Data Protection

Read more about Borders Data Protection Policy below. 

Your Personal Information

We take your privacy seriously and we look after your personal information responsibly.  We abide by data protection legislation.

Borders College is registered with the Information Commissioner’s Office (ICO). We abide by the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and related legislation and guidance.

We only collect and/or process your personal data when we have a valid lawful basis to do so. For example, we may collect personal information from you to help us perform our public task as a College to provide education and appropriate support or as part of a contract with you.

We are legally obliged to provide some information to external bodies for education, training, employment, wellbeing related purposes and research.

You can read our full Privacy Notice for details of how we deal with your personal information, including our responsibilities and your rights, here.

For additional information you can also visit the ICO’s website: https://ico.org.uk

Borders College is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.

Who is collecting the information?

Borders College is the Data Controller. We have an appointed Data Protection Officer (DPO), who can be contacted by emailing: sar@borderscollege.ac.uk

Why are we collecting it and what are we doing with it (Purpose)?

This privacy notice relate to registration and membership activities for the General Teaching Council Scotland (GTCS) College Lecturer Registration and the data sharing between the GTCS and Borders College. Mandatory registration with GTCS will begin for lecturers with a TQFE or equivalent (currently a recognised Primary or Secondary teach qualification with experience in Further Education).

Your information will be used for the following purposes:

  • Registration purposes
  • Administration
  • Communications
  • Registration on the GTCS PVG scheme
  • Training purposes
  • Enabling access to GTCS online facilities and tools
  • Administration of the GTCS fitness to teach process.

 What personal data do we collect?

  Personal data  Special category (Sensitive) data
  Name  Criminal offences and convictions and sentences
  Date of birth  Racial or ethnic origin
  Contact email address  Political opinions
  Employment contract type  Religious or philosophical beliefs
  Qualification type  Trade union membership
  Registration number  Sex life 
  Professional details including employment and personnel data  Sexual orientation

 

The lawful basis for the processing

Under GDPR Article 6(1)(b) processing is necessary for the performance of a contract and (e) processing is necessary for the performance of a task in the public interest or under official authority vested in the controller.

The lawful basis for the special category (sensitive) data is Article 9(2)(g) processing is necessary for reasons of substantial public interest and is authorised by domestic law proportionate to the aim pursued including:

  • Statutory etc and government purposes (DPA 2018, Schedule 1, Part 2(6))
  • Protecting the public against dishonesty etc (DPA 2018, Schedule 1, Part 2(11))
  • Regulatory requirements relating to unlawful acts and dishonesty etc (DPA 2018, Schedule 1, Part 2(12))
  • Safeguarding of children and of individuals at risk (DPA 2018, Schedule 1, Part 2(18))
  • Where necessary for employment, social security and social protection
  • Where necessary for the establishment, exercise or defence of legal claims

Who we share the information with:

Your data will be shared with the General Teaching Council Scotland (GTCS). This is documented and all sharing is carried out in a secure manner. The GTCS privacy notice is available here: www.gtcs.org.uk/web/fileS/GTCS-General-Privacy-Notice.pdf

How long do we hold the personal data?

This data will be held by Borders College for the length of your employment plus 7 years.

Individuals’ rights in relation to this processing

Under data protection law individuals have a number of rights. They are as follows:

  • Right to be informed – i.e. this privacy notice for this purpose
  • Right of access
  • Right to rectification
  • Right to restrict processing
  • Right to erasure – commonly known as the Right to be Forgotten (RTBF)
  • Right to object
  • Right to data portability
  • Right to be informed of any automated individual decision making, including profiling – the College does not use personal data in this way.

Not all of these rights are absolute and some only apply in certain circumstances. If you want to know more or exercise your data subject rights please contact the data protection mailbox at sar@borderscollege.ac.uk and your request will be processed accordingly.

Complaints to UK Information Commissioner’s Office (ICO)

If you are concerned about how your personal data is being used by the College, in the first instance please can you contact the College Data Protection Officer (DPO) at sar@borderscollege.ac.uk. If you are not satisfied with the outcome then you can complain to the regulator of data protection, the UK Information Commissioner’s Office (ICO). The ICO has guidance on their website here: https://ico.org.uk/your-data-matters/raising-concerns/

You can email them at casework@ico.org.uk or call them on 0303-123-113 or you can send a letter to them at the following address:

Customer Contact,
Information Commissioner's Office,
Wycliffe House,
Water Lane,
Wilmslow,
SK9 5AF

Privacy Notice – National Fraud Initiative

Borders College is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.

Who is collecting the information?

Borders College is the Data Controller. We have an appointed Data Protection Officer (DPO), who can be contacted by emailing: sar@borderscollege.ac.uk.
 

This privacy statement relates to the following process:

Sharing Data with Audit Scotland: National Fraud Initiative

This College is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.

On behalf of the Auditor General for Scotland, Audit Scotland appoints the auditor to audit the accounts of the College. It is also responsible for carrying out data matching exercises under the National Fraud Initiative.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This will include personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified but the inclusion of personal data within a data matching exercise does not mean that any specific individual is under suspicion. Where a match is found it indicates that there may be an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. The exercise can also help bodies to ensure that their records are up to date.

Audit Scotland currently requires Borders College to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to Audit Scotland for matching. The exact nature of the data supplied is set out in Audit Scotland’s instructions, which can be found at: http://www.audit-scotland.gov.uk/our-work/national-fraud-initiative

The use of data by Audit Scotland in a data matching exercise is carried out under their statutory authority, normally under its powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the Data Protection Act 2018. Data matching by Audit Scotland is subject to a Code of Practice. This may also be found at: http://www.audit-scotland.gov.uk/our-work/national-fraud-initiative

For further information on Audit Scotland’s legal powers and the reasons why it matches particular information, see the full text privacy notice at: http://www.audit-scotland.gov.uk/our-work/nationalfraud-initiative

Our legal reason for processing the data is that use is necessary for the performance of a task in the public interest.  Article 6, (1), (e)

Special category (sensitive) data: Processing is necessary for reasons of substantial public interest and is authorised by domestic law proportionate to the aim pursued. The legal basis for processing your special category and criminal convictions data is Article 9 (2) (g) substantial public interest, and sections 6, 10, 11, and 12 of schedule 1 to the Data Protection Act 2018.

The following rights are rights of data subjects:

  • The right to access your personal data
  • The right to rectification if the personal data we hold about you is incorrect
  • The right to restrict processing of your personal data

The following rights apply only in certain circumstances:

  • The right to withdraw consent at any time if consent is our lawful basis for processing your data
  • The right to object to our processing of your personal data
  • The right to request erasure (deletion) of your personal data
  • The right to data portability

Complaints to UK Information Commissioner’s Office (ICO)

If you are concerned about how your personal data is being used by the College, in the first instance please contact the College Data Protection Officer (DPO) at sar@borderscollege.ac.uk. If you are not satisfied with the outcome then you can complain to the regulator of data protection, the UK Information Commissioner’s Office (ICO). The ICO has guidance on their website here: https://ico.org.uk/your-data-matters/raising-concerns/

You can email them at casework@ico.org.uk or call them on 0303-123-113 or you can send a letter to them at the following address:

Customer Contact,
Information Commissioner's Office,
Wycliffe House,
Water Lane,
Wilmslow,
SK9 5AF

Effective 6/06/2018.

Introduction

Personal data has a wide definition but put simply means information that relates to a living individual, who can be identified from that information (and other information held by the organisation) for example names, e-mail addresses, home addresses, phone numbers, bank account details, personal description and photograph, etc. Please note this list is not exhaustive.

This Privacy Notice tells you what to expect when Borders College collects personal information. It sets out what data we collect and how we process that information. It also describes your rights under data protection law. You can find out more about your rights here.

We will update this Privacy Notice from time to time by publishing a new version on our website.

UK Information Commissioner’s Office (ICO)

Borders College pays an annual fee to the Information Commissioner’s Office (ICO) and is a Data Controller under data protection legislation. For the purposes of data protection legislation, the College is considered to be a public authority.

Data Protection Officer – contact details

If you have any questions relating to your personal data, how we process it or your rights as a Data Subject, you should contact the College’s Data Protection Officer (DPO):

Data Protection Officer, Borders College, Nether Road, Galashiels, TD1 3HE

Mail to: sar@borderscollege.ac.uk

If you remain unsatisfied or you believe that we are not processing your data in accordance with your rights under data protection legislation, you can complain to the Information Commissioner’s Office (ICO) by calling their helpline on 0303 123 1113.

You can find further information, including contact details on the ICO’s website at:  https://ico.org.uk/for-the-public/.

Data Protection Statement

We will only process your personal data for the specific purpose or purposes notified to you in this notice, and only to the extent that it is necessary for those specific purposes. We will keep the personal data we store about you accurate and up to date. Please notify us if your personal details change or you become aware of inaccuracies in the personal data we hold about you.

We will process your data only in accordance with data protection legislation, this Privacy Notice and in adherence to the College’s Data Protection Policy and other information governance policies. We will take appropriate technical and organisational measures to protect your rights as a Data Subject. In the event of a data breach which results in high risk to your rights and freedoms, we will communicate the nature of that breach to you including our contact details, the likely consequences of the data breach and details of the measures taken or which we plan to take to address the data breach and to mitigate its consequences.

You can find out more about your rights later in this document.

Data Protection Legislation

Data Protection Legislation means:

  • The General Data Protection Regulation (Regulation (EU) 2016/679)
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003
  • Any applicable legislation adopted by the United Kingdom after the United Kingdom ceases to be a Member State of the European Union, and
  • All applicable laws and regulations relating to the processing of personal data and privacy.

The Personal Data we collect

This notice applies to information we collect about:

  • Visitors to our website and through social media
  • Student applicants and enrolled students, including applicants for funding
  • Individuals or companies purchasing courses
  • Job applicants, current and former employees (including volunteers and Board members)
  • Alumni, supporters and friends
  • Complainants

Purposes and categories of information

In this Section we have set out the:

  • general categories of personal data that we will process, where relevant to the purpose for processing, and where there is a clear legal basis for processing:
    • identifying information
    • authentication information
    • contact information
    • communication information
    • professional and public life information
    • preference and personal history information
    • health information
    • ethnicity and demographic information
    • knowledge and personal beliefs
    • physical characteristics information
    • criminal activity information
    • financial account, ownership and transactional information
  • purposes for which we will process personal data
  • legal basis of the processing
    • Conditions for processing your personal data are
      • The data subject has given consent (where this is used, it will be clear and consent can be withdrawn at any time)
      • Processing is necessary for compliance with a legal obligation to which the controller is subject
      • Processing is necessary for a contract we have with you, or you have asked us to take specific steps before entering a contract
      • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    • At least one of these conditions need to be met for data protection legislation. Where the requirement is in relation to legal obligation or exercise of official authority, these relate to the HE/FE legal framework we operate under.
       

Visitors to the Website and through Social Media

Our public facing website is:

Borders College: http://www.borderscollege.ac.uk/

Third Party Websites

Our websites include hyperlinks to, and details of, third party websites.  We do not share data with these websites.  We have no control over, and are not responsible for, the privacy policies and practices of third parties.

Use of cookies by Borders College

When someone visits a Borders College website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This helps us to monitor and improve our website and services, to ensure we provide information clearly and effectively, and to facilitate access to our services.

You can read more about how we use cookies on our Cookies page: http://www.borderscollege.ac.uk/terms-and-conditions/cookies/.

If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Search engine

Our website search is powered by Google. We do not log search queries and results. We do not collect user-specific data during this process.

Email subscriptions and E-newsletter

We invite users to sign up to receive information on a variety of areas. You can manage your own preferences, subscribe and unsubscribe at http://www.borderscollege.ac.uk/resources/mailing-lists/

We will only use your information to contact you for the reason you have subscribed. We will not pass your information to any third parties other than Mailchimp, who provide the newsletter mailing service.

We use Mailjet, to deliver our occasional e-newsletters. We gather statistics around email opening and clicks, using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see https://www.mailjet.com/security-privacy/

People who contact us via Twitter and Facebook

We use a third party provider, Buffer, to manage our social media interactions. Any tweets or posts are passed only to the relevant member of staff to deal with and the personal data is not shared further.

Course enquiries via the website

When you enquire online about a course, we collect your name and email address so that we can respond to your enquiry.

Online website enquiries

If you have any queries please email itsupport@borderscollege.ac.uk

Student Applications and Enrolments

This privacy notice provides you with information about us, why we collect information from you, what we do with the information we collect from you, who we share your information with and your rights in relation to that information under Data Protection legislation and related guidance. We may update this notice from time to time.

What data do we collect and why?

When we process your personal data, we are fulfilling our obligations as a College and as a public authority in the provision of Education in the public interest, the requirements of the Education (Scotland) Act 1980 and in order to comply with other legislation, for example, the Equality Act 2010. Processing has a wide definition but includes collect, store, use and share. 

"Personal data" means any information we hold about you from which you can be identified or may be identifiable. It may include contact details, other personal information, photographs, IP addresses, expressions of opinion about you or indications as to our intentions about you.

Student Applications

When you apply to be a student at Borders College, we collect personal information about you to enable us to process your application fairly, transparently and accurately. We will collect your personal information to assist in the process of applying for a course and to ensure that we give your application fair and equal consideration.

We will only collect the minimum of your personal information necessary to process the application. Categories of data collected are:

  • identifying information
  • authentication information
  • contact information
  • communication information
  • professional and public life information
  • preference and personal history information
  • health information
  • ethnicity and demographic information
  • knowledge and personal beliefs
  • physical characteristics information
  • criminal activity information
  • financial account, ownership and transactional information

We collect data from you, which we will use to communicate with you about the progress of your application, to provide essential information about funding or to request more information from you. We will use your data to assess your application against the entry requirements of the course(s) you have applied for. For some courses, we are required by law to collect information to carry out additional checks such as Protecting Vulnerable Groups (PVG) checks and to seek declarations of criminal convictions. 

Data provided in the application process will be used for statistical purposes and will be anonymised. It will also be used in an anonymised form for archiving purposes in the public interest.

We will also collect personal data from you in order to assess and process applications for student funding, including transport and additional support arrangements where appropriate.

You can see how we will share your data later in this document.

Student Enrolments

When you enrol in a course, we collect updated personal information about you. This is so that we can deliver your education, communicate with you, and monitor attendance and progress in your course(s). 

Categories of data collected are:

  • identifying information
  • authentication information
  • contact information
  • communication information
  • professional and public life information
  • preference and personal history information
  • health information
  • ethnicity and demographic information
  • knowledge and personal beliefs
  • physical characteristics information
  • criminal activity information
  • financial account, ownership and transactional information

For example, we will use your personal data to:

  • verify your identity
  • enrol you in your course
  • timetable your classes
  • process your funding
  • communicate with relevant awarding bodies
  • liaise with placement providers
  • assess progress, and
  • perform other activities directly related to your course such as personal protective equipment, ID photos, funding and payment including debt recovery.

We will process your personal data where processing is necessary to comply with legal obligations. We will process your personal data where we need to protect your interests (or someone else’s interest), for example where there is a health incident and securing help for an individual’s interests, or where it is needed in the public interest or for official purposes.  

We may process “special categories of data” in order to comply with legal requirements, such as considering if we need to make appropriate adjustments during your course in relation to any disabilities. We may also process information relating to your health to monitor absences and to provide you with support if required.  

We will only process "special categories of data" about ethnic origin, political opinions, religious or similar beliefs, trade union membership, health or sex life where we either have your explicit consent, when it is needed in the public interest, or if we are legally required to do so. For example, we are required to collect Equality Monitoring Information however we make it clear at the point of collection that you have the option to tell us you would prefer not to say.

We provide additional services to students including Student Support and Support for Learning, etc. When you access these services, we will collect and process your information only as far as it is necessary to provide them, and we will explain this at the time.

After you complete your course, we use your details to enable us to process Awards and arrange graduations. We will contact full-time students to gather information on their destinations after they have left their course if they wish to provide this information.

Sharing your data

We may share your data with organisations in the following categories:

  • The Scottish Government, the Student Awards Agency for Scotland (SAAS), Scottish Further and Higher Education Funding Council (SFC), Skills Development Scotland (SDS)
  • Local Authorities (for example Scottish Borders Council and schools)
  • Transport Providers, to facilitate transport arrangements
  • Awarding bodies including the Scottish Qualifications Authority (SQA) etc

Any sharing of your data is done in the public interest in the area of Education and for archiving purposes in the public interest and for statistical purposes.

Any sharing of data is subject to appropriate safeguards to protect your data, for example through Data Sharing Agreements with the organisations that we share data with and ensuring the organisations meet certain security requirements, e.g. encryption.

We do not use your information for marketing purposes unless we have specifically asked you and you have provided specific consent. For example, we may ask you at enrolment if we can contact you when you complete your course about our Alumni Association, but you can choose not to consent to this. Find out more at http://www.borderscollege.ac.uk/resources/mailing-lists/.

Where your employer has enrolled you in a course, we will have a contract with them and will share limited personal information only within the terms of the contract.

Keeping your data

We will keep your data only for so long as is necessary, in line with our Retention and Disposal Schedule. 

Your data rights

You have rights over your data under Data Protection legislation. You can find more detail on your rights and how to exercise, them later in this document.

 

Individuals or companies purchasing courses

This clause sets out the basis on which we will process your personal data when you purchase a course from us.

Collecting Personal Data

We will collect the following personal data:

  • Order by Customer for Customer: personal data about the Customer that we collect from the Customer or that the Customer provides to us during the Order process. This includes information that the Customer gives to us by filling in the Booking Form; or by corresponding with us by phone, e-mail, post or otherwise;
  • Order by Customer for Attendee: personal data about the Customer and the Attendee(s) that we collect from the Customer and / or the Attendee or they provide to us during the Order process. This includes, information that the Customer and / or Attendee gives us by filling in the Booking Form or by corresponding with us by phone, e-mail, post or otherwise;
  • Services: personal data about you we collect from you or that you provide to us when we provide the Services to you. This includes information that you give us by corresponding with us by phone, e-mail, post or otherwise.

 Use of Personal Data

We will use your personal information for the following purposes:

  • Order: to process your Order; and to contact you in relation to your Order;
  • Services: to provide the Service to you; to contact you in relation to the Services; and to process your certification under the Services; and
  • Direct Marketing: if you have provided your specific consent, to provide you with information that we believe may be of interest to you, such as information concerning our courses, products, or services. You can manage your preferences and unsubscribe at any time at http://www.borderscollege.ac.uk/resources/mailing-lists/.

Legal basis for processing Personal Data

We will hold and process your personal data on the following legal basis:

  • When we process your personal data, we are fulfilling our obligations as a College and as a public authority in the provision of Education in the public interest, the requirements of the Education (Scotland) Act 1980 and in order to comply with other legislation, for example, the Equality Act 2010.
  • Performance of Contract: in the Order and supply of Services it is necessary to process your personal data to enter a Contract and without your personal data the Contract cannot proceed.
  • Certification of Services: processing is necessary for compliance with legal obligations to which we are subject.
  • Direct Marketing: based on your specific consent only.

Sharing Personal Data

We may share your personal data with:

  • the Scottish Qualification Authority; City and Guilds; and other awarding bodies for Awards and certification purposes including REHIS, AoFA, City & Guilds, People 1st, British Safety Council (BSC), LANTRA, IQA / EQA; 
  • if relevant, your employer, as the Customer; and
  • depending on your method of payment, our current third party suppliers Worldpay for the purposes of processing your payment

Any sharing of your data is done in the public interest in the area of Education and for archiving purposes in the public interest and for statistical purposes.

Any sharing of data is subject to appropriate safeguards to protect your data, for example through Data Sharing Agreements with the organisations that we share data with and ensuring the organisations meet certain security requirements, e.g. encryption.

Retention Period

We will not store your personal information longer than necessary and in line with our Retention and Disposal Schedule for the purposes outlined above, unless it is required to do so to comply with the law and / or any regulatory requirements.

European Economic Area (EEA)

We will not transfer your personal data outside the European Economic Area (EEA) without ensuring that the data will be processed in line with privacy law.

Your Rights

You have certain rights under data protection legislation. You can find further detail regarding your rights later in this document.

 

Job applicants, current and former College employees, volunteers and Board members

Borders College is the data controller for the information you provide during the recruitment and appointment processes unless otherwise stated. If you have any queries about the recruitment or appointment processes or about how we handle your information, please contact us at hr@borderscollege.ac.uk.

What will we do with the information you provide to us?

All of the information you provide during the recruitment and appointment processes will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes.

Information may be shared by us for the purposes of National Bargaining with Colleges Scotland Employers Association and the Scottish Funding Council. The College will ensure that appropriate Data Sharing Agreements are in place and that all of the information you provide will be held securely by us and / or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. 

What information do we ask for, and why?

We collect your information for HR purposes only, including the recruitment and appointment processes. We do not collect more information than necessary for HR purposes and will not retain it for longer than is necessary for those purposes.

Application stage

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.

You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to anyone outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide will be used only to produce and monitor equal opportunities statistics.

Shortlisting

Our hiring managers shortlist applications for interview. They will not be provided with your name, contact details or referees or with your equal opportunities information if you have provided it. They will only have access to the detail given in your application including education, skills, experience and yours answers to the questions on the application relevant to the role you are applying for.

Assessments

We might ask you to participate in assessment days, complete tests or occupational personality profile questionnaires, and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held securely by the HR department in the College for recruitment.

Conditional offer

If we make a conditional offer of employment, or volunteering opportunity, we will ask you for information so that we can carry out checks. You must successfully complete these checks to progress to a final offer. We are required to confirm the identity of our employed staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. 

Both employees and volunteers will therefore be required to provide: 

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
  • You will be asked to complete a criminal check through Disclosure Scotland which would normally be the Protection of Vulnerable Groups (PVG) check.
  • We will contact your referees directly, using the details you provide in your application, to obtain references.

Employees will also be asked to complete a questionnaire about your health. This is to establish your fitness to work.

We will also ask for the following:

  • Bank details – to process payments where relevant e.g. salary, expenses
  • Emergency contact details – so we know who to contact in case you have an emergency at work
  • Membership of either the SPPA or LGPS pension scheme (employees only)

Appointments to Board positions, following recommendation for selection, are subject to Ministerial approval. Board appointees are bound by the principles of public life. Their personal information will therefore be shared or publicised as required by legislation.

CHRIS

If you accept a post with us, some of your personnel records will be held on CHRIS, which is an internally used HR records system. Your information will be available to you and your manager on HR21, the self-service module for CHRIS. Borders College has an agreement with the software provider to ensure appropriate technical and organisational measures are in place to restrict access to your data and keep it secure.

Here is a link to their privacy notice.

https://gb.frontiersoftware.com/privacy-and-data-protection

Pensions

If applicable, your details will be provided to Scottish Borders Council or the Scottish Public Pensions Agency who are the administrators of the Local Government Pension Scheme or Scottish Teachers Pension Scheme respectively, of which the College is a member organisation. You will be auto-enrolled into the pension scheme and details provided to the scheme administrators will be your name, date of birth, National Insurance number and salary.

Health Management

NHS Borders provide our employee Occupational Health service. If we make you a conditional offer of employment, we will ask that you complete a questionnaire which will help to determine if you are fit to undertake the work that you have been offered, or advise us if any adjustments are needed to the work environment or systems so that you may work effectively.

We will send you the questionnaire which you should send directly back to NHS Borders Occupational Health Service, who will provide us with a fit to work certificate or a report with recommendations. If an occupational health assessment is required at any time during your employment, this is likely to be carried out by NHS Borders Occupational Health Service.

Here is a link to their Privacy Notice. Borders College has an agreement with NHS Borders to ensure data is processed securely.

http://www.nhsborders.scot.nhs.uk/patients-and-visitors/our-services/general-services/workplace-health-services/occupational-health-service/

How long do we retain your information?

If you are successful, the information you provide during the application process will be retained by us as part of your individual file for the duration of your appointment term plus 6 years following the end of your appointment. This includes your criminal records declaration, fitness to work (if applicable), records of any security checks and references.

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like us to retain your details in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise. At the end of this period, we will destroy all of your application information. 

If you are unsuccessful at any stage of the process, we will retain the information you have provided until that point for 6 months from the closure of the campaign.

We will retain information generated throughout the assessment process, for example interview notes, for 6 months following the closure of the campaign.

We will retain equal opportunities information connected to your personal details for 6 months following the closure of the campaign whether you are successful or not. Anonymous equalities data for staff members is retained and reported to the Scottish Funding Council on an annual basis. Equal opportunities information for Board members is recorded and retained to fulfil reporting requirements.

Employee pension and health information is retained for 30 years following cessation of employment as required by legislation.

How we make decisions about recruitment of staff and volunteers?

Final recruitment decisions are made by hiring managers and members of our recruitment team, appropriate to the position applied for. All of the information gathered during the application process is taken into account.

You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing hr@borderscollege.ac.uk.
 

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. Generally, we will consider an anonymous complaint if it gives enough information for us to make further enquiries. Failing this, we may decide not to pursue it.

We will keep personal information contained in complaint files in line with our Retention and Disposal Schedule. We hold the details and outcomes of all complaints within College records for a period of five years. We will retain this information in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

You can see more detail on how we handle complaints on our website.

 

Your individual rights

You have rights under data protection law, which we have summarised here. This is not a full statement of the law: some of the rights are complex, and not all of the details have been included in our summaries, the regulator of data protection law, UK Information Commissioner’s Office (ICO) has guidance on all of your rights and how to exercise them here: https://ico.org.uk/for-the-public/personal-information/.

Your rights under data protection law are:

  1. The right to be informed (known as a privacy notice)
  2. The right of access
  3. The right to rectification
  4. The right to erasure (or ‘the right to be forgotten’)
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision-making and profiling

The right to be informed

As a data subject you should be informed when an organisation processes your personal information. This is known as a privacy notice. A privacy notice should be provided when you provide your personal information to the organisation or, if the information is received by another way, you must be informed within a reasonable period of obtaining the data and no later than one month.

The information to be provided is:

  • The name and contact details of our organisation.
  • The name and contact details of our representative (if applicable).
  • The contact details of our data protection officer (if applicable).
  • The purposes of the processing.
  • The lawful basis for the processing.
  • The legitimate interests for the processing (if applicable).
  • The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
  • The recipients or categories of recipients of the personal data.
  • The details of transfers of the personal data to any third countries or international organisations (if applicable).
  • The retention periods for the personal data.
  • The rights available to individuals in respect of the processing.
  • The right to withdraw consent (if applicable).
  • The right to lodge a complaint with a supervisory authority.
  • The source of the personal data (if the personal data is not obtained from the individual it relates to).
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
  • The details of the existence of automated decision-making, including profiling (if applicable).

The right of access

This means you have the right to obtain:

  • confirmation that your data is being processed
  • access to your personal data and other supplementary information that we hold about you

This is so that you can access your personal data to be aware of and verify the lawfulness of the processing.

The supplementary information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data.

We will supply a copy of your personal data to you, if this does not affect the rights and freedoms of others; we will provide this initial copy of the information free of charge.

We may charge a reasonable fee, based on the administrative cost of providing the information, in some circumstances. This applies for additional copies of the same information. It also applies when your request is manifestly unfounded or excessive, particularly if it is repetitive, in which case we may refuse to respond; where this is the case, we will explain why and inform you of your right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.

The right to rectification

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure

The right to erasure is not an absolute ‘right to be forgotten’, but exists to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

You have a right to have your personal data erased and to prevent processing in specific circumstances:

  • where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed
  • when you withdraw consent to consent-based processing
  • when you object to the processing and there is no overriding legitimate interest for continuing the processing
  • the personal data was unlawfully processed the personal data has to be erased in order to comply with a legal obligation
  • the personal data is processed in relation to the offer of information society services to a child

We can refuse to comply with a request for erasure where the personal data is processed:

  • to exercise the right of freedom of expression and information
  • to comply with a legal obligation for the performance of a public interest task or exercise of official authority
  • for public health purposes in the public interest
  • for archiving purposes in the public interest, scientific research, historical research, or statistical purposes
  • for the exercise or defence of legal claims

The right to restrict processing

In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are where:

  • you contest the accuracy of the personal data: we will restrict processing until we have verified its accuracy
  • processing is unlawful but you oppose erasure, and request restriction instead
  • we no longer need the personal data for the purposes of our processing, but you require the data to establish, exercise or defend a legal claim
  • you have objected to processing (where it was necessary for the performance of a public interest task) pending the verification of that objection

The right to data portability

This right applies to you where you provided your personal information to us:

  • either giving your consent, or as part of entering into a contract with us, and
  • the personal data is processed by automated means (in practice this means most paper files are not covered by this right)

In these circumstances, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format; however, this right does not apply where it would adversely affect the rights and freedoms of others.

The right to object to processing

You have the right to object on grounds relating to your particular situation to our processing of your personal data in circumstances where the legal basis for the processing is that it is necessary, for:

  • the performance of a task carried out in the public interest or in the exercise of any official authority vested in us, in which case we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims
  • direct marketing, in which case we will stop processing your personal information immediately
  • scientific / historical research and statistics, although where research is in the public interest we are not obliged to comply with an objection

Right to complain to a supervisory authority

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

In the UK the supervisory authority is the Information Commissioner’s Office – https://ico.org.uk

Right to withdraw consent

Where the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Exercising your rights

You may exercise any of your rights in relation to your personal data by any of the following alternatives:

  • the form on our website
  • the postal address as published in this privacy notice

If you are aware of a breach of personal data, or are concerned that there might be one, please complete the form at the bottom of the page without delay.

Please describe what’s happened in as much detail as you can. We may need to contact you for more information and to let you know our response.

Remember to be specific and provide as much detail as possible.

We take your privacy seriously and we look after your personal information responsibly.  We abide by data protection legislation.

You have rights in relation to the personal data that we hold about you. The rights are not unlimited: you can find out more information on the Information Commissioner’s Office site and in our Privacy Statement.

If you would like to exercise any of your rights in relation to personal information that we may hold about you, please complete the form below.

Please be specific and describe what you are looking for in as much detail as possible. This should help us to respond quickly and fully. However, please be aware that before we can respond, we may need to verify your identity and/or seek further information from you.

We will process and respond in line with the Information Officer’s Office timescales and guidance; if this means that we cannot meet or fully meet your request, we will tell you and explain our reasons.

Remember to be specific and provide as much detail as possible. 

Borders College (the College) is providing you with this information to comply with data protection law to ensure that you are fully informed and that we are transparent in how we collect and use your personal data.

Your privacy and trust are very important to us and this Privacy Notice provides essential information about how the College handles your personal data (information). The College is committed to complying with all applicable Data Protection legislation, this includes the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
 

Who are we?

Borders College is the ‘Data Controller’ and is responsible for looking after the personal data that you provide.

Registered office: 
Borders College
Scottish Borders Campus
Nether Road
Galashiels
TD1 3HE

We have appointed a Data Protection Officer (DPO), who can be contacted by emailing: sar@borderscollege.ac.uk
 

This privacy notice relates to the following process: Student Funding application process

This process applies to applications for Bursaries, Education Maintenance Allowance (EMA), Discretionary and Childcare payments, and European Social Funding.

We use the information you provide when you make an application for funding with us so we can identify you, communicate with you about your application and assess your application against funding criteria.
 

Purpose for processing – why do we collect information about you?

We collect and use your information for the following purposes:

  • To process applications for and, where an award is made, provide financial support to students through Student Support Funds on behalf of the Scottish Funding Council, and the Student Awards Agency for Scotland (‘our Funders’). This includes financial support towards bursary, childcare, education maintenance allowance (EMA) and discretionary funds.
  • To appropriately manage public funds through crime prevention, detection investigation and reporting and for the recovery of overpayments.
  • For audit purposes and compliance with our Funders’ policies.
  • For statistical analysis for reporting to our Funders and monitoring and improving our services.
  • To investigate and respond to complaints and appeals.
  • To identify special need requirements to support those with disabilities.
     

Our lawful basis (reason) for processing your information

Processing is necessary for the performance of a contract (between you and the College on behalf of our funding bodies).

  • Use is necessary for the performance of a contract with you or to take steps, at your request, before entering into such a contract. Article 6(1)(b)
  • Use is necessary for us to comply with a legal obligation. Article 6(1)(c)

The information collected includes special category (sensitive) data. Our lawful basis for using this is: 

  • Use as necessary for carrying out obligations under substantial public interest Article 9(2)(g) – Equality and Diversity Act 2010
     

What information do we collect about you?

The categories of personal data provided by you for the purpose of your Funding Application are:

  • Contact details, including your name, date of birth, address, email, phone number;
  • Financial details about your income and bank details for payment;
  • UK residency details such as country of birth, nationality, residency, country you normally live in;
  • Previous education details such as institution, attendance dates, funding award;
  • Previous employment details such as name and address of employer, level of income;
  • Current and previous benefit claims, income from employment or any other income;
  • Parent’s or Partner’s details, including name, address, marital status, income and employment details, details of other dependents;
  • Dependents’ details including name, date of birth, relationship to you, student award details;
  • Childcare provider’s details, address, email, phone number, bank account details.

We also ask for some ‘special category data’ or ‘sensitive’ data:

  • Details of any learning disability you have so that you can be considered for additional support needs cost. This information will be shared internally with the College’s Inclusive Learning team and to our Funders for analytical and statistical reasons. This enables the College to meet its duties under the Equality Act 2010. Please note you are not obliged to provide this information however you would not be considered for the additional support needs costs from student support funds such as taxi transportation, specialist equipment, scribes for in class support.
  • Ethnic origin for the purpose of reporting to our Funders. You are not obliged to provide this information. If you choose to withhold this information this will not have any negative impact on the outcome of your funding application.
     

How do we collect it?

The Student Funding Department collects the information you provide on the online Bursary Application, Discretionary Application or Childcare Application form with additional information requested and/or provided by you in a number of ways including paper and online formats, email, telephone and face-to-face enquiries. 
You are contractually bound to provide your personal information for the purpose of applying for financial support during your attendance at College. As above the Special category information listed is optional.

If you were to withhold the information we require for this process, the consequences would be:

We would not be able to assess your funding application or provide access to financial support.
 

Who do we share your information with?

The Student Funding Department has to meet its legal obligations as part of its business function. This includes sharing your information with other organisations. For statistical reporting internally and for some external reporting purposes, we remove your personal information before sharing your data so that it is anonymous and you cannot be identified.

The organisations we share your personal data with include:

  • Childcare provider (where you have applied for childcare support and agreed to share attendance and payment information);
  • Our Funders (Scottish Funding Council; Student Awards Agency Scotland; Skills Development Scotland) for reporting and audit purposes;
  • Department of Work & Pensions;
  • Her Majesties Revenue and Customs (HMRC);
  • Home Office;
  • External auditors appointed by the college to ensure that we comply with the regulations set out by our funders;
  • Other college departments and staff including Inclusive Learning, Student Services, Student Information and curriculum staff within your course area.

We may also share your information with other third parties, specifically your parent or partner, only if you have given your consent to share this information using our third party authorisation form.
 

Details of data transfers to any third countries or international organisations

Your information will not be shared outside of the European Economic Area.
 

How do we look after your information and how long do we keep it for?

We will take all reasonable steps to prevent the loss, misuse or alteration of information you give us. Your personal information will be stored securely and will only be accessed by authorised staff, agents, contractors and other organisations who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality and must comply with data protection law.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

The length of time we keep your information depends on what funds you have applied for or been awarded. The table below provides detail of how long your information will be kept in line with the College’s data retention schedule and then will be destroyed confidentially. The retention period commences from the end date of academic session.

 Bursary 6 years from the end date of your academic session
 Education Maintenance Allowance 6 years from the end date of your academic session
 Childcare 6 years from the end date of your academic session
 Discretionary 6 years from the end date of your academic session


All documentation relating to European Social Fund, Developing Scotland’s Workforce will be retained for European audit requirements. Applicants who have been awarded funds from the European Fund should note that their student funding information will be retained up to a maximum of 15 years or until the year 2032. Borders College is required to retain the relevant documentation as prescribed in the National Rules for the ESF 2014-2020 programme (http://www.sfc.ac.uk/publications-statistics/guidance/guidance2018/SFCGD192018.aspx).

Automated decision making processes, including profiling

We do not use any automated decision making about you to assess your application for funding.

Your rights

Under the GDPR you have certain rights in relation to how the College manages and uses your personal information:

  • The right to be informed (this is the Privacy Notice)
  • The right to access your personal data
  • The right to rectification if the personal data we hold about you is incorrect
  • The right to restrict processing of your personal data

In addition, the following rights apply only in certain circumstances:

  • The right to withdraw consent at any time (if consent is our lawful basis for processing your data)
  • The right to object to our processing of your personal data
  • The right to request erasure (deletion) of your personal data
  • The right to data portability
  • The right not to be subject to automated decision making including profiling

For more information about your rights please see www.ico.org.uk.

Contact us

If you have any issues about this notice or the way the College has handled your personal information, please contact our Data Protection Officer in the first instance:

Data Protection Officer, email sar@borderscollege.ac.uk or write to:

Data Protection Officer 
Borders College College, 
Scottish Borders Campus 
Nether Road
Galashiels
TD1 3HE

Complaints to UK Information Commissioner’s Office (ICO)

If you are dissatisfied with the response from the College you have the right to lodge a complaint with the Information Commissioner’s Office about our handling of your data:

email casework@ico.org.uk, Telephone 0303 123 1113 or write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

Please click on this link to download the notice. Adobe PDF.

Borders College is providing you with this information to comply with data protection law, to ensure that you are fully informed and we are transparent in how we collect and use your personal data. 
 

Who is collecting the information?

Borders College is the Controller and is responsible for looking after the data you provide. We have an appointed Data Protection Officer (DPO), who can be contacted by emailing: sar@borderscollege.ac.uk.
 

Why are we collecting it and what are we doing with it?

As a public authority, Borders College is required to consider the need to: 

  • Eliminate unlawful discrimination, harassment and victimisation and other conduct prohibited by the Equality Act 2010. 
  • Advance equality of opportunity between people who share a protected characteristic and those who do not. 
  • Foster good relations between people who share a protected characteristic and those who do not.   

The purpose of Report for Support is to help students and staff access support for an incident they have experienced and it will help the College to take proactive and preventative measures to mitigate the risk of harm to anyone in the college community.

If you use Report for Support to report an incident experienced or witnessed by you at Borders College in relation to, for example, hate crime, racism or gender-based violence, the College will collect personal data about you. 

The personal data and information you provide will be used to assess and/or investigate the incident, to get in touch with you and to obtain more information about the incident. If you do not provide your name and contact details, the College is unable to directly support you in relation to the incident. 

If you are a student, an outline of the incident you share with us may be recorded on the College’s internal ProMonitor platform as a ‘confidential note’. This will only be visible to the College’s Safeguarding team. 

The college will also use information provided for analytical purposes such as monitoring trends or patters to help inform our decision making, for example policy or procedure change or development. 
 

What personal data do we collect?

We will collect the information you have chosen to share with us on a Report for Support form, including

  • Personal data: Your name (first name and surname)
  • Your contact details 
  • Your status (student or member of staff)
  • If you experienced or witnessed the incident
  • The nature of the incident (e.g. hate crime)
  • The option to provide more information about the incident (e.g. date, time and any other relevant information).

Special Category (sensitive) Personal data:

  • Protected characteristics information (e.g. age, disability or long-term health condition, ethnicity, gender, religion or belief, and sexual orientation). 

In providing this information you help the College to monitor any trends or patterns in relation to these characteristics. It is your choice to provide this information to us; a ‘prefer not to say’ option is available. 
 

The lawful basis for the processing

Under data protection law our lawful basis is:  

  • UK General Data Protection Regulation (UK GDPR) Article 6 (1) (c) ‘necessary for compliance with a legal obligation’. This includes:  
    • The duty to investigate allegations/complaints under The Scottish Public Services Ombudsman Act 2002 (SPSO Act 2002).  
    • To prevent discrimination, harassment and victimisation and other conduct prohibited by the Equality Act 2010.  
    • Children & Young People (Scotland) Act 2014 part 9; Adult Support & Protection (Scotland) Act 2007; Counter-Terrorism & Security Act 2015. 
  • Where we may need to process your data outside of the above and in case of you, or another person being in danger of serious harm, our lawful basis is UK GDPR Article 6 (1) (d) ‘necessary to protect the vital interests of the data subject or another person’. 
  • For Special Category data, UK GDPR Article 9 (2) (g) ‘necessary for reasons of substantial public interest using the following conditions in Data Protection Act 2018 (DPA 2018) Schedule 1 Part 2: 
    • s6 Statutory etc and Government purposes. 
    • s8 Equality of Opportunity or treatment. 
    • s10 Preventing or detecting unlawful acts. 
    • s18 Safeguarding of children and individuals at risk. 

 

Who we share the information with:

The personal data you provide will be treated with discretion. Your personal information will be stored securely and will only be accessed by College staff who have a need to know. Only a limited number of college staff, relevant to their role, have access to reports submitted through the Report for Support area. 

The College does not share your personal data outside of the College unless you have asked us to or we are required by law. 

The College may share your personal data with Police Scotland, Social Services, the NHS and other emergency services if your physical or emotional wellbeing is at risk or if we believe you, or another person are in danger of serious harm. 
 

How long do we hold the personal data?

All reports will be held securely for 2 years plus the current academic year and/or at the point an investigation is completed. Personal data is then securely destroyed.

Anonymised data will be held on a secure College drive for a period of at least three years for analytical purposes only. This will not include identifiable data. 

Where a report submission is characterised as being a complaint, the College’s Complaints Policy will be followed, and all data will be held for at least five years from the date of last action.
 

Individuals’ rights in relation to this processing

The following data protection rights may apply to this processing: 

  • The right to be informed – i.e., a privacy notice 
  • The right of access – you can access and receive copies of your data held by the College 
  • The right to rectification – you can update/correct inaccurate or incomplete data. 
  • The right to erasure (commonly known as the ‘Right to be Forgotten’) – you can request your personal data is destroyed. 
  • The right to restriction – you can request that the processing of your personal data is restricted.  
  • Right to know of any automated decision-making, including profiling – you have the right to know of any automated decision-making and not be subject to a decision made solely on automated processing. 

Some of these rights are not absolute and require certain conditions. All requests made to the College in relation to these rights will be responded to within a month of receipt of the request. 
 

Complaints to UK Information Commissioner’s Office (ICO)

If you are concerned about how your personal data is being used by the College, in the first instance please can you contact the College Data Protection Officer (DPO) at sar@borderscollege.ac.uk

If you are not satisfied with the outcome then you can complain to the regulator of data protection, the UK Information Commissioner’s Office (ICO). The ICO has guidance on their website here: https://ico.org.uk/your-data-matters/raising-concerns/ 

You can email them at casework@ico.org.uk or call them on 0303-123-113 or you can send a letter to them at the following address:

Customer Contact

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

 

Report a Personal Data Breach

If you are aware of a breach of personal data, or are concerned that there might be one, please complete the form below without delay.

Please describe what’s happened in as much detail as you can. We may need to contact you for more information and to let you know our response.

Remember to be specific and provide as much detail as possible. 

Report breach here

Are you enquiring as (required)

Request or Change Information

We take your privacy seriously and we look after your personal information responsibly.  We abide by data protection legislation.

You have rights in relation to the personal data that we hold about you. The rights are not unlimited: you can find out more information on the Information Commissioner’s Office site and in our Privacy Statement.

If you would like to exercise any of your rights in relation to personal information that we may hold about you, please complete the form below.

Please be specific and describe what you are looking for in as much detail as possible. This should help us to respond quickly and fully. However, please be aware that before we can respond, we may need to verify your identity and/or seek further information from you.

We will process and respond in line with the Information Officer’s Office timescales and guidance; if this means that we cannot meet or fully meet your request, we will tell you and explain our reasons.

Remember to be specific and provide as much detail as possible.     

  • Subject *
  • First Name *
  • Last Name *
  • Contact Number *
  • Email Address
  • What personal information is it that you are seeking from us? *

Request or change information here

Are you enquiring as (required)