This Privacy Notice describes what Lincoln College does with the personal information you provide it with.
It applies to information the Lincoln College collects about:
- Visitors to the College’s websites
- People who use or may use the College’s services. This includes for example:
- individuals who undertake a course of study or apprenticeship through the College
- Lincoln College Alumni
- employers who purchase training from the College
- employers who take a student on work experience or placement
- employers who employ an Apprentice
- members of the College workforce
- individuals who are customers of the Lincoln College’s business operations e.g. Deans Sport and Leisure, Sessions Restaurant, The Salon, Complementary Medicine Clinic, FE Resources (Lincoln) Ltd, Lincoln College Corporate Support Solutions Ltd, Greater Lincolnshire Apprentices Ltd
- Individuals who request information from the College.
If you are asked to provide personal information to us, it will only be used in the ways described in this Privacy Notice.
If you have any questions about this notice, please contact the Data Protection Officer, Sarah Adams email@example.com
For more information you can read our full Data Protection Policy
The categories of the information that the College collects, holds and shares includes, but is not limited to:
- Personal information (such as name, student number, address, date of birth, national insurance number)
- Contact information (which may include phone number, email and postal address)
- The personal information of parents/guardians of students aged 16 to 18 (such as name, address, phone number and email address)
- Educational Information (including qualifications, predicted grades, learning support needs, attendance information – number of absences and reasons and individual achievements)
- Characteristics (such as gender and if the same as at birth, age, ethnicity, first language, nationality, country of birth and free school meal eligibility)
- Financial information (bank details)
- Information about personal preferences and interests
- Company information, (financial, staff, professional development records)
- Website usage data
- Staff contract information (start dates, hours worked, post, roles and salary information, annual leave entitlement, employment history and professional development).
Changes to this Privacy Notice
The College will keep this Privacy Notice under regular review and reserve the right to change it as necessary from time to time or if required by law. Any changes will be immediately posted on the College website.
The College has several specific privacy notices for specific areas of activity. Click on the links below to read these further notices:
How we use this data
Your personal information will be used for purposes relating to education, training, employment, general advice services, well-being and research. The College may share non-sensitive personal information about you with other organisations as follows:
Most of the information is passed to Government agencies (including but not limited to the Education and Skills Funding Agency) to meet funding arrangements. Where necessary it is also shared with the Department for Education (DFE).
The information is used for the exercise of functions of these Government departments and to meet statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009. It is also used, in collaboration with the appropriate organisations, to create and maintain a unique learner number (ULN) and a Personal Learning Record (PLR).
It is used by the Lincoln College:
- to process applications, enrolments and workforce development programmes and contracts
- for the College’s own internal records so that it can provide you with a high quality service
- to contact individuals in response to a specific enquiry
- to customise the College’s services so they work better for individuals
- to contact individuals about services, products, offers and other things provided by the College which it thinks may be relevant
- to contact individuals via email telephone or mail for research purposes.
At no time will the College assume permission to use information that is provided for anything other than the reasons stated here.
The information provided may be shared with other organisations for purposes of administration, the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and safeguarding for example. This will only take place where the sharing is in compliance with the GDPR.
Individuals may be contacted after they have completed their programme of learning to establish whether they have entered employment or gone onto further training or education. Following that initial contact and information gathering exercise, individuals will be offered the opportunity to join the College’s alumni. Individuals may be contacted by the European Social Fund (ESF) Managing Authority, or its agents, to carry out research and evaluation to inform the effectiveness of the programme. Information may be based to the ESF for this purpose.
Further information about use of and access to personal data, and details of organisations with whom the data is regularly shared are available here.
Lincoln College has identified that it meets a number of lawful basis for processing (as set out in Article 6 of the GDPR). In summary:
- For processing enquiries and applications to the College the lawful basis is legitimate interest
- For processing information relating to enrolled students’ programmes of study the lawful basis is legal obligation and public task
- For gathering information about the destination of an individual once they have left the College the lawful basis is legitimate interest
- For contact with individuals who have completed a course at the College to invite them to join the College’s Alumni Association, the lawful basis is legitimate interest.
The College will hold personal information securely.
To prevent unauthorised disclosure or access to personal information, it has strong organisational and technical security safeguards. If information is shared with another organisation (reasons for this are given in the section below) it will ensure an Information Sharing Agreement is in place.
The College follows stringent procedures to ensure it processes all personal information in line with the GDPR.
Information Sharing and Disclosure
The College does not sell or rent personal information. Information may by necessity be disclosed to appropriate staff members of Lincoln College and to Government Bodies (as previously outlined). Organisations that Lincoln College may share personal information with includes:
- Awarding Bodies
- Companies House
- Department for Education
- Education and Skills Funding Agency
- Higher Education Institutions
- Local authorities
- Nurseries and pre-schools
- Pension Service
- Social Care
- Think Alumni
Please note, this is not an exhaustive list
Information may be shared with third parties if it is in connection with the service being provided to individuals, for example, the College might share information with market research companies contracted to undertake work on its behalf to assess satisfaction with the College’s service. When the College does this it will always ensure an Information Sharing Agreement is in place. If, as part of the entry requirements for a course or if an individual is applying for a job with Lincoln College, the College needs to take up a reference or obtain ‘disclosure’ from the Disclosure and Barring Service, it will inform you beforehand.
Parental consent is not required for the processing of personal data in relation to students applications or enrolments. There may be exceptions in regards of students with severe learning difficulties, school link students and those who are otherwise unable to decide for themselves.
The College has found that it is very beneficial to the young person’s progress as a student if the College is able to engage with the parents (or guardian/carer). Therefore, it is very important that we have the parents’ details recorded on its systems.
When a student is in Further Education, parents/carers/guardians (or any other third party) are not automatically entitled to the student’s information. The College can only release information about its students if it has their consent for this recorded on the College system. Students are asked for their consent for sharing information with parents/others on the enrolment form or when enrolling face-to-face. Students can also inform the College later on of who the College may discuss their College matters with. Students may withdraw their consent the same way which they gave it.
Visitors to website and cookies
Controlling Information about Individuals
When individuals fill in a form or provide their details on the College’s website, there may be one or more tick boxes allowing them to:
opt in to receive marketing communications from the College by e-mail, telephone, text message or post
opt in to receive marketing from third party partners by e-mail telephone, text message or post
if individuals have agreed that the College can use their information for marketing purposes, individuals can change their mind easily, via one of these methods:
send an e-mail to our Data Protection Officer, Sarah Adams firstname.lastname@example.org
write to us – The Data Protection Officer, Lincoln College, Monks Road, Lincoln, LN2 5HQ
unsubscribe by clicking the link in each email.
Any individual can request that the College delete their personal data. This request for erasure can be made by e-mailing the Data Protection Officer, Sarah Adams at email@example.com.
Whilst GDPR doesn’t provide an absolute right to have your personal information deleted by an organisation (for example they do not need to delete personal information if they are obliged to keep it by law or have another legitimate reason to keep it) the College will review each request for erasure on a case by case basis.
Links from the College Website
(a) to help us to analyse the use and performance of our website and services (cookies used for this purpose are: Google Analytics)
(c) to provide website functionality, such as securing our application form.
Cookies used by our website
We use exp_last_activity so every time the page is reloaded the last activity is set to the current date and time. It is used to determine form or login expiry. This is essential for logged in users to record their data and not lose it as it is being input. The expiry time 12 months.
exp_sessionid Set by the site to maintain your secure login session. Used only for logged in members. Expiry time: session.
exp_expiration Determines the length of the session for a logged in user. Expiry time: session.
exp_anon A flag set by the user to determine if you are listed in the online users. This defaults to no. Expiry time: session.
exp_last_visit sets the date and time that the you last visited the site. Affects guests and logged in users. The expiry time is 12 months.
exp_tracker tracks the last 5 pages you viewed and is used primarily for redirection after some actions on the site ie moving back to pages. This affects guests and logged in users. This cookie expires when you leave the site.
We also use exp_csrf_token. This cookie protects against Cross Site Request Forgery (CSRF). A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. It expires from your computer after one hour.
course_id stores the course id number applied for. The expiry time is 24 hours.
mis_app_id, application_id store your course application number. The expiry time is 24 hours.
mis_enrol_id, application_id store your course enrolment number. The expiry time is 24 hours.
mis_app_apprenticeship set only if your application is for an apprenticeship. The expiry time is 24 hours.
apprenticeship_vacancy_reference Reference number for apprenticeship vacancy applications. The expiry time is 24 hours.
application_review Set if you are reviewing your application before sending. The expiry time is 24 hours.
mis_app_token Stores a token to secure application to a particular applicant. The expiry time is 24 hours.
mis_u18 sets a flag whether applicant is under 18 to ensure previous school information is collected from applicants under 18. The expiry time is 24 hours.
Cookies used by our service providers
_ga – Used to distinguish users. Expires after 2 years.
_gid – Used to distinguish users. Expires after 24 hours.
_gat_UA-11069238-1 – Used to throttle request rate. Expires after 1 minute.
We use Google Maps to show you our site locations on our website. Google Maps can set the following cookies to measure the number and behaviour of Google Maps users: SID, SSID, HSID, NID, PREF. Most expire after 6 months.
Hubspot may add the following cookies for tracking and Hubspot related functionality:
This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, as it still allows anonymized information to be sent to HubSpot. This expires after 2 years)
This cookie is used to test whether the visitor has support for cookies enabled. This expires at the end of session
This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before. This expires at the end of the session
When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. The cookie name is unique for each password-protected page.
This cookie is used to determine and save whether the chat widget is open for future visits. It resets to re-close the widget after 30 minutes of inactivity. This expires after 30 minutes
This cookie is used to prevent the welcome message from appearing again for one day after it is dismissed. This expires after 1 day.
This cookie is set when visitors log in to a HubSpot-hosted site.
The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). This expires after 2 years
This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. This expires after 10 years.
This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the
__hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. This expires after 30 mins.
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. This expires at the end of the session
If you are logged in to HubSpot, HubSpot will set additional authentication cookies. Learn more about cookies set in the HubSpot product.
Use of college services
People who use the College services
The College holds the details individuals provide in order to deliver programmes of study, Apprenticeships, workforce development programmes and other services which meet specific needs. It only uses these details to provide the service an individual has requested and for other closely related purposes. For example, it might use information about people who have enquired about a course to carry out a survey to find out if they are happy with the level of service they have received or it might use information about an employer offering a student work experience to contact them about a new Apprenticeship scheme or grant.
Information may by necessity be disclosed to appropriate staff members of the Lincoln College and to Government Bodies [to fulfil the College’s statutory responsibilities] such as the Education and Skills Funding Agency, Ofsted, the Department for Education and auditors or local partners.
People who use the College’s Business Enterprises
If someone is a customer of a commercial service of the College e.g. Deans Sport and Leisure, Sessions Restaurant, The Salon, Complementary Medicine Clinic, FE Resources (Lincoln) Ltd, Lincoln College Corporate Support Solutions Ltd, Greater Lincolnshire Apprentices Ltd, the information an individual provides the College with to enable them to deliver that service will only be held and used for that purpose or for other closely related purposes.
People who request information from Lincoln College
If an individual requests information from the College by letter, telephone, email, submitting an enquiry card or from a sales appointment, the College will make a record of that enquiry and will use the information to provide the individual with a response. It will only use the information for these purposes and to provide a follow up service to ensure that it provided the individual with what they asked for.
Accessing Your Own Personal Information
Individuals have the right to ask for a copy of any of their personal information held by Lincoln College. They can make a ‘subject access request’ under the GDPR. Any request should be made directly to the Data Protection Officer, Sarah Adams, at firstname.lastname@example.org
Requests to delete personal data
One of the key principles which underpins the GDPR is the right of an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. This is also known as the right to be forgotten.
Any requests from individuals to:
- have inaccurate personal data rectified (right to rectification)
- restrict or suppress of their personal data (right to restrict processing)
- obtain and reuse their personal data for their own purposes across different services (right to data portability)
- object to how their personal data is used should be made directly to the Data Protection Officer, Sarah Adams, at email@example.com
Complaints or Queries
If there are any questions about the College’s collection and use of personal data please contact the Data Protection Officer, sarah Adams, at firstname.lastname@example.org. They are happy to provide additional information if it is required. If you have a concern about the way Lincoln College has handled or is handling your personal information, or you wish to make a complaint because we have not complied with our obligations, you can make a complaint to the Information Commissioner’s Office (ICO). You should raise your concerns within three months of your last meaningful contact with the College. Details of how to do this are on the Information Commissioner’s Office website.
By post: If your supporting evidence is in hard copy, you can print out the form and post it to the ICO (with your supporting evidence) to:
Information Commissioner's Office