On 25th May 2018 the Data Protection Act 1998 became the Data Protection Act 2018 and General Data Protection Regulation (GDPR). WE Bridge Academy will always be transparent with you about how we use, store and share your personal data, and we are committed to ensuring this information is only used for the purpose it is intended.
Data Protection Officer: Paul Stephens, WE Bridge Academy, Floor 10 South Gate House, Wood Street, Cardiff CF10 1EW.
// Students and the Application Process
Why we need your personal information:
To process your application to study with us and issue you with an offer letter, we ask for your personal details and additional documentation to support your application. We use your passport to ensure the information in your offer letter is accurate and to verify your identity at enrolment. We may use your personal details to contact you about your application. The personal information we request from you may vary depending on the type of course you apply for. For example: to apply for our International Foundation Programme, we need to see evidence of your secondary education and IELTS. If your application is being made through an agent, we will send your offer letter directly to them. Your offer letter will contain personal information such as your date of birth and passport number. If you are applying for homestay accommodation, we share key information with your homestay provider to find you the most suitable accommodation.
How we use your personal data:
We use your personal data to process your application to study with us and to issue your offer letter. We collect other information about you, such as medical information and emergency contact details to see if we need to make any special arrangements for you. The information you provide will only be shared within WE Bridge Academy if we feel there is a legitimate reason to do so. For example: we may pass your phone number to our Academic team if they need to carry out a telephone interview with you as part of the course you are applying for.
We have a duty of care to ensure any medical conditions you declare are communicated to the relevant people. For example, if you declare a medical condition and are applying for homestay accommodation, we may need to make the homestay provider aware to ensure your safety. There may be occasions that we will need to inform Academy staff and teachers of your medical condition to make them aware. Whenever there is a genuine need to share your personal information, we will always seek your permission first and inform you of how this information is being shared.
If you suffer from a serious medical condition, it’s very important that you tell us. We will seek your permission to inform the relevant team of this condition so we can help you should the need arise. If you prefer we don’t tell other staff, we may be unable to provide the correct support if you become unwell.
How your data is stored:
All of your information is stored on a secure student database used solely by WE Bridge Academy and we also hold this information within your personal student file, which is also held securely.
Personal data will also be stored electronically. Whenever such information is stored in this way (for example, in a Word or Excel document) the information will be held securely using a password. We have introduced strict internal procedures to ensure your personal information is protected.
// Live Chat
Our website has a live chat feature used for providing instant replies to enquiries. We use the information collected during these communications in the following ways:
- Live chat is available 7 days a week between 10:00 and 16:00. Outside of these times, your message is collected in electronic form both in-app and by email
- If we reply to your message out of chat opening hours, the message will be sent to you by email (if you provided one)
- Copies of messages sent between us (WE Bridge Academy) and you are stored electronically with a password, accessed by one member of our team
- If we can’t answer your query directly and need to share your information internally, we will gain your consent prior to doing this. We will never share details of our conversations with a third party
All conversations are stored electronically and held for a maximum period of 6 months. If you would like your personal data removed sooner, please contact the Data Protection Officer.
// Legitimate Cause
We will always do our very best to obtain your consent. As a business, we have taken steps to ensure these procedures are maintained. There will be instances where, given legitimate cause, we will share your personal information. For example, we may pass your personal data (such as your name, date of birth and address) to a doctor if you ask us to help you secure an appointment for medical treatment.
// Sharing Your Personal Data
We inform you about the ways we use your personal data at the application stage. This is detailed on our paper application form and this page of the website for online applications. There may be occasions which arise during your studies where we need to share your personal data for other reasons, which include, but are not limited to:
- Sharing information about your course, attendance and progress to your agent/representative, sponsor, parent or person responsible for paying your course fees
- Sharing personal data for Academic purposes including student reports, grades, transcripts and references. For example, helping you secure an offer letter for university
In any situation where we do not have your permission to use your personal data, we will obtain this as detailed below.
// How We Obtain Consent
In writing: Before obtaining your consent to share your personal data, we will always tell you why we need to do this. Where possible, we will always try to obtain your consent in writing. This may be on a form where you show your consent by ticking a box and signing a declaration. We may sometimes ask you to write a letter of authorisation – a document that shows you have given permission for us to share your personal data for a specific reason (such as sending your certificate of achievement directly to an agent).
Verbally: Where we are unable to obtain written consent, we may do this verbally. In cases like this, we will make a record that such consent has been obtained to demonstrate that you have given authorisation for us to share your personal data and for what reason.
// Where Your Data is Stored
Your personal data is stored electronically and in files, which are stored under lock and key. We store your data in the following ways:
- When you apply to study with us we create a student file to store hard copies of your application form, copy of your passport, supporting documentation (such as proof of education) and your visa(s)
- Your personal data including your name, date of birth, sex, nationality, address, contact phone numbers, email address and age are entered into our student database, which is hosted on our secure server
- If we store information about you in Office products (such as Word and Excel), they will be protected with a secure password
- Information you supply to us by email will be retained for audit purposes for up to 5 years
- Academic information stored about you will be held as detailed above
- In cloud-based applications (such as Dropbox), with secure and monitored access
For applicants that apply to study with us but do not enrol:
Your offer letter will contain a ‘latest start date’ to allow time for you to start your course should you be unable to start on the specified day. In line with GDPR, and to comply with our internal policies, if you fail to enrol/register/start your course at WE Bridge Academy, we will securely destroy all data we hold about you, both in paper and electronic form and your offer will no longer be valid. This procedure, known as GDPR Erase, will be carried out on the day following the latest start date. Should you wish to reapply for the same, or any other course, we will require a new application to be submitted along with the relevant supporting documentation.
For applicants that enrol:
We will retain records for those that enrol and complete their studies with us for 5 years from the start date of the course for audit and inspection purposes.
// Teachers and Student’s Work
Our teachers work very hard to ensure information relating to student studies is communicated effectively. Our Academic team have a legitimate reason to share information about you (such as grades, attendance and progress) in shared locations to allow them to access information in a central place. However, to protect your personal data, we have implemented the following procedures:
- All of our teachers accessing personal data outside of the Academy sign an agreement, which documents the steps required to keep this data safe and secure
- We provide awareness training to all our team about GDPR
- Maintain strict internal procedures to ensure our team keep your data safe
There may also be a legitimate cause to share certain information about you (such as grades and progress reports) with the person responsible for paying your course fees; this could be for example, your parents who have paid for the course or your Embassy who sponsors you.
// Deleting Your Personal Information
In line with our retainment procedure (above), you have the right to request and see the information we hold about you at any time. This request should be made in writing to the Data Protection Officer. Your request will be acknowledged within 48 hours and arrangements made to fulfil your request within one calendar month from the date the request was received.
We will take steps to verify your identity should such a request be received to ensure we are providing the information to the correct person.
Should there be legitimate cause to delete your personal data, it will be done in the following ways:
- Where information is held on our student database, we will delete all your data using ‘GDPR Erase’
- Electronic communication (email) that contains personal data and attachments (such as copies of your passport, application forms and supporting documents) will be permanently deleted from our systems
- Where your information is stored in Office documents (such as Excel and Word) we will remove your data from these files
- Paper copies of your personal data will be shredded using shredders that comply with GDPR
The above procedures will be used to securely destroy your personal data in line with our retainment procedure. Should you request to see/ask that your personal data is destroyed within the retainment timelines, we will discuss this with you and provide written confirmation detailing what information has been deleted and how it was destroyed.
// Protecting Your Data
We have taken steps to ensure we protect your personal data and act responsibly as a business:
- Providing our team with awareness training relating to GDPR and keeping your personal data secure
- Informing all new staff, interns and volunteers about GDPR through induction
- A Data Protection Policy
- Strict internal procedures to ensure your data is kept safe
// Verifying Your Identity
There are occasions when we need to identify you to ensure we are sharing information with the correct person. For example, there are occasions when a former student will request a copy of their certificate over the phone. In such instances, we will ask you three questions to verify your identity such as your full name, date of birth and dates of study.
If someone was to request information on your behalf, we would need (1) your written consent to do this, or (2) speak to you in person and gain your verbal permission before speaking to the other person.
// Photographs and How We Use Your Image
The law states that verbal consent is considered to be enough when asking if we have permission to take your photo. However, to aid our transparency, we do on occasions ask you to complete a signed declaration that details how your image will be used and for what purpose. Use may include:
- Using your image for marketing purposes and in our marketing material such as brochures and leaflets
- Across our social media platforms, which include YouTube, Instagram, Facebook and Twitter
- On our website
- On display throughout the Academy
We always do our best to limit the personal information we share about you. For example, we will only use your first name and never tag you in a post or directly link you in a way that could further identity you.
If you are aged 16 or 17, we will ensure we have permission to use your image from your parent or guardian.
Page last updated: 05/06/2019