0 Shortlist Search
Enter your keyword, course, subject or interest
EC Default Banner

Commercial Delegates Direct Enrol

Who is collecting the information?

Edinburgh College is the Data Controller. We have an appointed Data Protection Officer (DPO), who can be contacted by emailing: DataProtection@edinburghcollege.ac.uk.

Why are we collecting it, and what are we doing with it (Purpose)?

We collect and use your personal information for the following purposes:

  • To enrol you on the course.
  • To meet the requirements of the Scottish Funding Council.
  • To communicate with you about the essential information you will need to begin and take your course.
  • To provide you with access to relevant systems, such as our online learning platform ‘Moodle’.
  • Where necessary, review any additional support needs and provide learning support.
  • Where relevant, to give the results of assessments to awarding bodies.
  • Where relevant, to verify your attendance and progress to your employer, who they are your sponsor.
  • To provide you with further information on courses pertinent to your studies or college events and activities (but only where you give consent to receive direct marketing).
  • To analyse student applications for business, planning and equal opportunities purposes.

What personal data do we collect?

Personal Data

  • Title
  • Full name
  • Postcode (home)
  • Date of birth
  • Caring Responsibilities/Care Experience
  • Employment status
  • Address
  • Telephone
  • Email 
  • Course of study details
  • Emergency contact details

Special Category Data

  • Sex (including Trans men, Trans women)
  • Disability and health data (including mental health); additional support needs information
  • Gender identity
  • Sexual orientation
  • Religion
  • Ethnicity

How are we collecting this information? What is the source?

This information will be collected directly from you via the enrolment process or provided to Edinburgh College via a key contact at your organisation.

The lawful basis for the processing

Under the UK General Data Protection Regulation (UK GDPR), the relevant lawful basis for the College to process your personal information is UK GDPR Article 6(1)(e) “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller” (‘Public Task’)

Where we process your special category personal information, the lawful basis is UK GDPR 9(2)(g) “processing is necessary for reasons of substantial public interest, based on Union or Member State law…” (‘Public Interest’), plus Data Protection Act 2018, Schedule 1, Part 2, s6 ‘Statutory etc and government purposes’ and s8 ‘Equality of opportunity or treatment’. Providing this data is optional.

Where we contact you for marketing purposes, the lawful basis is Article 6(1)(a) “the data subject has given consent to the processing of his or her personal data for one or more specific purposes” (‘Consent’). If you wish to withdraw your consent to receive direct marketing from Edinburgh College (at any time), please email: commercialUK@edinburghcollege.ac.uk

Who we share the information with

The college shares your information with:

  • Scottish Funding Council, to allow them to allocate appropriate funding to colleges in line with Scottish Government strategies and their statutory duties. For more information on how the Scottish Funding Council use your personal data, please see their FE student privacy policy on their website.
  • Relevant Awarding Bodies such as: Institute of Leadership and Management (ILM), Chartered Institute of Personnel and Development (CIPD), Chartered Management Institute (CMI), Chartered Institute of Marketing (CIM) and Scottish Qualifications Authority (SQA).
  • Your sponsor (e.g. your employer), where relevant, is to confirm your attendance, progress and outcome.
  • Associate trainers who are contracted to deliver your course of study on behalf of Edinburgh College.
  • Intuit Mailchimp to administer and manage marketing email communications. Your name and email address will be shared with Mailchimp and their service providers to do this. This process involves sending your data outside the UK, including to the United States (US); appropriate safeguards are in place.
  • Other people and organisations provide systems and services on our behalf as data processors. Examples of when we do this include the Student Records System (Unit-E), the e-learning platform (Moodle), plagiarism detection systems (Turnitin), and One-to-One Support (if required for learning support).
  • Other public bodies where we have a legal obligation or where law enforcement is necessary.

How long do we hold the personal data?

We retain your personal data for up to 6 years after the end of your studies to meet the requirements of the relevant awarding/accrediting body and the SFC. Once the retention period has expired, we will securely destroy your personal data in accordance with applicable standards.

Individuals’ rights in relation to this processing

Under data protection law, you have a number of rights; some of these rights only apply if certain conditions are met. Your rights are: right to be informed (e.g. privacy notice), right of access, right of rectification, right of erasure (commonly known as the right to be forgotten), right to restrict processing, right to object, right to data portability and the right to know of any automated decision making (including profiling). It’s worth noting that you can exercise your rights either verbally or in writing, and the College would be required to process your request within one month.

The rights that apply to this particular processing are:

  • Right to be Informed – i.e. a privacy notice.
  • Right of Access – this means you have the right to access your personal information.
  • Right to Rectification – this means you have the right to correct inaccurate or incomplete personal information.
  • Right to Erasure – commonly known as the Right to be Forgotten (RTBF) – this means you can request that your personal data be deleted.
  • Right to Data Portability – this means you have the right to request your information in a machine-readable format (e.g. a .csv file) to be provided to you or transferred in that format to another organisation.
  • Right to Restriction – this means you can restrict the processing of your information and links with some of the other rights.
  • Right to Object – this means you can object to how your data is used.
  • Right to be informed of automated individual decision-making (including profiling) – we do not use this for OH purposes, and therefore this does not apply.

Some of the rights above have caveats and only apply in certain circumstances. You can exercise your rights at any time, and the College would be required to answer within a month upon receipt of your request. If you wish to exercise your rights or have any queries in relation to this, please contact the Data Protection Team at DataProtection@edinburghcollege.ac.uk.

Complaints to the UK Information Commissioner’s Office (ICO)

If you are concerned about how your personal data is being used by the College, in the first instance, please contact the College Data Protection Officer (DPO) at DataProtection@edinburghcollege.ac.uk. If you are not satisfied with the outcome, then you can complain to the regulator of data protection, the UK Information Commissioner’s Office (ICO). The ICO guides on the ICO website.

You can email them at casework@ico.org.uk, call them on 0303-123-113, or you can send a letter to them at the following address:

Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF