This notice explains how DN Colleges Group (“DNCG”, “we”, “us”, or “our”) handles your personal data when you visit our websites or interact with our online services or in any other cases where we specifically state that this notice will apply. This notice further sets out how we protect your privacy and your rights in respect of our use of your Personal Data.
Who we are
We are DN Colleges Group, based at The Hub, Chappell Drive, Doncaster, Yorkshire, DN1 2RF (ICO Registration: ZA341759) We operate and this notice covers and applies to the following websites: www.dncolleges.ac.uk, www.don.ac.uk, www.northlindsey.ac.uk, www.ucdon.ac.uk, www.ucnl.ac.uk, and www.humberenergy.co.uk. If you have any questions about this notice or our data protection practices, you can reach our Data Protection team at dataprotection@dncolleges.ac.uk.
What is personal data?
Personal data is any information that can identify a living individual. Different pieces of information, when collected together, can also constitute personal data if they lead to identifying a specific person.
Why we have this notice and why we collect data
We follow UK data protection laws, including the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR).
We collect your personal data only when one of the following reasons applies:
- You have given us your consent.
- The data is necessary to fulfil a contract with you (such as your student enrolment or a commercial service).
- We have a legal obligation to collect the data (e.g. for statutory educational returns).
- It is necessary for our legitimate interests or the performance of a task in the public interest (as an educational provider), provided your interests are not overridden.
What data we collect and how we use it
Website Visits
When you visit our websites, your browser automatically sends us technical details. This includes your IP address, date and time of visit, browser type, and operating system. We collect this to ensure the security, stability, and correct display of our digital platforms.
Cookies and Analytics
We use cookies to enhance your experience and analyse traffic via online tools. This helps us understand user behaviour to improve our courses and services. This is based on our legitimate interest or your consent where non-essential cookies are involved.
Enquiries and Contact
If you use our contact forms or email us, we collect the details you provide (name, email, phone number, and message). We process this data solely to respond to your enquiry.
Applications and Enrolment
When you apply for a course via our websites, we collect extensive information including your biographical details, educational history, and contact information. This is necessary to process your application and enter into an educational contract with you.
Aggregated Data
We use anonymised “aggregated data” (e.g. total visitor numbers for a specific campus site) for reporting and planning. This data does not identify you.
How we share and store your data
Sharing Your Data
We only share it with third parties where necessary, such as:
- Educational partners and awarding bodies.
- Government agencies (e.g. ESFA, Ofsted, Office for Students).
- Service providers (e.g. IT support, payment processors).
- Where legally required by law enforcement or for safeguarding purposes.
International Transfers
Most of our data is stored within the UK. If we transfer data outside the UK/EEA, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your personal data.
How Long We Keep It
We retain your data only for as long as necessary. For students, this is often governed by statutory retention periods required by funding bodies. For general enquiries, we typically delete data once the matter is resolved.
Data Security
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us. We have also implemented numerous security measures (“technical and organisational measures”), for example, encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through our website.
Marketing
Insofar as you have given us your consent to process your personal data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to. Our marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.
Linked Sites
For your convenience, our website may contain hyperlinks to other websites. We are not responsible for the privacy practices of linked websites or companies that are not owned or controlled by us, and this Privacy Notice does not apply to them. The links on our website may collect additional information in addition to the information we collect.
We do not endorse any of these linked websites, their products, services, or any content on their websites. We encourage you to read the privacy policies of each linked website you visit to understand how the information collected about you is used and protected.
Social Media
We are present on social media based on our legitimate interest. If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint responsibility agreement. The Personal Data collected when you contact us is used to process your request, and the basis for this is both your consent and our legitimate interest.
Your rights and priveleges
Privacy rights
You can exercise the following rights:
- The right to access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to object to processing;
- The right to data portability;
To exercise these rights, please contact dataprotection@dncolleges.ac.uk.
Update your information and withdraw your consent
If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.
Access Request
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
Complaint to a supervisory authority
The Information Commissioner’s Office (ICO) is the UK`s authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO in the first instance.
Data Breaches and Notification
Databases or records containing Personal Data may be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notification will be accompanied by a description of the measures that will be taken to repair the damage caused by the data breach. Notifications will be sent as soon as possible after the violation is discovered.
What we do not do
- We do not sell your Personal Data;
- We do not process Special Category Data without obtaining prior specific consent; and
- We do not use automated decision-making, including profiling.
Help and Changes
This notice is the current version as of January 2026. If we make significant changes, we will update the effective date and notify you via our website.