The College adheres to the General Data Protection Regulation (GDPR), with respect to all information held about students. The College is registered with the Information Commissioner’s Office – Registration Number Z7286389.
The Data Protection Officer can be contacted via email DPO@farn-ct.ac.uk
When you visit the College website, cookies are used to enable us continually to enhance our websites functionality and performance making it as easy as possible for you to use. We utilise first party cookies (originating from us) to simply track your visits between sessions and deliver a more personalised experience and third party cookies (not originating from us) to provide analytic information. In order to access authenticated areas of the website (e.g. applying for a course) it is essential that cookies are enabled and allowed. Other (non-essential) cookies are also used to store individual preferences (e.g. font sizes). It is for these reasons that a cookie free version of this website is not available.
In addition, we use Google Analytics to provide additional information regarding visitors to our site. To opt-out of Google Analytics tracking, please visit the Google Analytics Opt-out for details of available browser plug-ins.
For administrative and business purposes the College needs to hold certain personal information about students. This information is provided by you during the application and enrolment process. Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the GDPR, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
The personal information we hold includes:
Additional information from third parties:
Your personal information that the College holds is required in order to deliver the training courses on which you have enrolled. If you do not wish to give your personal information, then the College may not be able to offer you a place on a course and may withdraw any offer already made.
We use this information to:
Under the GDPR, it is necessary for the College to demonstrate the lawfulness of processing your personal information under the following articles:
The lawful reasons for processing your personal information are:
The full list of personal data, the lawful reason for holding it and the length that we will hold it for is listed in the Record of Processing Activities (see Appendix A).
If you make enquiries or apply for a course, but do not to take up a place, you have the right to request that all of your information is removed from our records. Once this request has been made your details will be removed from our records within one month from the request.
If you enroll on a course we will hold your personal information for six years after you have left the College. After six years, we will retain details of your name, date of birth, courses attended and outcomes (and results in the case of University of Surrey students). Contact details and financial details will be maintained for students that remain in debt to the College.
Your personal information will be shared with other organisations for purposes of administration, the provision of career and other guidance and statistical and research purposes, relating to education or training.
Other organisations include:
Before sharing any personal data, it will be confirmed that the organization is registered as a data controller or data processor with the UK Information Commissioner’s Office and are GDPR compliant.
The College uses software to store the data we hold and the software providers have access to your personal data as part of their role in maintaining the software– Capita, MyConcern, Forskills. These organisations are registered as data controllers with the UK Information Commissioner’s Office and are GDPR compliant.
We do not share your information with anyone outside of the UK unless specifically requested by you.
Electronic data is stored within the college IT infrastructure, which has restricted access and a variety of other measures in place to ensure its secure. Any data shared outside the organisation is done so via means of encrypting the content.
Under data protection legislation, you have the right to request access to the information that we hold about you. A request to access your personal information is known as a ‘Subject Access Request’ and must be made in writing to the Data Protection Officer.
You also have the right to:
If you wish to exercise any of the rights set out above, please complete the form available on the College website, or contact firstname.lastname@example.org for a copy of the form.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. (Alternatively, we may refuse to comply with your request in these circumstances.)
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/