Student's Desk
Administrative Desk

Data Protection

A data protection policy is a comprehensive document that sets out the policies and procedures an organization will comply with when dealing with information and data.

The necessity of Data Protection Policy

The Data Protection Act contains a set of principles that organizations have to adhere to in order to keep someone's data accurate, safe, secure and lawful. These principles ensure data is: Only used in explicitly stated ways. Not stored for longer than necessary.

The Objective of Data Protection

Data protection and data security policy is required

  • to keep the staff members well informed about the purpose of the college to use their personal data, as required by law
  • to educate staff about the principles, they must adhere to in handling personal data
  • to help comply with your duty to protect the security of personal data, by informing staff of necessary measures

Mechanism of Implementation of Data Protection Policy

  • Privacy Notices relating to the use of Applicant, Student, and Alumni Data can be found via the official college website only
  • Under the Data Protection legislation, individuals have rights of access to information held by the college. The purpose of this right is to allow individuals to verify what information the university holds about them, and confirm whether the processing of the personal data is correct and lawful.
  • The college will not disclose any information (including giving references) about an individual to an external organization without first checking that the individual consents to such disclosure.
  • The college ensures that all personal data is kept secure, not only from unauthorized access but from fire and other hazards.
  • Password protection to computers, screensavers and documents is necessary. Where possible office door should be locked, and working desks should be clear of personal data when any concerned staff member is absent from his working table.
  • Any staff member will not write any comment about any individual that is unfair or untrue and that he/she would not be able to defend if challenged. Everybody must assume that anything that he/she writes about a person will be seen by that person.
  • When the College processes personal data, it must ensure that it is accurate, relevant and not excessive than what is needed.
  • The College cannot process personal data unless the concerned department or the College have a lawful basis for doing so.
  • The college authority must be vigilant if the college undertakes any project off-campus using personal data such as individualized research data, reference requests or examination scripts or results. Strict security measures must be applied to the transportation and storage of all such data.
  • The rights the employees have regarding the data that they have provided to College:
    1. Right to withdraw consent
    2. Right to be informed
    3. Right of access
    4. Right of rectification
    5. Right to erasure
    6. Right to restrict processing
    7. Right to data portability
    8. Right to object
    9. Rights related to automated decision-making including processing.
  • Student Support Services may use personal data, including special category data, to administer institutional support, deliver services, and meet statutory obligations including:
    1. Provision of support to assist students’ academic, physical, mental, emotional and/or financial wellbeing.
    2. Maintenance of student records in relation to updating disability information
    3. Financial assessments (e.g. hardship funds)
    4. Financial administration (e.g. student hardship, etc.)
  • All Student Support Services will share data with:
    1. our employees, partners, agents and contractors, where there is a legitimate reason for receiving information (e.g. departmental staff, providers of student accommodation, software providers, auditors, etc.)
    2. Government departments or agencies where the University has a statutory obligation to provide information
    3. Agencies involved in the prevention and detection of crime (e.g. the Police)
    4. Parents, guardians and next of kin (where there is a legitimate reason for disclosure).
  • Special Collections and Archives is a part of the College. Malda College is the Data Controller for third party information.
  • Malda College has every authority ask for contact details for researchers, visitors and depositors (including home address, phone number, email address).
  • Contact details for researchers are only used to arrange appointments, deal with any requests for material or notify of changes to the appointment. They will not be shared with internal or external parties. However this data is processed under the public task