We use cookies

And you can turn them off if you do not want them. For more information see our privacy policy or update your preferences by clicking reject cookies.

Reject cookies
Course basket

Privacy Policy and Cookie Information

Introduction

Thank you for visiting the College of West Anglia. The College of West Anglia is committed to respecting your privacy and the privacy of every visitor to our website and we strive to take the appropriate measures to protect your personal information.

This privacy policy tells you what data we collect, what we do with your information, what we do to keep it secure and what rights and choices you have over your personal information.

When we refer to Data Protection Legislation this means the Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the General Data Protection Regulation which is the governing legislation that regulates data protection across the EEA. This includes any replacement legislation coming into effect from time to time.

The College of West Anglia is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under Data Protection Legislation to notify you of the information contained in this privacy notice.

This privacy policy applies to students, prospective students and employees, and visitors who attend any of our campuses, visit our website and social media pages or contact the College by other means.

What we collect and when

We only collect information that we know we will genuinely use and is held in accordance with the Data Protection Legislation. The type of information we collect about you, and that you voluntarily provide to us on this website includes:

  • Your name
  • Address
  • Telephone number(s)
  • Email address
  • Survey responses
  • IP address

If you apply for a course or enrol at the College.

When you apply or enrol for a course at the college, we have a (Legal Obligation) under Article 6.1c and 6.1e (Public Task) to process your data and to share your data with the Education & Skills Funding Agency (ESFA), the FIS (Funding Information System; a desktop service application element of the Education and Skills Funding Agency’s data collections system. The processing of your personal data is also necessary so that we can carry out our public task to provide education and training. We are required by the ESFA to retain documents to 31 December 2034.

What data do we process when you apply or enrol for a course includes:

  • Details about you including your name, date of birth, unique learner number and gender
  • Contact details; including address, telephone number and email address
  • Details of your previous qualifications, employment, and educational history
  • Information about your nationality and residency, and previous address if applicable
  • Information about medical or health conditions, including whether you have a learning disability or difficulty
  • Details about your ethnicity
  • Household information (this is collected only for the ESFA and is not used by the college)
  • Free school meal eligibility
  • Attendance marks such as sessions attended, number of absences and absence reasons
  • Information to monitor and report on student discipline and progress and support for your learning
  • Your destination after college.
  • To enable the college to support your learning we collect and process parent/carer/emergency contacts under Article 6.1d GDPR (Vital Interests) and Article 6.1e (Public Task).
  • If you pay for your course or receive a bursary we will need to process and collect your bank details under Article 6.1b GDPR Article (Contracts).
  • To enable us to monitor performance from our feeder schools we collect and store the name of your last school under Article 6.1f GDPR (Legitimate Interests).
  • To enable us to keep you informed about our latest products and services, including future events and informative college news, we collect your consent under Article 6.1a (Consent). We also rely on the lawful basis of consent to take photography and record audio and video content to showcase the college to prospective students and the community.
  • To ensure you can access all college facilities and for us to ensure your safety we take your photograph to display on your college ID card under Article 6.1b GDPR (Contract).
  • As a college we have a duty of care and a responsibility to protect the vital interests of others. To enable us to protect these interests we will collect data about criminal convictions under Article 6.1d GDPR.

When you attend any of our college premises

To ensure the safety of our students, staff, and visitors while on any of college premises, your image maybe captured and stored on our CCTV systems under Article 6.1f GDPR (Legitimate Interests). If you require further information on how we process images collected from our CCTV please request a copy of our CCTV Policy.

If you are a visitor to the college, we will collect your name, company (if applicable) and car registration number under Article 6.1f GDPR Article (Legitimate interests) for the safety of our visitors and staff while on the college premises.

Parent/Guardian Communication

Your Parent/Guardian will only be contacted with important information relating to your safety, wellbeing, and education whilst you study with us. As a key influencer in your decision making, from time to time we may contact parents/guardians of students with details of upcoming events that may be of interest when you are considering your next steps after college.

We may also occasionally contact your parent/guardian with information about relevant events and opportunities, but only where you or they have indicated they would like to receive these communications.

All parent/guardian data is held securely on college systems with restricted access. The data is held on this system for the duration of the time you study with the college and is then deleted within three months.

How we use your information

The college will collect and process your personal data to:

  • Meet our statutory obligations as a General Further Education College
  • Deal with, and respond to, any enquiries you have made with us about our products and services
  • Process application or enrolment forms you’ve submitted for a course, study programme or apprenticeship programme
  • Effectively manage your learning, including monitoring and reporting on your progress, providing pastoral care, registering with awarding bodies, and administering learning loans
  • Deal with and respond to any events you have booked on to or competitions you’ve entered
  • Seek your views, comments and feedback on our products and services, and notify you of changes
  • Send you communication which you have requested and that may be of interest to you about our products, services, news and events
  • Personalise your visits to our websites, including remarketing activities
  • Analyse statistically
  • Ensure the safety of our students, staff, and visitors, and for the protection of our buildings and assets
  • From time to time, we may contact students with details of upcoming events that may be of interest to them when considering their next steps after college, i.e., Apprenticeships events, University Studies events
  • Process application forms submitted for job vacancies

Where the college processes other special categories of personal data, such as information about age, gender, ethnic origin, disability or health, this is done for the purposes of equal opportunities monitoring and to monitor our service provision to improve our services to specific groups. We also use the data so we can personalise the provision to each student to provide them with the best possible opportunities to succeed.

Will we share your information, and if so, who with

We will only share your data with third parties where there is a legal obligation to do so, including the ESFA, Learner Records Service (LRS), examination bodies, Student Loans Company (SLC) and local authorities.

We may also share your personal data with other organisations in the following circumstances:

  • If the law or a public authority says that the college must share the personal data
  • If the college needs to share personal data in order to establish, exercise or defend its legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
  • From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
  • We may also engage non-statutory third parties to process personal data on our behalf, for example to follow up course applications during busy periods, help us deliver our services to you or undertake research. When we do this, we require these parties (data processors) to do so on the basis of written instructions, under a duty of confidentiality and an obligation to implement appropriate technical and organisational measures to ensure the security of data, and to never use it for their own direct marketing purposes. We will only disclose the personal information that is necessary to carry out the task or provide the service to you on our behalf.

The College of West Anglia will share your data with Anglia Ruskin University to facilitate the delivery and evaluation of the Higher Education programmes they run with students in the college as a part of the UCWA (University Centre West Anglia). In collaboration with LiNCHigher, a targeted outreach programme, your personal information will be shared if you attend if you take part in any LiNCHigher activity at the college.

International Transfers

From time to time, the college may transfer your personal information to our service providers based outside of the EEA for the purposes described in this Privacy Policy. If we do this your personal information will continue to be subject to one or more appropriate safeguards set out in the legislation. These might be the use of model contracts in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators such as the USA Privacy Shield scheme.

How long do we keep your information for

We retain a record of your personal information to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation, and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored in accordance with the colleges data retention schedule that stipulates how long documentation will be retained and once lapsed will be deleted.

Individual’s rights

Individuals have the following rights under GDPR

The right to be informed

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under GDPR. The college must provide individuals with information including; the purpose for processing their personal data, the retention period for that personal data, and who it will be shared with. This is called ‘privacy information’. Privacy information must be provided to individuals at the time the personal data is collected from individuals.

The right of Access

Individuals have the right to access the personal information that the college holds about you, by making a request. This is known as a ‘Subject Access Request’. If the college agrees we are obliged to provide your personal information to you. This will be provided free of charge and (where possible) within 30 days from when your identity has been confirmed. The college asks for proof of identity and sufficient information about your interactions with us so that we can locate your personal information and share it with confidence.

If you would like to exercise this right, please contact the college’s Data Protection Officer (DPO) as set out below.

The right to rectification

GDPR gives individuals the right to have personal data rectified. Personal data can be rectified if it is inaccurate or incomplete. If any of the personal information we hold about you is inaccurate or out of date, please contact the DPO to correct it, as set out below.

The right to erasure (the right to be forgotten)

The right to erasure is also known as the ‘right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances. If you would like more information, or would like to exercise this right, please contact the DPO, as set out below.

The right to restrict processing

Individuals have a right to ‘block’ or suppress processing of personal data. When processing is restricted, the college is permitted to store the personal data, but not to process it. The college is allowed to retain just enough information about the individual to ensure that the restriction is respected in future.

The right to portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hinderance to usability. The right to portability only applies to personal data an individual has provided to the college, where the processing is based on the individual’s consent or for the performance of a contract and when processing is carried out by automated means. If an individual requests for their personal data to be moved the college must provide the personal data in a structured, commonly used and machine-readable format. Open formats include CSV files.

The right to object

Individuals have the right to object to the college processing personal data for specific purposes. You will be informed of your right to object at the point of first communications if this applies and this will be detailed in the privacy notice for that first contact activity.

The college will stop processing personal data for direct marketing purposes as soon as it receives an objection. The college recognises that there are no exemptions or grounds to refuse.

Rights related to automated decision-making including profiling

The college will only use automated decision making where the decision is necessary for the entry into or performance of a contract or is authorised by Union or member state law applicable to the college or is based on the individual’s explicit consent. The college will make sure that it gives the individual information about the processing and introduces simple ways for them to request human intervention or challenge a decision.

For more information about your privacy rights

The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as the College of West Anglia are available publicly. You can access them by visiting https://ico.org.uk/for-the-public

You can make a complaint to the ICO at any time about the way the college uses your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

Security

Data security is of great importance to the College of West Anglia and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure your collected data.

We take several security measures to protect your information, including:

  • Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies)
  • Implementing access controls to our information technology
  • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices, and stores.
  • Never asking you for your passwords.
  • Advising you never to enter your account number or password into an email or after following a link from an email

Protection of Personal Information

The college takes precautions, including administrative, technical, and physical measures, to safeguard your data against loss, theft, and misuse, as well as against unauthorised access, disclosure, alteration, and destruction.

We use industry-standard efforts to safeguard the confidentiality of data, including encryption, firewalls and SSL (Secure Sockets Layer). We have implemented reasonable administrative, technical, and physical security controls to protect against the loss, misuse, or alteration of your data.

Cookies

Our website uses cookies – these are small text files that are placed on your device to help this website provide you with a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.

Managing Cookies

You can opt out of specific cookies in different ways depending on your browser. However, this may affect the performance and functionality of the website on the device, which you opt out from.

Google Analytics

Our website sets “first party” cookies through its use of Google Analytics. We use Google Analytics to provide us with non-personal site analytics, which in turn help us improve this website. Google Analytics tracking uses cookies to provide meaningful reports about web site visitors’, but they do not collect personal data about you. Google Analytics sets or updates cookies only to collect data required for the reports. Additionally, Google Analytics only uses first-party cookies. This means that all cookies set by Google Analytics cannot be altered or retrieved by any service on any domain other than cwa.ac.uk. Further detailed information on Google Analytics cookies can be found here.

SharpSpring Marketing Automation and CRM, and ClickDimensions

SharpSpring and ClickDimensions are both marketing automation software that the college uses as part of our CRM (Customer Relationship Management) system. Both systems help us to design emails that we send to our students and other subscribers which allows them to easily unsubscribe from receiving any more emails from us if they choose to do so and manage their marketing preferences. When users click on a link from an email, sent to the college website, the system is able to see which link users have clicked on and what information they may be interested to receive.

Twilio

We also use Twilio with SharpSpring and our CRM. While there are no Twilio cookies used on our website, using Twilio allows us to send text messages to specific groups of people such as a specific group of students for those who have opted in to receive communications, and in times of need such as during a closure due to severe weather such as snow.

Eventbrite

Personal data will be collected from you when you register to attend an event at the college using Eventbrite. The information you provide will be used to process your booking and it will be used to contact you via Eventbrite about your booking. You may also be contacted to undertake a post-event evaluation and provide marketing information about courses and events and other products and services offered by the college. All marketing communications will incorporate a link enabling you to opt-out of receiving further communications.

Eventbrite is a third-party service that is not owned or managed by the college of West Anglia.

If you wish to attend one of our events but do not wish to use Eventbrite to book a place, please contact us on 01553 761144.

AbilityNet

The college wants as many people as possible to be able to use this website. AbilityNet software is on the site to allow you to use the site for speech, reading and translation support. Find out more about how we’re making our website accessible by visiting: https://cwa.ac.uk/accessibility

You will be able see a wheelchair icon at the top right hand corner of the accessibility web page. This is AbilityNet, and by clicking on it, this allows you to do a range of things including enlarging the size of text, changing the colour and contrast of a page, letting it read the text on a page to you or highlighting text and allowing the reader to read it back out loud, among many other useful features. This software is used to make sure that our website is as accessible to as many people as possible, including those with reading, visual or hearing impairments.

Facebook Pixel

The college uses Facebook Pixel on the website. This conversion tracking helps us to measure the return on investment of our Facebook Ads by reporting on the actions people take after viewing those ads. Advertisers can create pixels that track conversions, add them to the pages of their website where the conversions will happen, and then track these conversions back to ads they are running on Facebook. We use the conversion pixel to retarget adverts towards people who have visited the college website on occasion.

To opt out of these, click here to update your settings on Facebook

Complaints

If you have a concern about how we handle your data, or you would like to make a complaint it will be dealt with in accordance with the college’s Complaints Procedure which can be viewed on request. If the college is unable to satisfactorily resolve the complaint, enquirers have the right to complain to the Information Commissioner’s Office (ICO) at the following address:

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Contact

If you would like to exercise one of your rights as set out above, or have a question or complaint about this Policy, or the way that your personal information is handled and/or processed, please contact us:

By email: This email address is being protected from spambots. You need JavaScript enabled to view it.

By post: Data Protection Officer, The College of West Anglia, Tennyson Avenue, King’s Lynn, Norfolk, PE30 2QW

CWA Logo

General Enquiries
01553 761 144

Student Services
01553 815 271

Enquiry

If you would like to ask a question, please complete the form below and we will get back to you as soon as we can.

Invalid Input
Please tell us your first name
Please tell us your surname
Please enter a valid email address
Invalid Input




Please select the types which best describe you
Please tell us what you are enquiring about
This field is required
Invalid Input
Invalid Input