Data protection for parents, students and staff

We take the recording and use of personal data very seriously. We have provided this statement to ensure all students, parents and staff are aware of how we process, store and use any personal data supplied to us by participants in our programmes, events and activities.

All data is processed and stored in accordance with the Data Protection Act 1994 and is only viewed by those who have received training in data protection policies. Any personal data provided is stored in a secure location and all electronic records are password protected to ensure limited access by personnel.

Personal data is stored on our data management system, the Higher Education Access Tracker. This system is a secure online portal that enables us to keep all participant and activity in pone centralised location.

As part of ensuring we are transparent and fair in the way we collect and store data, we have created and published the Privacy Impact Assessment below:

 HEAT Privacy Impact Assessment

1.       The objectives of information use

Internal monitoring of activity numbers

Internal monitoring of targeting efficiency

External monitoring of the effectiveness of student targeting

External monitoring of the effectiveness of schools targeting

External tracking of student journey through school, FE and HE

External tracking of UCAS and HESA choices to inform impact

2.       The need for personal data collection and storage

Need to collect and store personal data on students involved in intensive WP activity to enable tracking through UCAS and HESA, and potentially between different HE institutions. Also required for purposes of reporting to Hefce and OFFA on meeting Access Agreement targets in WP. Essential personal data includes first name, surname, date of birth, gender and domicile postcode.

Data needs to be stored to ensure records are retained for tracking purposes both internally for the Learner Progression Framework into Sussex and externally for HE destinations. Data on permission to be stored to provide evidence of permission given by student (and parent where applicable) for future reference.

3.       An explanation of data flow – how it will be used, including data sharing

Data will be input from paper forms onto a central spreadsheet in the Widening Participation office files area. This file will be password protected. Access to this spreadsheet will be restricted to the Widening Participation team and designated ambassadors doing administration work for the department.

This data will then be uploaded onto a secure online database (Higher Education Access Tracker) and can only be accessed by allocated users at the institution and the central team at HEAT. Only data necessary for the programme will be stored on this record, unless permission has been explicitly sourced.

The HEAT central team have data sharing agreements in place between the University and HESA (UCAS agreement in process) to process student data to illustrate destinations of students in Higher Education – this sharing of data is included in the data protection statement signed by the student/parent.

4.       Clearly identified privacy risks addressing fairness to subject and security

Risk of unauthorised person viewing paper files

Risk of unauthorised person viewing electronic files

Risk of storing sensitive data

Risk of data stored without correct permissions held

5.       How risks of data protection breach are minimised – identifying potential breach areas and process in place to reduce occurrence

All paper files will only be handled by authorised members of staff and will be kept in a secure file when waiting to be entered onto the system and when they have been entered for retention purposes. Archived files will be kept in a locked cupboard for a period of time long enough to cover the full student life cycle and/or when the student destination data has been released. This will have been fully conveyed to the participant and forms part of the permission given.

Processes will be formally put in place for data collection and recording to ensure that permission is always checked and is manually flagged on the internal spreadsheet to reduce the chances of data being stored without permission.

Sensitive data, such a specific details about medical conditions and criminal records, will be sought for the purposes of health and safety and safeguarding but will not be recorded on the HEAT database, as it does not form part of any monitoring and tracking requirement.

 If you have any queries relating to the above statement or how your own data has been stored and used, please contact the following details: