Report an Absence

Data Protection at Bath College

Frequently Asked Questions

Overview

Bath College is committed to protecting the privacy and security of all personal information we collect. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For advice on data protection or if you have concerns about disclosing any information, contact the Data Protection Officer via dataprotection@bathcollege.ac.uk who is responsible for College wide compliance with the data protection law.

What We Collect

We collect and process personal data only when necessary for delivering our services, including:

• Student application and enrolment information

• Academic records and attendance

• Staff employment records

• Safeguarding and welfare information

• Website usage data and digital services information

How We Use Personal Data

We use personal data to:

• Provide education and support services

• Manage admissions, enrolment, and funding requirements

• Deliver teaching, assessment, and qualifications

• Maintain a safe and secure environment

• Meet legal and regulatory obligations

• Improve our services and digital platforms

Basis for Processing

We process personal data under one or more of the following legal bases:

• Performance of a contract (e.g., delivering education services)

• Compliance with legal obligations

• Tasks carried out in the public interest

• Legitimate interests

• Consent (where required)

Sharing Personal Data

We may share information with:

• Government bodies such as the Education and Skills Funding Agency (ESFA)

• Awarding bodies and examination boards

• Local authorities and safeguarding partners

• Service providers supporting college operations

• Employers involved in work placements or apprenticeships

We only share what is necessary and ensure appropriate safeguards are in place.

How Long We Keep Data

We retain personal data only for as long as necessary to meet legal, regulatory, or operational requirements. Retention periods are set out in our Retention and Archiving College Records Policy.

Your Individual Rights

Under UK General Data Protection Regulation (UKGDPR), you have the right to:

  1. Be informed in case of breach
  2. Access personal data
  3. Request for rectification of data
  4. Request for erasure of data in certain cases
  5. Restrict or object to processing
  6. Request data portability
  7. Withdraw consent where consent is the basis for processing

Accessing your Information

Individuals have the right to access and receive a copy of their personal data, and other supplementary information. This is commonly referred to as a Subject Access Request (SAR).

How to make a SAR

If you would like to make a SAR, please email the Data Protection Officer at dataprotection@bathcollege.ac.uk or send a written request to Data Protection Officer, Bath College, Avon Street, Bath BA1 1UP.

What to include in your request

• A clear subject line: Use "Subject Access Request" in the subject line of your email or as a heading in your letter.
• Your personal details: Include your full name, email address, phone number, and postal address.
• Identifying information: Provide any other details that will help Bath College locate your personal data, such as your student number or previous names.
• Details of the data you want: Be as specific as possible about the information you are seeking, including any relevant dates.

How the College Handles your SARs

SARs are usually free of charge. In some instances, we may need to ask for additional information to process a request.

We aim to respond to these requests within one calendar month. However, if a request is particularly complex, we may need up to an additional two months to respond. In such cases, we will inform the individual who made the SAR within the initial one-month period, explaining the reasons for the extension.

How to Submit an FOI
  1. How to submit a Freedom of Information (FOI) request

FOI requests allow members of the public to access recorded information held by the College, in line with legal requirements.

  1. What You Can Request

You may request any recorded information held by the College, including: Policies

You cannot use FOI to:

  • Access your own personal data (use a Subject Access Request instead)
  • Ask questions that require the College to create new information
  • Ask for opinions, explanations, or judgments that are not already recorded

  1. Before You Submit a Request

Before making an FOI request, you should:

  1. Check the College website - Many documents are already published under the Model Publication Scheme
  2. Be clear and specific - Narrow requests are answered more quickly
  3. Consider whether the information is suitable for public release - FOI disclosures are treated as public information
  4. Requirements for a Valid FOI Request

For your request to be processed under FOIA, it must:

  1. Be in writing (via email to dataprotection@bathcollege.ac.uk or letter addressed to the Data Protection Officer, Bath College)
  2. State your real name
  3. Provide a reply address (email or postal)
  4. How to Submit an FOI Request

Step 1 – Write Your Request

Clearly describe the information you are requesting.

Example: "Please provide copies of the approved Health & Safety Policy."

Include:

  • A clear description of the information
  • Relevant dates or time periods
  • Preferred format (if required due to accessibility needs)

Step 2 – Submit Your Request

Send your request in writing to:

For the attention of the Data Protection Officer, Bath College, Avon Street, BA1 1UP

Requests can also be submitted by email to dataprotection@bathcollege.ac.uk

Report a data breach

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. If you suspect that a personal data incident has occurred, please complete the Data Breach Report Form or contact the Data Protection office immediately at dataprotection@bathcollege.ac.uk

Complaints

If you have concerns about how your data is handled, you can contact the Information Commissioner’s Office (ICO): Make a complaint | ICO

Key Resources

Privacy notices

Bath College takes your privacy very seriously. You can find out more about how we collect and process your personal information by viewing our Privacy Notices below.

Privacy Notice for Students at Bath College

Privacy Notice Staff - 2023.docx

Privacy Notice for Job Applicants to Bath College

Privacy Notice for Governors at Bath College

Policies

Data Protection Policy

Personal Data Breach Notification Policy

Rights of Individuals Policy & Procedures

Retention and Archiving of College Records Policy

Access to Information & Publication Scheme

Bath College’s ICO registration information

Organisations that process personal data must legally register with the Information Commissioner’s Office (ICO). When collaborating with external stakeholders, you may need to provide Bath College’s ICO registration number.

To support transparency and monitor compliance with UK data protection law, the ICO publishes a list of organisations in the UK that process personal data and have paid the required data protection fee.

Data Controller: Bath College

ICO Registration number: ZB983437

The registration certificates are available on the ICO website. Further information visit Bath College | ICO