Skip to Content

The legal bit

Brighton College is committed to protecting and respecting your privacy

This privacy statement is to help you understand how and why we collect your personal information and what we do with that information. It also explains the decisions that you can make about your own information.

We are a "data controller".  This means that we are responsible for deciding how we hold and use personal information about you, and for explaining this clearly to you.

This statement applies to prospective, existing and former customers of the College, including employees and representatives of our customers; individual and business contacts and prospects; any person who provides services to us, either as an individual or as the employee or representative of a service provider; and users of our website.  It applies to everyone who uses the College’s services including:

  • the hire and use of our facilities such as sports facilities, the Great Hall, Chapel, lecture theatres, dining hall, classrooms and all other premises hires for functions and events such as conferences or weddings;
  • users of our sports facilities;
  • holiday, afterschool and breakfast clubs.

For information about how the College uses personal information in other contexts please see our privacy notices which can be found here.

 

What do we mean by "personal information"?

Personal information is information about you and/or your child from which you/your child can be identified. If information has been anonymised it is not personal information. For example, your name, contact details and payment details.

 

What personal information do we collect from you and why?

We collect personal information direct from you when you enquire about our products and services, when we establish you as a customer, where we enter into a contract to provide to or receive services from you or when you use our website.

We collect further information from you during the period of our relationship with you and when you use our services.  This applies to both our customers and also to anyone else who uses the services.

  • From our customers:
    • We collect and process your name, email address, telephone number, address and bank details so we can provide products and services to you. Such processing is necessary for performance of the contract between us. 
    • We may also process feedback you provide to us on our products and services. Such processing is necessary for the legitimate interest of managing our business and improving our products and services.
    • We process information concerning your suitability to use our services. This is to look after you and other users and in relation to the management of incidents.  As part of this we will use information concerning you about your health and any disability you may have.  We, and the other users of our services, have a legitimate interest in ensuring that the services are used appropriately and safely.  In addition, we have a legal obligation under health and safety laws to make sure that our services are used appropriately.
    • We use CCTV to make sure the site is safe and so that we can investigate if there is a problem. This is in accordance with our legitimate interests.  Images captured of you via CCTV will be your personal information.  CCTV is not used in private areas such as toilets.
    • We may take a photograph of you to be stored on our system for identification purposes. We may also take photographs of you when you take part in our activities or use our services.  The photographs will be used in connection with our publicity, for example, they may appear on our websites, promotional material and on social media.  We may ask for your consent before taking or using some photographs and videos if the photograph or video is more intrusive and we cannot rely on legitimate interests. If we ask for your consent to use your personal information you can take back this consent at any time.
  • From our suppliers, third party business contacts and prospects:
    • We process names, job titles and business contact information including addresses, telephone numbers and email addresses for your employees and representatives and other information to maintain and manage our relationship with you. Such processing is necessary for the performance of the contract between us. 
    • Where you are an employee of a corporate client or contractor, we process this information for the legitimate interest of performing our contract with your employer.
    • If there is a problem, for example, if we have a complaint about a service you have provided then we have a legitimate interest in using personal information in connection with that complaint, for example, so that we can tell you what happened for you to put things right.
    • We may perform due diligence in the form of credit checks on companies, including checking photographic identification and proof of address of directors and, in some cases, your shareholders, and verification of the company registration details. We do this to comply with our legal obligations, and as necessary for our legitimate interests of checking that the entities we contract with are financially viable and would not cause us reputational damage.

 

What personal information is collected by us through the website and why?

We collect and process the following personal information about you in connection with your use of our website:

  • Information you give us: this is information about you that you give us by filling in forms on our website. It includes information you provide when you register to use our website, subscribe to a service, place an order on our website and when you report a problem with our website. The information you give us may include your:
    • name
    • address
    • email address
    • phone number
    • financial and credit card information
  • Information we collect about you: with regard to each of your visits to our website we may automatically collect the following information:
    • technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions and operating system and platform
    • information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call us
  • Cookies: our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.
  • Required information: we indicate on our website forms what information is mandatory. If you do not provide this mandatory information then we may not be able to provide the services you have requested.

We use information held about you in the following ways:

  • Information you give to us: we will use this information to:
    • carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us
    • notify you about changes to our service
    • ensure that content from our website is presented in the most effective manner for you and for your computer
  • Information we collect about you: we will use this information:
    • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
    • to improve our site to ensure that content is presented in the most effective manner for you and for your computer
    • as part of our efforts to keep our website safe and secure.

 

Where we store your personal data

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

 

Sharing personal data with third parties

We may occasionally share your personal information:

  • With local authorities, the Independent Schools Inspectorate, the Department for Education, the Police or our legal advisers where, for example, we have any safeguarding concerns
  • With our professional advisers and insurance company, for example, where there is a serious incident at the College or in connection with actual or contemplated litigation
  • With other companies and organisations for the purposes of fraud protection and credit risk reduction
  • With third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so
  • We may share your information with debt recovery suppliers if you do not pay any fees owed to us. In addition to legitimate interests, this is also necessary for the performance of the contract between us.  
  • In limited circumstances we may use your information to protect your vital interests or the vital interests of someone else (for example, if you or they are seriously hurt).
  • We sometimes use contractors to handle personal information on our behalf. The following are examples:
    • if we use a contractor in connection with the provision of our services, we may share information with them as appropriate. For example if we use outside caterers we may share information about dietary needs and requirements
    • IT consultants who might access information about you when checking the security of our IT network

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

 

For how long do we keep your information?

We keep your information for as long as we need to in order to provide services to you and educate and look after your child. We will keep some information after your child has left the College, for example, so that we can find out what happened if you make a complaint.

In exceptional circumstances we may keep your information for a longer time than usual but we would only do so if we had a good reason and only if we are allowed to do so under data protection law.

The College has a Retention and Deletion Schedule that sets out how long we keep your personal information.

 

Our legal grounds for using your information

Where we have a contract with you we are allowed to use information about you where this is necessary so that we can carry out our obligations under that contract. We are also entitled to use your information in order to take steps you have requested prior to entering into the contract.

Unless this would be unfair to you, we have a legitimate interest in using your information in order to improve and maintain our website and make it available to you.

Occasionally, we may need to use your information in connection with legal disputes or where we have a legal obligation to share your information.

We may use your information to perform tasks in the public interest, such as facilitating the efficient operation of the College and ensuring that we comply with all of our legal obligations.

 

Particularly sensitive information

We have extra obligations when we process particularly sensitive information called "special category" personal information under data protection law.  These special categories are as follows:  personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information, health information, and information about sex life or orientation.  We may process "special category" personal information as follows:

  • We may need to use information about your health so that we can make adjustments for example, in respect of dietary requirements or in connection with the use of our services.
  • We may need to use information about any disability you may have, or any care that you may need, so that we can make adjustments for example, in respect of seating or in connection with the use of our services.

Using personal information in this way is justified in the substantial public interest.  

We may only use information relating to criminal convictions and offences where the law allows us to do so.  This will usually be where such processing is necessary to carry out our obligations or to exercise our rights.

Less commonly, we may use information relating to criminal convictions and offences where it is necessary in relation to legal claims, where it is necessary to protect our pupils and you are not capable of giving your consent, or where you have already made the information public.

 

Keeping you updated

We may contact you with marketing material by email, telephone, post or by text message but we will only do this where we are allowed to do so under data protection law.  Sometimes we will need your consent first.

If you tell us that you do not want to be contacted for any of these purposes then we will of course respect that.  Any use of your information before you withdraw your consent remains valid.

 

What decisions can you make about your information?

Data protection legislation gives you a number of rights regarding your information. Some of these are new rights whilst others build on your existing rights. Your rights are as follows:

  • Rectification: if information is incorrect you can ask us to correct it.
  • Access: you can also ask what information we hold about you and be provided with a copy. This is commonly known as making a subject access request. We will also give you extra information, such as why we use this information about you, where it came from and what types of people we have sent it to.
  • Deletion: you can ask us to delete the information that we hold about you in certain circumstances. For example, where we no longer need the information.
  • Portability: you can request the transfer of your information to you or to a third party in a format that can be read by computer. This applies where (a) the information has been provided by you; (b) the basis that we are relying on to process your information is consent or contract; and (c) the information is being processed by us on computer.
  • Restriction: our use of information about you may be restricted in some cases. For example, if you tell us that the information is inaccurate we can only use it for limited purposes while we check its accuracy.
  • Object: you may object to us using your information where:
    • we are using it for direct marketing purposes;
    • the legal basis on which we are relying is either legitimate interests or performance of a task carried out in the public interest; or
    • we are using it for historical or scientific research purposes or archiving purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

Further information and guidance

This privacy statement is to explain how we use your personal information. The Bursar is the person responsible at the College for managing how we look after personal information and deciding how it is shared.  Please get in touch if you would like us to update the information we hold about you.

If you consider that we have not acted properly when using your personal information you can contact the Information Commissioner's Office: www.ico.org.uk  If you do have concerns about how we have handled your personal information we would kindly ask that you contact us in the first instance before you speak to the ICO so that we have an opportunity to put things right. 

How to get in touch

Email: GDPR@brightoncollege.net

Write to: The Bursar, Brighton College, Eastern Road, Brighton, East Sussex, BN2 0AL.

Use of cookies

We may gather information about your general internet use by using cookies. Where used, these cookies are downloaded to your computer and stored on the computer's hard drive. Such information will not identify you personally. This statistical data does not identify any personal details whatsoever.

By continuing to use this website we will assume that you agree to the use of cookies.

 

Third Party links

On occasion we include links to third parties on this website. Where we provide a link it does not mean that we endorse or approve that site's policy towards visitor privacy. You should review their privacy policy before sending them any personal data.