Data Security
The rules about how companies can store, process and use your personal data changed on May 25 in 2018, when the General Data Protection Regulations (GDPR) came into effect. This page has been created to help you understand how we use your data and why, and what your rights are. We know there’s a lot of information here, but we want you to be fully informed.
We use your data to help us give you the best possible service. That includes helping students through the application process and helping them to succeed on their courses, and working closely with employers. You can find out more about how long we store your data by reading our Data Retention Policy on our Policies page.
If you have any questions you’re welcome to contact our Data Protection Officer, Susanne Wicks, using the contact details below.
Data Protection Officer, Susanne Wicks
For the purposes of GDPR, Nescot is the ‘data controller’ of personal information about you. You have certain rights concerning your data, including getting it corrected or deleted, and getting a copy of it. You also have a right to complain. This privacy notice has been prepared in accordance with the GDPR (EU) 2016/679 and the Data Protection Act 2018.
Click on the links below for more information about how we use data for the groups below:
We do not store or transfer your personal data outside Europe.
We do not make automated decisions using this information.
- Personal information in the form of paper records are kept in a locked filing cabinet, drawer or other secured area.
- Personal information in the form of electronic records are kept on firewall-protected servers and accessed through password-protected systems.
You have a number of rights over your personal information, which are:
- The right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy about the way your personal data is being used – please see the ICO’s website for information.
- The right to ask us what personal information about you we are holding and to have access to a copy of your personal information. Our data subject access request form is available here.
- The right to ask us to make changes to your contact details or to correct any errors in your personal information. You can do this by filling in this form.
- The right, in certain circumstances such as where our use of your personal information is based on your consent and we have no other legal basis to use your personal information, to ask us to delete your personal information.
- The right, in certain circumstances such as where we no longer need your personal information, to request that we restrict the use that we are making of your personal information.
- The right, in certain circumstances, to ask us to review and explain our legitimate interests to you.
- The right, where our use of your personal information is carried out for the purposes of an agreement with us and is carried out by automated means, to ask us to provide you with a copy of your personal information in a structured, commonly-used, machine-readable format.
What is a personal data breach?
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure, theft, or unauthorised access, to personal data. This could include:
- access by an unauthorised third party
- deliberate or accidental action (or inaction) by a controller or processor
- sending personal data to an incorrect recipient
- computing devices containing personal data being lost or stolen
- alteration of personal data without permission, or loss of availability of personal data.
What should I do?
If you discover that a breach of your personal data by the College may have taken place then please notify our Data Protection Officer, Susanne Wicks, via dataprotection@nescot.ac.uk, providing as much information as you can on the nature of the breach and how you were made aware of it. On receipt of the email our internal Personal Data Breach Procedure will be triggered. You will be kept updated on any actions that the College is taking as a result of your notification.
We keep our privacy policy under regular review and will update it from time to time to make sure it remains up-to-date and accurate.
Updating your data
You can use this form to let us know about a change of details. Please make sure you include any evidence we have asked for.
Data subject access requests
If you’d like to request a copy of the data we hold about you, you can complete our data subject access request form here.
If you have any questions you’re welcome to contact our Data Protection Officer, Susanne Wicks, by emailing dataprotection@nescot.ac.uk, calling 020 8394 3004, or writing to her at Nescot, Reigate Road, Ewell, Surrey, KT17 3DS.
Click here to see how your information is used and shared by the ESFA.
Updating your data
Change of details form
Complete this form to request a change to the personal information that we hold about you.
"*" indicates required fields
Data subject access requests
Data subject access request form
This form should be completed by any individuals that wish to access their personal data, or those acting on behalf of those individuals. Please complete all sections and read through the Guidance Note at the end of the form.