Notice about how we use your personal information

At Bury College, we take data protection seriously. We are the data controller of personal information held and processed by our students, staff and other individuals.

Our head office contact details are; Bury College, Head Office, Woodbury Centre, Market Street, Bury, Manchester, BL9 0BG

Our Data Protection Officer is contactable via dpo@burycollege.ac.uk. If you have any questions about our Data Protection Policy or the ways in which we use your personal information, please contact them at the email provided.

This privacy notice has been prepared in accordance with the UK General Data Protection Regulation, (UK GDPR) and the Data Protection Act 2018. You can view the College’s Data Protection Policy at the bottom of this webpage.

Changes to our privacy policy

We keep our privacy policy under regular review. Any material changes to our Privacy Policy will be updated on this site as the earliest opportunity. However, if you have any questions in relation to anything on this site please contact our Data Protection Officer at dpo@burycollege.ac.uk

Overview of Data Protection

UK GDPR and The Data Protection Act 2018 governs how personal data should be processed by organisations and applies to anything we do with personal data, such as collecting, accessing, sharing, analysing, storing and archiving it etc. The College is a Data Controller which means the College is responsible for compliance with the Act.

There are six key principles of UK GDPR

• Data is processed in a lawful, fair transparent manner
• Collected for a specific purpose(s) and not used for a separate purpose(s)
• Limited to what is necessary
• Accurate and up to date
• Stored for no longer than necessary
• Stored in a secure manner that protects from unauthorised or unlawful processing and against accidental loss, destruction or damage

There are also eight key principles in the Data Protection Act:

• Personal data shall be processed fairly and lawfully
• It shall be obtained for specified purposes
• Shall be adequate, relevant and not excessive
• It shall be accurate and up-to-date
• It shall not be kept longer than necessary
• It shall be processed in accordance with the rights of the data subject
• Measures shall be taken to protect processing, and to prevent loss and damage
• It shall not be transferred outside the EEA (European Economic Area) unless there is an adequate level of protection in that country

In additional, Bury College will be responsible for and aim to demonstrate compliance with this legislation in accordance with the accountability principle of UK GDPR.