What are you looking for?

Data Protection Policy

  1. Home
  2. Data Protection Policy

Effective as of July 1, 2024.

1. General Statement of Policy

Bradford School of Business and Care is committed to protecting the personal data of its employees, students, board members, and all individuals associated with the organisation. This policy ensures compliance with the UK Data Protection Act 2018, the General Data Protection Regulation (GDPR), and other relevant legislation.

The policy outlines how personal data is collected, processed, stored, and shared in a fair, lawful, and secure manner. BSBC’s designated Data Controller ensures compliance with the Data Protection Principles, providing oversight for all data protection practices across our London Headquarters and BSBC Campus in Bradford.

2. Aim of the Policy

The aim of this policy is to:

  • Ensure the fair and lawful processing of personal data in compliance with the Data Protection Principles.
  • Safeguard the data protection rights of individuals associated with BSBC.
  • Provide confidence in BSBC’s ability to securely manage personal data.
  • Ensure all staff understand their responsibilities concerning data protection.

3. Policy Objectives

  • Ensure compliance with the Data Protection Act 2018 and GDPR for lawful and transparent data processing.
  • Safeguard the confidentiality, integrity, and security of personal data against unauthorised access or misuse.
  • Protect individuals’ data privacy rights, enabling access, correction, or deletion of their information as required.
  • Process personal data solely for specified, legitimate purposes and retain it only as long as necessary.
  • Provide staff with clear guidance and training to maintain high standards of data protection.

4. Policy Guidelines

4.1 Data Protection Principles

BSBC adheres to the following principles for processing personal data:

  • Data is processed fairly, lawfully, and transparently.
  • Data is collected for specific, legitimate purposes and not further processed for incompatible purposes
  • Data collected is adequate, relevant, and limited to what is necessary.
  • Data is accurate and kept up-to-date.
  • Data is retained only as long as necessary for its intended purposes.
  • Data is processed securely to prevent unauthorised access, loss, or damage.
  • Data is accessible only to authorised personnel.

4.2 Rights of Individuals

BSBC ensures that individuals can exercise their rights regarding their personal data, including the rights to:

  • Be informed about the data held and its processing.
  • Access their personal data.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure of data ("right to be forgotten").
  • Restrict or object to data processing.
  • Request data portability.
  • Avoid automated decision-making and profiling

4.3 Data Processing Activities

BSBC processes personal data to:

  • Deliver education, training, and support services, including accommodation and travel.
  • Ensure student welfare and safeguarding.
  • Maintain accounts and administrative records
  • Manage employment and staff welfare.
  • Enhance security through CCTV monitoring.

4.4 Information Sharing

BSBC may share personal data with authorised parties, including:

  • Education, training, and examination bodies.
  • Healthcare professionals and welfare organisations.
  • Government authorities, police, and courts where legally required.
  • Suppliers and service providers under secure conditions.

Any sharing of data will comply with legal requirements and be limited to the intended purpose.

4.5 Data Transfers

In cases where personal data needs to be transferred internationally, BSBC ensures such transfers comply with GDPR, using secure methods and ensuring data protection standards are upheld in the receiving country.

4.6 Data Security

BSBC implements technical and organisational measures to secure personal data, including:

  • Password-protected systems and encrypted databases.
  • Secure filing cabinets for physical records.
  • Regular audits of data storage and handling practices
  • Access controls to restrict data to authorised personnel only.

4.7 Awareness

  • Information on data protection practices will be included in staff induction and handbooks.

5. Responsibilities:

5.1 Board of Directors

The Board is responsible for appointing a Data Controller and ensuring compliance with data protection laws.

5.2 Data Controller

The Data Controller oversees all data protection matters, including:

  • Ensuring compliance with GDPR and the Data Protection Act.
  • Responding to subject access requests and data rectification or erasure requests.
  • Investigating data breaches and reporting them as required.
  • Providing regular updates and reports to the Board.

5.3 Staff

All staff are responsible for:

  • Adhering to data protection principles and this policy in their daily activities.
  • Reporting any suspected data breaches or inaccuracies immediately.
  • Following organisational procedures for handling and storing personal data.

Disciplinary action may be taken against employees who fail to comply with this policy.

6. Monitoring and Review

This policy will be reviewed annually to ensure continued compliance with data protection laws and best practices. Updates will be communicated to all staff and relevant stakeholders.

Contacting Us

Please do not hesitate to contact us regarding any matter relating to this Data Protection Policy via email at support@bsbc.co.uk