Dumfries & Galloway College (the College) is providing you with this information to comply with data protection law to ensure that you are fully informed and that we are transparent in how we collect and use your personal data.
Your privacy and trust are very important to us and this Privacy Notice provides essential information about how the College handles your personal data and the rights you have in relation to how we use your data. The College is committed to complying with all applicable Data Protection legislation, this includes the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
Who we are
Dumfries & Galloway College is the ‘Controller’ and is responsible for looking after the personal data that you provide.
Registered office:
Dumfries & Galloway College
Bankend Road
Dumfries
DG1 4FD
For any queries or concerns about how your personal data is being processed you can contact the Data Protection Officer (DPO) at DPO@dumgal.ac.uk
This privacy notice relates to…
This privacy notice relates to the Board of Management Website at board.dumgal.ac.uk
What personal data we collect and why we collect it
We collect and use your information for the following purposes:
Contact forms
Our contact forms collect the following personal data:
- Name
- Contact Telephone
- Email Address
We use the information you provide when you fill out a contact form or via any emails you send to us or any phone calls you make to us – this is so we can identify you and communicate with you about your query.
Our lawful basis (reason) for processing your information is :
You have given consent for us to contact you in regards to your query.
Cookies
Comment Forms: If you leave a comment or submit a contact form on our website you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Our lawful basis (reason) for processing your information is :
You have given consent for us to save this information as a cookie on your computer.
Site Security: Visiting the login page sets a temporary cookie that aids compatibility with some alternate login methods. This cookie contains no personal data and expires after 1 hour. This cookie is necessary to keep the site secure.
Site Security
The IP address of visitors are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.
This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner.
This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com.
Site Optimisation
This site uses Hummingbird and WP Smush in order to serve assets (images and documents) to your web browser quickly and efficiently.
Hummingbird uses the Stackpath Content Delivery Network (CDN). Stackpath’s privacy policy can be found here.
Smush sends images to the WPMU DEV servers to optimise them for web use. This includes the transfer of EXIF data. The EXIF data will either be stripped or returned as it is. It is not stored on the WPMU DEV servers.
Smush uses the Stackpath Content Delivery Network (CDN). Stackpath’s Privacy Policy can be found here.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
The College will not share your personal information with any third parties or use the information provided for any purpose other than outlined above.
Details of data transfers to any third countries or international organisations
Your information will not be shared outside of the European Economic Area
How do we look after your information and how long do we keep it for
We will take all reasonable steps to prevent the loss, misuse or alteration of information you give us. Your personal information will be stored securely and will only be accessed by authorised staff, agents, contractors and other organisations who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality and must comply with data protection law.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your information will be kept for 1 year in line with the College’s data retention schedule and then will be destroyed confidentially.
Security logs are retained for 60 days.
What automated decision making and/or profiling we do with user data?
We do not use any automated decision making about you.
What rights you have over your data
Under the GDPR you have certain rights in relation to how the College manages and uses your personal information:
- The right to be informed (this is the Privacy Notice)
- The right to access your personal data
- The right to rectification if the personal data we hold about you is incorrect
- The right to restrict processing of your personal data.
In addition, the following rights apply only in certain circumstances:
- The right to withdraw consent at any time (if consent is our lawful basis for processing your data)
- The right to object to our processing of your personal data
- The right to request erasure (deletion) of your personal data
- The right to data portability
- The right not to be subject to automated decision making including profiling.
For more information about your rights please see www.ico.org.uk.
Contact us
If you have any issues about this notice or the way the College has handled your personal information, please contact our Data Protection Officer in the first instance:
email : DPO@dumgal.ac.uk
or write to:
Data Protection Officer
Dumfries & Galloway College
Bankend Road
Dumfries
DG1 4FD
Complaints to UK Information Commissioner’s Office (ICO)
If you are dissatisfied with the response from the College you have the right to lodge a complaint with the Information Commissioner’s Office about our handling of your data:
email: casework@ico.org.uk;
Telephone: 0303 123 1113 or write to:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF