Data Protection and Privacy
University Centre Somerset College Group (UCS College Group) is committed to protecting your personal data and being open and transparent about how we use it. We process personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable data protection legislation.
This page explains who we are and why we use personal data, and your rights. More detailed information is provided in our individual Privacy Notices, which are linked below.
Who we are
UCS College Group is the data controller for the personal data. This refers to Bridgwater College, Cannington College, Strode College Taunton College, and as well as the University Centre Somerset.
Address: Bridgwater College, Bath Road, Bridgwater, Somerset TA6 4PZ
We are registered with the Information Commissioner: Z4677243
Data Protection Officer (DPO): Emma Kilner dpo@usccollegegroup.ac.uk
Personal data we collect
Depending on your relationship with us (for example, student, apprentice, applicant, staff member or employer partner), we may collect and process personal data including:
- identity and contact details
- date of birth and demographic information
- education and assessment records
- attendance, progress and support information
- financial and funding‑related information
- special category data, such as health or learning support needs
- photographs, CCTV images and ID documentation
- IT usage data, including access to College systems and networks
Full details of the data collected for each group are set out in the relevant Privacy Notices located below:
How and why we use your personal data
We use personal data for purposes that include:
- administering applications, enrolment and education or training
- delivering teaching, learning, assessment and awarding
- meeting legal and regulatory obligations (for example funding, safeguarding and inspection requirements)
- providing student support, welfare and safeguarding services
- managing IT systems, security and access to College facilities
- communicating with you about your course, studies or our services
Each processing activity is explained in more detail in the appropriate Privacy Notice.
Our lawful basis for processing
We only process personal data where the law allows us to do so. Depending on the activity, this may be because:
- it is necessary to perform a contract with you
- we are required to comply with a legal obligation
- the processing is carried out in the public interest
- it is necessary for our legitimate interests (and does not override your rights)
- you have given your consent
The specific lawful basis used for each purpose is explained in the relevant Privacy Notice which are located below.
Who we share your data with
We may share personal data with trusted third parties where this is necessary, including:
- awarding and examining bodies
- funding and regulatory authorities
- government departments and agencies
- employers and placement providers (where applicable)
- IT system and service providers
- safeguarding, health or welfare organisations where required by law
We only share the minimum data necessary and ensure appropriate safeguards are in place. Further detail is provided in the relevant Privacy Notice located below.
International data transfers
Some of our systems or service providers may process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as approved international transfer agreements.
Details of any international transfers are set out in the relevant Privacy Notice located below.
How long we keep your data
We keep personal data only for as long as necessary for the purposes for which it was collected, and in line with legal, regulatory and funding requirements.
Retention periods or the criteria used to determine them are explained in the relevant Privacy Notice and our Records Management and Retention Policy.
Automated decision‑making and profiling
We may use limited forms of automated processing, for example to manage communications or system access. Where automated decision‑making has a legal or significant effect on you, we will explain:
- how the decision is made
- the logic involved
- the consequences for you
- your right to request human intervention
Further information is available in the relevant Privacy Notice located below.
Monitoring and use of College systems
Use of College IT systems, networks and facilities may be monitored for security, legal and operational purposes. This includes logs of system access and activity.
Details of what is monitored, why, and how long information is retained are set out in the relevant Privacy Notice located below.
Your data protection rights
Under UK GDPR, you have the right to:
- be informed about how your data is used
- access your personal data
- request correction of inaccurate or incomplete data
- request deletion of your data, where applicable
- restrict how your data is used
- object to certain types of processing
- receive your data in a portable format, where applicable
- withdraw consent at any time, where consent is the lawful basis
Some rights are subject to legal conditions and exemptions. Full explanations of your rights and how to exercise them are available in our Privacy Notice located below.
How to exercise your rights
To make a data protection request, including a data subject access request, please contact:
Email: dpo@ucscollegegroup.ac.uk
We may need to verify your identity before responding. Requests are answered within one month.
Complaints
If you are concerned about how we have handled your personal data, please contact the Data Protection Officer in the first instance dpo@ucscollegegroup.ac.uk
You also have the right to complain to the Information Commissioner:
Website: https://www.ico.org.uk
Telephone: 0303 123 1113
Our Privacy Notices
For detailed information about how we use personal data, please see: