Home Link Logo
Apply Now
My Prospectus

Data Protection and Privacy

University Centre Somerset College Group is committed to protecting the privacy of anyone whose personal data we hold in line with the UK General Data Protection Regulation (UK GDPR), the UK Data Protection Act 2018 and other supporting legislation such as the Privacy Electronic Communications Regulations (PECR). This information covers all campuses and centres within the group, including Bridgwater, Cannington, Strode, Taunton and University Centre Somerset.

Data Protection Officer

As a publicly funded organisation, we are required to have a Data Protection Officer (DPO), please contact dpo@ucscollegegroup.ac.uk

The data controller is the UCS College Group, Bath Road, Bridgwater, Somerset TA6 4PZ. We are registered with the Information Commissioner, the UK’s data protection authority – Z4677243.

Your rights under data protection legislation

We will follow current data protection and other legislative guidance when dealing with requests from Individuals (Data Subjects) to exercise their data rights.

The right to be informed

We will tell you what we are doing with your personal data, why we need to collect it, what we will do with it and who we will share it with.

We will give you this information in our Privacy Notices.

Where we need to collect, process or share your personal information for any purpose not outlined on the Privacy Notices, we will provide separate information and obtain consent where necessary.

Read more about partner agencies and other organisations who we work with, including privacy notices for awarding/validating bodies, agencies and some other third parties.

The right to access

This is known as a Data Subject Access Request.

Any request in writing or email from the Individual (Data Subject) will be considered as a valid request, as long as it contains the relevant information for us to deal with your request. Please email the Data Protection Officer dpo@ucscollegegroup.ac.uk

If you are not known to the relevant department or business area, we may ask to see proof of your identity. The following forms of identity will be accepted (please note, we will need to see the original):

  • passport

  • driving licence

  • bank, building society or credit card statement in the Data Subject’s name for the last quarter

  • council tax bill

Request information on behalf of someone else

If you request information for someone else, please contact the Data Protection Officer and provide evidence of your authorisation, such as a signed form, letter, or Power of Attorney.

If approved, you’ll receive a printout or photocopy of records. Email delivery is only allowed via an approved secure method.

We aim to respond within one calendar month. If there are delays or we cannot fulfil your request, we will inform you. Proof of identity is required.

Request information on behalf of an enforcing body

Requests for disclosure of personal information in connection with investigation of crime or any other enforcing body investigation should be made on a Police and Enforcing Bodies disclosure request form and email the Data Protection Officer – email dpo@ucscollegegroup.ac.uk ID will be requested and verified.

Charges

Information is usually provided free of charge. In some cases, such as when a request is excessive or unfounded, or when additional copies are requested, we may charge a reasonable fee to cover administrative costs. We follow ICO guidance to determine if a fee applies and will notify you before gathering the information.

The right to rectification

  • For amendments to your personal information such as updating details we have collected from you for normal business processing. These could include contact details, change of address, emergency/next of kin, contact details, course details and medical details.

  • Please contact the relevant department to tell them what is incorrect and ask for it to be corrected.

  • For anything that is not considered routine business processing, please contact the Data Protection Officer who will take steps to action your request.

  • We will aim to deal with requests for rectification as soon as possible. We will respond within one month. This will be extended by two months where the request for rectification is complex.

The right to erasure/deletion

  • Requests for the erasure (deletion) or removal of personal data, where there is no lawful basis for its continued processing, should be made to the relevant department.

  • We have the right to refuse a request for erasure under certain circumstances –

  • We will aim to deal with right to erasure requests within one month. Where we are unable to complete the request within this timescale, we will let you know.

Right to restriction

  • Requests to restrict us from processing your personal data can be made, but there may be reasons why we may not be able to comply.

Right to data portability

  • Details on this are outlined in the Data Protection Policy. Requests should be made to the relevant department.

Right to objection

  • You may object to processing under certain circumstances, please refer to the Data Protection Policy.

  • We will aim to deal with requests within one month and advise you if we cannot meet this timescale.

Rights in relation to profiling and automated decision-making

  • Profiling and automated decision-making are two different things, although automated decision-making can include profiling.

  • We will specify any profiling or automated decision-making in our Privacy Notices or other communication as necessary.

Marketing Automation and Profiling

We use third-party marketing automation platforms, such as Gravity Forms and Mailchimp, to manage our email communications and ensure the information we send you is relevant. You can unsubscribe or manage your preferences at any time by clicking the link in the footer of any of our emails.

If you fill out a form requesting specific information (e.g., “Construction Courses” or “A Level Open Event”), Gravity Forms passes your contact details and your specific interest tags to Mailchimp.

When you opt-in to receive marketing communications from us (for example, by downloading a prospectus, registering for an Open Event, or signing up for a newsletter), we may:

  • Store your data: Transfer your contact details and preferences to Mailchimp (Intuit), which processes data under secure standard contractual clauses.

  • Tailor your experience (Profiling): We use the information you provide (such as your age group, subject interests, or “student type” e.g., School LeaverApprentice, or Adult Learner) to segment our database. This ensures you only receive information relevant to your specific educational journey.

  • Track engagement: Our emails may contain tracking technologies (such as “web beacons”) that tell us if you have opened an email or clicked a link. We use this data to understand which courses are popular and to stop sending you emails if you are no longer interested.

  • Automated Workflows: This triggers automated email workflows relevant to your selection, ensuring you do not receive generic information that does not apply to you.

Legal Basis for Processing

We process personal data under one or more of the following legal bases:

  • Performance of a contract eg delivering education services

  • Compliance with legal obligations

  • Tasks carried out in the public interest

  • Legitimate interest

  • Consent (where required)

Cookies

Our websites use Cookiebot and cookies to distinguish you from other users. This helps us to provide you with a good experience and allows us to improve our sites. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

We will monitor your use of the College Group’s computers

We monitor your use of College equipment and computers, including the websites you visit, to meet legal requirements and ensure appropriate use.

To browse privately, use your own devices not connected to the College network.

Complaints

If you are unhappy with the way we have processed your personal information or feel that your request for information or to exercise your data rights have not been dealt with appropriately, please contact the Data Protection Officer in the first instance – email dpo@ucscollegegroup.ac.uk

If you are unhappy with the outcome of your complaint, you can escalate your complaint to the Information Commissioner’s Office. Call 0303 123 1113 or visit the ICO Concerns website.