0 Shortlist Search
Enter your keyword, course, subject or interest
EC Default Banner

Hate and Misogyny Incident Reports Privacy Notice

Who is collecting the information?

Edinburgh College is the Data Controller. We have an appointed Data Protection Officer (DPO), who can be contacted by emailing: DataProtection@edinburghcollege.ac.uk.

Why are we collecting it, and what are we doing with it (Purpose)?

As a public authority, Edinburgh College is required to have due regard to the need to:

  • Eliminate unlawful discrimination, harassment and victimisation and other conduct prohibited by the Equality Act 2010.
  • Advance equality of opportunity between people who share a protected characteristic and those who do not.
  • Foster good relations between people who share a protected characteristic and those who do not.

Edinburgh College is also a third-party reporting centre for Hate Crime. Therefore, we have a duty to record hate incidents that occur within the College's business.

Your personal data is collected when you make the College aware of a hate or misogyny incident using the ‘With Details’ report form. The personal data and information you provide will be used to assess and/or investigate the incident, to get in touch with you to obtain more information about the incident and for statistical and analytical purposes.

If you do not wish the College to address the incident directly or take any direct action, an anonymous reporting form is also available.

What personal data do we collect?

Personal data

  • Forename and surname
  • Name of individual acting on your behalf (if applicable)
  • Email address
  • Mobile number
  • Gender identity
  • Campus (if applicable)
  • Other relevant information in relation to the incident

Special Category Personal Data

  • Protected Characteristics under the Equality Act 2010
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Health data, including mental health
  • Sex life or sexual orientation

The lawful basis for the processing

Under data protection law, our lawful basis is:

  • UK General Data Protection Regulation (UK GDPR) Article 6 (1) (c) ‘necessary for compliance with a legal obligation’. This includes:
    • The duty to investigate allegations/complaints under The Scottish Public Services Ombudsman Act 2002 (SPSO Act 2002).
    • To prevent discrimination, harassment, victimisation and other conduct prohibited by the Equality Act 2010.
    • Children & Young People (Scotland) Act 2014, part 9; Adult Support & Protection (Scotland) Act 2007; Counter-Terrorism & Security Act 2015.
  • Where we may need to process your data outside of the above, and in case of you, or another person being in danger of serious harm, our lawful basis is UK GDPR Article 6 (1) (d) ‘necessary to protect the vital interests of the data subject or another person’.
  • For Special Category data, UK GDPR Article 9 (2) (g) ‘necessary for reasons of substantial public interest using the following conditions in Data Protection Act 2018 (DPA 2018) Schedule 1 Part 2:
    • s6 Statutory, etc, and Government purposes.
    • s8 Equality of Opportunity or treatment.
    • s10 Preventing or detecting unlawful acts.
    • s18 Safeguarding of children and individuals at risk.

Who we share the information with

Depending on the nature of the incident, your data may be shared with the following teams:

  • Complaints Handling.
  • Human Resources.
  • Learning Development Tutors / Student Experience.
  • Safeguarding.

A relevant employee will proceed with the investigation if deemed necessary and may contact you directly. Further details on how these teams process your personal data will be provided to you and are also available on the College website.

The personal data you provide will be treated with discretion. The College does not share your personal data outside the College unless you have asked us to or we are required by law to do so.

The College may share your personal data with Police Scotland, Social Services, the NHS and other emergency services if your physical or emotional wellbeing is at risk or if we believe you, or another person, is in danger of serious harm.

How long do we hold the personal data?

We will retain your personal data from the report form for up to three years from the date the report is received and the incident is addressed, then destroy it securely in line with College procedures.

Individuals’ rights in relation to this processing

Under data protection law, you have a number of rights; some of these rights only apply if certain conditions are met. Your rights are: right to be informed (e.g. privacy notice), right of access, right of rectification, right of erasure (commonly known as the right to be forgotten), right to restrict processing, right to object, right to data portability and the right to know of any automated decision making (including profiling). It’s worth noting that you can exercise your rights either verbally or in writing, and the College would be required to process your request within one month.

The rights that apply to this particular processing are:

  • Right to be Informed – i.e. a privacy notice.
  • Right of Access – this means you have the right to access your personal information.
  • Right to Rectification – this means you have the right to correct inaccurate or incomplete personal information.
  • Right to Erasure – commonly known as the Right to be Forgotten (RTBF) – this means you can request that your personal data be deleted.
  • Right to Data Portability – this means you have the right to request your information in a machine-readable format (e.g. a .csv file) to be provided to you or transferred in that format to another organisation.
  • Right to Restriction – this means you can restrict the processing of your information and links with some of the other rights.
  • Right to Object – this means you can object to how your data is used.
  • Right to be informed of automated individual decision-making (including profiling) – we do not use this for OH purposes, and therefore this does not apply.

Some of the rights above have caveats and only apply in certain circumstances. You can exercise your rights at any time, and the College would be required to answer within a month upon receipt of your request. If you wish to exercise your rights or have any queries in relation to this, please contact the Data Protection Team at DataProtection@edinburghcollege.ac.uk.

Complaints to the UK Information Commissioner’s Office (ICO)

If you are concerned about how your personal data is being used by the College, in the first instance, please contact the College Data Protection Officer (DPO) at DataProtection@edinburghcollege.ac.uk. If you are not satisfied with the outcome, then you can complain to the regulator of data protection, the UK Information Commissioner’s Office (ICO). The ICO guides on the ICO website.

You can email them at casework@ico.org.uk, call them on 0303-123-113, or you can send a letter to them at the following address:

Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF