Nescot is now fully open to students and staff. Please check our latest Covid-19 information here

Privacy

Your privacy is important to us. That's why we treat your data with the utmost care, and we don't release it to outside companies for their marketing purposes.

Your privacy is important to us. That's why we treat your data with the utmost care, and we don't release it to outside companies for their marketing purposes.

The rules about how companies can store, process and use your personal data changed on May 25 in 2018, when the General Data Protection Regulations (GDPR) came into effect. This page has been created to help you understand how we use your data and why, and what your rights are. We know there's a lot of information here, but we want you to be fully informed.

We use your data to help us give you the best possible service. That includes helping students through the application process and helping them to succeed on their courses, and working closely with employers. You can find out more about how long we store your data by reading our Data Retention Policy here.

If you have any questions you're welcome to contact our Data Protection Officer, Rob Greening, by emailing dataprotection@nescot.ac.uk, calling 020 8394 3241, or writing to him at Nescot, Reigate Road, Ewell, Surrey, KT17 3DS.


Notice about how we use your personal information

For the purposes of GDPR, Nescot is the 'data controller' of personal information about you. You have certain rights concerning your data, including getting it corrected or deleted, and getting a copy of it. You also have a right to complain. This privacy notice has been prepared in accordance with the GDPR (EU) 2016/679 and the Data Protection Act 2018.Click on the links below for more information about how we use data for the groups below:

​How we transfer your personal information outside Europe

We do not store or transfer your personal data outside Europe.

Automated decisions we make about you.

We do not make automated decisions using this information.

​Data Security
  • Personal information in the form of paper records are kept in a locked filing cabinet, drawer or other secured area.
  • Personal information in the form of electronic records are kept on firewall-protected servers and accessed through password-protected systems.
​Your rights over your personal information

You have a number of rights over your personal information, which are:

  • The right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy about the way your personal data is being used – please see the ICO's website for information
  • The right to ask us what personal information about you we are holding and to have access to a copy of your personal information. Our data subject access request form is available her
  • The right to ask us to make changes to your contact details or to correct any errors in your personal information. You can do this by filling in this for
  • The right, in certain circumstances such as where our use of your personal information is based on your consent and we have no other legal basis to use your personal information, to ask us to delete your personal information
  • The right, in certain circumstances such as where we no longer need your personal information, to request that we restrict the use that we are making of your personal informatio
  • The right, in certain circumstances, to ask us to review and explain our legitimate interests to yo
  • The right, where our use of your personal information is carried out for the purposes of an agreement with us and is carried out by automated means, to ask us to provide you with a copy of your personal information in a structured, commonly-used, machine-readable format.
Notifying the college of personal data breaches

What is a personal data breach?
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure, theft, or unauthorised access, to personal data. This could include:

  • access by an unauthorised third party
  • deliberate or accidental action (or inaction) by a controller or processor
  • sending personal data to an incorrect recipient
  • computing devices containing personal data being lost or stolen
  • alteration of personal data without permission, or
  • loss of availability of personal data.


What should I do?
If you discover that a breach of your personal data by the College may have taken place then please notify our Data Protection Officer, Rob Greening, via dataprotection@nescot.ac.uk, providing as much information as you can on the nature of the breach and how you were made aware of it. On receipt of the email our internal Personal Data Breach Procedure will be triggered. You will be kept updated on any actions that the College is taking as a result of your notification.

​Changes to our Privacy Policy

We keep our privacy policy under regular review and will update it from time to time to make sure it remains up-to-date and accurate.

Exercising your rights - updating your data and access requests

Updating your data
You can use this form to let us know about a change of details. Please make sure you include any evidence we have asked for.

If you have any questions you're welcome to contact our Data Protection Officer, Rob Greening, by emailing dataprotection@nescot.ac.uk, calling 020 8394 3241, or writing to him at Nescot, Reigate Road, Ewell, Surrey, KT17 3DS.

Data subject access requests
If you'd like to request a copy of the data we hold about you, you can fill in our data subject access request form here.

If you have any questions you're welcome to contact our Data Protection Officer, Rob Greening, by emailing dataprotection@nescot.ac.uk, calling 020 8394 3241, or writing to him at Nescot, Reigate Road, Ewell, Surrey, KT17 3DS.