environment for all. The General Data Protection Regulation Policy underpins the Organisation’s Data Protection regime.
Data Subject Individual Rights
Data subjects have individual rights under GDPR, these rights are set out below.
The right to be informed
You have the right to be informed about the collection and use of your personal data. This information is usually provided in a privacy notice or statement, that is made available at the point the data is collected. The Privacy Notice’s listed below provide information on how we process your personal information.
- Privacy Notice – Student and Prospective Students (ref: DP-PN-01)
- Privacy Notice – Recruitment (ref: DP-PN-02)
- Privacy Notice – Staff (ref: DP-PN-03)
- Privacy Notice – Bishop Auckland College Child-Care Services – Nursery (ref DP-PN-04)
- Privacy Notice – Hair and Beauty Client (DP-PN-06)
- Privacy Notice – Visitors and Contractors (DP- PN-07)
The right of access
You have the right to request information that is held and processed by the Organisation about you.
There is no charge for us providing you with this data and it will usually be provided within a month of the request (unless the request is unfounded or excessive).
The right to rectification
If you believe that any data which the Organisation holds on you is incorrect or is incomplete, you can contact the Organisation to inform us of any changes necessary and we will confirm that the changes have taken place. If you wish to inform us of an update to your current contact information, please complete the Change of Contact Information Form.
The right to erasure
You may exercise your right to have your personal data erased in a number of circumstances (e.g. if the data is no longer necessary in relation to the purpose for which it was created or you withdraw your consent). Where possible we will comply with all such requests, though some details are part of the Organisation’s records, which we are required to keep for funding and legal purposes.
The right to restrict processing
You can inform us that we can keep your data but must stop processing it, including preventing future mailings and communications. However, we must continue to process some information for funding and legal purposes.
The right to data portability
You have the right to obtain and reuse your personal data for your own purposes across different services.
If you request your data to be provided in a specific format, we will endeavour to do this.However, if we are unable to provide you with your information in a specific format we will provide it in a suitable alternative.
The right to object
We will stop processing your data if you object to processing, based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling).
We will stop processing your data for direct marketing if you tell us to.
The rights related to automated decision making including profiling
We do not use any automated decision making processes. This means that this right does not currently apply to any processing activities.
Exercising your rights as a Data Subject
If you would like further information regarding anything related to Data Protection or you would like to exercise your rights as a data subject, please contact the Data Protection Officer (DPO)/ Designate at DPO@bacoll.ac.uk.
To assist you in making your request you can download and complete our Data Subject Individual Rights Request form (ref DP-IR-03). Completed forms should then be sent to the Data Protection Officer:
Bishop Auckland College
Depending on the request, it may be necessary for the requester to provide proof of identity in the form of a passport, driving licence or College badge.
Requests will be responded to within 1 month of receipt. (provided sufficient information has been provided to be able to process your request)
Please refer to the data subject individual rights process below, for further information.
Where requests are particularly complex, it may be required to extend the 1-month deadline by up to a further 2 months. Where a deadline needs extending, we will write to the requester and inform them of this.
Making a third party request for personal data
There are some circumstances under which the College will consider a request for access to personal data on behalf of another individual. These are:
- The requestor is the parent of a child aged 12 years or under
- The requestor has the written permission to make a request on behalf of another individual (such requests are typically made by a Solicitor acting on behalf of a client). A Permission to disclose personal data form (ref DP-PD-01) can be used to confirm this permission.
- The requester has Power of Attorney or an order from the Court of Protection to act on behalf of an individual
- The College believes that it is in the best interests of an individual who does not have the capacity to make a request themselves.
- The College deems the release can be justified under crime and taxation provision (usually made by a police force, the Department of Work and Pensions or a local authority). The organisation is not obliged to release personal data unless it is satisfied that it is reasonable to do so.
In any of the above circumstances the College may seek further information from the requester in order to help determine if we are able to release any personal information.
How will you receive a response to your request?
You can request to receive a response electronically (by email attachment using password protection and encryption), in hard copy via post (the Royal Mail’s ‘signed for service’ will be used when providing data in regards to a Subject Access Request). If you prefer, you can collect the information in person, but we will need to verify your identity first.
Appeals/Complaints regarding information requests
In regards to a Data Subject Access Request. On receiving our response to your request, if you have any reason to believe any further information exists that you have not been given, to which you may be entitled, and can identify names, dates, times etc. to help the organisation locate it, please appeal in writing to the Data Protection Officer at Bishop Auckland College, within 10 working days of receipt of your response.
If you believe that the Organisation has not complied with your data protection rights or you are dissatisfied with the way the organisation has handled your request, you can make a complaint directly to the Quality Improvement Office at Bishop Auckland College.
Quality Improvement Office
Bishop Auckland College
Phone: 01388 443 100
We will acknowledge your complaint within 1 working day and send a full response within 15 working days. If we can’t respond fully in this time, we will write and let you know why and inform you of when you should get a full response.
Complaints to the Information Commissioner
If you are unhappy with the outcome of the appeal or complaint, you have the right to apply directly to the Information Commissioner’s Office (ICO) for a decision, who is an independent regulator.
The Information Commissioner can be contacted at:
To learn more about your above rights please visit the ICO website.
Retention of your data
Records documenting enquiries made under the Data Protection Act 2018, in regards to Data Subject Individual Rights, will be retained by the organisation, along with the responses provided, for the current academic year plus 2 years.