HSDC Privacy Notices

There are several aspects to the GDPR (General Data Protection Regulation) that from May 2018 will change how organisations communicate with users and process their personal information.

One key aspect is to provide a privacy notice to a data subject (an individual whom personal data is about). A privacy notice is a statement that describes how the college collects, uses, retains and discloses personal information. Different Organisations sometimes use different terms and it can be referred to as a privacy statement, a fair processing notice or a privacy policy.

Havant & South Downs College recognises the importance of protecting personal and confidential information in all that we do. Individuals have the right to be informed about the collection and use of their personal data and is a key transparency requirement under the GDPR.

We must provide privacy information to individuals at the time we collect an individual’s personal data. To comply with data protection legislation, the college needs to be transparent with how personal data is used within the organisation. The transparency requirements of the GDPR create several overarching legal obligations for how we collect and use people’s personal data.

The information we provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language. We have created tailored privacy notices, so that an individual can navigate to the most relevant privacy notice that applied to them. For example, there is a privacy notice for students and a privacy notice for a website user.

See below the expandable sections each privacy notice will contain.

All personal data that we collect from an individual directly will receive the following information:  

  • The name and contact details of our college
  • The contact details of our data protection officer
  • The purposes of the processing
  • The lawful basis for the processing
  • The legitimate interests for the processing
  • The recipients or categories of recipients of the personal data
  • The details of transfers of the personal data to any third countries or international organisations
  • The retention periods for the personal data
  • The rights available to individuals in respect of the processing
  • The right to withdraw consent
  • The right to lodge a complaint with a supervisory authority
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data
  • The details of the existence of automated decision-making, including profiling

All privacy notices are available on the HSDC website (www.hsdc.ac.uk) all privacy notices will also be issued at the time we collect personal data from individuals. If we obtain personal data from a source other than the individual it relates to, we will provide them with privacy information within a reasonable period of obtaining the personal data and no later than one month, or when communication first takes place or when the data is disclosed. When collecting personal data from individuals, we do not need to provide you with any information that you already have.

The GDPR defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” .

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

Sensitive personal data

The GDPR refers to sensitive personal data as “special categories of personal data” this can be

  • race;
  • ethnic origin;
  • politics;
  • religion;
  • trade union membership;
  • genetics;
  • biometrics (where used for ID purposes);
  • health;
  • sex life; or
  • sexual orientation.

Special category data is personal data which the GDPR says is more sensitive, and so needs more protection.
Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.

We take the security of all the data we hold very seriously.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

If you require further information about any of the privacy notices or about your personal data, please contact our data protection officer kat Kuzmin who’s contact details are:

Data Protection Officer
College Road
Waterlooville
Hampshire
PO7 8AA

 

Telephone: 02393 879 999

Email: DataProtection@hsdc.ac.uk

Need some help? Our advisors are here to help you

Contact us