Search

Find a course for you

All courses A-Z
All subjects

GSM London Privacy Statement

GSM London Privacy Statement

This Privacy Policy statement explains the data processing practices of GSM London, ‘The College’ (as GSM London may also be referred to from here on in) takes the privacy of its users seriously. We are committed to safeguarding the privacy of our users while providing a personalised and valuable service. Any personal information you give to us will be processed in accordance with the European General Data Protection Regulations (GDPR) and other associated information governance legislation.

GSM London is a registered “Data Controller” with the Information Commissioner’s Office (ICO), the ICO are the independent authority which oversees compliance with Data Protection and other associated information governance legislation. Above this statement are our registration details, by viewing the register you can view what personal data any registered data controller is processing as well as a description of their processing purposes.


Use of Cookies and Other Tracking Devices
We use cookies to offer you a better experience and send our online advertising messages in line with your preferences. Consult the Cookie Policy to find out more, to know which cookies are used and how to disable them and/or to withhold your consent. By closing this banner or continuing to browse, you consent to the use of cookies.

The College uses technology on the registration, application and enquiry pages of our website, which may record user movements, including page scrolling, mouse clicks and text entered. The data we collect in this way helps us to identify usability issues, to improve the assistance and technical support we can provide to users and is also used for aggregated and statistical reporting purposes.

We also use information in aggregate form (so that no individual user is identified by name):

  • to build up marketing profiles (Not directing marketing to individuals)
  • to aid strategic development
  • to manage our relationship with advertisers
  • to audit usage of the site

This information is not collected, stored or used to market directly individuals.

Links to Third Party Websites
The College takes reasonable precautions wherever possible to make sure that other organisations who we deal with have good data processing and security practices, however, it must be stated that we are not responsible for the privacy practices of those organisations whose websites may be linked to our service.

Security Policy
The College have in place technical, administrative and physical safeguards designed to ensure that our users' information and data is protected against unauthorised access or use, alteration, unlawful or accidental destruction and accidental loss.

Transfer of Data outside of the European Economic Area (EEA)
Information collected by, and provided to The College is generally stored within servers or cloud based systems located within the European Economic Area (EEA). This means that any information stored within these member states of the EEA or any approved states or territories, will safe guard and process any information held to the agreed standards and requirements of the General Data Protection Regulations.

There may be times when a need arises for information to be stored outside of the EEA or other approved territories. If the need occurs to transfer information outside the EEA, The College will take measures to ensure that the appropriate levels of security are in place to protect your privacy rights.

These measures include:

  • Undertaking a Privacy Impact Assessment (PIA) and other relevant evaluations of the transfer activities;
  • Ensuring that any relevant parties involved in the transfer process sign up to a Data Processing Contract (DPC) or other suitably recognised contractual formats placing obligations on them obligations on them to ensure the secure and lawful processing of any personal information received, and;
  • Reviewing whether the receiving organisations home country or territory are subscribed to approved international privacy frameworks such as the USA’s Privacy shield.

Children Under 14
We do not intentionally collect any information on children under 14 years of age. We will undertake to delete any details of such users where a parent or guardian has notified us that any such details have been obtained.

Further Information and Contact Details
For any queries or additional information relating to Data Protection or The General Data Protection Regulations, please contact our Data Protection Officer on the contact details below.

E-mail: data.protection@gsmlondon.ac.uk
Address: Data Protection Officer, GSM London, Meridian House, Royal Hill, London, SE10 8RD

Changes to This Statement
This privacy statement is effective from the 18th of May 2018 From time to time we may make changes to this privacy statement to reflect any changes to our privacy practices (following an internal review) or in accordance with changes to legislation, best practice or website enhancements.

Data Subject Rights
The College complies with the General Data Protection Regulations data under which subjects will have more control on how their personal data is processed, the following is a list of those rights:

  • Rights to information about how your personal data is processed
  • Rights to access your personal data (aka Subject Access Request, SAR)
  • Rights to rectification of inaccurate data
  • Rights to erasure
  • Rights to object to processing
  • Rights to restriction of processing
  • Rights to data portability
  • Rights related to automated decision making

If you have any questions or queries relating to these rights or wish to exercise them, then please contact our Data Protection officer data.protection@gsmlondon.ac.uk.

If you have any reservations or complaints as to how your data may be being processed, you can raise this with The Colleges Data Protection Officer for a review. Alternatively you can contact the Information Commissioner’s Office (ICO) for further information, advice or to make a complaint directly via their website https://ico.org.uk/.

This document was last updated on 22 May 2018

Student/ Alumni Privacy Notice

Statement for Students/ Alumni
This Privacy Policy statement explains the data processing practices of The College in relation to our students and our Alumni. If you have any requests concerning your personal information or any queries with regard to these practices please contact our Data Protection Officer by e-mail at data.protection@gsmlondon.ac.uk.

Use of Student Personal Information
The College will process your personal information for a range of contractual, statutory or legitimate interest purposes.

The College considers the processing of obtained personal data to fall under lawful basis such as; for the performance of our contractual obligations with you (e.g. to facilitate and deliver your education), or necessary for compliance with a legal obligation (e.g. statutory reporting purposes), or necessary for the pursuit of the legitimate interests of The College or an external organisation (e.g. to enable your access to external services) or in an individual’s vital interests (e.g. in a medical emergency).

If we require your consent for any specific use of your personal information, such as for ‘wellbeing’ or internal marketing services we will collect it at the appropriate time and you can withdraw this at any time. We will not use your personal information to carry out any wholly automated decision-making that affects you.

Uses of your personal information include:

  • To process applications, registrations and enquiries;
  • To facilitate and deliver your education, record the details of your studies and attendance (including any placement or permanent role with external organisations if relevant) and determine and record any course work, assignments and any examinations you undertake;
  • To manage the academic processes (including teaching, exam board meetings, and awarding degrees);
  • To administer the financial aspects of your relationship with us and any funders;
  • To provide advice and support (through Student Services, the Careers Service, etc.);
  • To provide you with a personalised service (including IT user and library accounts etc.) To enable your participation at events (e.g. functions, graduation);
  • To enable effective communications with you or those you authorise us to communicate with on your behalf;
  • To operate security (including CCTV);
  • To administer governance, disciplinary (including plagiarism and academic misconduct), complaint, audit and quality assurance processes and arrangements;
  • To compile statistics and conduct research for internal and statutory reporting purposes;
  • To facilitate and deliver our Alumni services;
  • To enable us to contact others in the event of an emergency (we will assume that you have checked with the individuals before you supply their contact details to us).

Sharing of Student Personal Information
Disclosure of your Personal Information

Information about you may be disclosed to other organisations as required by law, for crime prevention or detection purposes, in the legitimate interests of the college, or in order to comply with any legal or statutory obligations placed on us such as our obligations as a sponsor of migrants by the Home Office.

Disclosures will also be made by The College as outlined below:

  • To sponsors, government agencies and present or potential employers. One such body is the Home Office (for international students) and the Higher Education Statistics Agency (HESA); further information about the uses for which HESA processes personal data can be found on the HESA website at http://www.hesa.ac.uk/collection-notices/
  • Your contact details may also be passed to the Higher Education Funding Council (HEFCE) or its agents for the purpose of administering the national student survey, and to GSM's agents for the purpose of administering our own surveys;
  • To our student union for the purpose of providing students with automatic access to our Students' Union and their services;
  • Sector agencies such as UCAS;
  • Where a programme of study leads to a qualification recognised by a professional body GSM will disclose relevant information to that body;
  • Statements of student status will be provided on request to Council Tax Registration Officers;
  • To the Student Loans Company;
  • To debt collection agencies acting on behalf of GSM London in the event that you owe money to GSM London;
  • Release of results to former schools/colleges;
  • Names will be included in pass lists;
  • Crime and taxation - the College may share your personal data where this is for the purposes of detecting or preventing crime or taxation purposes (e.g., eligibility for council tax exemptions);
  • Outsourcing - GSM London may outsource some of its processes and provide students' personal data to third party companies for these purposes.

Your GSM London email address will not be made available via any type of internal address book or look up facilities, however please note that any individuals that you have mailed from your assigned account will then have your GSM email address.

Personal Information Processed After Graduation
After graduating from GSM London we retain a core record of your studies indefinitely so that the details of your academic achievements can be confirmed. These details are also used for statistical and historical research.

We will keep your information only for as long as we need it to provide you with the goods, services, or information you have required, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with you after you have asked us not to. When we no longer need information we will always dispose of it securely in line with the colleges ‘Destruction Policy’.

Right to Access
Whilst you are a current student at The College you are still eligible to obtain certain information about yourself via the subject access route.

However, you may be able to obtain certain information via the databases that you use within the college on a daily basis, in order to minimise any possible wait resulting from making a ‘Subject Access Request’ you may wish to see what you are able to access yourself first and avoid any delays you may incur via the ‘Subject Access’ route.

Retention and Disposal of Your Personal Information
The information you provide to us may be archived or stored periodically by us according to backup processes and will only be retained for as long as is required for the purposes for which it was collected and will only be held in line with The College’s retention schedule.

Any information that falls out of its legitimate period retention and does not have a lawful basis, legitimate or statutory reason to be retained will be destroyed in line with The College’s destruction and disposal guidance.

Further Information and Contact Details
For any queries or additional information relating to Data Protection or The General Data Protection Regulations, or your rights as a data subject please contact our Data Protection Officer on the contact details below.

E-mail: data.protection@gsmlondon.ac.uk
Address: Data Protection Officer, GSM London, Meridian House, Royal Hill, London, SE10 8RD

GSM London is a registered “Data Controller” with the Information Commissioner’s Office (ICO), the ICO are the independent authority which oversees compliance with Data Protection and other associated information governance legislation. The GSM London Data Protection Registration Number is Z745611X.

Staff Privacy Notice

Statement for Staff
This Privacy Policy statement explains the data processing practices of GSM London in relation to our staff. If you have any requests concerning your personal information or any queries with regard to these practices please contact our Data Protection Officer by e-mail at data.protection@gsmlondon.ac.uk.

Use of Staff Personal Information
Your personal information is created, stored and transmitted securely in a variety of paper and electronic formats which are processed and governed in accordance with the General Data Protection Regulations (GDPR), as well other associated legislation and in house policies on information governance. Access to your personal information is limited to staff who have a legitimate interest in it for the purpose of carrying out their contractual duties. It is used for a range of purposes:

  • To administer Human Resources (HR) processes including those relating to performance/absence management, disciplinary issues and complaints/grievances;
  • To assess an individual's qualifications and suitability for a particular job or task;
  • To administer the Performance and Development Review (PDR) process;
  • To establish an employee's learning and career development requirements;
  • To support you in implementing any health-related adjustments to allow you to carry out a particular role or task;
  • To support your training, health, safety, welfare and religious requirements;
  • For remuneration, payroll, pension administration, life assurance and benefits;
  • To operate security (including CCTV), governance, audit and quality assurance arrangements;
  • To manage an employee's interactions with the various facilities and services offered by The College;
  • To support the preparation of statistics for various purposes such as internal reporting or as required by law, in particular and statutory reporting purposes;
  • To enable us to contact others in the event of an emergency (Please note, it is your responsibility to check with the individuals before you supply their contact details to us).

The College has determined that the processing of any obtained personal data is in line with lawful basis for processing set out in the General Data Protection Regulations as follows; for the performance of our contractual obligations with you (e.g. to manage your employment contract), or necessary for compliance with a legal obligation (e.g. equal opportunities monitoring), in the legitimate interests of the college (e.g. statutory or internal reporting), or in an individual’s vital interests (e.g. in a medical emergency).

If we require your consent for any specific use of your personal information, such as for in an instance when various additional/ promotional offers are available to staff; we will request it at the appropriate time and you can withdraw your consent at any time.

We will not use your personal information to carry out any wholly automated decision-making that affects you.

Information Used to Support Internal and Statutory Reporting and Auditing
In order for The College to meet statutory requirements that it is obligated to fulfil it may require the use of personal data provided by members of staff, this could be; to monitor performance, meet statutory reporting requirements, or maintain & monitor policies.

When data is used for the purposes described in this notice, steps are taken to ensure that information provided to The College by staff is handled with the strictest confidence. Only those with a relevant need to know or handle the data are permitted too. If this data can fulfil a reporting purpose by being aggregated and made non-identifiable then The College will strongly consider this option.

Changes to Personal Details and Maintaining Data Accuracy
In order to help keep the information that The College holds on staff both as an employer and as a ‘Data Controller’, staff are advised to periodically review information they have direct access to or receive frequent communications from such as payroll e-mails, or held on systems such as CADS or the Sage HR system in order to ensure that the accuracy of their data is maintained.

If any inaccuracies are found you can directly ask the relevant system or departmental administrator to update these (it may be that in some cases evidence is required such as a marriage certificate to supplement a change of name).

Queries and Further information
If staff wish to review any of the current internal policies and guidance’s so they are aware of their own and The Colleges responsibilities towards the data it processes then they can view them on the Data Protection & Information Security intranet page http://gsm-connect/intranet/Site/view.cfm?pageID=2000047

For any queries or additional information relating to Data Protection or The General Data Protection Regulations, or your rights as a data subject please contact our Data Protection Officer on the contact details below.

E-mail: data.protection@gsmlondon.ac.uk
Address: Data Protection Officer, GSM London, Meridian House, Royal Hill, London, SE10 8RD

GSM London is a registered “Data Controller” with the Information Commissioner’s Office (ICO), the ICO are the independent authority which oversees compliance with Data Protection and other associated information governance legislation. The GSM London Data Protection Registration Number is Z745611X.