The Data Protection Act 1998 states that “Personal data means data which relates to a living individual who can be identified:
- (a) from those data, or
- (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.”.
This notice is relevant to all current students, prospective and former students and customers who provide personal details when in contact with SERC.
What Do We Collect And Why
When you enrol on or apply for a course at SERC it is essential that we collect personal information from you to enable us to provide you with the service you have requested. Should you wish to engage with specific College departments e.g Student Funding, you may need to provide information in addition to what you supply on your enrolment/application form however they will not ask for information not necessary to the additional service you require.
Our enrolment and application forms are designed for the purpose of collecting all relevant personal information necessary for us to process your request and for us to submit our mandatory information returns to the Department for the Economy.
The College is required by the Department for the Economy to ask for the following information for statistical purposes: gender, marital status, ethnicity, sexual orientation, dependants, community background, political opinion, religious belief, employment sector, and whether you are employed.
The College has a statutory obligation to safeguard all students, staff and visitors. Should you have a relevant criminal conviction to disclose, you will be required to disclose this to the Director of Learning and Customer Support who will contact you. Details on how to make this disclosure are available on our enrolment forms.
As a public authority, the college will obtain, process and manage all data in compliance with the Data Protection Act (1998).
SERC operates a Closed Circuit Television system (CCTV) on all main campuses i.e Bangor, Ards, Lisburn, Downpatrick, Ballynahinch and Newcastle, to provide staff, students and visitors with a safe environment and also to protect College property against criminal damage.
All staff, students and visitors should have a reasonable expectation of being captured on CCTV on a daily basis.
How We Use Your Personal Information
This information collected is for the purpose of course administration, providing education and training, placement, providing student support if required, obtaining results for courses and examinations and the administration of student awards and fees. In addition, the information held may be used for planning further courses, liaison with other educational establishments and preparation of returns to the Department for the Economy.
Disclosure To Third Parties
To fulfil our obligation to you and the Department for Education it will be necessary for the College to share your information with some third party organisations e.g Examination bodies to claim your achievement on a vocational course, organisations responsible for various forms of student funding if you submit an application for financial assistance and debt recovery agencies should you default on your payment of fees to the College.
We will not disclose your information to third party organisations who have no direct role in assisting us with our service to you and our obligations as a public authority without your consent however we may be required to share your information with the PSNI for the purposes of prevention or detection of crime, or the apprehension or prosecution of offenders.
Controlling Your Data
The College will not ask for more information than is necessary for us to achieve our legal and regulatory obligations and to fulfil our commitment to you.
Where the use of your data is unnecessary e.g marketing communications, we will offer you the opportunity to opt out of your data being processed for that purpose.
College Wide Commitment To Your Privacy
The College is committed to protecting your privacy and have taken measures to ensure all staff are aware of their responsibilities in achieving this. The College Information Officer is responsible for maintaining all policies and procedures relating to Records Management and Data Protection and updating them as and when significant changes occur e.g changes in legislation.
All College employees must complete mandatory training on Data Protection and they receive regular information updates when new policies and procedures become operational.
SERC network systems are secured from external access by a firewall (Microsoft TMG). Internal network systems are secured by New Technology File System permissions, which only allows certain users access to certain servers / shares / resources.
Retention and Destruction
The College Retention Schedule is currently being revised and will be available on the College website from 1st January 2015.
Subject Access Request
As outlined in the Data Protection Act (1998) you have the right under Section 7 to request what information the College holds on you. All requests will be considered in line with the legislation and a response will be provided to you within 40 working days. If an exemption applies and we are unable to release information to you, the College will inform you of reasons for refusal.
Changes To Your Personal Data
As the Data Subject, you are responsible for ensuring the information which you provide is accurate and notifying the College of any amendments to this data should it change.
Department for the Economy Statement
Your data will be shared with the Department for the Economy for statistical, funding and other legitimate business purposes including the provision of careers guidance. Your information may be accessed by other Civil Service Departments. The information is covered by the Data Protection Act (1998) which entitles you to see the data held about you.
National Fraud Initiative
South Eastern Regional College (SERC) is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The Comptroller and Auditor General audits the accounts of SERC as the College is a Non-Departmental Public Body. The Comptroller and Auditor General is also responsible for carrying out data matching exercises under his powers in Articles 4A and 4G of the Audit and Accountability (Northern Ireland) Order 2003.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows fraudulent claims and payments to be identified. Where a match is found, it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Comptroller and Auditor General currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Comptroller and Auditor General for matching. Details are set out in the NIAO's website, www.niauditoffice.gov.uk.
Data matching by the Comptroller and Auditor General is subject to a Code of Practice. This may be found at www.niauditoffice.gov.uk
For further information on the Comptroller and Auditor General's legal powers and the reasons why he matches particular information, see the Level 3 notice on the NIAO website at www.niauditoffice.gov.uk. For further information on data matching in South Eastern Regional College please contact David McCullough, Financial Controller, at firstname.lastname@example.org