Data Protection
Your rights under data protection legislation
University Centre Somerset, part of Bridgwater & Taunton College, is committed to protecting the privacy of anyone whose personal data we hold in line with the UK General Data Protection Regulation (UK GDPR). The College’s register entry number is Z4677243.
Data protection legislation places obligations on University Centre Somerset to protect your personal information. We have to make sure we process your personal data in line with the data protection principles and ensure that your rights as individuals are met. These are outlined in our Data Protection Policy.
University Centre Somerset will follow current data protection and other legislative guidance when dealing with requests from individuals (Data Subjects) to exercise their data rights.
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data. University Centre Somerset must provide you with information including: the purpose for processing your personal data, our retention periods for that data, and who it will be share with. This is set out in our privacy notices below
Right to access
You have the right to request a record of all your personal data that is held by University Centre Somerset and Bridgwater & Taunton College, also known as Subject Access Request. Full details are available in the Data Protection Policy.
You can submit this verbally or in writing, but you must describe the personal data required. Using the College’s Data Subject Access request form below please provide as much detail as possible relating to the request and will reduce potential delays pending clarification.
Proof of identification must be provided. You can submit the form and proof of identifications by email to dpo@btc.ac.uk. Please note that University Centre Somerset will only begin the process once it is in receipt of all items.
How do you request information on behalf of someone else?
There are some circumstances under which the College will consider a request of personal data on behalf of another individual. These are:
- The requestor is the parent of a child aged 12 years or under
- The requestor has the written permission to make a request on behalf of another individual
- The requestor has Power of Attorney or an order from the Court of Protection to act on behalf of another individual
Right to erasure/deletion
This is also known as ‘the right to be forgotten’. This is not an absolute right and will only apply in certain circumstances. Please read the guidance on the right to erasure before submitting a request.
Right to restrict processing
You have the right to request the restriction or suppression of your personal data. As with the right to be forgotten, this is not an absolute right and will only apply in certain circumstances. Please read the guidance on the right to restrict processing before submitting a request.
Should we restrict processing for an individual, University Centre Somerset will be able to store the information but we will not be able to use it.
Right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across difference services. It allows you to move, copy or transfer personal data easily from one IT system to another in a safe and secure way, without affecting its usability.
The right of data portability only applied to information an individual has provided to University Centre Somerset.
Right to objection
The GDPR gives you a right to object to the following:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics.
You must provide us with specific reasons in order to exercise this right to object to processing for research purposes.
You can find further information on this right to object on the Information Commissioner’s Office website.
Rights in relation to profiling and automated decision-making
Profiling and automated decision-making are two different things, although automated decision-making can include profiling. We will specify any profiling or automated decision-making in our Privacy Notices or other communication as necessary.
Reporting a concern
If you are unhappy with the way we have processed your personal information, or feel that your request for information or to exercise your data rights have not been dealt with appropriately, please contact the Data Protection Officer in the first instance.
If you are unhappy with the outcome of your complaint, you can escalate your complaint to the Information Commissioner’s Officer (ICO). Please see the ICO Concerns website for more information.
Cookies
Cookies provide information on how our website is used and helps us make informed decisions on changes we make. They also allow us to add certain functionality to our site which improves the experience for visitors. You can find our cookies policy here.
Subject Access Request Form
To submit a request, please visit this webpage and fill out the form.
Fee
We reserve the right to charge a reasonable fee when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information. The fee is based on the administrative cost of providing the information.
We will respond to your request within 30 days, where we are unable to approve your request for information or unable to provide the information within 30 days, we will notify you.