It is the responsibility of YOUTH EDUCARE (YE) to keep certain information about its employees, students and other users. The institution will comply with the Data Protection Act 1998 by ensuring that Personal Data is:
• Obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met.
• Obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
• Adequate, relevant and not excessive for those purposes.
• Accurate and kept up to date.
• Not be kept for longer than is necessary for that purpose.
• Processed in accordance with the data subject’s rights.
• Kept safe from unauthorised access, accidental loss or destruction.
YOUTH EDUCARE and all staff or others who process or use any personal information must ensure that they follow these principles at all times.
Status of the Policy
This policy does not form part of the formal contract of employment, but it is a condition of employment that employees will abide by the rules and policies made by the institution. Any failure to follow the policy can therefore result in disciplinary proceedings. Any member of staff or any student, who considers that the policy has not been followed in respect of personal data about themselves, should raise the matter with the designated data controller initially. If the matter is not resolved it should be raised as a formal grievance.
Notification of Data Held and Processed
All staff, students and other users are entitled to:
• Know what information the institution holds and processes about them and why.
• Know how to gain access to it.
• Know how to keep it up to date.
• Know what YOUTH EDUCARE is doing to comply with its obligation under the 1998 Act.
Responsibilities of Staff/Students
All members of staff are responsible for:
• Checking that any information that they provide in connection with their Employment/enrolment is accurate and up to date.
• Informing the institution of any changes to information, which they have provided, e.g. change of address.
• Checking the information that the institution will send out from time to time, giving details of information kept and processes.
• Informing the institution of any errors or changes. The institution will not held responsible for any errors unless the student or staff member has informed the institution.
If, as part of their responsibilities, staff collect information about other people, (i.e. about students’ course work, opinions about ability, references to other academic institutions, or details of personal circumstances), they must comply with the guidelines for staff.
All members of staff are responsible for ensuring that:
• Any personal data which they hold is kept securely.
• Personal information is not disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party.
Staff should note that unauthorised disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases.
Personal information should be
• Kept secure, preferably in a locked filing cabinet; or
• In a locked drawer; or
• If it is computerised, is password protected.
Rights to Access Information
Staff, students and other individuals have the right to access any personal data that is being kept about them by the institution either on computer or in certain files. Any person who wishes to exercise this right should complete the College “Access to Information” form. Staffs hold forward this to the HR and students should pass it to their teacher.
YE aim to comply with the requests for access to personal information as quickly as possible, but will ensure that it is provided within 21 days unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the person making the request.
Publication of Information
Information that is already in the public domain is exempt from the 1998 Act. YOUTH EDUCARE will make as much information public as possible, and in particular the following information will be available to the public for inspection:
• Names and contact of YOUTH EDUCARE responsible persons
• Register of interests of YOUTH EDUCARE and senior staffs
• Lists of key staffs
Any individual who has good reason for wishing details in these lists or categories to remain confidential should contact the Director of Management Information Services.
Organisations and others to which to the institution may provide data.
YOUTH EDUCARE may provide data relating to students to organisations, including but not limited to, the Department for Education, the Funding Councils (including but not limited to the Skills Funding Agency, Education Funding Agency, European Social Fund and the Higher Education Funding Council), Local Education Authorities, Awarding Organisations, auditors and, for those receiving benefits, the Department for Work and Pensions. It may also be the case that personal information is provided to such organisations through agencies acting on their behalf.
In many cases, YOUTH EDUCARE can only process personal data with the consent of the individual. In some cases, if the data is sensitive, express consent must be obtained.
Agreement to the College processing some specified classes of personal data is a condition of acceptance of a student onto any course, and a condition of employment for staff. This includes information about previous criminal convictions.
Some jobs or courses will bring the applicants into contact with children, including young people between the ages of 16 and 18. The institution has a duty under the Children Act and other enactments to ensure that staffs are suitable for the job, and students for the courses offered. The institution also has a duty of care to all staff and students and must therefore make sure that all employees and those who use the institution facilities do not pose a threat or danger to other users.
YOUTH EDUCARE will also ask for information about particular health needs, such as allergies top articular forms of medication, or any conditions such as asthma or diabetes. The institution will only use the information in the protection of the health and safety of the individual, but will need consent to process in the event of a medical emergency.
Therefore, all prospective staff and students will be asked to sign‘ Consent to Process’ form, regarding particular types of information when an offer of employment or a course place is made. A refusal to sign such a form can result in the offer being withdrawn. The institution will divulge information on staff and students without consent if required to do so by law.
Processing Sensitive Information
Sometimes it is necessary to process information about a person’s health, criminal convictions, race, sexual orientation, gender re-assignment, religion, marriage / civil partnership, pregnancy / maternity, gender, disability and family details. This may be to ensure YOUTH EDUCARE is a safe place for everyone, or to operate other policies, such as equal opportunities policy. Because this information is considered sensitive, and it is recognised that the processing of it may cause particular concern or distress to individuals, staff and students will be asked to give express consent for the institution to do this. Offers of employment or course places maybe withdrawn if an individual refuses to consent to this, without good reason
The Data Controller and the Designated Data Controller/s
The designated data controllers are as follows:
Title of the controller
Personal information about employees
Director of Administration
Course/ registration/ examination details
Quality Control Director
Admission and academic records for students
Quality Control Director and Director of Administration
Health & safety records
Head of Human Resource
Use of College ICT facilities
Director of ICT
Student Financial Support
Students will be entitled to information about their grades and marks for both course work and examinations. However, this may take longer than other information to provide. Guidance for students will be published in the Student Handbook and published on the institution intranet.
Retention of Data
Because of storage problems, information about students cannot be kept indefinitely, unless there are specific requests to do so. In general paper records will be kept for a maximum of three years after they leave the College. This will include:
• Admissions and enrolment records
• Academic achievements, including grades and marks for coursework
The exception to this is where the condition of funding is that documents be kept for a long
eperiod . E.g. European Social Fund Projects. Details of specific project requirements are available upon request.
YOUTH EDUCARE will keep some forms of information for longer than others up to a maximum of ten years this will include:
• Personal references
• Higher Education information
• Conduct/disciplinary records
All other personal information not included above will be destroyed within 3 years of the course ending and the student leaving the College. The College will need to keep information about staff for longer periods of time. In general, all information will be kept for three years after a member of staff leaves the institution.
Some information however will be kept for much longer. This will include information necessary in respect of pensions, taxation, potential or current disputes or litigation regarding the employment, and information required for job references.
Compliance with the 1998 Act is the responsibility of all members of YOUTH EDUCARE. Any deliberate breach of the data protection policy may lead to disciplinary action being taken, or access to institution facilities being withdrawn, or even a criminal prosecution. Any questions or concerns about the interpretation or operation of this policy should be taken up with one of the Designated Data Controllers.