Data Protection

Data Protection Law controls what Chesterfield College does with the personal information provide by individuals who work for us, study with us or access services we provide.

Chesterfield College also operates as Learning Unlimited, our apprenticeship and commercial training offer, and through our companies, Learning Unlimited ATA Ltd, Training Services 2000 Ltd, Recruit Unlimited and Chesterfield College Enterprises Ltd.

Our Privacy Statements describe what we do with the personal information we are provided with by members of the public. You may be asked to give us personal information to answer an enquiry you have, when become an applicant or student, a client or to use the services we offer across our College group.

Chesterfield College Group Student Privacy Notice 2023

Chesterfield College GDPR Employee Privacy Notice

Chesterfield College GDPR Tenant Privacy Notice

If you provide us with information, it will only be used in the ways described in our Privacy Statements. Our statements will be updated from time to time and the latest version is always published here on the College website.

Chesterfield College is a Data Controller registered with the Information Commissioner’s Office (ICO) (Registration number Z4716003).

All written correspondence in relation to Data Protection should be addressed to:

The Data Protection Officer

Chesterfield College

Infirmary Road

Chesterfield

S41 7NG

The Data Protection Officer, appointed by the Corporation Board to provide independent assurance over the governance and management of data protection is contactable via:

dataprotection@chesterfield.ac.uk

Records of Processing Activity

Subject Access Requests

The Data Protection Act (2018) and our Data Protection Policy, gives any individual the right to obtain confirmation if their data is being processed by us, and where this we are, to have access to the personal data. The right of access to this information is referred to as Subject Access Request (SAR).

We will endeavour to provide access to personal data within one month of receipt of a subject access request. If a request is complex, an extension of up to a further two months may be requested from the individual making the request. The Data Protection Officer, or a member of their team, will communicate regularly with individuals where this is the case.

A copy of the information will be provided free of charge. However, a reasonable fee may be charged if a request is unfounded or excessive, or where information is requested repeatedly.

Who can make a Subject Access Request?

Subject access requests will be accepted from:

A. The individual whose data is requested (also known as the Data Subject).

B. A representative of the Data Subject who has written consent (e.g. solicitor; a court appointed representative if the Data Subject could no longer manage his or her own affairs; a person with enduring Power of Attorney).

C. The parent or guardian of a child under 16 years of age: In cases where the child agrees, or it was in the child’s best interest for access to the data to be granted.

How can I make a Subject Access Request?

Please complete the form below or download a copy of the Subject Access Request Form and send it to dataprotection@chesterfield.ac.uk.

Please note that Chesterfield College will use reasonable means to verify the identity of the individual making the request, but may require individuals to visit one of our campus locations or training centres with proof of their identity in order to receive copies of information request responses.

Requests to delete personal data

One of the key principles which underpins UK Data Protection Law is the right of an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. This is also known as the ‘right to be forgotten’.

Individuals may have a right to have personal data erased and to prevent processing in specific circumstances such as:

• Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.

• When the individual withdraws consent.

• When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.

• Where the personal data was unlawfully processed (i.e. otherwise in breach of the Data Protection Act).

• The personal data must be erased to comply with a legal obligation.

Please note that the right to erasure does not provide an absolute ‘right to be forgotten’. Under Data Protection Law the college can refuse to comply with a request for erasure where the personal data is processed for particular reasons. This will always be explained to you by our Data Protection Officer if your request cannot be carried out.

How can I make a request to have my personal data deleted?

Please complete the form below or download a copy of the Data Erasure Request Form and send it to dataprotection@chesterfield.ac.uk. Each request will be dealt with on a case by case basis.