MRC POLICIES 2018
MRC always strives to maintain the highest standards of teaching and learning.
In the event of a data breach – which we define as any circumstance when data has or might have been removed or copied and/or taken from outside of our control – the following will occur
DATA MANAGEMENT PROTECTION POLICY
Data Protection Officer (DPO): Mr. Ahmar Adnan
1. Objective of the Policy
The purpose of this policy is to confirm that proper procedures are in place for the processing and management of personal data. The DPO has specific responsibility for data protection compliance. All teaching or non-teaching staff understand that their responsibility when processing personal data and that methods of handling that information are clearly understood. A supportive environment and culture of best practice processing of personal data is provided for staff and individuals should be fully aware of who to who to contact, where to submit the request and fully aware of rights of other individuals as well. Staff know that Subject Access Requests and other relevant requests need to be dealt with punctually and courteously and individuals need to be sure that their personal data is processed in accordance with the data protection principles, that their data is secure at all times and safe from unauthorised access, alteration, use or loss and also that other organisations with whom personal data needs to be shared or transferred, meets compliance requirements. Any new systems being implemented are assessed (if necessary a Data Protection Impact Assessment) to determine whether they will hold personal data, whether the system presents any privacy risks, damage or impact to individuals’ data and that it meets this policy’s requirements
2. The data protection principles and individual rights
The General Data Protection Regulation (GDPR) covers six “Data Protection Principles” set out in Article 5. These specify that personal data must be:
Accurate and, where necessary, kept up to date;
Article 5(2) also sets out an overarching accountability principle ‘the controller shall be responsible for, and be able to demonstrate, compliance with the principles.’
Individual rights are set out in a separate part of the GDPR. In brief, the GDPR provides the following rights for individuals:
3. Scope of Policy
4. Policy Principles
To fulfil the requirements of data protection principles and individual rights set out in the GDPR, the College follows to the following values when processing personal data:
Fair Collection and Processing.
Sharing and disclosure of personal information
Please see the template on our website.;
Data Protection responsibilities
Who What College as a corporate body Data Controller Board of Directors Ultimately responsible for compliance with the GDPR. Data Protection Officer (Ahmar Adnan) firstname.lastname@example.org with assistance from the Risk Assessment (Ali Fraz Khan) email@example.com
Maintain the College notification with the ICO.
Advise staff on data protection compliance.
Coordinate responses for subject access requests.
Report any personal data breaches to the ICO/police as appropriate.
Issue data sharing guidance and oversee data sharing agreements between the College and third parties
Develop, administer, disseminate, review and support application of this policy.
Nominated processor for all post sent to and within the College.
Compliance with data protection legislation and with the principles set out in this policy.
Be familiar with and comply with the policy.
Ensure that information provided in connection with employment is up-to-date and accurate.
Observe and comply with the data protection principles and individuals data protection rights.
Bring queries and issues around data protection to the attention of the Information Governance Officer.
Do not attempt to gain access to information that is not necessary to hold, know or process.
Report subject access and other requests to Information Governance staff.
Note that unauthorised disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases. It may also result in a personal liability for the staff member as there is provision within the legislation to prosecute individuals for certain offences.
Be familiar with and the policy and comply where necessary.
Ensure that personal information provided is up-to-date and accurate.
Observe and comply with the data protection principles and individuals data protection rights.
Note that unauthorised disclosure of personal data will usually be a disciplinary matter.
INFORMATION ACCESS REQUEST PROCEDURE
If a person (Data Subject) on whom we hold data in a request to see, update, delete or take part or all of the Data we hold for them the following procedure will be followed:
The following email should be used to confirm that a request is being dealt with
On behalf of Montrose College of Management and Sciences I write to acknowledge receipt of your request for certain information on the Data we hold about you. We will deal with your application and get back you to you within one calendar month.
LETTER TO SUBJECT INFORMATION OF LOSS
Wording for letter to Data Subject in the event of a notifiable breach
Loss of Data Notification pursuant to Article 35 General Data protection Regulations We regret to have to inform you that a data security breach at our business has meant that certain of your personal data has been lost to a third party.
The Data lost is as follows:
We are not yet certain of the extent of the lost data but will inform you as soon as we are aware of
exactly what is lost and in any event within 10 working days
LETTER OF BREACH TO ICO
Wording for letter to ICO in the event of a notifiable breach
ICO Registration number: Z1116113
We write to advise you of a breach of the General Data Protection Regulations under Article 33 of the Regulations as follows:
Date of breach:
Nature of breach:
Possible effect of breach:
We are immediately looking to rectify the situation and to ensure this does not happen again
We need to provide you with certain information on the personal information we collect from you (also called “Data”) and the information below sets out how we may collect the information and use it
We take your privacy and security of any information (which, for the purposes of this Notice we will refer to as ‘Personal Data’) that you provide to us very seriously.
For the purposes of the EU General Data Protection Regulations and any subsequent UK legislation based on those Regulations (GDPR) the data controller and processor is the Mont Rose college of Management and Sciences (the College) and our Data Protection Officer is Mr. Ahmar Adnan. If you have any issues about how your data is being used he may be contacted firstname.lastname@example.org.
2. The detail
We may collect and process the following data.
Information you give to us
This is information about you that you give us by filling in forms on our Website (including the information you provide when you register to use our website, subscribe to our service, search for a product, place an order on our Website or participate in any function on our Website) or completing any forms that we have provided you with or by corresponding with us by phone, email, in person or otherwise.
To be absolutely clear this information may which is mention on our application form and enquiry form. Which available on website and in person hard copy.
We may also receive information about you from other sources including other websites that we operate or other services that we provide. We may share that data internally and combine it with data we have already collected. We will only share and combine your data so we can provide the services that you have requested. We work closely with some third parties (including, for example, business partners, sub-contractors, search information providers and DBS check). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
It is also possible that we may collect information as a result of combining certain data we have collected or which has been inferred by analytical algorithms. Any such information will only be used if we can reasonably comply with this policy
Uses that we make of the information provided
We use the information held about you in the following ways
If you provide us with information you consent to us using it as follows:
4. Our relationship with you
As set out in or referred to in our other policies and in particular our personal information use policy
5. Information we receive from other sources
We will use this combined information for purposes set out above, depending on the types of information concerned.
6. These paragraphs tell you who we will share your information with
You agree that we have the right to share your personal information with:
In particular we may disclose your personal information as follows:
7. How we will look after your personal information we have collected
8. Under GDPR you have certain rights which we set out below;
9. Outside of the European Union?
If we send your personal information outside of the EU we will always need your specific consent. Without that our policy is not to send personal information outside of the EU
EMAIL POLICY FOR STAFF AND STUDENTS
Email is used as a means of communicating official company information to staff, students and other relevant authorities, convenient, rapid, environmentally aware, and cost effective. Mont Rose College of Management and Sciences issues an email address and disk space for email storage to all staff and students. Mont Rose College of Management and Sciences also distributes email software on computer systems. This practice ensure that all staff and students have email communication readily available to them. The purpose of this policy is to set forth the rights and responsibilities of both users and providers of electronic mail for staff and students. Email facilities are provided primarily to improve communications among staff and students for matters relating to their roles within Mont Rose College of Management and Sciences. Limited use for personal and social purposes is tolerated, not such use should not become excessive.
This policy protects Mont Rose College of Management and Sciences assets and helps ensure our ability to continue business operations.
This policy applies to Student and Staff that have access to Mont Rose College of Management and Sciences
3. Use of Email
Mont Rose College of Management and Sciences uses electronic mail to communicate official Mont Rose College information of many kinds to Staff, Students and others. Staff are responsible for reading and responding to their email on a frequent and regular basis, since some official communications may be time sensitive. Mont Rose College of Management and Sciences suggests that Staff access their email account on a daily basis.
Staff need to set up an automatic out of office reply through Outlook when they are away from the College. This should include alternative contact details for urgent enquiries.
No user should send insulting, abusive, bullying, harassing , obscene, racist, sexist offensive, incitement to commit a criminal offense or threatening or which may contains any malicious code; for example virus. No information should be communicated within or outside the college which is defamatory, which brings Mont Rose College of Management and Sciences into disputes, or which violates laws.
All users must act sensibly and appropriately when using the College’s email, or computing facilities to send an email, whether internally or externally using the internet.
If anyone receive these email containing any such material, and they are concerned about this should inform relevant authority. Any user must not send an email which might bring the College into disrepute or purport to be the view of College unless they are authorised in writing to express views on behalf of the College.
Under the data protection act personal data processed for any purpose or purposes shall not be kept for longer than necessary for that purpose or those purposes. To prevent unauthorised or accidental disclosure of the information, it is essential to exercise care in its disposal, including protecting its security and confidentiality during storage, transportation, handling and destruction.
Any one Staff or Student found to be in breach of this policy may be subject to disciplinary action.
4. Email Termination
Mont Rose College of Management and Sciences retained the right to terminate email addresses allocated to the students within 90 days of completion or leaving the course. The College will not take any responsibility for any loss of data after a given period. Therefore, it is a student`s responsibility to back up their data within the given time.
For the staff upon leaving the College their email address will be terminated immediately.
HOW AND WHY DOES THE COLLEGE USE PERSONAL DATA
1. What personal data does the College collect?
The College collects personal data from students at several stages. The personal data collected is mentioned below:
Initial email/telephone enquiry
Details from application forms:
2. The College collects the following information from academic and non-teaching staff which is outlined below:
3. Sharing of personal data
Professional and Funding Bodies:
WEBSITE AND IT EQUIPEMENT ACCEPTABLE USE POLICY
1. What’s in these terms?
This acceptable use policy sets out the content standards that apply when you upload content to our Site, make contact with other users on our site, link to our site, or interact with our Site in any other way,
2. Who we are and how to contact us
www.mrcollege.ac.uk (the Site) is a site operated by Mont Rose College of
Management and Sciences (“We” or “the College”).
To contact us, please se below
By using our site you accept these terms
3. Terms and Condition
You may use the Site, only for lawful purposes. You must not use the Site:
You also agree:
4. Intellectual property rights
The is the licensee/owner of all intellectual property rights in the site and in the material published on it, those works are protected by copyright and such rights are reserved to the . You may must not use any photographs, video or audio sequences or any graphics separately from any accompanying text. Any kind of direct or indirect commercial use of the site material is prohibited.
Breach of this policy
When we consider that a breach of this acceptable use policy has occurred, we may take such action as we deem appropriate.
Failure to comply with this policy constitutes a material breach of the terms upon which you are permitted to use our site, and may result in our taking all or any of the following actions:
We exclude our liability for all action we may take in response to breaches of this acceptable use policy. The actions we may take are not limited to those described above, and we may take any other action we reasonably deem appropriate.
5. Which country laws apply to any disputes?
If you are a consumer, please note that the terms of this policy, its subject matter and its formation are governed by English law. You and we both agree that the courts of England and Wales will have exclusive jurisdiction except that if you are a resident of
Northern Ireland you may also bring proceedings in Northern Ireland, and if you are resident of Scotland, you may also bring proceedings in Scotland. If you are a business, the terms of this policy, its subject matter and its formation
(and any non-contractual disputes or claims) are governed by English law. We both agree to the exclusive jurisdiction of the courts of England and Wales.
6. Prevent Duty
As part of our prevent duty we will be montiroing all users and liase with relevant authorities where it is necessary. Please see our website for further information related to Prevent.
7. User of IT Equipment
Staff, teachers and students are not allowed to connect to their personal devices using College PCs and Laptops or any devices does not belong to Mont Rose College e.g remote desktop or any third party software any electronic devices.
Teachers are not aollowed to use their personal computers within College premises providing that they have been given a PC or Laptop to work with.
9. Contact details