Home Link Logo
Find a Course
My Prospectus

Privacy Policy

UCS College Group (‘We’, ‘The College’) is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This policy covers all campuses and centres within the group, including Bridgwater, Cannington, Strode, Taunton, and University Centre Somerset.

For the purpose of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Data Controller is UCS College Group, Bath Road, Bridgwater, Somerset, TA6 4PZ.

Information We May Collect From You

We may collect and process the following data about you:

  • Information you provide: This includes information provided at the time of registering to use our sites (including www.bridgwatercollege.ac.uk, www.canningtoncollege.ac.uk, www.strodecollege.ac.uk, www.tauntoncollege.ac.uk, and www.ucscollegegroup.ac.uk), subscribing to services, applying for courses, or requesting further services.
  • Correspondence: If you contact us, we may keep a record of that correspondence.
  • Surveys: We may ask you to complete surveys for research and quality assurance purposes.
  • Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
  • Usage Data: Information about how you use our website, products, and services.
  • Data Collection Forms: To collect information securely on our website (such as contact forms, open day registrations, and course enquiries), we use a plugin called Gravity Forms. When you submit a form on our site and provide consent:
    • Immediate Storage: Your data is initially processed and stored securely on our website’s web server (hosted within the UK/EEA).
    • Automation & Transfer: Where relevant, we use API integration to automatically transfer this data to our marketing automation platform (Mailchimp) or our Student Records System.
    • Data Minimisation: We regularly audit our website database to remove old form entries that have already been successfully transferred to our secure internal systems. All entries are deleted within, if not before, 60 days.

Marketing Automation and Profiling

We use third-party marketing automation platforms, such as Gravity Forms and Mailchimp, to manage our email communications and ensure the information we send you is relevant. You can unsubscribe or manage your preferences at any time by clicking the link in the footer of any of our emails.

If you fill out a form requesting specific information (e.g., “Construction Courses” or “A Level Open Event”), Gravity Forms passes your contact details and your specific interest tags to Mailchimp.

When you opt-in to receive marketing communications from us (for example, by downloading a prospectus, registering for an Open Event, or signing up for a newsletter), we may:

  • Store your data: Transfer your contact details and preferences to Mailchimp (Intuit), which processes data under secure standard contractual clauses.
  • Tailor your experience (Profiling): We use the information you provide (such as your age group, subject interests, or “student type” e.g., School Leaver, Apprentice, or Adult Learner) to segment our database. This ensures you only receive information relevant to your specific educational journey.
  • Track engagement: Our emails may contain tracking technologies (such as “web beacons”) that tell us if you have opened an email or clicked a link. We use this data to understand which courses are popular and to stop sending you emails if you are no longer interested.
  • Automated Workflows: This triggers automated email workflows relevant to your selection, ensuring you do not receive generic information that does not apply to you.

Legal Basis for Processing

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., enrolling you as a student).
  • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation.
  • Consent: Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third-party direct marketing communications via email or text message. You have the right to withdraw consent to marketing at any time.

Cookies

Our websites use Cookiebot and cookies to distinguish you from other users. This helps us to provide you with a good experience and allows us to improve our sites. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

Disclosure of Your Information

We may share your personal information with:

  • Any member of the UCS College Group.
  • Selected third parties including business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you.
  • Analytics and search engine providers that assist us in the improvement and optimization of our site.
  • Government bodies (such as the DfE or ESFA) where we are legally obliged to do so.
  • Marketing Service Providers and companies who help us manage our electronic communications with you, such as Mailchimp, to deliver personalised email campaigns and workflows.

International Transfers

We primarily store data within the UK. Whenever we transfer your personal data out of the UK (e.g., to service providers with servers in the EU or USA), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK (International Data Transfer Agreements) which give personal data the same protection it has in the UK.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know.

Your Legal Rights

Under the UK GDPR, you have the right to:

  • Request access to your personal data (Subject Access Request).
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party.

To exercise any of these rights, please contact our Data Protection Officer at: dpo@ucscollegegroup.ac.uk or by post to the College Group or individual college addresses.

Changes to Our Privacy Policy

Any changes we may make to our privacy policy in the future will be posted on this page and reflected in the relevant policy documentation.