Data Protection Statement – Employees

This data protection statement explains how we (The Trafford and Stockport College Group, the Group) collect, use and share your personal information, and your rights in relation to the personal information we hold.  The Group is the controller of all personal information held by our Colleges and is subject to the Data Protection Act (2018) and the UK General Data Protection Regulation (UK GDPR).

This statement concerns employees, workers and contractors of the Group.

We generally process your personal information to meet our obligations as an employer and provider of education.

What data do we collect and use?

The categories of personal information that we collect, hold and share include:

• Personal information (including name, date of birth, address, home and mobile telephone numbers, personal e-mail address, bank account details, national insurance number, emergency contact details, photographs, your nationality and your country of birth);
• Contract information (such as your start date, your salary history and current salary, terms and conditions of employment, income tax and national insurance contributions, membership of pension schemes, other employment benefits);
• Employment information (includes attendance records, disciplinary records, performance management information, performance management information, and data created in the course of your duties);
• Skills and experience information (details you provided as part of your application to join us, your CV, details of your employment history, references provided by previous employers, results of selection tests and notes made at the selection activities you took part in);
• Records relating to your use of our IT networks;
• CCTV recordings and images;
• Images and recordings created as part of the teaching, learning and assessment process to provide access and support to students as part of their learning programme;

We may also collect, store and use information about you that falls into ‘special categories’ of more sensitive personal data. This includes information about:

• Characteristics (including whether you have a disability, your gender, your race or ethnicity, your religion or belief, your sexual orientation, the languages you speak);
• Medical information (doctor contact details, relevant medical conditions, the pre-employment medical questionnaire which you completed upon induction, fit notes received from your doctor and reports from our Occupational Health provider);
• Records of safeguarding checks which we have undertaken including the number of the Disclosure and Barring Service Certificate we received, a record that we confirmed your identity and your right to work in the UK including any visa which you may hold.

Where we process special category personal data, we do so in accordance with Article 9 of the UK GDPR, primarily where processing is necessary for the purposes of employment law obligations, health and safety requirements, safeguarding responsibilities, and equality monitoring.

Most of the personal information you provide to us is needed for us to meet our obligations as an employer when authorised by UK law.  Failure to supply such information may mean that we are unable to fulfil our contract of employment with you. Some information is provided by you on a voluntary basis (with your explicit consent), for example information concerning your personal characteristics.

We will inform you whether you are required to provide certain information to us or if you have a choice in this. Under some circumstances, we may obtain information from third parties, such as references from previous employers or background checks required as part of safeguarding obligations.

Why do we collect and use your information?

We use your personal information to:

• Facilitate the execution of your duties in the role for which you are employed;
• Comply with the law regarding data sharing;
• Protect against and assist prevention of fraud;
• Comply with our contractual obligations;
• Pay you for the work you have undertaken;
• Deduct income tax and national insurance contributions and remit them to Her Majesty’s Revenue and Customs (HMRC);
• Deduct pension contributions and remit them to the pension scheme of which you re a member.
• Enable the development of a comprehensive picture of the workforce and how it is deployed
• Enable assessment and improvement of the workforce;
• Inform the development of employment policy and strategy;
• Safeguard students and other individuals
• Ensure safe working practices
• Ensure equal opportunities
• Further the aims of the Group
• And where we feel disclosure is necessary or appropriate in connection to an investigation, suspected or actual illegal activity

To achieve this, we rely on the following lawful bases under the UK GDPR:

• Contract – where processing is necessary for the performance of your employment contract
• Legal Obligation – where we are required to process personal data to comply with UK law (e.g. tax, safeguarding and employment legislation)
• Legitimate Interests – where processing is necessary for the effective operation of the Group as an education provider and employer

How long is your data stored for?

We store your information securely and in line with our Records and Retention Policy and associated procedures.  We retain employee information for the following periods after your employment with the Group ends:

We are required to hold safeguarding case records for a longer period of time, and, on some rare occasions, your personal information may be included in these records and therefore held for up to twenty five years.

Will your information be shared?

We routinely share your information with:

• Pension providers
• Solicitors
• Our occupational Health provider
• HMRC
• Courts and Tribunal Service
• Department of Work and Pensions
• Auditors
• Our bank
• Software suppliers
• Payroll supplier
• Teaching Regulation Agency

Where organisations process personal data on behalf of the Group, they do s as data processors under contractual agreements which require them to process personal data only in accordance with our instructions and to apply appropriate security measures.

The professional contact details (such as name, job title, email address and/or phone number) of employees may be shared with students, families, external partners and, in some cases, published on the website, as required for the execution of their duties.

Images and recordings created as part of the teaching, learning and assessment process will be routinely shared with students and other staff through our Digital Learning Platform(s), providing access for students to catch-up missed content, revisit topics of learning, or extend their learning.

Details of your right to work and compliance with our safeguarding checks, as well as your professional qualifications may be provided to our funding bodies, awarding organisations, delivery partners and external quality assurance bodies such as Ofsted, as part of routine quality and compliance checks.

How do we protect your data?

Your data is held securely on the Group’s network or in a secure cloud location provided by one of our IT partners. Access to personal data is restricted to authorised staff who require it to perform their duties.

All colleagues have completed the Group’s data protection training programme and receive regular updates to keep their knowledge and understanding up to date. The Group ensures that appropriate data sharing agreements are in place prior to sharing your personal data with any partners.

Where information is made available on a routine basis, for example group email addresses or recordings of lessons, appropriate use of this information by all members of our college communities is clearly set out in the codes of conduct for staff and students.

What are your rights?

The Data Protection Act (2018) and UK General Data Protection Regulation (UK GDPR) give individuals a number of specific rights in relation to their personal information.  You have the right to:

• Be informed of the identity of the controller, the reasons for processing their personal data and other relevant information necessary to ensure the fair and transparent processing of personal data;
• Request access to the information we hold about you (Subject Access Request);
• Object to processing of personal data that is likely to cause, or is causing, damage or distress;
• Request restriction of processing in certain circumstances;
• Request transfer of your personal data to another organisation where applicable;
• Withdraw consent at any time where processing is based on consent;
• Prevent processing for the purpose of direct marketing;
• Object to decisions being taken by automated means (please note we have no such systems);
• In certain circumstances, have inaccurate personal data rectified, erased or destroyed; and/or

Please contact the Data Protection Officer if you would like to discuss any concerns: dpo@tscg.ac.uk.

Contacting the Trafford and Stockport College Group

You will find up to date information about our Data Protection Officer, how to make a request for your personal information, and other useful information about Data Protection on our website : Data Protection – The Trafford & Stockport College Group (tscg.ac.uk)

You can also write to the Data Protection Officer at dpo@tscg.ac.uk or:

Data Protection Officer
Trafford and Stockport College Group
Manchester Rd
Timperley
Altrincham
WA14 5PQ

Where can you find out more information?

If you have a concern relating to the way we are collecting or using your personal data, we would always ask you to raise your concern with us in the first instance.  You can e-mail the Data Protection Officer at dpo@tscg.ac.uk.  

You may also raise concerns with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters, via https://ico.org.uk/make-a-complaint.

Version: 3.0  
Issued: May 2026