NCG Learner Privacy Policy

1. GENERAL PROCEDURE STATEMENT

This privacy notice describes how we collect and use your personal data before, during and after your studies with us. This notice states the type of personal information which we collect, how we collect and process that information, who we share it with in relation to the services that we provide, as well as your rights under the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018. This notice also contains information about who we are and how to contact us in relation to your personal data. This notice can be updated at any time, and we will inform you if this occurs.

2. DATA CONTROLLER

NCG is a registered data controller with the Information Commissioner’s Office (ICO) with the registration number Z6977454. This means that we are responsible for how we hold and use your personal data.

NCG and the colleges that it consists of (referred to collectively as “NCG” or “we” or “our”) are responsible for your personal data. NCG is made up of the following colleges (in addition to its Professional Services departments):

• Carlisle College
• Kidderminster College
• Lewisham College
• Newcastle College
• Newcastle Sixth Form College
• Southwark College
• West Lancashire College

Our registered head office address is:

NCG
Rye Hill House
Scotswood Road
Newcastle Upon Tyne
NE4 7SA

3. KEY DEFINITIONS

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. THE TYPES OF DATA WE HOLD

We process the following personal data about prospective, current, and former learners:

• Identifiers – including name, date of birth / age, nationality, legal sex, preferred gender (if applicable), ethnicity, National Insurance number, student ID number, your signature, your photograph and your fingerprint (where this is used to manage free school meals expenditure).
• Online Identifiers – including internet protocol (IP) addresses when you connect to NCG’s Wi-Fi networks using your personal devices. You may use your personal device such as your mobile phone to set up multi-factor authentication to securely access NCG’s network.

To enable this, we will capture the IP address, media access control (MAC) address and the host name of the device used.

• Your contact details – including your home address, telephone and mobile number and e-mail address.
• The contact details of the emergency contact/ parent/ guardian/ next of kin which you have provided – including their name, home address, telephone number, mobile number and e-mail address.
• Academic attainment – including previous qualifications which have been attained, examination and assessment results, details of current study including progress and attendance information.
• Employment status – including the employment hours that you work; if you are looking for work or not; duration of unemployment, if you are claiming benefits / any additional welfare support.
• Residential status – including the residency / visa type including the permit number; issue and expiry date (only applicable if you are not a UK or Irish National).
• Disciplinary details - academic misconduct and reasons for mitigation.
• Employer details – if your employer is paying your course fees or you are enrolled on an apprenticeship.
• Learning support requirements including personal data pertaining to any health and/or learning difficulties and/or disabilities, if applicable.
• Safeguarding referrals or investigation details where applicable.
• Financial details – including bank details, fee receipts, outstanding debts, household income (i.e. payslips), details of any grants, bursaries or loans received (i.e. loan reference numbers), if applicable.
• Images, audio, and video recordings including CCTV.
• Records of your correspondence with NCG or with its colleges.
• Records of your attendance at an event hosted by NCG or its colleges.

When you join us, you will be given a college email address and access to our IT systems. Routine activity, logging of the use of this email and other IT based systems takes place to ensure the proper functioning of those systems. There may be exceptional circumstances when a duly authorised officer of NCG is permitted to monitor an individual’s activity for security, safeguarding, network or other management reasons without prior consent. This is outlined in our IT Acceptable Use Policy accessible on our website here.

We may process other factual information, expressions of opinion or other recorded information that identifies or relates to you. This list is not exhaustive and there may be other categories of data not listed which may be required to properly perform our contractual obligations to you.

5. SPECIAL CATEGORY DATA AND CRIMINAL CONVICTION DATA

Some of your personal data is recognised under the UK GDPR as special category data which is data that reveals any of the following:

• Racial or ethnic origin.
• Political opinions.
• Religion.
• Philosophical beliefs.
• Trade union membership.
• Sexual orientation.
• Health.
• The processing of genetic data.
• The processing of biometric data.

NCG will only process special category data and data that reveals information about criminal convictions where you have provided explicit consent, or where there is a lawful reason to do so.

The NCG Special Category Data and Criminal Convictions Data Policy explains our obligations to process special category data and is available on our website here and can be made available upon request.

To study on certain regulated courses, you may be required to carry out a Disclosure Barring Service (DBS) check that discloses criminal conviction data.

You will be informed during the application and enrolment process whether you are required to carry out a DBS check.

NCG is likely to process the following types of special category data:

• Ethnicity (captured as part of our standard enrolment process).
• Health (where you may require additional support to aid your studies).
• Biometric data (where a fingerprint may be used to log expenditure and manage free school meals).

6. HOW WE OBTAIN PERSONAL DATA

Most of your personal data that is processed by NCG is provided directly by you (or your emergency contact/ parent / guardian/next of kin) for one or more of the following reasons:

• You have subscribed to marketing communications from us.
• You have submitted an enquiry or complaint to us.
• You have signed up or attended an event at one of our colleges.
• You have applied to study with one of our colleges.
• You are currently or have previously been enrolled to study at one of our colleges.

We may occasionally receive your personal data indirectly from the following sources:

• The Local Authority.
• The Police and other Government agencies (including funding authorities such as the DFE / ESFA).
• UCAS.
• Your employer.
• Your existing/former education provider (such as your school).
• Student Loans Company.
• International Student Recruitment Agents (international applicants only).

7. WHY WE PROCESS PERSONAL DATA

NCG processes your personal data for the following purposes:

• To respond to your enquiries and register you for events hosted by our colleges.
• To assess your suitability to study on a course/apprenticeship or to attend a placement.
• To process your application.
• To enrol you onto your chosen course/apprenticeship, maintain your student record and where applicable to claim funding.
• For educational purposes including when attending educational trips and visits.
• For marketing purposes.
• To maintain accurate and up-to-date contact details (including details of who to contact in the event of an emergency and contact details for parent/ guardian/ next of kin. We will assume you have checked with the relevant individuals prior to providing us with these details).
• To communicate with you (such as by email, post, SMS and telephone).
• To provide educational and student support services including additional learning support and free school meals.
• To send you information that you have requested.
• To administer financial aspects to your studies including tuition fees and eligibility for bursary payments and free school meals.
• To deliver your chosen course of study and monitor your progress.
• To personalise our support to meet your individual needs.
• For our own internal records so that we can provide you with a high-quality service.
• For business management and planning e.g. data reporting to stakeholders and providing information for accounting and auditing purposes.
• To provide and offer facilities such as access to our libraries and IT services.
• To ensure security on our premises and for the prevention and detection of crime such as using CCTV or attaching photos to ID cards.
• To record the details of your studies and confirm your academic achievements e.g. to prospective employers.
• For our statutory reporting and statistical research purposes.
• To enable your participation at events at NCG and our colleges.
• To monitor equal opportunities.
• To gather evidence, process and maintain record of student academic appeals and student discipline cases.
• To process student complaints.
• To deal with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
• To respond to and defend against legal claims.
• To provide references on request and with your consent for current or former learners.
• To monitor your use of our information and communication systems to ensure compliance with our IT policies.
• To enable the use of NCG’s Wi-Fi networks on your personal devices.
• To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
• To prevent fraud.
• To ensure the appropriate safeguards are in place to protect our employees, learners and other customers of NCG.
• To meet our legal and statutory duties and responsibilities.

This is not an exhaustive list and there may be other purposes not listed which are compatible with the original purpose for which your data is collated.

Data protection legislation requires NCG to have a lawful basis to process your personal data and the lawful bases that we rely on include:

• Consent – When you send an enquiry or subscribe to receive marketing information from us.
• Contract – When you enrol onto your chosen course or apprenticeship you enter into a contractual agreement (your learning agreement). If you choose to use services such as learning or pastoral support this would also fall under your contractual agreement.
• Public Task – NCG is an educational institution receiving public funding. As part of our public task, we are required to use your personal data for statistical analysis and research purposes as well as share your personal data with a range of different organisations, public sector agencies and government bodies. Some of this processing will involve sharing your contact details with organisations who will ask you to complete surveys.
• Legal Obligation – NCG are governed by certain legislation, regulations and standards that may require us to retain your personal data as well as share it with a range of different organisations and public sector agencies or government bodies.
• Legitimate Interest – We may process your personal data if it is necessary for our legitimate interests, and you would reasonably expect us to hold and use this data.
• Vital Interest – In an emergency we may be required to share your personal details with Emergency Services or Local Authorities.

When signing an enrolment form / learning agreement, learners agree to their personal data being processed in accordance with this privacy notice.

8. WHEN WILL WE SHARE PERSONAL DATA

Third Parties and Service Providers

We may share your information with third parties who provide services to us, or directly to you on our behalf. These organisations are known as data processors. We have contracts in place with our data processors to safeguard your personal data and to ensure that they do not do anything with your personal data unless we have explicitly instructed them to do so.

Our data processors will not share your personal data with any organisation apart from us without our consent, and they will ensure it is stored securely for the timeframe that we instruct.

As an education institution receiving public funding, we are also required to share your personal data with a range of different organisations, public sector agencies and government bodies including, but not limited to:

• Department for Education (DfE).
• Education Skills Funding Agency (ESFA).
• The Office for Students (OfS).
• Student Loans Company.
• Student Finance.
• Quality Assurance Agency for Higher Education (QAA).
• Other providers of external funding.
• Ofsted.
• Local Authorities.
• Awarding Bodies (a full list of awarding bodies can be provided to you upon request).
• Organisations used to plan and manage educational visits (including organisations used to claim funding for such visits).
• Insurers (where appropriate).
• If studying towards a qualification that leads to professional recognition, information may be shared with the relevant professional body. A list of professional bodies is available on request.
• Internal and external auditors.
• Graduation ceremonies are regarded as public events and may be recorded and/or live streamed. Graduate names, programmes and classifications are also printed on material that is made publicly available.
• Other education institutions (i.e. Schools).

International Learners

For international students studying with us, we will also share your personal data with the following:

• Home Office (including UKVI).
• International Student Recruitment Agents.
• Accommodation Providers.

Apprentices

For apprentices we will also share your personal data with the following:

• Your employer.
• End point assessment (EPA) organisations.
• The National Apprenticeship Service.

Debt Recovery

When you enrol at one of our colleges you enter into a contractual agreement and are responsible for the payment of any fees where applicable. Therefore, if necessary, we may transfer your personal data to an agent for the purposes of debt collection.

UK Agencies

Data protection laws allows NCG to disclose your personal data to relevant bodies without your consent relating to the prevention/detection of crime, the apprehension and prosecution of offenders, the protection of an individual’s vital interests/welfare or safeguarding national security. Non-exhaustive examples include benefit or tax inspectors, the Police, UK Visas and Immigration (UKVI) and the Foreign and Commonwealth Office (FCO).

Employers and Other Providers

We may disclose your information to employers for the purposes of filling placement or apprenticeship vacancies. We only disclose information to employers with whom we have an agreement in place that instructs them to keep your information secure and not use it other than in accordance with the purposes we have agreed.

We may provide factual references about you when requested from your prospective employers or your next educational setting which will include your educational course and attendance details as well as your completion date.

For the purposes of tracking NEET (Not in Education, Employment or Training) learners, upon request from your previous educational setting or the Local Authority, we may confirm to them that you are now studying with one of our colleges or that you have withdrawn if you do not complete your course.

Next of Kin

Learners are asked to provide contact details for their next of kin (emergency contact) at enrolment. By providing these contact details at enrolment, you provide consent for NCG to share your personal data with your next of kin. Personal data we may share includes information related to progress, attendance, progression, concerns, and disciplinary matters. We may contact your next of kin to support with access to financial support and in the event of an emergency. If there are any changes to your next of kin or you wish to withdraw this consent, please speak to a member of staff or contact our Data Protection Officer (dpo@ncgrp.co.uk). Refer to section 9 of this notice for more information on your right to withdraw consent.

Sponsors and Employers Paying Fees

For learners in higher education (HE), if your tuition fees are paid under a sponsorship, scholarship or loan arrangement by an external organisation (e.g. your employer), we may share information relating to your attendance and academic progress upon request.

Subcontractors

For learners in further education where we work with subcontractors to deliver the provision, we will share your personal data with the subcontractor delivering your course.

Award Verification

NCG may disclose to third parties whether or not you have received an award and if so, the date and classification, without notifying you. Such a disclosure would be subject to checks regarding the nature and purpose of the request and will only be disclosed where we are satisfied a request is for legitimate purposes.

Marketing

At no time will your personal data be sold to other organisations for marketing or sales purposes.

ESFA Privacy Notice

The Education and Skills Funding Agency (ESFA) require that we provide you with their privacy notice. You can also use the link below for the most current version.

https://guidance.submit-learner-data.service.gov.uk/ilrprivacynotice/

LRS Privacy Notice

The information you supply is used by the Learning Records Service (LRS). The LRS issues Unique Learner Numbers (ULN) and creates Personal Learning Records across England, Wales and Northern Ireland, and is operated by the Education and Skills Funding Agency, an executive agency of the Department for Education (DfE). For more information about how your information is processed, and to access your Personal Learning Record, please refer to:

https://www.gov.uk/government/publications/lrs-privacy-notices

Survey Providers

As part of our Public Task requirements, we have a statutory duty to carry out statistical analysis and research in the form of surveys. Research organisations conduct surveys on our behalf, and you may be contacted by them. On rare occasions where research organisations have not been able to contact you, they may contact your next of kin or parent/guardian. The privacy notices of these research organisations can be provided upon request.

For FE Students, the ESFA also require us to provide your contact details to the survey provider Ipsos Mori, to carry out the FE Choices Survey.

For HE Students, the Office for Students require us to provide your contact details to the Higher Education Statistics Agency (HESA) to carry out the Graduate Outcomes Survey and Ipsos Mori to carry out the National Student Survey (NSS).

The relevant privacy notices for can be found via the following links:

• Ipsos Mori: https://www.ipsos.com/ipsos-mori/en-uk/privacy-data-protection
• NSS: https://www.thestudentsurvey.com/privacy-policy/
• HESA: https://www.hesa.ac.uk/about/regulation/data-protection/notices

9. TRANSFERRING PERSONAL DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)

NCG do not routinely transfer your personal data outside of the EEA. However, on rare occasions, some organisations that process data on our behalf may store data in cloud services outside of the EEA. These transfers will only be made to services hosted in countries with which there are appropriate safeguards.

10. HOW WE STORE PERSONAL DATA

Your information is securely stored by both NCG as your data controller and our data processors whom we have agreements in place with to safeguard your personal data.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The time period we will store your personal data for is outlined within our Document Retention Schedule which can be accessed on our website and here. Further details regarding how we manage our records at NCG including how we dispose your information is detailed within our Record Management Policy which can be accessed on our website and here.

11. YOUR RIGHTS

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Access your Information

UK GDPR grants you the right to contact us to request details concerning the personal information we hold about you, why we have that information, who has access to the information and where we got the information from.

You can submit a subject access request to obtain access to your personal data that we hold by sending your request to DPO@ncgrp.co.uk. Once we have received your request, we will respond within one calendar month unless we need to extend that period owing to the complexity of your request (to a maximum of three calendar months in total).

Rectifying Data

If the data we hold about you is out of date, incomplete or incorrect, you can inform us, and we will ensure that it is updated.

Erasing Data

If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted.

Restricting Processing

In certain circumstances, you have the right to request that NCG stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If the data is no longer processed, we may continue to hold your data to comply with your other rights.

Data Portability

You have the right to request that we transfer your data to another organisation or to receive a copy of your data in a common format. Once we have received your request, we will comply where it is feasible to do so.

Object to Direct Marketing

All communication with you, including in relation to updates to this privacy notice, will be made via the preferred method of communication that you have registered with us.

If, at any stage, you are concerned about the content (e.g. unwanted marketing), frequency or method of these communications, you can notify us of your decision at any time.

h5> Right to Object to Automated Decision Making / Profiling

You have the right not to be subject to automated decision making (making a decision solely based on automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about the individual). NCG do not currently carry out any automated decision making or profiling.

Withdrawing Consent

In instances where we need your consent to process your information, we will ask you to make a positive indication e.g. to tick a box or insert your contact details on the relevant form or web page. By actively providing us with your consent, you are stating that you have been informed of the type of personal information that will be processed, the reasons for such processing, how it will be used, for how long it will be kept, who else will have access to it and what your rights are as a data subject and that you have read and understood this privacy policy.

Where processing is based on consent, you have the right to withdraw consent at any time, and you can request this by speaking to a member of staff or contacting our Data Protection Officer at the contact details below.

12. COMPLAINTS TO THE INFORMATION COMMISSIONER’S (ICO)

Should you be dissatisfied with our processing of your personal data, you have the right to complain to the ICO. For more information, please see the ICO’s website: https://ico.org.uk/

13. NCG’S DATA PROTECTION OFFICER

If you would like to exercise any of the rights above, have any questions that you feel have not been covered by this privacy notice, or if you have concerns or a complaint in relation to NCG’s processing of your personal data, please do not hesitate to contact us by email (dpo@ncgrp.co.uk) or in writing to:

Data Protection Officer (NCG)
Rye Hill House
Scotswood Road
Newcastle Upon Tyne
NE4 7SA

14. STATEMENT ON IMPLEMENTATION

Upon approval, this procedure will be uploaded to the policy portal and communicated to staff via The Business Round-Up.

15. STATEMENT ON CONSULTATION

This procedure has been reviewed by the Governance and Risk team.

Version Control