Open Event
-
City Centre Campus
-
Nov 22, 2025
-
Book Tickets Now!

Data Protection at Bath College

Frequently Asked Questions

Overview

Bath College is committed to protecting the privacy and security of all personal information we collect. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For advice on data protection or if you have concerns about disclosing any information, contact the Data Protection Officer via dataprotection@bathcollege.ac.uk who is responsible for College wide compliance with the data protection law.

What We Collect

We collect and process personal data only when necessary for delivering our services, including:

• Student application and enrolment information

• Academic records and attendance

• Staff employment records

• Safeguarding and welfare information

• Website usage data and digital services information

How We Use Personal Data

We use personal data to:

• Provide education and support services

• Manage admissions, enrolment, and funding requirements

• Deliver teaching, assessment, and qualifications

• Maintain a safe and secure environment

• Meet legal and regulatory obligations

• Improve our services and digital platforms

Basis for Processing

We process personal data under one or more of the following legal bases:

• Performance of a contract (e.g., delivering education services)

• Compliance with legal obligations

• Tasks carried out in the public interest

• Legitimate interests

• Consent (where required)

Sharing Personal Data

We may share information with:

• Government bodies such as the Education and Skills Funding Agency (ESFA)

• Awarding bodies and examination boards

• Local authorities and safeguarding partners

• Service providers supporting college operations

• Employers involved in work placements or apprenticeships

We only share what is necessary and ensure appropriate safeguards are in place.

How Long We Keep Data

We retain personal data only for as long as necessary to meet legal, regulatory, or operational requirements. Retention periods are set out in our Retention and Archiving College Records Policy.

Your Individual Rights

Under UK General Data Protection Regulation (UKGDPR), you have the right to:

  1. Be informed in case of breach
  2. Access personal data
  3. Request for rectification of data
  4. Request for erasure of data in certain cases
  5. Restrict or object to processing
  6. Request data portability
  7. Withdraw consent where consent is the basis for processing

Accessing your Information

Individuals have the right to access and receive a copy of their personal data, and other supplementary information. This is commonly referred to as a Subject Access Request (SAR).

How to make a SAR

If you would like to make a SAR, please email the Data Protection Officer at dataprotection@bathcollege.ac.uk or send a written request to Data Protection Officer, Bath College, Avon Street, Bath BA1 1UP.

What to include in your request

• A clear subject line: Use "Subject Access Request" in the subject line of your email or as a heading in your letter.
• Your personal details: Include your full name, email address, phone number, and postal address.
• Identifying information: Provide any other details that will help Bath College locate your personal data, such as your student number or previous names.
• Details of the data you want: Be as specific as possible about the information you are seeking, including any relevant dates.

How the College Handles your SARs

SARs are usually free of charge. In some instances, we may need to ask for additional information to process a request.

We aim to respond to these requests within one calendar month. However, if a request is particularly complex, we may need up to an additional two months to respond. In such cases, we will inform the individual who made the SAR within the initial one-month period, explaining the reasons for the extension.

Report a data breach

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. If you suspect that a personal data incident has occurred, please complete the Data Breach Report Form or contact the Data Protection office immediately at dataprotection@bathcollege.ac.uk

Complaints

If you have concerns about how your data is handled, you can contact the Information Commissioner’s Office (ICO): Make a complaint | ICO

Key Resources

Privacy notices

Bath College takes your privacy very seriously. You can find out more about how we collect and process your personal information by viewing our Privacy Notices below.

Privacy Notice for Students at Bath College

Privacy Notice Staff - 2023.docx

Privacy Notice for Job Applicants to Bath College

Privacy Notice for Governors at Bath College

Policies

Data Protection Policy

Personal Data Breach Notification Policy

Rights of Individuals Policy & Procedures

Retention and Archiving of College Records Policy

Access to Information & Publication Scheme

Bath College’s ICO registration information

Organisations that process personal data must legally register with the Information Commissioner’s Office (ICO). When collaborating with external stakeholders, you may need to provide Bath College’s ICO registration number.

To support transparency and monitor compliance with UK data protection law, the ICO publishes a list of organisations in the UK that process personal data and have paid the required data protection fee.

Data Controller: Bath College

ICO Registration number: ZB983437

The registration certificates are available on the ICO website. Further information visit Bath College | ICO