1. Scope
1.1. The College collects and processes personal data relating to its students and applicants to manage the student relationship and meet other reporting requirements.

2. Responsibilities
2.1. The College is committed to being transparent about how we collect and use that data, and to meeting our data protection obligations.
2.2. The Data Protection Officer is responsible for ensuring that this notice is made available to all employees prior to the College collecting/processing their personal data.
2.3. College Staff who interact with students and applicants are responsible for ensuring that this notice is drawn to their attention.

Privacy notice
3. Who are we?
3.1. Leyton Sixth Form College is a large Sixth Form College in East London, with around 2,300 students, 200 staff. The College offer a wide range of FE Courses.
3.2. Our Data Protection Officer can be contacted directly here:DPO@Leyton.ac.uk

4. What information does the College collect?
4.1. The College collects and processes a range of information about you.
This includes:
4.2. The College collects this information in a variety of ways. For example, data is collected through application forms, obtained from your passport or other identity documents, from forms completed by you prior to and at the start of or during studies (such as bursary / financial support forms);
from correspondence with you; or through interviews, meetings or other assessments.
4.3. In some cases, the College collects personal data about you from third parties, such as references supplied by former schools, information from background check providers, and information from criminal records checks permitted by law.
4.4. Data is stored in a range of different places, including on your personal file, in the College's paper and online IT systems (including the College.s email system).

5. Why does the College process your personal data?
5.1. The personal data we collect will be used for the following purposes:
5.2. Where the College relies on legitimate interests as a reason for processing data, we have considered whether or not those interests are overridden by the rights and freedoms of students and have concluded that they are not. Separate consent will be obtained to use for marketing purposes.

6. How does the College protect your data?
6.1. The College takes the security or your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our staff in the proper performance of their duties.
6.2. Where the College engages third parties to process personal data on its behalf, we do so on the basis of written instructions, and under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of the data.

7. For how long does the College keep your personal data?
7.1. The retention period for different classifications of personal data has been established in line with the information management guidelines. Details can be found in the Document Retention Policy.

8. Your rights as a data subject
8.1. At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

9. Complaints
9.1. In the event that you wish to make a complaint about how your personal data is being processed by the College (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and the College's Data Protection Officer.
Supervisory authority contact details: https://ico.org.uk/concerns/
Data Protection Officer (DPO) contact details:
10. What if you do not provide personal data?
10.1. You have some obligations under your application and enrolment to provide the College with data.
Failure to do so may result in you not being able to be enrolled at the college.
10.2. You may also have to provide the College with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights
10.3. You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences if you choose not to provide such information.

11. Document Owner and Approval
11.1. The College.s Data Protection Officer is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.
11.2. A current version of this document is available to all employees on the College website.
11.3. This privacy notice is issued on a version controlled basis.