Learner
Tutor 
Agent 
English| LIFFEY COLLEGE | |
| Policy Area | Data Protection and Security |
| Policy Title | Data Protection Policy |
| Version: 1 | Date: November 2024 |
| Responsible • Board of directors • Centre Director • Staff • QA Director | Evidence • Records relevant to individuals • Documentation on changes and additions to this policy • Security guidelines |
| Monitoring Frequency | Annually |
| Purpose This policy was formulated by the Board and management of Liffey College. The purpose of the policy is to identify all manual and electronic personal data required to be collected and retained by the college; and to ensure that an effective management system for the collection and retention and processing of personal data is in place so the college complies with requirement of the Data Protection Act, 1988 and Data Protection (Amendment) Act, 2003 and GDPR. | |
| Data Protection Guidelines Individual Data rights under GDPR Data will be held and processed in acknowledgement of Individual rights under GDPR – Individual’s rights include: • the right to be informed; • the right of access; • the right to rectification; • the right to be forgotten; • the right to restrict processing; • the right to data portability; • the right to compensation and liability Scope of this policy The policy applies to the collection, recording and processing of personal data, either in manual and or electronic form; including personal data held on college community, including tutors, learners, management and other persons providing services within the college. Rationale for this policy A policy on data protection is necessary to ensure that the college has proper procedures in place in relation to accountability and transparency for the collection, recording and processing of personal data: • It is good practice to collect and record tutor and learner progress so as to identify learning and development needs • The college recognised the importance of collecting and recording factual information accurately and storing it safely; • To retain update information to facilitate and enable the management of the college to make decisions in respect of the efficient and effective running of the college. • A policy is necessary to ensure a college complies with all relevant legislation • To promote openness and co-operation between tutors, learners and management as a means towards providing a caring environment through which all can develop The goals of this policy • The goals of this policy are: • To ensure that the college complies with the Data Protection Act(s) To ensure compliance by the college with the eight rules of data protection as set down by the Data Protection Commissioner based on the Acts • To ensure that the data protection rights of the college community are safeguarded • To put in place a proper collecting, recording and reporting framework on the progress of tutors, learners and management within the college • To establish clear guidelines on making these records available to all within the college • To stipulate the length of time personal data will be retained Records collected Liffey College needs to collect and utilise certain personal data that it collects about individuals including but not limited to the following: • Customers and Citizens • Suppliers • Business Contacts • Employees The personal data records collected and held by the college may include: Staff records: • These can include, among others: – Name, address and contact details, PPS number – Original records of application and recruitment Record of promotion – Details of approved absences – Details of work record (qualifications, classes/levels taught, etc.) – Details of complaints and/or grievances including consultations or competency discussions, action/improvement/evaluation plans and record of progress. • The reason for holding this information is: – To facilitate the payment of staff and to calculate other benefits / entitlements – To facilitate pension payments in the future, a record of promotions made – The management and administration of college business (now and in the future) – Human resources management – To enable the college to comply with its obligations as an employer including the preservation of a safe, efficient working and tutoring environment (including complying with its responsibilities under the Safety, Health and Welfare at Work Act. 2005) – For compliance with legislation relevant to the college Learner Records • These may include the following, which may be used to help the learner develop to their full potential: – name, address and contact details – names and addresses of parents/guardians and their contact details – religious belief – racial, ethnic or national origin – membership of the Traveller community, where relevant – Any relevant special conditions (e.g. special educational needs, health issues etc.) which may apply – Information on previous academic record / report cards – Diagnostic tests reports – Portfolios of pupils’ work – Attendance Records Academic record – Photographs and recorded images of students are taken to celebrate college outings or personal achievements – Records of significant achievements – Records of disciplinary issues and/or sanctions imposed – Other records e.g. records of any serious injuries/accidents etc. Additional data processed, may include, the minutes of board of management/ management/committee meetings and correspondence to these bodies, this may include references to particular individuals. Liffey College may hold some or all of the following information about creditors/suppliers/tradespeople (some of whom may be self-employed individuals): • Name • Address • Contact details • PPS number • Tax details • Bank details • Amount paid The keeping of these records is to facilitate the Is required for routine management and administration of the college’s financial affairs, including the payment of invoices, the compiling of annual financial accounts and complying with audits and investigations by the Revenue Commissioners. Arrangements for compliance 1- Obtain and process Personal Data fairly: Information on learners/tutors/staffs is generally furnished by the individuals themselves with full and informed consent and compiled during the course of their employment or contact with the college. All such data is treated in accordance with the Data Protection Acts and the terms of this Data Protection Policy. The information will be collected and processed fairly. 2- Keep it only for one or more specified and explicit lawful purposes: The college will inform individuals of the reasons they collect their data and will inform individuals of the uses to which their data will be put. All information is kept with the best interest of the individual in mind at all times. 3- Process it only in ways compatible with the purposes for which it was given initially: Data relating to individuals will only be processed in a manner consistent with the purposes for which it was gathered. Information will only be disclosed on a need-to-know basis, and access to it will be strictly controlled. 4- Keep Personal Data safe and secure: Only those with a genuine reason for doing so may gain access to the information. Sensitive Personal Data is securely stored under lock and key in the case of manual records and protected with firewall software and password protection in the case of electronically stored data. Portable devices storing personal data (such as laptops) should be encrypted and password protected before they are removed from the college premises. Confidential information will be stored securely and in relevant circumstances, it will be placed in a separate file which can easily be removed if access to general records is granted to anyone not entitled to see the confidential data. 5- Keep Personal Data accurate, complete and up-to-date: All individuals should inform the college of any change which the college should make to their personal data and/or sensitive personal data to ensure that the individual’s data is accurate, complete and up-to-date. Once informed, the college will make all necessary changes to the relevant records. However, records must not be altered or destroyed without proper authorisation. If alteration/correction is required, then a note of the fact of such authorisation and the alteration(s) to be made to any original record/documentation should be dated and signed by the person making that change. 6 – Ensure that it is adequate, relevant and not excessive: Only the necessary amount of information required to provide an adequate service will be gathered and stored. 7- Retain it no longer than is necessary for the specified purpose or purposes for which it was given: As a general rule, the information will be kept for the duration of the individual’s time in the college. The college may also retain the data relating to an individual for a longer length of time for the purposes of complying with relevant provisions of law and or/defending a claim under employment legislation and/or contract and/or civil law. Pay, taxation and related college personnel service records should be retained indefinitely within the college. Where litigation may potentially arise in the future (e.g. in relation to accidents/personal injuries involving college personnel/learners or accidents occurring on college property), the relevant records should be retained until the possibility of litigation ceases (Presently 2 years limitation, but no greater than 6 years). All data which is not required and has served the purpose for which it was collected will be placed in the secure shredding bin and shredded onsite. Where there is a substantial amount of shredding required the services of a licenced shredding company will be employed. 8 – Provide a copy of their personal data to any individual, on request: Individuals have a right to know what personal data/sensitive personal data is held about them, by whom, and the purpose for which it is held. Online Learning Platforms The use of appropriate online learning platforms for online tutoring and learning will be designated by the College Director. Tutors, learners and staffs are required to engage with these platforms in line with the college’s Acceptable Use of the Internet Policy. Whilst engaging in online tutoring and learning, all must adhere to the classroom rules established by the classroom tutor, particularly as it pertains to data protection. The unauthorised capturing of digital images is strictly prohibited and breaches will be dealt with by the college’s Disciplinary Policy and/or the Employee Disciplinary Procedures. Processing in line with data subject’s rights Data in this college will be processed in line with the data subjects’ rights. Data subjects have a right to: (a) Request access to any data held about them by the data controller (b) Prevent the processing of their data for direct-marketing purposes (c) Ask to have inaccurate data amended (d) Prevent processing that is likely to cause damage or distress to themselves or anyone else Individuals are entitled to a copy of their personal data on written request. • The individual is entitled to a copy of their personal data (subject to some exemptions and prohibitions set down in Section 5 of the Data Protection Act) • Know the purpose/s for processing his/her data Request must be responded to within 40 days • Where a subsequent or similar request is made soon after a request has just been dealt with, it is at the discretion of the centre director as data controller to comply with the second request (no time limit but reasonable interval from the date of compliance with the last access request.) This will be determined on a case-by-case basis. • No personal data can be supplied relating to another individual unless that third party has consented to the disclosure of their data to the applicant. • Data will be carefully redacted to omit references to any other individual and only where it has not been possible to redact the data to ensure that the third party is not identifiable would the college refuse to furnish the data to the applicant. Providing information over the phone Liffey College’ policy is not to disclose any personal data held by the college over the phone when dealing with telephone enquiries. However, where a telephone enquiry is from a recognised legitimate person, the call taker at the college will, having been authorised by the Centre Director, provide the personal data. Where personal data is provided over the phone, the call taker will make a record of the time, date and to whom the request was made and what personal data was processed. Monitoring the implementation of the policy The implementation of the policy shall be monitored by the Centre Director. At least one annual report will be issued to the board to confirm that the actions/measures set down under the policy are being implemented. Reviewing and evaluating the policy The policy will be reviewed and evaluated at certain pre-determined times and as necessary. On-going review and evaluation will take cognisance of changing information or guidelines (e.g. from the Data Protection Commissioner), legislation and feedback from the college community. The policy will be revised as necessary in the light of such review and evaluation and within the framework of college planning. Review of policy will also include consideration of the following: • College community are aware of the policy • Requests for access to personal data are dealt with effectively • Personal data records are up-to-date and accurate • Personal data records are held securely • Personal data records are retained only for as long as necessary For further information on GDPR in the Republic of Ireland, please refer to: https://www.citizensinformation.ie/en/government_in_ireland/data_protection/overview_of_general_data_protection_regulation.html | |
| © COPYRIGHT 2009 - 2025 (16 Years) | LIFFEY COLLEGE - COLÁISTE NA LIFE | ALL RIGHTS RESERVED |
English
Spanish
Portuguese
French
Turkish
Chinese (Simplified)
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu