Policies
Data Protection
Our approach to keeping applicant, student and staff data safe and compliant.
Our approach
John Wheatley College complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in all aspects of how we collect, process and store personal data.
Security measures
- Encrypted data storage and transmission for all applicant and student records
- Role-based access controls limiting data access to authorised staff only
- Regular security reviews of our systems and third-party processors
- Secure, access-controlled storage of uploaded identification and academic documents
Data sharing
We only share personal data with third parties where legally required — for example, with UK Visas and Immigration for CAS issuance, or with the Student Loans Company where applicable. We do not sell personal data.
International transfers
Where data is transferred outside the UK (for example, to a placement employer or partner institution overseas), we ensure appropriate safeguards are in place in line with UK GDPR requirements.
Data Protection Officer
Our Data Protection Officer oversees compliance and can be contacted at dpo@jwheatley.uk.