Finance

 

Introduction

South Eastern Regional College (SERC) is committed to complying with the General Data Protection Regulation (GDPR) and the Data Protection Act (2018). Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it.

 

SERC is the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means SERC determines the purposes and way in which any personal data are, or will be, processed.

 

The College Data Protection Officer is Sian Harvey.

 

Lawful Basis

What personal information do we collect?

We may collect, store and use the following categories of personal information:

  • Full name
  • Address
  • Contact numbers
  • Email Address
  • National Insurance Number
  • Marital Status
  • Bank account details, including Bank Name and Address, Sort code and Account Number
  • Tax Code Records
  • Salary, pension and payroll deduction information
  • Enforcements of Judgement / Statutory Deductions
  • Location of employment and workplace
  • Identification documents (including copy passports)
  • Employment records – job titles, work history, working hours
  • Remuneration History
  • Card Payment Details (name of cardholder, card number, expiry date, security code)
  • VAT Registration numbers
  • Disability Registration Status
  • Residency Status
  • Qualifications
  • Previous Funding Sources
  • Evidence of personal income
  • Dependent information (names of children, dates of birth, copy birth certificates)
  • Information regarding relationship with parents
  • Evidence of income of parent, spouse, partner
  • Personal contact information of parent, spouse, partner
  • Tax Credit Information
  • Car Registrations

We may also collect, store and use the following Special Category Data:

  • Trade Union Membership
  • Medical Evidence (doctors letters, photographs, and medical notes).

 

How do we use your information?

Data Protection says that we are allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are (for SERC as a public authority):

  • Contract - your personal information is processed in order to fulfil a contractual arrangement e.g. in order to make payment for your tuition fees or to make payment to staff members.
  • Consent - where you agree to us using your information in this.
  • Public interest - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Legal Obligation - where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
  • Vital Interests - where processing is necessary to protect the vital interests of the data subject or of another natural person.

Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so.

What we use your personal information forOur reasons (legal basis)
Workforce remuneration and payment of salaries & expenses / pensions administrationFulfilling a contract Legal Obligation
Processing and payment of supplier invoices.Fulfilling a contract
Processing and recovery of accounts and fees.Fulfilling a contract
Processing Student Finance Funding Claims (e.g. Hardship Fund, Care to Learn)Fulfilling a contract / Consent
Processing VAT Returns to HMRC.Legal obligation
Participation in National Fraud InitiativeLegal obligation

 

Processing Special Category Data

We will use special category data in the following ways:

What we use your personal special category data forOur reasons (legal basis)
Processing tuition fee refunds and waivers.Fulfilling a contract
Payment of trade union premiumsFulfilling a contract

 

Who we share your information with and why

Payment processing providers

SERC works with trusted third party payment processing providers in order to securely take and manage payments.

SERC works with banks and trusted third party payment processing providers in order to make payments to staff and suppliers.

Know Your Customer & Anti-Money Laundering Compliance Providers

In order to set up Direct Debit agreements we may share your information with experience Know Your Customer & Anti Money Laundering Compliance providers. The personal data you have provided will be used to undertake Know Your Customer and Anti Money Laundering Checks.  The checks seek to minimise fraudulent activity on the setting up of Direct Debits. Details of the personal information that will be processed include, for example: name, address, date of birth, and bank account information.

Credit Check Agencies

Before we provide services we may undertake checks for the purposes of making decisions on level of credit being provider to customers. These checks require us to process personal data about you.

The personal data you have provided or we have collected from you will be used to undertake various credit checks. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, and employment details.

Debt Collection and Tracing Agencies

In order to recover outstanding accounts we may share your information with Debt Collection and Tracing Agencies.

The personal data you have provided or we have collected from you will be used to undertake debt collection and tracing. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information.

HM Revenue & Customs (HMRC)

In order to fulfil our legal obligations with HMRC (Payroll, VAT, Corporation Tax) we will share relevant information with HMRC.

Courts and Tribunals

In order to fulfil any legal obligation with a Court or Tribunal we will share relevant information where legitimately requested.

Trade Unions

In order to make payment of Trade Union Membership premiums (deducted through payroll) we will share the relevant personal information with the relevant Trade Union.

Payroll Deduction Bodies

In order to make payment of payroll deductions (for example: Give as You Earn, Cycle to Work Scheme, Childcare Deduction, Court Order) we will share your relevant personal information with the relevant body.

National Audit Office (National Fraud Initiative)

In order to fulfil our legal requirement to participate in the National Fraud Initiative we will share personal information with the National Audit Office.

Transfer outside of the European Union (EU)

We do not currently transfer personal information outside of the European Union. However, if this changes, SERC will put in place an appropriate contractual provisions to ensure that information is held and used in a way that is consistent with and which respects the EU and UK laws on data protection.

Automated Decisions

We do not use automated decision making to make decisions that will have significant impacts on data subjects.

 

How long we keep your information

If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.

We may need your personal information for satisfying our legal, accounting and reporting requirements. For this purpose, we will retain your information in line with the FE Sector Retention and Disposal Schedule.

The only exceptions to this are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
  • we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
  • in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.

For full details on our Privacy Notice and your Rights, please visit our website Customer Privacy Notice