Cambridge Regional College Data Protection Statement
Cambridge Regional College (“the College”) needs to keep certain information about its employees, students and other users to allow it to monitor its performance and achievements, and health and safety. It also needs to process information so that staff can be recruited and paid, courses planned and delivered, examination registrations completed, and to ensure compliance with legal obligations to funding bodies and government. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, the College must comply with the Data Protection Principles, which are set out in the 1998 Data Protection Act.
The College is committed to complying with the eight Principles from the Data Protection Act. These are set out below:
- Fair and lawful –personal data shall be processed fairly and lawfully
- Purposes – personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes
- Adequate, relevant and not excessive – personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
- Accurate and up to date – personal data shall be accurate and, where necessary, kept up to date
- No longer than necessary – personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes
- Data subjects rights – personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act
- Security – appropriate technical and organisational measures shall be taken against unauthorised processing of personal data and against accidental loss or destruction of, or damage to, personal data
- Transfer outside the EEA – personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of data subjects in relations to the processing of personal data.
Rights to Access Information
Staff, students and other users of the College have the right to access any personal data that is being kept about them either on computer or in certain files. Any person who wishes to exercise this right should contact the Data Protection Officer, and requests should be made in writing. The College aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 30 days.
The Data Protection Officer
The College as a corporate body is the data controller under the Act, and the College Corporation is therefore ultimately responsible for implementation. However,the designated data protection officer will deal with day-to-day matters.
The College Data Protection officer is Martin Ivatt. He can be contacted on 01223 418200 or on firstname.lastname@example.org