List of active policies
|Personal Information Use Policy
|Website and IT Equipment usage Policy
|Data Management Policy
documented or referred to on our website which sets out the basis on which any
personal data we collect from you or that you provide to us will be processed
by us. Please read the following carefully to understand our views and
practices regarding your personal data and how we will treat it. By
visiting our website and by completing or filling any of our forms you are
accepting and consenting to the practices described in this policy.
We need to provide you with certain information on the personal information we collect from you (also called “Data”) and the information below sets out how we may collect the information and use it
We take your privacy and security of any information (which, for the purposes of this Notice we will refer to as ‘Personal Data’) that you provide to us very seriously.
For the purposes of the EU General Data Protection Regulations and any subsequent UK legislation based on those Regulations (GDPR), the data controller and processor is the Mont Rose College of Management and Sciences (the College) and our Data Protection Officer is Mr. Ali Fraz Khan. If you have any issues about how your data is being used he may be contacted email@example.com.
We may collect and process the following data.
The information you give to us
This is information about you that you give us by filling in forms on our Website (including the information you provide when you register to use our website, subscribe to our service, search for a product, place an order on our Website or participate in any function on our Website) or completing any forms that we have provided you with or by corresponding with us by phone, email, in person or otherwise.
To be absolutely clear this information may which is mention on our application form and inquiry form. Which available on the website and in person hard copy.
· With regard to each of your visits to our website and our e-learning website (Moodle) we will automatically collect the following information.
- Technical Information. This may include, for example, the IP address used to connect your computer to the internet, your log-in information, browser type and version, and time-zone setting.
- Information about your visit. This may include the full URL through and from our Website including date and time.
- Such information as is otherwise provided by you in order for us to reasonably be able to provide you with our services.
· We may also receive information about you from other sources including other websites that we operate or other services that we provide. We may share that data internally and combine it with data we have already collected. We will only share and combine your data so we can provide the services that you have requested. We work closely with some third parties (including, for example, business partners, sub-contractors, search information providers and DBS check). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
· It is also possible that we may collect information as a result of combining certain data we have collected or which has been inferred by analytical algorithms. Any such information will only be used if we can reasonably comply with this policy
Uses that we make of the information provided
We use the information held about you in the following ways
· If you provide us with the information you consent to us using it as follows:
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us.
- To provide you with information about other services and courses we offer which we reasonably feel would be of interest to you
- To provide you with permitted selected relevant third parties e.g. our partner`s institute.
- To notify you about changes to our services/courses.
- To send you text, email or call for any promotions, open days or any other activity going on.
- To ensure that content from our website is presented in the most effective manner for you and your computer.
· You consent to us using the information we have collected about you either directly or from other sources (but not necessarily directly from you) for:
- To administer our Website and for internal operations including troubleshooting, data analysis, testing, research, statistic and survey purposes.
- To improve our Website to ensure that content is presented in the most effective manner for you and your computer.
- To allow you to participate in inter-active features of our service when you choose to do so.
- As part of efforts to keep our Website safe and secure.
- To make suggestions and recommendations to you and other users of our Website about goods, services or courses that may interest you or them.
Our relationship with you
- as set out in or referred to in our other policies and in particular our personal information use policy
Information we receive from other sources.
We will use this combined information for purposes set out above depending on the types of information concerned.
These paragraphs tell you who we will share your information with
You agree that we have the right to share your personal information with:
· Any member of our Group which means our subsidiaries, our ultimate holding company and its subsidiaries as defined in Section 1 on 59 of the UK Companies Act 2006.
· Subject to your consent to selected third parties including:
- Business Partners, Suppliers, and Sub-Contractors for the performance of any contract we enter into with you.
- Analytics and Search Engine Providers that assist us in the improvement and optimization of our Website.
In particular, we may disclose your personal information as follows:
· With your consent
· If the College or substantially all of its assets are required by the third party, in which case personal data held by the College will be one of the transferred assets.
How we will look after your personal information we have collected
· We will ensure that we keep a full record of your information
· We will only keep your information for as long as we reasonably need in order to provide you with the services you have requested unless you have opted for us to keep it for specific times or reasons
· Your personal information will be stored on secure servers based at our offices and will be protected by passwords to limit those who have access
· We will ensure that your personal data is held compliant with your rights set out below
Under GDPR you have certain rights which we set out below;
· The right to be informed about the personal information held and to access it
· The right to check that the personal information we hold is accurate
· The right to have inaccuracies deleted or altered
· The right to have the information erased or to restrict processing
· The right to take your any away any personal data that you have provided, you have consented to us obtaining or is obtained by automatic methods
· The right to object generally and to lodge a complaint to the Information Commissioners Office
· The right not to be subjected to automatic decision making
Outside of the European Union?
If we send your personal information outside of the EU we will always need your specific consent. Without that our policy is not to send personal information outside of the EU
Email is used as a means of communicating official company information
to staff, students and other relevant authorities, convenient, rapid,
environmentally aware, and cost-effective. Mont Rose College of
Management and Sciences issues an email address and disk space for email
storage to all staff and students. Mont Rose College of Management and
Sciences also distributes email software on computer systems. This
practice ensures that all staff and students have email communication
readily available to them. The purpose of this policy is to set forth
the rights and responsibilities of both users and providers of
electronic mail for staff and students. Email facilities are provided
primarily to improve communications among staff and students for matters
relating to their roles within Mont Rose College of Management and
Sciences. Limited use for personal and social purposes is tolerated, not
such use should not become excessive.
Email Policy for staff and students
Email is used as a means of communicating official company information to staff, students and other relevant authorities, convenient, rapid, environmentally aware, and cost-effective. Mont Rose College of Management and Sciences issues an email address and disk space for email storage to all staff and students. Mont Rose College of Management and Sciences also distributes email software on computer systems. This practice ensures that all staff and students have email communication readily available to them. The purpose of this policy is to set forth the rights and responsibilities of both users and providers of electronic mail for staff and students. Email facilities are provided primarily to improve communications among staff and students for matters relating to their roles within Mont Rose College of Management and Sciences. Limited use for personal and social purposes is tolerated, not such use should not become excessive.
This policy protects Mont Rose College of Management and Sciences assets and helps ensure our ability to continue business operations.
This policy applies to Student and Staff that have access to Mont Rose College of Management and Sciences
Use of Email
Mont Rose College of Management and Sciences uses electronic mail to communicate official Mont Rose College information of many kinds to Staff, Students and others. Staff are responsible for reading and responding to their email on a frequent and regular basis, since some official communications may be time sensitive. Mont Rose College of Management and Sciences suggests that Staff access their email account on a daily basis.
Staff needs to set up an automatic out of office reply through Outlook when they are away from the College. This should include alternative contact details for urgent inquiries.
No user should send insulting, abusive, bullying, harassing, obscene, racist, sexist offensive, incitement to commit a criminal offense or threatening or which may contain any malicious code; for example virus. No information should be communicated within or outside the college which is defamatory, which brings Mont Rose College of Management and Sciences into disputes, or which violates laws.
All users must act sensibly and appropriately when using the College’s email, or computing facilities to send an email, whether internally or externally using the internet.
If anyone receives these email containing any such material, and they are concerned about this should inform relevant authority. Any user must not send an email which might bring the College into disrepute or purport to be the view of College unless they are authorised in writing to express views on behalf of the College.
Under the data protection act personal data processed for any purpose or purposes shall not be kept for longer than necessary for that purpose or those purposes. To prevent unauthorised or accidental disclosure of the information, it is essential to exercise care at its disposal, including protecting its security and confidentiality during storage, transportation, handling, and destruction.
Anyone Staff or Student found to be in breach of this policy may be subject to disciplinary action.
Mont Rose College of Management and Sciences retained the right to terminate email addresses allocated to the students within 90 days of completion or leaving the course. The College will not take any responsibility for any loss of data after a given period. Therefore it is a student`s responsibility to back up their data within the given time.
For the staff, upon leaving the College their email address will be terminated immediately.
SummaryThis document will explain how and why College personal data.
Personal INFORMATION USE POLICY
How and why does the College use personal data?
1. To enable us to administer student-related functions from original applications through to graduation and to provide alumni services;
2. To produce information including statistics for relevant external agencies such as the Higher Education Statistical Agency (HESA) and the Higher Education Funding Council for England (HEFCE) which allocates funds to the College on the basis of student numbers;
3. To enable College staff to communicate with students;
4. To monitor academic progress over the period of enrolment towards completion of a qualification;
5. To carry out assessments, authorise the award of qualifications and verification of awarded qualifications
6. To monitor, complaints, disciplinary cases, and academic appeals;
7. To provide student support services, IT and Moodle where the student has access to their learning sources;
8. To monitor, develop and update College systems to ensure they continue to operate effectively and securely
9. The College also processes personal data in relation to staff, both academic and non-teaching. This is undertaken to facilitate recruitment activity and to administer the requirements the College must meet as an employer in line with UK law. In addition, it is used to facilitate operational activity within the relevant faculty / professional service.
What personal data does the College collect?
The College collects personal data from students at several stages. The personal data collected is mentioned below:
Initial email/telephone inquiry
- name and address
- contact details (telephone number, email address)
- subject/area of interest
Details from application forms:
- name and address
- contact details (telephone number, email address)
- age/date of birth
- nationality and country of residence
- educational records to date
- academic references (including personal statement, resume, and grades)
- disability declaration
- criminal conviction declaration
- How did they hear about us and if a friend who studies here recommends mentioning their name or Student ID.
- Programme name
- Next to Kin detail (Name, Address, mobile, home phone, email and country and town.
- Applicant passport number, place of issue, date of issue and valid till.
- Work Experience detail if an applicant has it
- Ethnic Origin
- Proof address
- Sexual Orientation
- Religion or Belief
- Student support eligibility check
- Previous qualification results
- For students taking courses in HND Health and Social Care and Diploma in Education and training need a DBS Clearance.
The College collects the following information from the academic and non-teaching staff which is outlined below:
- name and address
- national insurance number
- contact details (telephone number, email address)
- self-declaration of permission to work in the UK and upload of passport/visa copy if necessary
- relevant qualifications or indication of highest qualification held
- professional development/training and membership of any professional body
- employment history
- Referee details
- Data captured for equal opportunities monitoring (gender, date of birth, nationality, marital status, sexual orientation, religious belief, ethnicity)
- Declaration about any disability as defined under the Equality Act 2010
Once a candidate has been made an offer of employment:
- Bank details
- Emergency contact details
- Qualification information required to be shared with HESA
- Health information
- Certain positions also require a DBS compliance check to be completed
· Data captured for equal opportunities monitoring
Sharing of personal data
Professional and Funding Bodies:
- Validation of registrations and awards; and
- Approval of funding applications.
National/Local Government Departments and other public bodies:
- Higher Education Statistics Agency (HESA) and HEFCE to produce a variety of statistical reports about higher education that are required to be published in the public interest;
- UK Immigration agencies to ensure compliance with the conditions attached to student/staff visas;
· The Student Loans Company in connection with grants, fees, loans, and bursaries;
- The courts, the police and other organisations with a crime prevention or law enforcement function (subject to meeting the conditions of Section 29 of the DPA Data Protection Act);
- Local authorities for the purposes of assessing and collecting council tax.
- Employers who request a reference from the College (for relevant staff and students).
- Internal examiners for examination, assessment and moderation purposes;
This acceptable use policy sets out the content standards that apply when you upload content to our website and moodle, make contact with other users on our site, link to our site, or interact with our Site in any other way. Also, this policy covers the usage of IT equipment within the College premises.
Website and IT Equipment Usage Policy
PLEASE READ THE TERMS OF THIS POLICY CAREFULLY BEFORE USING THE SITE
This acceptable use policy sets out the content standards that apply when you upload content to our Site, make contact with other users on our site, link to our site, or interact with our Site in any other way,
To contact us, please se below
We recommend that you print a copy of these terms for future reference.
Terms and Condition
You may use the Site, only for lawful purposes. You must not use the Site:
· In any way that breaches any applicable local, national or international law or regulation.
· In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect.
· For the purpose of harming or attempting to harm minors in any way
· To send, knowingly receive, upload, download, use or re-use any material that does not comply with Content Standards.
· To transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam)
· To knowingly transmit any data, send or upload any material that contains viruses or any other computer code, programmes or files designed to destroy, interrupt or limit the functionality of any computer, computer software or hardware or telecommunications equipment.
You also agree:
· Not to reproduce, duplicate, copy or re-sell any part of our site in contravention of these terms
· Not to access without authority, interfere with, damage or disrupt:
· any part of our Site;
· any equipment or network on which our Site is stored;
· any software used in the provision of our Site; or
· any equipment or network or software owned or used by any third party.
Intellectual property rights
The is the licensee/owner of all intellectual property rights in the site and in the material published on it, those works are protected by copyright and such rights are reserved to them. You may not use any photographs, video or audio sequences or any graphics separately from any accompanying text.
Any kind of direct or indirect commercial use of the site material is prohibited.
When we consider that a breach of this acceptable use policy has occurred, we may take such action as we deem appropriate.
Failure to comply with this policy constitutes a material breach of the terms upon which you are permitted to use our site, and may result in our taking all or any of the following actions:
· Immediate, temporary or permanent withdrawal of your right to use our site or IT Equipment.
· Immediate, temporary or permanent removal of any Contribution uploaded by you to our site.
· Issue of a warning to you.
· Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
· Further legal action against you.
· Disclosure of such information to law enforcement authorities as we reasonably feel is necessary or as required by law.
We exclude our liability for all action we may take in response to breaches of this acceptable use policy. The actions we may take are not limited to those described above, and we may take any other action we reasonably deem appropriate.
If you are a consumer, please note that the terms of this policy, its subject matter, and its formation are governed by English law. You and we both agree that the courts of England and Wales will have exclusive jurisdiction except that if you are a resident of Northern Ireland you may also bring proceedings in Northern Ireland, and if you are resident of Scotland, you may also bring proceedings in Scotland.
If you are a business, the terms of this policy, its subject matter and its formation (and any non-contractual disputes or claims) are governed by English law. We both agree to the exclusive jurisdiction of the courts of England and Wales.
· As part of our prevent duty we will be monitoring all users and liaise with relevant authorities where it is necessary. Please see our website for further information related to Prevent.
· User of IT Equipment
· Staff, teachers, and students are not allowed to connect to their personal devices using College PCs and Laptops or any devices does not belong to Mont Rose College e.g remote desktop or any third party software any electronic devices.
· Teachers are not allowed to use their personal computers within College premises providing that they have been given a PC or Laptop to work with.
Mont Rose College of Management and Sciences
267 Cranbrook Road, Ilford, Greater London
Phone: 020 8556 5009
The purpose of this policy is to confirm that proper procedures are in
place for the processing and management of personal data. The DPO has
specific responsibility for data protection compliance. All teaching or
non-teaching staff understand that their responsibility when processing
personal data and that method of handling that information is clearly
understood. A supportive environment and culture of best practice
processing of personal data are provided for staff and individuals
should be fully aware of who to who to contact, where to submit the
request and fully aware of rights of other individuals as well. Staff
know that Subject Access Requests and other relevant requests need to
be dealt with punctually and courteously and individuals need to be sure
that their personal data is processed in accordance with the data
protection principles, that their data is secure at all times and safe
from unauthorised access, alteration, use or loss and also that other
organisation with whom personal data needs to be shared or transferred,
meets compliance requirements. Any new systems being implemented are
assessed (if necessary a Data Protection Impact Assessment) to determine
whether they will hold personal data, whether the system presents any
privacy risks, damage or impact to individuals’ data and that it meets
this policy’s requirements
Data Management Policy
Data Protection Officer (DPO): Mr. Ali Fraz Khan
The objective of the Policy
The purpose of this policy is to confirm that proper procedures are in place for the processing and management of personal data. The DPO has specific responsibility for data protection compliance. All teaching or non-teaching staff understand that their responsibility when processing personal data and that method of handling that information is clearly understood. A supportive environment and culture of best practice processing of personal data are provided for staff and individuals should be fully aware of who to who to contact, where to submit the request and fully aware of rights of other individuals as well. Staff know that Subject Access Requests and other relevant requests need to be dealt with punctually and courteously and individuals need to be sure that their personal data is processed in accordance with the data protection principles, that their data is secure at all times and safe from unauthorised access, alteration, use or loss and also that other organisation with whom personal data needs to be shared or transferred, meets compliance requirements. Any new systems being implemented are assessed (if necessary a Data Protection Impact Assessment) to determine whether they will hold personal data, whether the system presents any privacy risks, damage or impact to individuals’ data and that it meets this policy’s requirements
The data protection principles and individual rights
The General Data Protection Regulation (GDPR) covers six “Data Protection Principles” set out in Article 5. These specify that personal data must be:
1. Processed lawfully, fairly and in a transparent manner in relation to individuals
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
3. Adequate, relevant and limited to what is necessary for relation to the purposes
4. Kept in a form which permits identification of data subjects for no longer than is necessary;
5. Processed in a manner that ensures adequate security of the personal data using appropriate technical or organisational measures.
6. Accurate and, where necessary, kept up to date;
Article 5(2) also sets out an overarching accountability principle ‘the controller shall be responsible for, and be able to demonstrate, compliance with the principles.’
Individual rights are set out in a separate part of the GDPR. In brief, the GDPR provides the following rights for individuals:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.
Scope of Policy
· This policy has been written within relevant ICO guidelines.
· Definitions and terms used in relation to the GDPR can be found at https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
· This policy applies to all personal data and special categories of data (sensitive personal data) collected and processed by Mont Rose College of Management and Sciences in the code of conduct of its business, in electronic in any medium and within the paper filling
· This policy applies to all College employees, whether permanent, temporary, contractor, students, teaching staff, non-teaching staff, consultants, and apprentices.
To fulfill the requirements of data protection principles and individual rights set out in the GDPR, the College follows the following values when processing personal data:
4.1 Fair Collection and Processing.
§ The particular conditions contained in Article 6 and 9 of the GDPR regarding the fair collection and use of personal data will be complied with.
§ Individuals will be made aware that their information has been collected, and the intended use of the data specified either on collection or at the earliest opportunity following collection through relevant privacy notices
§ Personal data will be collected and processed only to the extent that it is needed to fulfill business needs or legal requirements.
§ Personal data held will be kept up to date and accurate, where necessary.
§ Retention of personal data will be valued and risk assessed to determine and meet business needs and legal requirements, with the appropriate retention schedules applied to that data.
§ Personal data will be processed in accordance with the rights of the individuals about whom the personal data are held.
§ It is important that you determine a lawful basis for processing any personal data and document this. This becomes more of an issue under the GDPR because the lawful basis for processing has an effect on individuals’ rights. A ‘cease processing request’ from an individual will be acknowledged within 3 working days, with the final response within 21 days. The final response will state whether the College intends to comply with the request and to what extent, or will state the reasons why it is felt the requestor’s notice is unjustified.
§ Staff will advise the Data Protection Officer in the event of any intended new purposes for processing personal data. The DPO may then arrange for a Data Protection Impact Assessment to be conducted
· Suitable technical, organisational and administrative security measures to safeguard personal data will be in place.
· This policy relates to had copy material as well as electronic data
· Hard copy data will be kept secure under lock and key
· Staff will report any actual, near miss, or suspected data breaches to the DPO for investigation. Lessons learned during an investigation of breaches will be relayed to that processing information to enable necessary improvements to be made.
· A breaches policy is attached and the DPO will follow that policy in the event of a breach
· Any authorised use of corporate email by staff, including sending of sensitive or personal data to unauthorised persons, or use that brings the College into disrepute will be regarded as a breach of this policy.
· Relevant Data Protection Awareness Training will be provided to staff to keep them better informed of relevant legislation and guidance regarding the processing of personal information. Data protection training will also promote awareness of the College’s data protection and information security policies, procedures and processes. Staff are strongly encouraged to complete this training this training during induction and subsequently on an annual basis.
· Relevant Data Protection Awareness Training will be given to staff to keep them better educated of applicable enactment and direction in regards to the handling of individual data. Information insurance preparing will likewise advance consciousness of the College's information assurance and data security approaches, techniques and procedures. Staff is firmly urged to finish this preparation this preparation amid acceptance and along these lines on a yearly premise.
4.3 Sharing and disclosure of personal information
· The College shall routinely make certain personal information publicly available. For an example include publication of degree results in graduation booklets, contact details on the website etc. The College will undertake to cease such activity, where possible, for any data subject on the grounds of such disclosure causing damage and distress on application to, and agreement by, the Data Protection Officer.
· Regular information sharing with third parties, where there is a valid business reason for sharing information, shall be carried out under a written agreement setting out the scope and limits of sharing. Data processing Agreements will be applied to all contracts and management agreements where the College is the data controller contracting out services and processing of personal data to third parties (data processors). These agreements will clearly outline the roles and responsibilities of both the data controller and the data processor. A log of data processing agreements will be kept in the attached format
· Data processors shall agree to follow to this policy and the GDPR as far as possible, assure the College against any prosecution, claim, proceeding, action or payments of compensation or damages without limitation and provide any personal information specified on request to the Data Protection Officer.
· All relevant privacy notices the College will inform individuals of the identity of third parties to whom we may share, disclose or be required to pass on information to while accounting for any exemptions which may apply under the GDPR and other relevant legislation.
· Personal data will not be transferred outside the European Economic Area unless that country or territory can ensure a suitable level of protection for the rights and freedoms of the data subjects in relation to the processing of their personal data. The DPO shall be consulted before any data is sent outside of the EU
· Only where it is required member of staff will have access to personal data and Staff should also be aware that in the event of a Subject Access Request being received their emails may be searched and relevant content disclosed, whether marked as personal or not.
· A relevant contact address will be made available on the internet for data subjects to use should they wish to submit a Subject Access Request, make a comment or complaint about how the College is processing their data, or about our handling of their request information. A log of Access Requests in the attached format will be kept
· In the event of a Subject Access Request, the attached procedure will be followed
· Until their identity has not been verified data subject personal information will not be disclosed to them.
· Third party personal data will not be released by Mont Rose College of Management and Sciences when responding to a Subject Access Request or Freedom of Information request (unless consent is specifically obtained, obliged to release by law or necessary in the substantial public interest)
· All data subjects have a right of access to their own personal data. Advice will be provided to data subjects on how to request or access their personal data held by the College.
· Please see the template on our website.
5. Data Protection responsibilities
College as a corporate body
Board of Directors
Ultimately responsible for compliance with the GDPR.
Data Protection Officer (Ahmar Adnan) firstname.lastname@example.org with assistance from the Risk Assessment (Ali Fraz Khan) email@example.com
Maintain the College notification with the ICO.
Advise staff on data protection compliance.
Coordinate responses for subject access requests.
Report any personal data breaches to the ICO/police as appropriate.
Issue data sharing guidance and oversee data sharing agreements between the College and third parties
Develop, administer, disseminate, review and support the application of this policy.
Nominated processor for all post sent to and within the College.
Compliance with data protection legislation and with the principles set out in this policy.
Be familiar with and comply with the policy.
Ensure that information provided in connection with employment is up-to-date and accurate.
Observe and comply with the data protection principles and individuals data protection rights.
Bring queries and issues around data protection to the attention of the Information Governance Officer.
Do not attempt to gain access to information that is not necessary to hold, know or process.
Report subject access and other requests to the Information Governance staff.
Note that unauthorized disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases. It may also result in a personal liability for the staff member as there is provision within the legislation to prosecute individuals for certain offenses.
Are familiar with and the policy and comply where necessary.
Ensure that personal information provided is up-to-date and accurate.
Observe and comply with the data protection principles and individuals data protection rights.
Note that unauthorised disclosure of personal data will usually be a disciplinary matter.