Privacy Statement


South Gloucestershire and Stroud Further Education College (SGS) operates a group structure which includes SGS College, SGS (multi) Academy Trust and SGS Commercial Services Limited.

SGS College takes its responsibilities as a data controller very seriously and is wholly committed to only using the personal data we hold in accordance with the law. This privacy notice is intended to provide information about how we collect, process and store personal data. Please read it carefully and, if you have questions regarding your personal data or its use, please contact your personal tutor.

Brief overview:

The data we Collect

Personal data such as demographic information (including names and addresses, factual information, expressions of interest and opinion, images or other recorded information which identifies or relates to a living individual) We also collect sensitive personal data (including ethnicity and information about learning disabilities and difficulties) Learn more

How We Use Your data

We use your information to provide services (including educational services), to respond to and fulfill your requests, operate and market our services and curriculum offer, to comply with applicable law, and as otherwise required or permitted by the law. Learn more

How We Share Your data

We may share your information within the SGS Group or with external agencies to provide educational services and to fulfill your requests, or as otherwise consented to by you or as permitted by applicable law.  We will share ordinary personal data with the parents [or guardians] of learners under the age of 18 for the purposes of keeping parents [or guardians] informed about activities, progress and behaviour, and in the interests of a learner’s welfare, unless, in our opinion, there is a good reason to do otherwise. Learn more

Security of Your data

We maintain reasonable technical, administrative, and physical security measures designed to protect your information.
Learn more

Cookies and Other Tracking Technologies

We may use cookies or other technologies to help provide an effective online presence, offer you a more personalised user experience and market products and services to you. Learn more

Your Choices

Your data belongs to you, you can opt out of receiving marketing communications from us, change your communication preferences and/or opt-out of certain sharing of your information with third parties. Learn more

Access to and Correction of Your Information

We provide you the opportunity to access, correct and update your information. Learn more

International Transfers

We do not transfer personal data outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.
South Gloucestershire and Stroud College does not share or sell personal data to other organisations for their own purposes.

Links to Other Websites

Our websites may contain links to other websites or services that are not owned or controlled by SGS. Learn more

Changes to This Policy

You will be notified about any significant changes to this Policy via a posting on our website.

Contact Us

If you have questions about this Policy, please contact us.
Learn more

Our basis for processing personal

SGS Group will only ever process personal data in a lawful, fair and transparent manner in relation to individuals. Personal data is only collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; and, we take every reasonable step to ensure that the information that we collect is limited to what is necessary in relation to the purposes for which was collected, accurate and up to date. Learn more

The type of personal data that we process:

We process personal data about prospective, current and former learners and their parents; suppliers and contractors; and, other individuals connected to or visiting the College.

The personal data we process takes different forms – it may be demographic information (such as names and addresses, factual information, expressions of interest and opinion, images or other recorded information which identifies or relates to a living individual. Examples include:

  • Names, addresses, telephone numbers, e-mail addresses and other contact details;
  • Names and contact details of parents and guardians;
  • Admissions, academic, disciplinary and other education related records, information about special educational and other support needs, references, examination scripts and marks;
  • Education and employment data, including progression data;
  • Images, audio and video recordings;
  • Financial information (including for bursary assessment or for educational funding);
  • Courses, meetings or events attended.

As a Further Education College, we also need to process special category personal data (including, for example: health, ethnicity, religion or biometric data) and criminal records information about some individuals (particularly of learners on health and social care courses or courses of study which come into contact with children or vulnerable adults). We always collect special category data in accordance with applicable law (including with respect to safeguarding, employment and the Public Sector Equality Duty) or by explicit consent.

How we use your data (Collecting, processing and sharing personal data):

We aim to collect most of the personal data we process directly from the individual concerned (or in the case of learners, from their parents or guardians). In some cases, we collect data from third parties (for example, previous schools, referees the Disclosure and Barring Service, or professionals or authorities working with the individual) or from publicly available resources.

Personal data held by us is only processed by trained members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to College systems.

We process personal data to support the College’s operation and in particular for:

  • The recruitment, selection and enrolment of learners;
  • The provision of education to learners including the administration of the curriculum and timetable; monitoring learner progress and educational need.
  • Reporting upon progress and attainment internally and to parents; administration entries to public examinations, publishing results and providing references.
  • The provision of educational support and related services to learners (and parents) including the maintenance of discipline; provision of careers and library services; administration of sports fixtures, trips and educational study visits. The provision of the IT and communication systems and our virtual learning environment (these are all administered in accordance with our IT policies);
  • The safeguarding of learners’ welfare and provision of pastoral care, welfare; and where appropriate, health care.
  • Research into and development of effective teaching, learning and assessment;
  • Compliance with legislation and regulation including the preparation of information for inspections by the Office for Standards in Education (Ofsted) and the Office for Students (OfS)’ and, for the submission of periodic census data.
  • Operational management including the compilation of learner records; the administration of invoices, fees and accounts (including outstanding debt); the management of the College’s property; the management of security and safety arrangements (including the use of CCTV in accordance with our CCTV Policies). Management planning and forecasting; research and statistical analysis; the administration and implementation of the College’s rules and policies for learners and staff; the maintenance of historic archives and other operational purposes;
  • Staff administration including the recruitment of staff and engagement of contractors (including compliance with DBS procedures); administration of payroll, pensions and sick leave; review and appraisal of staff performance; conduct of any grievance, capability or disciplinary procedures; and the maintenance of appropriate human resources records for current and former staff; and providing references;
  • The advertisement and promotion of the College through its own websites and prospectus and other publications and communications (including through our social media channels); and

The processing set out above is carried out to fulfil our legal obligations (including those under our staff employment contracts). These purposes also form part of our legitimate interests.

How We Share your data:

In the course of providing education, support or other services, we may need to share personal data (including special category personal data, where appropriate) with third parties such as Awarding Bodies, The Department for Education, the Education and Skills Funding Agency, the Local Authority; and, other relevant authorities (such as, the Local Children Safeguarding Board, the Disclosure and Barring Service, UK Visas and Immigration and HM Revenue and Customs). Some of our systems are provided by third parties or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.

We may share you data with:

  • Organisations operating anti-plagiarism software on our behalf (such as Turnitin®);
  • Third parties who work with us to provide student accommodation;
  • Third parties who provide Parking services to the SGS Group (for further details see CPM UK Ltd)
  • Third parties who work with us to provide student support services (e.g. counselling and occupational health);
  • Third parties who provide online portfolio systems (such as Smart Assessor®, for further details click here);
  • Internal and external auditors;
  • The European social Fund and the European Regional Development Fund (for projects funded by them to ‘open doors to skills, to work, to qualifications and to a more inclusive society for all Europeans);
  • Those with an interest in tracking student progress and attendance, including: student sponsors, the Student Loan Company and Research Councils and the National Apprenticeship service);
  • Current or potential education providers (for example, where you take part in an exchange programme as part of your course);
  • Current or potential employers (to provide references and, where students are sponsored by their employer and/or where you take part in a placement, to provide details of progress/attendance);
  • Crime prevention or detection agencies (e.g. the police, the Department for Work and Pensions and Trading Standards);
  • Parents, guardians, and next-of-kin (where there is a legitimate reason for disclosure);
  • Third parties conducting surveys, for example the National Student Survey and the FE Choices Survey. The College uses Questback to conduct internal surveys.
  • Students' Union at SGS

We do not transfer personal data outside of the European Economic Area unless we are satisfied that the personal data will be afforded an equivalent level of protection.

South Gloucestershire and Stroud College does not share or sell personal data to other organisations for their own purposes.

We will share ordinary personal data with the parents [or guardians] of learners under the age of 18 for the purposes of keeping parents [or guardians] informed about activities, progress and behaviour, and in the interests of a learner’s welfare, unless, in our opinion, there is a good reason to do otherwise.

Security of Your data:

We retain personal data only for a legitimate and lawful reason and only for so long as necessary or required by law. The College has also adopted Data Retention Guidelines which set out the time period for which different categories of data are kept.

Your rights:

View our Data Privacy & Protection Policy

You have various rights under Data Protection Law to know and understand what personal data we hold about you, and in some cases to ask for it to be erased or amended or for us to stop processing it, but subject to certain exemptions and limitations.

You always have the right to withdraw consent, where given, or otherwise object to receiving marketing communications. Please be aware however that the school may have another lawful reason to process the personal data in question even without your consent. That reason will usually have been asserted under this Privacy Notice, or may exist under some form of contract or agreement with you (e.g. an employment, or because you have purchased of goods, services from the College).

If you would like to know what personal data we hold or request that the College amend it, or you would like it to be transferred to another person or organisation, or have some other objection to how your personal data is used, please contact the College.

We will to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which is one month in the case of requests for access to information. The College will always be better able to respond more quickly to smaller, targeted requests for information. If we consider a request to be manifestly excessive or similar to previous requests, we may ask you to reconsider it.

You should be aware that the right of access provides a right to know what information we hold and for what purpose, it does not provide an automatic right to assess the documents your personal data may be contained within and certain data is exempt from the right of access. This may include information which identifies other individuals, is commercially sensitive or information which is subject to legal privilege. We are also not required to disclose examination scripts, nor any confidential reference given by us for the purposes of the education, training or employment of any individual.

Your Choices:

View our Data Privacy & Protection Policy

The rights under Data Protection legislation belong to the individual to whom the data relates. However, we will often rely on parental consent to process personal data relating to learners (if consent is required) unless, given the nature of the processing in question, and the learner's age and understanding, it is more appropriate to rely on the learner's consent.

Parents should be aware that in such situations they may not be consulted, depending on the interests of the child, the parents’ rights at law or under their contract, and all the circumstances.

However, where a learner seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, we may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise; for example where we believe that disclosure is in the best interests of the learner, others, or is required by law.

Access and Correction of Your Information:

Learners, and other individuals, can make subject access requests for their own personal data. A person with parental responsibility is also entitled to make a subject access request on behalf of a learner, but the information in question is always considered to be the learners. Where a parent or other representative seeks to make a subject access request on behalf of learner the College will act to obtain the consent of that learner before disclosing personal data.

You may request that we confirm whether or not we are processing your personal data. If we are, you may request a copy of your personal data, which we will provide free of charge, together with information about how we process it, such as the purposes of the processing and the categories of personal data concerned. However, this is not an absolute right and the interests of other individuals may restrict your right of access. For further copies, we may charge a reasonable fee based on administrative costs. We may decline requests which are excessive or if they are repetitive.

Rectification: You may edit some of the personal data we hold about you. You can also ask us to change, update or fix your personal data in certain cases, for example, if it is inaccurate.

Erasure: You can request that we erase of your personal data. However, this is not an absolute right and we may be unable to erase personal data that we are required to retain for statutory, contractual are other purposes.

Restrict Processing: You can ask us to restrict our processing of your personal data but only under certain circumstances, such as if your Personal Data is inaccurate or unlawfully held.

Data portability: You may ask for a copy of the personal data you provided to us in a structured, commonly used and machine-readable format and you may have the right to transmit this data to another entity.

Object: You may object to the processing of your personal data on grounds relating to your particular situation under certain circumstances, for example for direct marketing. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us, unless there are overriding compelling legitimate grounds for the processing or as otherwise provided under applicable law.

Please note that we may need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or permitted by applicable law.

Changes of details: The College takes all reasonable steps to ensure that personal data, held in relation to an individual, is as up to date and accurate as possible. However the College expects that individuals will notify us of any significant changes to important information, such as contact details.

Our Data Privacy and Protection Policy:

View our Data Privacy & Protection Policy

This privacy notice should be read in conjunction with our other policies, procedures and terms and conditions which make reference to personal data, including, but not limited to our Data Privacy and Protection Policy and our IT Acceptable Use Policies. The College may update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website and to you directly, as far as practicable.

If you believe that we have not complied with this policy or have acted otherwise than in accordance with Data Protection Law, you should notify us at You can also make a referral to or lodge a complaint with the United Kingdom’s Information Commissioner’s Office (ICO), although the ICO recommends that you seek to resolve concerns with us directly before involving them.

The purposes for processing personal data:

View our Data Privacy & Protection Policy

SGS Group and its subsidiaries will only Process Personal Data where that processing is a necessary, targeted and proportionate way of achieving the Group or its subsidiaries Mission.

By way of general guidance:

The SGS Group’s lawful basis for processing Personal Data in respect of employee information is that the processing is necessary to fulfil contractual and HMRC obligations and those within the Keeping children safe in education statutory guidance.

The lawful basis for processing Personal Data in respect of enrolment, funding, awarding body registration, teaching, student support, performance monitoring and research is that the processing is necessary for the organisation to perform a task in the public interest and for its official functions; these tasks and functions have a clear basis in law.

The lawful basis for processing Personal Data in respect of alumni relations, internal events, fundraising purposes, direct marketing and marketing research is the pursuit of the Group’s legitimate interests. (This includes the intra-SGS Group transfer of data for administrative purposes, where those purposes are not detrimental to the rights of the Data Subject) SGS Group and its subsidiaries has a lawful basis for further processing, where that processing assists the Trust in achieving its Mission and is compatible with the purpose for which the data was initially collected.

SGS Group and its subsidiaries will further process Personal Data for archiving purposes in the public interest and for research and statistical purposes.

The Processing of Personal Data in respect of keeping children safe in education is a legal obligation under the Education Act 2002.

When undertaking any major project, concerning the Processing of Personal Data, or considering processing that is likely to result in a high risk to individuals’ interests. SGS Group will undertake a Data Protection Impact Assessment (DPIA).

SGS Group will share data with the Department for Education (DfE), the Education and Skills Funding Agency and the Office for Students on a statutory basis. This data sharing underpins educational funding and educational attainment policy and monitoring.

Where required SGS Group will share information about students with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information about Individual Pupils) (England) Regulations 2013.

For academies and free schools; and, where required, SGS Group will share information about pupils with the (DfE) under regulation 5 of The Education (Information about Individual Pupils) (England) Regulations 2013.

SGS Group will share information about students, including special category data with the Fisher Family Trust or Alps. This information is shared for the purpose of educational attainment monitoring. Information shared with the Fisher Family Trust is subject to a data sharing agreement for schools using Aspire and is covered through the end user license agreement which is aligned to the GDPR.

For higher education learners; and, where required, SGS Group will share information about Students with the Office for Students (OfS), the Higher Education Funding Council for England (HEFCE), the Higher Education Statistics Agency (HESA), the Home Office (in connection with UK visas and immigration), Council Tax and Electoral Registration Officers at relevant local authorities (for the purpose of assessing liability for Council Tax and for electoral registration purposes.

Data Breach Notification Guidance

Read our Data Breach Notification Guidance Document