0 Shortlist Search
Enter your keyword, course, subject or interest
EC Default Banner

Travel and Tourism Health Form for Educational Visits

Who is collecting the information?

Edinburgh College is the Data Controller. We have an appointed Data Protection Officer (DPO), who can be contacted by emailing: DataProtection@edinburghcollege.ac.uk.

Why are we collecting it, and what are we doing with it (Purpose)?

The College is collecting emergency contact and medical information so staff can easily access it to assist you if an emergency occurs during a visit organised by Travel and Tourism during the academic year.

What personal data do we collect?

Personal data

  • Emergency contact name
  • Emergency contact (relationship to you)
  • Emergency contact telephone number
  • Name and phone number of GP surgery
  • Preferred pronouns
  • Dietary requirements

Special Category Personal Data

  • Health data (e.g., allergies / medical needs / dietary requirements/issues the College should be aware of)

How are we collecting this information? What is the source?

The information is collected from you using a Microsoft Form (paper copies will also be available to students on request).

The lawful basis for the processing

Our lawful basis for processing your information under the UK General Data Protection Regulation (UK GDPR) is:

  • Article 6(1)(c) ’legal obligation’ as we require this information to ensure your safety whilst you are on an educational visit, as well as to meet our health and safety legislation and insurance responsibilities.
  • For the special category data (health information), the lawful basis for processing is UK GDPR Article 9(2)(g) “reasons of substantial public interest” along with Data Protection Act 2018, Schedule 1, Part 2, 6. Statutory, etc., and government purposes (Health and Safety legislation), and also 20. Insurance (Public liability/Indemnity insurance).
  • Article 6(1)(d) and Article 9(2)(c) ‘vital interests’, where we need to share information about you in the event of an emergency with medical and emergency services.

Who we share the information with

The information will be shared with College staff who are involved in organising the visit. Relevant information will be shared with external organisations where it is necessary to

Ensure your safety, e.g., dietary requirements, by visiting providers or medical professionals in the event of an emergency.

How long do we hold the personal data? 

The information is collected from each student at the start of each academic year and stored on College systems by the Travel and Tourism team, then securely destroyed at the end of each academic year. If an emergency incident occurs during the visit, the information will be retained for 7 years.

Individuals’ rights in relation to this processing

Under data protection law, you have a number of rights; some of these rights only apply if certain conditions are met. Your rights are: right to be informed (e.g. privacy notice), right of access, right of rectification, right of erasure (commonly known as the right to be forgotten), right to restrict processing, right to object, right to data portability and the right to know of any automated decision making (including profiling). It’s worth noting that you can exercise your rights either verbally or in writing, and the College would be required to process your request within one month.

The rights that apply to this particular processing are:

  • Right to be Informed – i.e. a privacy notice.
  • Right of Access – this means you have the right to access your personal information.
  • Right to Rectification – this means you have the right to correct inaccurate or incomplete personal information.
  • Right to Erasure – commonly known as the Right to be Forgotten (RTBF) – this means you can request that your personal data be deleted.
  • Right to Data Portability – this means you have the right to request your information in a machine-readable format (e.g. a .csv file) to be provided to you or transferred in that format to another organisation.
  • Right to Restriction – this means you can restrict the processing of your information and links with some of the other rights.
  • Right to Object – this means you can object to how your data is used.
  • Right to be informed of automated individual decision-making (including profiling) – we do not use this for OH purposes, and therefore this does not apply.

Some of the rights above have caveats and only apply in certain circumstances. You can exercise your rights at any time, and the College would be required to answer within a month upon receipt of your request. If you wish to exercise your rights or have any queries in relation to this, please contact the Data Protection Team at DataProtection@edinburghcollege.ac.uk.

Complaints to the UK Information Commissioner’s Office (ICO)

If you are concerned about how your personal data is being used by the College, in the first instance, please contact the College Data Protection Officer (DPO) at DataProtection@edinburghcollege.ac.uk. If you are not satisfied with the outcome, then you can complain to the regulator of data protection, the UK Information Commissioner’s Office (ICO). The ICO guides on the ICO website.

You can email them at casework@ico.org.uk, call them on 0303-123-113, or you can send a letter to them at the following address:

Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF