This privacy notice tells you what we will do with your personal information when you contact or visit Cheshire College South & West, attend one of our courses or work for us.

This notice is layered so that you can easily select the reason we process your personal information and see what we do with it.

This privacy notice will tell you:

• Why we process your information
• What purpose we are processing it for
• The legal basis for processing it
• How long we store it for
• Whether there are other recipients of your personal information
• Whether we intend to transfer it to another country, and
• Whether we undertake automated decision-making or profiling.

This privacy notice has been prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Cheshire College South & West (the College) is a further education provider and exempt charity. The College is the data controller for the personal information we process, unless otherwise stated.

There are many ways you can contact us, including by phone, email and post.

We have three Campus addresses:           

Crewe Campus
Dane  Bank Avenue  
Crewe
Cheshire
CW2 8AB

Learn more about the Crewe Campus.

Ellesmere Port Campus
Off Sutton Way
Ellesmere Port
CH65 7BF

Learn more about the Ellesmere Port Campus.

Chester Campus

Eaton Road
Handbridge
Chester
CH4 7ER

Learn more about the Chester Campus.

For general information,  please use this page of our website.

You can contact the College’s Data Protection Officer at dataprotect@ccsw.ac.uk or via our postal address.

Please mark the envelope ‘Data Protection Officer’.

We have divided this privacy notice into sections to make it easier to read only the sections relevant to you, please be aware that multiple sections may apply depending on your relationship with the College.

In each section we have set out the legal basis we rely on for processing your personal data, in addition, we have provided a table in the section titled ‘Legal Basis for Processing Personal Data’ to provide an easy to read summary and quick reference to the full details of the data processing.

Personal information may be processed by the College for one or more of the following reasons:

Our Services

• Enquiry about our Services
• Attendance at a College Event
• Visitor to one of our Campuses (including CCTV)
• Information Request
• Representing an Organisation
• Customer of our Restaurants, Gym or Hair and Beauty Services
• Visiting our Website
• Making a Complaint

Studying with Us

• Undertaking a Course at the College
• Undertaking a Course/program through a University Partner
• Data about Health, Additional Support or Reasonable Adjustments
• Work Experience
• Careers Advice

Parents/Guardians of Students

• Parents/Guardians

People Who Work for Us

• Job Applicants
• Employees
• Volunteers and Governors

In general, the personal information we process will have been provided directly from you.

We may also receive your personal information indirectly, in the following scenarios:

• From organisations working with us to deliver courses or training
• From schools whose students are attending an event (such as Primary or Secondary College)
• From a student who has given parental and/or emergency contact details (see section titled ‘Parents/Guardians’)
• From UCAS where you have applied for a higher education course
• From other public authorities, regulators, or law enforcement bodies
• From an organisation with whom we have a contract with to provide a service to our employees
• We may receive personal data from an organisation or individual who the College has appointed as an international education advisor for the purpose of recruitment of students in specific international territories
• From a prospective employee of ours where they have given your contact details as an emergency contact or a referee

If it is not disproportionate, we will contact you to let you know we are processing your personal information. ​

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Discover more in our Data Protection Rights Procedure.

Please contact us at dataprotect@ccsw.ac.uk if you wish to make a request.

You can also make a request online using this form.

Your rights under data protection are:

Your Right of Access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your Right to Rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your Right to Erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your Right to Restriction of Processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your Right to Object to Processing

You have the right to object to processing if we are processing your information as part of our public tasks, or in our legitimate interests.

Your Right to Data Portability

Your right to data portability only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or if we are in talks about entering into a contract and the processing is automated.

As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act (2010).

This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services. Our lawful basis for processing this information is article 6(1)(c) of the UK GDPR as we have a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9(2)(b), where the processing of data fulfils our legal obligations. This may include the aggregation of your data to monitor our outcomes and inform our policymaking. This statistical analysis will not identify you or lead to a direct intervention or contact.

We’ll create a record of your adjustment requirements. These will give your name, contact details and type of adjustment required, along with a brief description of why it is required. Relevant staff can access this to ensure they are communicating with you in the required way.

We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).

As a general guide:

• Student (including parent/guardian) details: will be retained for 6 years after completion of studies or withdrawal from a course. In some cases, for example to comply with UK or European funding rules we are required to keep records for much longer.
• Nursery children and parents: all data will generally be retained for 25 years
• Employee data: all data will be retained for 6 years with limited data retained until the employee’s 75th birthday (as required for pension administration)

The College has a Retention Procedure which specifically sets out detailed retention timescales. For more information on how long information will be retained please contact our Data Protection Officer.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We have been certified under the Cyber Essentials scheme.

Where you have previously studied at the College, enquired about a course, or commenced an application process, then we may send you information about future courses and learning opportunities we provide. We will only do so where you provided your consent. You can withdraw this consent at any time.

Additionally, where you have previously been a customer of one of our gyms, restaurants, or hair/beauty services, we may send you information about these services on the basis of our legitimate interests.

In doing so, we will comply with the requirements of the “soft opt in” under the Privacy and Electronic Communications Regulations and offer you an opportunity to refuse marketing when your details are first collected and in subsequent messages (by way of an unsubscribe).

We may contact parents/guardians to send postal marketing materials highlighting the range of relevant courses, qualifications and career options offered through the College. If you do not wish to receive such marketing materials, please contact us to opt out.

We will not share your information with any third parties for the purposes of those third parties conducting direct marketing.

Where students or staff take part in any international programmes e.g., residential or exchange programs their data will be sent outside the UK. Information including name, address, date of birth or age, emergency contacts, and other relevant information may be shared with any travel organisation e.g., travel agents, hotels, or airlines. The information will also be passed to the host school/College/education provider and a host family (where relevant). Such transfers usually are necessary to meet our contractual or legal obligations. Where the destination country is in the not in the European Economic Area or a country with an EU ‘adequacy’ finding, the College will ensure appropriate safeguards are in place to ensure the confidentiality and security of your personal information.

Data may also be transferred outside of the European Economic Area by our suppliers, such as where data is to be hosted on IT servers (equipment). The College shall always provide an adequate level of protection for the data processed, in accordance with the requirements of data protection laws.

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

The College is committed to processing personal data fairly and lawfully. If you have queries or concerns, please contact us at dataprotect@ccsw.ac.uk and we’ll respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioners Office (ICO). Please follow this link to the ICO website for more information https://ico.org.uk/make-a-complaint/. Or contact them at:

Information Commissioner’s Office  
Wycliffe House                  
Water Lane
Wilmslow
Cheshire 
SK9 5AF

Helpline number: 0303 123 1113

For information about how we process a complainant’s information, please see this section of our privacy notice titled ‘Making a Complaint’.

What we need and why we need it

We need enough information from you to answer your enquiry. If you call our phone lines, we won’t make an audio recording. In certain circumstances we may make notes to provide you with a further service as required. We may ask for you to provide certain personal data so that we can verify your identity before discussing information further; for example, if a parent makes enquiries about a student, we will verify the details on our system to identify the parent and their right to receive any personal information. 

If you contact us via email or post, we’ll need a return address.

If you contact us by email, we may retain a copy of your enquiry for audit and record-keeping purposes.

What we do with it

For individuals making an general enquiry regarding studying or partnering with us, we may record the details of the enquiry including the date, time, and content on our management system.

Purpose and lawful basis for processing

When you contact us to make an enquiry, we collect information, including your personal data, so that we can respond to it and fulfil our responsibilities.

If you are enquiring about education, the lawful basis we rely on to process your personal data is article 6(1)(e) of the UK GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a further education provider.

If you are enquiring about one of our other services the lawful basis, we rely on to process your personal data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when this is necessary for the purposes of the legitimate interests of the College or a third party.

If the information you provide us in relation to your enquiry contains special category data, such as health, religious or ethnic origin information the lawful basis we rely on to process it is article 9(2)(g) of the UK GDPR, which also relates to our public task and the safeguarding of your fundamental rights. And Schedule 1 part 2(6) of the Data Protection Act 2018 which relates to statutory and government purposes.

What we need and why we need it

When you visit the CWIoT website, we use a third-party service (Google Analytics) to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. For information about how Google Analytics uses your personal information, please see http://www.google.com/intl/en/policies/privacy/ and https://support.google.com/analytics/answer/6004245.

We also collect the request made by your browser to the server hosting the website which includes the IP address, the date and time of connection and the page you ask for. We use this information to ensure the security of our websites and we delete it after a maximum of 3 months. We may use and disclose it as necessary in the event of a security concern or incident.

Like many websites, we also obtain certain types of information when your web browser accesses our website via the use of Cookies.

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information.

For further information visit https://www.cwiot.ac.uk/cookies

You can set your browser not to accept cookies; however, in a few cases some of our website features may not function as a result.

What we do with it

This information is used to track visitor use of the website and to compile statistical reports on website activity.

Purpose and lawful basis for processing

The lawful basis we rely on to process your personal data is article 6(1)(e) of the UK GDPR, which allows us to process personal data when this is necessary to perform our public tasks and in some cases article 6(1)(b) of the UK GDPR which allows us to process personal data when this is necessary to perform a contract.

We will ask for details of any criminal convictions or offenses. For processing Criminal Convictions data, the College relies on Schedule 1 part 2 paragraphs 18 and 19 of the Data Protection Act 2018 which relating to safeguarding of children and of individuals at risk and safeguarding of economic well-being of certain individuals.

The College will share data for with:

• Parents/ Guardians of Students
• Local Authorities and other Education Providers
• Local Authorities, the Police or Safeguarding Agencies
• Government Agencies
• An Employer or Work Experience Placement
• Supported Internship Job Coaches
• Awarding Bodies
• Apprenticeships, Exam bodies and Scholarship organisation
• Data Processors
• Sub-contractors who Deliver some of our Services
• Debt Collection Agencies
• Transport Providers

The following section sets on who the College shares information with and why. In some circumstances we are legally obliged to share information. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

Parents/ Guardians of Students

When a student attends the College under the age of 18, we will contact named parents/guardians to discuss academic progress, attendance, welfare concerns and conduct for the duration of their course.  This may include by phone, email, online account or through face-to-face meetings. Students can request that we do not contact their parents/guardian; however, there are some cases where we may still need to do so or may be required to disclose certain information by law. For example, for students who use college transport services we may contact you or your parent/guardian in the event of some disruption to services or due to an emergency, bad weather or accident.

 Local Authorities and other Education Providers

The College will share information with the local authority to support the provision of education and for obtaining and providing support for those with a special education need or disability. We will also share information about the status of a student’s application with schools as part of their responsibilities to ensure the provision of suitable education.

The College has a Data Sharing Agreement with Entrust who have a contract with Staffordshire Council to provide statutory careers support for 16–17-year-olds or up to 25-year-olds with an EHCP. As part of this Service Delivery Agreement Entrust are collecting offers, starts and leavers data from Educational Providers and reporting on data collected back to Department of Education. They also provide the students further support as necessary.

The College will share student details with third parties commissioned by local authorities to provide careers and other relevant support.

The College will share students’ details with education providers (secondary schools) where students are attending the College as an out of school setting.

We may share personal details including name, attendance details, courses completed and results with other education providers on receipt of a reference request.

Local Authorities, the Police or Safeguarding Agencies

We may share information when we feel there’s a good reason that’s more important than protecting your privacy. This doesn’t often happen, but we may share your information:

• if there are serious risks to the public, our staff or to other professionals.
• to protect a child; or
• to protect a vulnerable adult.

The Police may contract us and ask us to provide personal data including CCTV footage where it would support the prevention or detection of crime. In general, we would provide this information where the Police have provided us a written request outlining the basis for the information sharing.

The College will share details of students in full time education with local authorities to support the assessment or collection of Council tax under schedule 2-part 1 paragraph 2 (1) (c) of the Data Protection Act 2018.

Government Agencies

The College is legally required to share your information with the Education and Skills Funding Agency (ESFA) (an executive agency of the Department for Education (DfE)). Data about you will be supplied to ESFA for the purposes set out in their Privacy Notice available at https://www.gov.uk/government/publications/esfa-privacynotice.

Every year the College will send some of the information it holds about you (students and staff) to the Higher Education Statistics Agency Limited (HESA). HESA is the official source of data about UK universities, higher education colleges, alternative HE providers, and recognised higher education courses taught at further education institutions in Wales. HESA is a registered charity and operates on a not-for-profit basis. Data about you will be supplied to HESA for the purposes set out in their Privacy Notice available at https://www.hesa.ac.uk/about/website/privacy.

The College will share learner data with the Student Loans Company to deliver requirements in respect of the administration of student finance.

The College will share learner data to deliver requirements in respect of the administration of the Education Maintenance Allowance (EMA) and Welsh Government Learning Grant (WGLG).

The College will share learner data with Higher Horizons who are funded by Office for Students. Higher Horizons will use this data to evaluate the effectiveness of Higher Horizons service provision and also to track a learner’s education journey. Higher Horizon’s privacy notice is available at https://higherhorizons.co.uk/privacy-policy/

The College may share personal data as part of Channel which is part of the Prevent strategy. The process is a multi-agency approach to identify and support individuals at risk of being drawn into terrorism. More details on how data is shared is available at https://www.gov.uk/government/publications/channel-data-privacy-notice/channel-data-privacy-information-notice.

An Employer or Work Experience Placement

Where you are undertaking an Apprenticeship course whilst working for an employer we will share your name, address, progress, attendance, learning plans, progress in learning, assessment plans and qualification results with your employer. Your employer will also share relevant information with us. In this the College and the employer are each acting as Data Controllers, and you should review the employers Privacy Notice and Data Protection policies (where appropriate).

Where you are undertaking work experience your name, date of birth, parent’s details, emergency contact details, course details and any health, well-being and educational needs may be shared with the employer.

We may also share personal details including name, attendance details, courses completed and results with employers on receipt of a reference request.

Supported Internship Job Coaches

The College may collect and processes personal details so that we can deliver the Supported Internship programme to you and facilitate your time as a student at the College.

We will share this personal data with other staff at the College to administer this programme and meet your needs. We will also share your details including personal contact details and health and support needs (as detailed in your Education Healthcare Plan) with your Job Coach and the organisation who they are employed by Grow & Achieve (for Ellesmere Port students) and the Rossendale Trust (for Crewe students).

We will share your name, address, progress, attendance, learning plans, progress in learning, assessment plans and qualification results with the employer who you are completing your internship with. Your employer will also share relevant information with us. The College and the employer are each acting as Data Controllers, and you should review the employers Privacy Notice and Data Protection policies (where appropriate). We will also contact named parents during your course to discuss academic progress, attendance, welfare concerns and conduct.

Awarding Bodies

The College is an approved centre for a range of awarding bodies. Depending on the student’s course personal data will be shared with these awarding bodies. Awarding bodies may be required to provide a candidate’s personal data to educational agencies such as DfE, WG, DE, The Skills Funding Agency, regulators, HESA, UCAS, Local Authorities, EFA and Learning Records Service (LRS). Additionally, candidates’ personal data may be provided to a central record of qualifications approved by the awarding bodies for statistical and policy development purposes. Awarding bodies maintain a comprehensive archive record of candidates’ examination results. The purpose is to provide an audit trail of the results certificated and to maintain an accurate record of an individual’s achievements. It is the responsibility of centres to ensure that candidates are made aware of this. For full details of each awarding bodies privacy notice can be found on their websites.

These organisations include:

Gateway Qualifications: Privacy Notice – Gateway Qualifications

Apprenticeships, Exam bodies and Scholarship organisation

The College will share data with apprenticeship organisations including End Point Assessment providers, sponsors, and providers of scholarships for the purpose of fulfilment of your learning contract. These organisations include:

• ECITB https://www.ecitb.org.uk/privacy-statement/
• IMI https://tide.theimi.org.uk/about-imi/campaigns/imi-privacy-policy
• Open College Network West Midlands https://www.opencollnet.org.uk/centres/our-centres/policies-and-procedures/
• AAT https://www.aat.org.uk/policies/privacy
• Highfield https://highfield.co.uk/privacy-and-cookies
• CMI https://www.managers.org.uk/about-cmi/governance/policies/data-privacy/

Full details of our exam and awarding bodies are available on request.

For full details of each awarding bodies privacy notice can be found on their websites.

Data Processors

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Full details of all our data processors are available from our Data Protection Officer on request.

Sub-contractors who Deliver some of our Services

The College uses sub-contractors for the delivery of some of its courses and programs. As such these third parties have access to Student personal details including name, address, date of birth, gender, nationality, parent/guardian contact names, phone number, email address, student support needs, medical information, education history, qualifications, references, ethnic origin, employment history, attendance data, and other relevant information.

Appropriate contracts will be implemented with these sub-contractors to ensure they process personal data in line with the law.

Debt Collection Agencies

We may share your information in the event of the non-payment of an invoice (for example for a course or hire of our facilities). If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid invoice. As a result, the College will share personal data with the debt recovery specialists it instructs in order for them to take recovery action.

Transport Providers

We will share a passenger list with the bus companies so that the drivers can check Student ID and bus passes on embarkation. A photo of students may sometimes be shared with the bus company/driver so that they are aware of students with any additional needs or if a student is not permitted to use transport services e.g., due to issues with behaviour.

Employee Benefits Platform

The College uses VIVUP to provide benefits to its employees. More information about how your personal information will be used for this purpose is available at https://demo.vivup.co.uk/privacy_policy.