Your Rights

The Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) provides certain rights for individuals in relation to their personal data and what organisations do with their data. Under this law you have the following rights:

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling

All of these rights require organisations to respond to a request in one month. There is no fee. Although if a request is considered manifestly unfounded or excessive a reasonable fee can be charged for the administrative costs associated with the request.

The UK Information Commissioner’s Office (ICO) is the regulator of data protection and has further information and guidance regarding your rights.

If you have any queries regarding how Ayrshire College processes your personal data, please contact the Data Protection Officer (DPO) by emailing dataprotection@ayrshire.ac.uk

RIGHT TO BE INFORMED

You have the right to know how the college is processing your personal data, including:

  • Why we are processing your personal data?
  • What categories of personal data we are processing?
  • Who we are sharing your personal data with?
  • How long we will retain your personal data

 We publish this information in our privacy notices, which we make available at the time of collecting information from you.

For further information visit the ICO guidance page on their website.

 

Take me back to Data Protection 

RIGHT OF ACCESS

You have the right to ask for a copy of the personal data we hold about you, along with information on why and how it is processed. This will help you understand what your data is being used for and to verify the lawfulness of that use.

This is generally known as making a 'subject access request'. A subject access request is free of charge, unless it is excessive or repetitive. If this is the case, we may charge a reasonable fee to cover the costs of providing the information or refuse to provide the information.

We will require verification of your identity before responding to the request, to make sure we have the right person and the right information.

We will provide you with the information you have requested within one month, although if the request is complex we may extend the deadline by a further two months. If this is the case we will discuss it with you.

There are some exemptions which may apply. This may mean not all of the information you request will be available, for example if providing the information would also disclose the personal data of another person. In such circumstances we will redact (withhold) some or all of the information. We will explain our reasons for doing this when we provide the response.

Help and advice on making a subject access request is available in our Guide to Making a Subject Access Request.

For further information visit the ICO guidance page on their website.

 

Take me back to Data Protection 

RIGHT TO RECTIFICATION

You have the right to have your personal data rectified (corrected) if it is inaccurate or incomplete.

If we are unable to correct your data and have a legitimate reason for this, we will keep your statement requesting rectification on your record(s). We will also explain our reasons for this to you.

If we have passed your personal data on to any other organisations (in accordance with lawful processing and as described in our privacy notices) we will ask them to update the personal data they hold.

If the personal data held by us is correct we will not make any changes and will advise you of this.

For further information visit the ICO guidance page on their website.

Take me back to Data Protection 

RIGHT TO ERASURE

You have the right to ask us to delete or remove personal data we process when there is no compelling reason for us to process it. For example:

  • Where it is no longer necessary for the purpose for which it was originally collected/processed
  • When you withdraw consent
  • If you object to the processing and there is no overriding legitimate interest for continuing the processing
  • Our use of the data is unlawful
  • The data has to be erased to comply with a legal obligation
  • The data is processed in relation to the offer of information society services to a child.

The right to be forgotten is not an absolute right, which means we can refuse a request for erasure if the processing of personal data is:

  • used to exercise the right of freedom of expression and information
  • needed to comply with a legal obligation or the performance of a public interest task
  • needed for public health purposes in the public interest
  • used for archiving in the public interest, for scientific or historical research, or for statistical purposes
  • needed for making or defending legal claims.

When this right is exercised, we will stop any further processing, delete all your personal data and advise any other organisations we may have passed your data to (in accordance with lawful processing and as described in our privacy notices) to do the same.

For further information visit the ICO guidance page on their website.

 

Take me back to Data Protection 

RIGHT TO RESTRICT PROCESSING

You have the right to ask us to stop processing your personal data if:

  • you contest the accuracy of the personal data we are processing
  • you believe our processing is unlawful and you would like us to stop (but not have your information deleted)
  • we no longer need to process your personal data, but it needs to be kept to make or defend a legal claim

When this right is exercised, we will retain enough personal data to meet the purpose for keeping it. We will also make sure it is not processed for any of the purposes for which you have asked us to stop.
For further information visit the ICO guidance page on their website.

Take me back to Data Protection 

RIGHT TO DATA PORTABILITY

You have the right to ask for a digital copy of personal data held about you. This allows you to move, copy or transfer your data from one IT system to another in a safe and secure manner.

This right only applies to personal data:

  • that you have provided to the college
  • that is processed based on your consent or because it is necessary as part of a contract
  • that is processed by automated means

We will provide the information requested in a machine-readable format so that it can be reused by any other organisation you choose to pass it to.
For further information visit the ICO guidance page on their website.

Take me back to Data Protection 

RIGHT TO OBJECT

You have the right to object to our processing of your personal information in limited circumstances. For example when the college is processing your personal data:

  • In the legitimate interests of the organisation or because we are carrying out a public task in the public interest. We must show compelling legitimate grounds to be able to continue to process your data.
  • For direct marketing, including profiling.
  • For scientific or historical research or for statistical purposes, unless the processing is necessary to carry out a public task in the public interest.

Where you exercise this right we will stop processing your personal data unless there is a compelling reason that is greater than your individual rights.
For further information visit the ICO guidance page on their website.

Take me back to Data Protection 

RIGHTS RELATING TO AUTOMATED DECISION MAKING AND PROFILING

Automated decision making is where a decision is made solely by automated means, without any human intervention e.g. by a computer algorithm. Profiling is the automated process of using personal data to evaluate certain things about an individual.

You have the right to:

  • Know whether an organisation is using automated decision making and profiling
  • Request human intervention and to challenge a decision.

Ayrshire College has developed an in house retention tool using Learning Analytics. The retention tool uses a machine based learning algorithm to calculate a score for individual students.  This is based on the review of key pieces of personal data held by the College, such as attendance and referrals. Where a score is given that indicates a student may be at risk of dropping out then college staff contact the individual students to discuss possible interventions.

The purpose of profiling in this way is to provide support and pastoral care to students encouraging them to remain at College so they can achieve their goals.  You can find out more about the retention tool here.

For further information visit the ICO guidance page on their website.

Take me back to Data Protection 

Course Search

Or

Browse all courses Advanced search