Data Protection Policy

Please Note; this is related to UK Data Protection laws.

Policy Overview

Cambridge Leadership College holds and processes information about employees, students, and other data subjects for academic, administrative and commercial purposes. When handling such information, Cambridge Leadership College and all staff or others who process or use any personal information, must comply with the Data Protection Principles which are set out in the Data Protection Act 1998 (the Act).
In summary these state that personal data shall:
Be processed fairly and lawfully,
Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with the purpose,
Be adequate, relevant and not excessive for the purpose
Be accurate and up-to-date,
Not be kept for longer than necessary for the purpose,
Be processed in accordance with the data subject’s rights,
Be kept safe from unauthorised processing, and accidental loss, damage or destruction,
Not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data, except in specified circumstances.

Definitions

“Data controller” further information about Cambridge Leadership College data controller is available from the Principal, who is the Data Controller
“Staff”, “students” and “other data subjects” may include past, present and potential members of those groups.
“Other data subjects” and “third parties” may include contractors, suppliers, contacts, referees, friends or family members.
“Processing” refers to any action involving personal information, including obtaining, viewing, copying, amending, adding, deleting, extracting, storing, disclosing or destroying information.

Notification of Data Held

Cambridge Leadership College shall notify all staff and students and other relevant data subjects of the types of data held and processed by Cambridge Leadership College concerning them, and the reasons for which it is processed. The information which is currently held by Cambridge Leadership College and the purposes for which it is processed are set out in the Data Protection Register entry. When processing for a new or different purpose is introduced the individuals affected by that change will be informed and the Data Protection Register entry will be amended.

Staff Responsibilities

Information provided by staff to Cambridge Leadership College
All staff shall:
Ensure that all personal information which they provide to Cambridge Leadership College in connection with their employment is accurate and up-to-date;
Inform Cambridge Leadership College of any changes to information, for example, changes of address;
Check the information which Cambridge Leadership College shall make available from time to time, in written or automated form, and inform Cambridge Leadership College of any errors or, where appropriate, follow procedures for up-dating entries on computer forms.
Cambridge Leadership College shall not be held responsible for errors of which it has not been informed.

Information held or processed by staff

When staff hold or process information about students, colleagues or other data subjects (for example, students’ course work, pastoral files, references to other academic institutions, or details of personal circumstances), they should comply with the Data Protection Guidelines for Academic Staff.
Staff shall ensure that:
All personal information is kept securely;
Personal information is not disclosed either orally or in writing, accidentally or otherwise to any unauthorised third party. Unauthorised disclosure may be a disciplinary matter, and may be considered gross misconduct in some cases.
Staff supervising students
When staff supervise students doing work which involves the processing of personal information, they must ensure that the students are aware of:
The Data Protection Principles;
The requirement to obtain the data subject’s consent where appropriate.

Student Responsibilities

Information provided by students to Cambridge Leadership College
All students shall:
Ensure that all personal information which they provide to Cambridge Leadership College is accurate and up-to-date;
Inform Cambridge Leadership College of any changes to that information, for example, changes of address;
Check the information which Cambridge Leadership College shall make available from time to time, in written or automated form, and inform Cambridge Leadership College of any errors or, where appropriate, follow procedures for up-dating entries on computer forms.
Cambridge Leadership College shall not be held responsible for errors of which it has not been informed.

Information held or processed by students

Students who use Cambridge Leadership College computer facilities may, from time to time, process personal information (for example, in course work or research). In those circumstances, they must notify the Data Controller, who will provide further information about this requirement.

Rights to Access Information

Staff, students and other data subjects in Cambridge Leadership College have the right to access any personal data that is being kept about them either on computer or in structured and accessible manual files. Any person may exercise this right by submitting a request in writing to the appropriate designated data controller.
Cambridge Leadership College aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 days unless there is good reason for delay. In such cases, the reason for the delay will be explained in writing by the designated data controller to the data subject making the request.

Subject Consent

In some cases, such as the handling of sensitive information or the processing of research data, Cambridge Leadership College is entitled to process personal data only with the consent of the individual. Agreement to Cambridge Leadership College processing some specified classes of personal data is a condition of acceptance of a student on to any course, and a condition of employment for staff.
Cambridge Leadership College may process sensitive information about a person’s health, disabilities, criminal convictions, race or ethnic origin in pursuit of the legitimate interests of Cambridge Leadership College. Cambridge Leadership College may also require such information for the administration of the sick pay policy, the absence policy or the equal opportunities policy, or for academic assessment.
Cambridge Leadership College also asks for information about particular health needs, such as allergies to particular forms of medication, or conditions such as asthma or diabetes Cambridge Leadership College will only use such information to protect the health and safety of the individual, for example, in the event of a medical emergency. The consent of the data subject will always be sought prior to the collection of any sensitive data as defined by the Act.

The Data Controller and the Designated Data Controllers

Cambridge Leadership College Board of Directors and Management is the data controller under the Act, and the Principal is ultimately responsible for implementation. Responsibility for day-to-day matters will be delegated to the Heads of Department (i.e. academic and administrative) as designated data controllers. Information and advice about the holding and processing of personal information is available from the Principal.

Assessment Marks

Students shall be entitled to information about their marks for assessments; however this may take longer than other information to provide. Cambridge Leadership College may withhold enrolment, awards, certificates, accreditation or references in the event that monies are due to Cambridge Leadership College.

Retention of Data

Cambridge Leadership College will keep different types of information for differing lengths of time, depending on legal, academic and operational requirements.

Compliance

Compliance with the Act is the responsibility of all students and members of staff. Any deliberate or reckless breach of this Policy may lead to disciplinary, and where appropriate, legal proceedings. Any questions or concerns about the interpretation or operation of this policy should be taken up with the Principal.
Any individual, who considers that the policy has not been followed in respect of personal data about him or herself, should raise the matter with the designated data controller initially. If the matter is not resolved it should be referred to the staff grievance or student complaints procedure.

Status of the Policy

This policy was approved by Cambridge Leadership College’s Senior Management Committee (SMC) on 1st July 2017. It will be reviewed by Cambridge Leadership College SMC no later than 1st July 2018.