Student Privacy Statement

How we use your data

June 2024

New College Swindon is committed to protecting your privacy. The information we collect is essential in order for us to carry out our legal responsibilities, functions and tasks as an education organisation.
We hold personal information about you electronically and in paper format, under the requirements of the Data Protection Act 2018 (DPA) and General Data Protection Regulation (GDPR). We follow security procedures regarding the storage and disclosure of information which you have given us in order to avoid unauthorised loss or access. As such we have security systems and procedures to protect information from unauthorised disclosure, misuse or destruction.

Why does the College collect personal information?

New College Swindon collects and processes your personal data to;

  • Process your application
  • Effectively manage your learning,
  • Facilitate, support and deliver your education,
  • Improve the services and facilities we provide,
  • Meet its statutory obligations as a Further Education College and University Centre.

New College Swindon is committed to being transparent about how it collects and uses data and protects your privacy.

What is our lawful basis for processing your information?

The lawful basis for holding personal data about you is:

  • Article 6c (Legal Obligation) Personal data is held in order to meet our legal obligations with the Education and Skills Funding Agency (ESFA) and the Office for Students (OFS), safeguarding and health and safety legislation.
  • Article 6e (Public Task) to provide education and training.
  • GDPR Article 6d (Vital Interests) e.g. Emergency contact details.

Where we require your consent to process your information, we will obtain this from you at the point we collect your information and provide you with details on how long we retain the data, how we store it, who access to it and your rights.

Where there is any other legal basis for processing your information, we will inform you of this at the point we collect it

What personal information does the organisation collect?

During the course of your involvement with the College, your personal information is collected, stored and processed securely by us. Much of the information we ask you to provide is linked to government requirements for funding courses. The information we collect includes, but is not limited to:

  • Details about yourself including your title, name, date of birth, National Insurance Number (if applicable), Disclosure and Barring Service number (if applicable), gender and photo identification.
  • Contact details – including address, telephone numbers and email addresses.
  • Details of your previous qualifications, employment and educational history.
  • Information about your nationality and residency, and previous address if applicable.
  • Information about medical or health conditions, including whether or not you have a learning disability or difficulty.
  • Ethnicity for the purposes of monitoring equality of opportunity.
  • Sensitive information such as health information, sexual orientation and gender re-assignment, faith or belief and pregnancy or maternity for the purposes of monitoring equality of opportunity.
  • Information about your family or personal circumstances.
  • Household information (this is collected only for ESFA and is not used by the College).
  • Employment / Unemployment status and length.
  • State Benefits for the purpose of fee remission, free school meals and bursary.
  • Residency information to determine education funding
  • Financial information for the purpose of administering financial assistance, refunds and student loans.
  • Employer name and address for Apprentices.
  • Enrolment, attendance, English and maths assessment, progress monitoring, achievement, reasons for leaving and destination data.
  • Awarding Body registration and University and Colleges Administration Service (UCAS) Number.

Other data we collect:

  • Criminal convictions in order to protect students and staff GDPR Article 6d (Vital Interest) and also in order to carry out our duty to support those with a conviction GDPR Article 6e (Public Task)
    Emergency contacts – GDPR Article 6d (Vital Interests).
  • Parent/carer details for those under 18 at the start of the academic year under GDPR Article 6e (Public Task) in order to fulfil our duty to support the education and learning as fully as possible.
  • Information from schools, Youth Offending Teams, Social Services, Police and other education providers if required for the purposes of safeguarding students and staff in line with ‘Keeping Children Safe in Education 2024’.
  • Use of college services such as the Learning and Resource Centre (library) and Wellbeing Centre to monitor how well they are used.
  • Provision of support and welfare services such as counselling, careers advice and nursing / medical.
  • CCTV – We record images of students, staff and visitors in the college on CCTV for crime prevention and detection, safety, security and safeguarding purposes.
  • Virtual Tour – We occasionally record images of cars that may include visible registration plates within our car parks as part of promotional videos or virtual tours (legitimate interest)
    Full details including retention periods are provided in the New College Swindon Data Protection Retention Schedule.

How is this collected?

Most of the information above is collected directly from yourself via an application, enrolment or other college form. However, some information such as previous qualifications, or special needs, may be collected from other organisations such as the Department for Education (DfE), the Local Education Authority, your previous school, Youth Offending Team, Social Services, Police, Awarding Bodies and other education providers.

Where do we store data?

Data will be stored on:

  • the central college systems
  • paper in secure offices or on-site storage
  • electronic documents within a secure network

How does the college use your information?

  • To provide you with the best possible opportunities to succeed.
  • Process your application, arrange and provide support at interview, and inform decisions about suitability of course.
  • Process your enrolment.
  • Assess your eligibility for fee remission, financial support and student loans.
  • Set targets and monitor your progress
  • Process and Monitor your attendance on your course.
  • Monitor your health, safety and well-being through monitoring attendance, changes to appearance and behaviour and reporting any concerns to the appropriate departments such as safeguarding or ALS.
  • Register you with the appropriate awarding body.
  • Organise professional placements.
  • Arrange examinations, exam access arrangements and college certification.
  • Administer and monitor your use of facilities such as the LRC and Wellbeing Centre, College events and enrichment activity.
  • Administration of complaints.
  • Enlist participation in student surveys and student feedback reporting.
  • Fulfil statutory reporting requirements for government organisations such as the Department for Education, the Office for Students and Local Authorities..
  • Monitor our responsibilities under equality and diversity legislation.
  • Assess and provide learning and learner support and services to students such as Learning Support Assistance, counselling and medical care.
  • Monitor compliance with college regulations and policies.
  • College reporting/ performance monitoring.
  • Administration of the college CCTV system.
  • Monitor your outcome / progression.
  • Contact you for marketing purposes if you have provided consent.
  • Use your image for marketing purposes if you have provided your consent.

Who has access to your data and why do we share it?

The College will not normally share any personal information about you to other external organisations without your consent, unless it is vital to do so (for example an emergency, health or safety situation).
Not all of your information is shared. Information will only be shared where necessary and maybe shared with the following people or organisations:

  • New College Swindon staff who need the data to provide services to you.
  • Education and Skills Funding Agency (ESFA). This is a Government department which required the data to fund courses and monitor the performance of the college.
  • Office for Students (OFS). This is a Government department which requires the data to fund Higher Education Courses and monitors the performance of the College.
  • Learner Records Service (LRS). This is a Government database of student education history which College staff and students can update and allows employers and educational providers to view previous educational history.
  • Local Authorities to provide support for students who leave the college and to identify those not in education, employment or training.
  • Special Educational Needs Assessment Team (SENAT). This is only applicable for students with Special Educational needs to ensure they are fully supported.
  • Youth Offending Team (YOT). This is only applicable if a student is an offender and data shared will be to support the student.
  • Police, Social Services, Multi Agency Safeguarding Hub (MASH). Data is only shared where the College feels the student is at risk of harm.
  • Awarding Bodies, Joint Council for Qualifications (JCQ) to register students for qualifications so they can receive the certificates for the qualification.
  • Validating Universities to register students for qualifications so they can receive the certificates for the qualification.
  • Your previous school to ensure you have any necessary support during your studies
  • Parents and guardians (if under 18) to inform them of performance and attendance and any safety or wellbeing concerns.
  • Universities and Colleges Admissions Service (UCAS) where a student is applying to a university.
  • Employers and providers of external work placements to support students in the workplace.
  • Employers and providers of Apprenticeship work placements to support students in the workplace
  • Employers sponsoring tuition fees as they are paying for the course.
  • Apprentice employers support students in the workplace
  • Employers and educational providers who have requested references (with your consent)
  • Debt collection agencies for outstanding fees if applicable
  • Aramark (catering providers for students in receipt of free college meals)
  • EPA organisations for Apprentices to undertake End Point Assessment
  • Auditors who audit colleges to ensure government funding is used appropriately
  • Unifrog – to register user accounts for access to this platform; part of our careers programme, fulfilling our statutory duty to secure careers guidance and information on all available opportunities for all students. You can read more about your information being shared with Unifrog here
  • Third party software providers required for application, enrolment and management of student data systems and supporting the IT College systems:
    Tribal (student data record system)
    Heritage (library record system)
    Office 365
    PageOne (text messaging)
    dot mailer (email messaging)
    ALPs (software to monitor student performance against target)
    One Advanced (achievement rate and progress monitoring software),
    Smart Assessor (Apprenticeship performance monitoring)
    WPM & Global Payment Realex (credit card payment system),
    HODDER & STOUGHTON LIMITED, (on behalf of its business division
    HODDER EDUCATION GROUP (eBooks provider)
    Navigate for recording work placements and work experience
    Pay My Student for payment of Free College Meal and Bursaries
    Orbital Strata (performance monitoring and reporting software)
    JIRA Atlassian for student reporting of IT issues.

These organisations may be based outside of the UK or the European Union. We have ensured these organisations have safeguards in place which meet appropriate standards, to protect your personal data and sharing agreements are in place.

Where the College engages non-statutory third parties to process personal data on its behalf, we require them to do so on the basis of written instructions. The third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. The College has a contract or sharing agreement in place with non-statutory third parties with instruction on how they use, process, store and delete personal data.

The College shares your data with third parties where there is a legal obligation, including Education Funding Agency, Office for Students, Learner Records Service (LRS), Local Authorities for learners aged 16-18, Police, Social Services and other education providers.

ESFA (Education Funding Agency) Data Sharing Agreement

This privacy notice is issued by the Education and Skills Funding Agency (ESFA) on behalf of the Secretary of State for the Department of Education (DfE) to inform learners about the Individualised Learner Record (ILR) and how their personal information is used in the ILR. Your personal information is used by the DfE to exercise our functions under article 6(1)(e) of the UK GDPR and to meet our statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009. Our lawful basis for using your special category personal data is covered under Substantial Public Interest based in law (Article 9(2)(g)) of GDPR legislation. This processing is under Section 54 of the Further and Higher Education Act (1992).

The ILR collects data about learners and learning undertaken. Publicly funded colleges, training organisations, local authorities, and employers (FE providers) must collect and return the data to the ESFA each year under the terms of a funding agreement, contract or grant agreement. It helps ensure that public money distributed through the ESFA is being spent in line with government targets. It is also used for education, training, employment, and well-being purposes, including research.

We retain your ILR learner data for 20 years for operational purposes (e.g. to fund your learning and to publish official statistics). Your personal data is then retained in our research databases until you are aged 80 years so that it can be used for long-term research purposes. For more information about the ILR and the data collected, please see the ILR specification at

ILR data is shared with third parties where it complies with DfE data sharing procedures and where the law allows it. The DfE and the English European Social Fund (ESF) Managing Authority (or agents acting on their behalf) may contact learners to carry out research and evaluation to inform the effectiveness of training.

For more information about how your personal data is used and your individual rights, please see the DfE Personal Information Charter ( ) and the DfE Privacy Notice ( )

If you would like to get in touch with us or request a copy of the personal information DfE holds about you, you can contact the DfE in the following ways:

If you are unhappy with how we have used your personal data, you can complain to the Information Commissioner’s Office (ICO) at:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can also call their helpline on 0303 123 1113 or visit

Office for Students Data Sharing Agreement

If you are undertaking a Higher Education course with us, your information may be passed to the Office for Students (OfS) for funding purposes. Find out more information at Office for Students: privacy notice

Learner Record Service Data Sharing Agreement

The information you supply will be used by the Skills Funding Agency, an executive agency of the Department for Education (DfE), to issue you with a Unique Learner Number (ULN), and to create your Personal Learning Record (PLR). For more information about how your information is processed and shared refer to the Extended Privacy Notice. Find out more information at GOV.UK – LRS: privacy notice

Does the College process data outside the European Economic Area?

The College may transfer your information outside of the EEA only in the instance of website or social media. The college may partner with large organisations who meet the requirements of UK GDPR legislation to provide students with services. These organisations may process your personal data outside the EEA, however the college has checked that the organisation meets the UK data protection legislation.

How does the College protect data?

The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. The Data Protection Policy is available Data Protection Policy ( or in paper version by contacting the college.

How long does the College keep data?

All data collected and processed on behalf of the ESFA and OFS will be held for as long as we are legally required to do so. Other data will be held as long as is necessary to fulfil our duty as a college in line with the Data Protection Retention Schedule CCTV footage is retained for 30 days.

What rights do you have?

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data and information on what the College does with this data
  • request the College to change incorrect or incomplete data
  • request the College to delete or stop processing your data, for example where the data is no longer necessary for the stated purposes of processing
  • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing
  • request that your data is transferred to another organisation or to you in commonly used electronic format.
    If you would like to exercise any of these rights, please contact the Data Protection Officer with details of the data you require, feel is incorrect or would like deleted, email or contact the college reception.

Who can I complain to?

If you believe that the College has not complied with your data protection rights, you can bring this to the attention of our Data Protection Officer by emailing

If you are not happy with how your information is processed and used you can contact the Information Commissioner’s Office or call 0303 123 1113.

What if I do not provide personal data?

If you do not provide the data required to meet legal obligations, you will not be able to enrol on a course.

If you do not provide other information requested for example learning difficulty information, we may be unable to provide the standard of service we would like to provide, to help you succeed.

Does the College use automated decision-making?

We do not make decisions solely based on automated decision-making.

Changes to our Privacy Policy

Our Privacy Policy is regularly reviewed and you will be notified of any changes on the College website.

Course Guides
View All Guides
Queens Drive Campus
Queens Drive Campus
New College Drive
Tel: 01793 611470
View Campus Information
North Star Campus
North Star Campus
North Star Avenue
Tel: 01793 491591
View Campus Information
Adult Education Centre
Adult Education Centre
Focal Point
27-35 Fleet Street
Swindon SN1 1RQ
Tel: 01793 511665
View Campus Information
Institute of Technology
Institute of Technology
North Star Avenue
Tel: 01793 491591
View Campus Information