1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 1998 and subsequent UK legislation and regulations.
2. Who are we?
Cliff College is the data controller who decides how your personal data is processed and for what purposes. This policy may change from time to time and any such changes will be published on our website. However, despite any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.
3. How do we process your personal data?
We collect data necessary for Cliff College to pursue its stated charitable objectives, and to enable the effective running of the College through its staff, trustees and volunteers.
In this context we use your personal data for a range of purposes, including:
- to recruit, teach, support, assess and provide references for those on courses and programmes
- to satisfy the requirements of validators, funders and inspection bodies
- to enable individuals and groups to book and use the conference centre
- to enable individuals and groups to attend Cliff Festival
- to recruit staff and volunteers to a variety of roles
- to distribute Cliff Today and other publications, mailings and newsletters
- to enable supporters to make donations to the College
- to manage properties on the College site and elsewhere
- to enable a range of financial services, including payments of salaries, expenses and invoices
- to fulfil obligations under health and safety legislation
- to maintain the College archive for research and statistical purposes
- to maintain and update the College website
- to respond to general enquiries
Data collected and processed may include the following:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- sensitive data1 may be collected where necessary for course purposes, to inform regulatory bodies, for employment purposes or where required by law
4. What is the legal basis for processing your personal data?
Cliff College is permitted to process data if there is a legal basis for doing so. Data is processed on the basis of the following:
- a legitimate interest to process data
- consent has been given by the person whose data is being processed
- a contract or agreement which the person has entered into or because the person has asked for something to be done so they can enter into a contract or agreement
- a legal obligation
- the vital interests of a data subject or another person
Where the College processes special category sensitive data (under Article 9 of the GDPR) we process data on the following basis:
- where consent has been given by the person whose data is being processed
- where the legitimate interests of the College require such data
- to carry out its obligations under employment, social security or social protection law, or a collective agreement
- to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent
- for archiving purposes in the public interest and historical research and statistical purposes
5. Sharing your personal data
Your data will not be shared outside of Cliff College, except where required to do so by regulatory bodies of the law, or with trusted third parties where necessary to communicate with our supporters and volunteers (such as mailing companies for postal communications or through small email campaigns or newsletters), and only once satisfied that any such use of data will accord with this policy. Explicit, informed consent will be sought from individuals whenever and wherever required in accordance with data protection legislation.
Cliff College is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, suitable physical, electronic and managerial procedures are in place to safeguard and secure the data we process. Users of our web-based applications are responsible for keeping passwords confidential. We will only ask users for passwords for IT support purposes.
7. How long do we keep your personal data?
Cliff College will keep data in accordance with the guidance set out in the Cliff College Retention Schedules,
a copy of which can be obtained from the College – see contact details in section 12. The data we hold is
regularly reviewed and any personal data that is no longer necessary for processing is securely deleted.
1 Article 9 GDPR defines sensitive data as information about an individual’s race, ethnic origin, politics, religion, trade
union membership, genetics, biometrics (where used for ID purposes), health, sex life, or sexual orientation
GDPR Privacy & Cookies Notice | May 2018 | version 1 page 3
8. Web browsing and cookies
8.1 What is a cookie?
A cookie is a small file that we send to your computer or other device that is accessing the Cliff College website and that can then accessed when you visit the website again in the future. By sending cookies like this the College is able to offer you an improved user experience when using the website.
8.2 Does the Cliff College website set cookies?
8.3 What cookies are set?
The Cliff College website uses a range of cookies. These may sometimes be set by third-party services used through the Cliff College website. These include but are not necessarily limited to Google, Twitter, YouTube and Facebook. None of the cookies above contain any personal data or information that could be used to identify you personally. Their purpose is solely to improve the functionality and quality of service of the Cliff College website.
8.4 Can I disable the cookies?
Yes. Most browsers allow you to refuse to accept cookies. This choice will, however, have a negative impact upon the usability of many websites, including this one. Most browser companies provide instructions on disabling cookies on their websites. You can learn more about cookies and how to disable them at AboutCookies.org
9. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- the right to request a copy of personal data which the College holds about you
- the right to request that the College corrects any personal data if it is found to be inaccurate or out of date
- the right to request that your personal data is erased where it is no longer necessary for the College to retain such data
- the right to withdraw your consent to the processing of your data at any time
- the right to request that the data controller provides the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability)
- the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction to be placed on further processing
- the right to object to the processing of personal data, where applicable
- the right to lodge a complaint with the Information Commissioner’s Office.
10. Further processing
If the College wishes to use your personal data for a new purpose, not covered by this Data Protection Notice, a new notice explaining this new use will be provided, prior to commencing the processing, setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
11. Contact details
To exercise all relevant rights, queries or complaints please in the first instance contact:
- Operations, Cliff College, Calver, Hope Valley, Derbyshire S32 3XG
You can contact the Information Commissioners Office:
- 0303 123 1113
- via the website ico.org.uk
- Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.