General Data Protection Regulation (GDPR)
How do we collect and use your personal information?
We are informing you with this information due to a new data privacy law that’s being introduced in the UK later this year, we’ll be providing you with details about how we collect and use your personal information. Our policies are compliant with data protection legislation (the Data Protection Act 2018 and GDPR).
However, this doesn’t mean we’re changing the way we collect or use your information. It is simply to make it easier for you to find out what we do, we’ve created a new ‘Privacy Notice’ which includes details surrounding;
- Your rights relating to the information we hold about you
- How we keep your personal information safe
- The types of personal information we at the Yorkshire College of Beauty collect and use
- The legal basis we rely on to use your information
Our Privacy Notice covers any products or services you have with us including training, treatments, student loans, payments, credit cards. If you are training with one of our sub-contractors, you may also get a similar note from them.
We’re here to help!
If you have any questions about anything covered above, please give us a call on 0113 250 9507 and we’ll be happy to help.
This privacy notice has been written to inform parents and pupils of Yorkshire College of Beauty about what we do with your personal information. This notice may be subject to change as the Data Protection bill progresses.
Who are we?
Yorkshire College of Beauty is a processor; this means that we determine how and why we collect the data. We are responsible for processing your personal data on behalf of a controller. The GDPR places specific legal obligations on us; we have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.
We have appointed Natalie Brotherton to be our Data Protection Officer (DPO). The role of the DPO is to assist us in monitoring internal compliance, inform and advise us on Data Protection obligations and to ensure that we are compliant with GDPR policies and procedures.
Please find below Natalie’s contact details if you have any questions in regards to Data Protection;
Tel : 0113 2509 507
E : email@example.com
What information do we collect?
- Personal information of pupils and their family members (name, contact details, DOB and address)
- Educational attainment
- Attendance information
- Assessment information
- Behavioural information
- Safeguarding information
- Relevant medical information
- Special educational needs and disabilities information
- Race, ethnicity and religion
Why do we collect your personal data?
- To support pupil learning
- To monitor and report on pupil progress
- To provide appropriate care and to ensure safeguarding is executed correctly
- To assess the quality of our services
- To comply with the law regarding data sharing
Personal data that we process about our pupils and parents/guardians is done so in accordance with Article 6 and Article 9 of GDPR.
Who do we obtain your personal information from?
- Yourselves (pupils and parents/guardians) on commencement of the course and also enquiries e.g. careers fairs, emails and telephone calls, forms completed on our website, enquiries received through social media
- Department for Education (DfE)
- Previous Schools attended
Who do we share your personal data with?
- Salon employers
- YCOB staff
- ICT programme providers e.g. PICS
We will not share any of your information about you outside the college without your consent unless we have a lawful basis for doing so.
How long do we keep your personal data for?
We will keep your personal data in line to fulfil organisational regulatory and funding body requirements. Any personal information which is not required by law to retain will only be kept for as long as is necessary.
What rights do you have over your data?
- The right of access – so individuals can access their personal data and can verify the lawfulness of the processing.
- The right to rectification – individual has the right to update it if incorrect or needs updating.
- The right to erasure – also known as right to be forgotten. Request can be made verbally or in writing and should be carried out within 1 month.
- The right to restrict processing – where the individual doesn’t want their data erasing but restricting.
- The right to data portability – individuals can obtain and reuse their personal data for their own purposes across different services.
- The right to object – to the processing of their personal data. The right to object must be communicated at the point of collection, clearly and on its own.
If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint the applicable supervisory authority.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We collect personal data from our contact forms on the website. The data is then processed by a member of the YCOB team. The information is securely stored on our database and is sent securely through encrypted mail services.
If, for whatever reason, you would like to exercise your “right to be forgotten” you can do so by emailing firstname.lastname@example.org with “GDPR Removal” as your subject along with any details you would like removing and we will delete the information quickly and safely wherever it may be saved.
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use analytics on the website to track how people use and interact with our website. No personal information is tracked, and all data is removed within 3 years of capture. If you would like to opt-out of the analytics, you can do so by using our cookies bar to opt-out of the cookies.
How long we retain your data
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
You can contact Natalie Brotherton at email@example.com for any GDPR concerns.
How we protect your data
We protect your data using 128-bit level encryption and always keep our website up to date to prevent any data breaches or security issues.
What data breach procedures we have in place
When a data breach occurs, we promise to notify you within 3 days of the breach with details of how the breach occurred and what steps we will take to stop it occurring again.