Student Privacy Policy

We, Code Your Future (“CYF”), ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.

CYF’s Data Protection Officer can be contacted at

CYF's role

CYF is the ‘data controller’ as we collect and use information about you to carry out the services the charity provides to you. CYF is committed to protecting your data and being transparent about how we use your data, in line with the current Data Protection Act (2018), the General Data Protection Regulations (GDPR) and any resulting legislation.

What information does CYF collect about you?

CYF will collect information about you in the course of its business in providing services to you as an applicant, current or former student. This includes details when you apply for a course at CYF, when you enrol at CYF and as you progress through your course. This will also include data received from external sources such as other charities and external referees.

These details will include, but are not limited to, the following:

  • Your name, marital status, gender, address, phone number, date of birth, contact details and other information submitted during the application and enrolment processes.
  • Passport or identification details
  • Nationality
  • Racial or ethnic origin
  • Level of English language
  • Contact details of someone in the UK to be used in case of emergency
  • Disabilities and associated medical conditions and/or learning support needs (where applicable)
  • Details of previous employment, educational background, study courses, assessment marks and examinations
  • Bank details
  • Photograph
  • Video recordings for publicity purposes
  • Criminal convictions either before or during the time you are a CYF student
  • Information related to the prevention and detection of crime and the safety and security of staff and students
  • Details of your engagement with CYF such as attendance information and use of electronic services gathered for the purposes of monitoring equal opportunities.
  • Copies of passports and any identification data to ensure eligibility to receive financial support from the UK government and in compliance with the right to study and identification requirements.
  • Where applicable, this will also include details of visas and any other documents required for compliance with Home Office requirements, as well as biometric data for attendance purposes.
  • Information you have directly provided for other services CYF provides, such as student support (for the provision of advice, support and welfare) and CYF’s career service.
  • In certain circumstances special category personal data may be collected. These are more sensitive categories of identifying information including but not limited to the following: racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning a natural person’s sex life or sexual orientation and data relating to criminal convictions.

How does CYF obtain your personal data?

We may collect your personal data in a number of ways, for example:

  • From information provided to us by yourself when joining. This would include any applications you complete when joining us.
  • Through communication to or from you by telephone, email, or via the website. For example, when you call to make enquiries about CYF or when you are raising concerns.
  • We may also gain your personal data from third parties, for example, from references, information from your sponsor and information from your previous educational establishments.

How will your information be used?

During the course of its activities, CYF will use your data to carry out its functions and to provide services to you as part of your student journey. CYF is committed to ensure your data is only used in carrying out CYF’s business.

Lawful bases for processing your personal data under the GDPR and DPA 2018. 

Personal data will only be processed when the law permits this to happen. Most commonly personal data will be processed in the following circumstances:

  • Where you have given us your consent
  • In order to fulfil CYF’s obligations to you as part of your student contract
  • Where CYF needs to comply with a legal obligation (for example, the detection or prevention of crime and financial or charity regulations)
  • Where it is necessary for CYF’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • To protect the vital interests of the data subject or of another person (for example, in the case of a medical emergency)
  • In order to perform a task carried out in the public interest

CYF will only use personal data for the purposes for which it was collected unless it is considered reasonably that it is needed for another purpose and the reason is compatible with the original purpose. If CYF needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis that permits it to do so. CYF may process your personal data without your knowledge or consent, in compliance with this policy and procedure, where this is permitted by law. The below provides examples of how we use your information:

  • To correspond with you in connection with your application, enrolment, course or graduation matters
  • To make admission decisions
  • To administer your course and record your achievements during the course, which includes your assessments and graduation
  • To assist in pastoral and welfare needs for example the support services and services to students with disabilities
  • To administer financial aspects of your enrolment as a student and expenses
  • To provide or offer facilities and services to you (for example computing facilities and learning resources)
  • To operate security, disciplinary, complaint and quality assurance processes and arrangements
  • To produce management statistics and to conduct research into the effectiveness of our programmes of study as well as produce statistics for statutory purposes
  • To maximise individual’s opportunities to succeed through the use of learning analytics which are used to monitor individual’s engagement with their studies. This will involve the processing of data such as attendance and assessment to develop an overall picture of engagement. Such processing will only take place where it is necessary for the pursuit of the legitimate interests of CYF or the student and only where the processing is not unwarranted and will not cause a prejudicial effect on the rights and freedoms, or legitimate interests, of the student. Sensitive/special category personal data will only be processed where CYF is looking at trends and patterns analysis to produce management statistical reports
  • To monitor our responsibilities under equal opportunities policies
  • To make contact with you after you graduate about careers support, alumni membership and events, new developments at CYF and to update your communication preferences
  • Dealing with complaints and disciplinary matters
  • Complying with Home office checks and requirements
  • Carrying out our legitimate functions as an educational charity

Sensitive Personal Data

Some of your personal data processed by us may be classified as "sensitive". This includes

  • your racial or ethnic origin, any disabilities and any associated medical conditions that you have chosen to declare to us. It also includes any criminal convictions you may hold either before or during the time you are registered as a student at CYF, and the commission or alleged commission by you of any offences during the time you are registered as a student at CYF.

We may also collect sensitive information from you in relation to any applications you submit for extenuating circumstances, complaints and disciplinary cases provided by CYF. Sensitive personal information about you may also be provided to us in some circumstances by others (for example, other students or members of staff who may be concerned about you).

If you disclose sensitive personal information to us you expressly consent to us using that information for the purpose(s) given to you at the time the information was collected as well as for our equal opportunities monitoring.

You also expressly consent for us to:

  • use information you provide to us relating to a medical condition, disability or learning support needs you may have for the purposes of evaluating what suitable support may be available to you and to share this information with CYF volunteers and third parties who are directly involved in the application process or the provision of studentservices. Please note that this information has no bearing on the assessment of your application; and
  • use information relating to any criminal conviction you may have for the purposes of evaluating your admission to CYF or for evaluating whether to allow you to continue to study at CYF and to share this information with CYF’s volunteers and third parties for such purposes.

Who is your information shared with?

Where necessary, personal information will be shared internally within and across other teams at CYF.

The list below outlines the major organisations and most common circumstances in which CYF will disclose your personal information. Where this is outside of the EEA, CYF will only transfer information if it meets the conditions under the GDPR.

  • Work placement sites or educational partners involved in joint course provision
  • Potential employers or providers of education whom you have approached (for example, where you have listed CYF as a referee)
  • Organisations CYF works alongside to provide graduation ceremony services to students
  • Systems used in the course of your studies and during your time as a student, which are not managed directly by CYF

How long will your in formation be held?

CYF will hold your information in line with CYF’s internal records management policy. After you have graduated, CYF is required to retain some of your information to provide statutory analytical data and to provide academic references for career support. 

Keeping your information secure

CYF is required under data protection legislation to keep your information secure, and measures are in place to prevent unauthorised access and disclosure of your information.

Only relevant members of staff or volunteers who require access to your records will be authorised to do so. Systems and electronic files are subject to password restrictions and other security measures. Paper files will be stored in secure areas with controlled access.

Some processing of your information may be undertaken on CYF’s behalf by third party organisations. Organisations processing personal data on CYF’s behalf are also bound by the GDPR and CYF has sought assurances from these organisations they ensure they are aware of their obligations under the GDPR and resulting legislation.

Your rights

Under the GDPR and DPA 2018 you have a number of important right, without charge.

You have the right to:

  • Be informed of how we collect and use your personal data;
  • Access your personal data;
  • Require us to correct any mistakes in the data we hold on you;
  • Require the erasure of personal data concerning you in certain situations;
  • Restrict our processing of your personal data in certain circumstances;
  • Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
  • Object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and
  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

Any requests or objections should be made in writing to: Claire Bickley,

If a subject access request is made and the request for access is clearly unfounded or excessive, CYF reserves the right to refuse to comply with the request in these circumstances.

Your responsibilities

Throughout your studies, you have a responsibility to keep your personal details up to date.

During your time as a student, you may have access to other individuals' personal data and you are legally obliged to handle this in a confidential, professional and responsible manner in line with data protection legislation and any other codes of conduct or ethics.

If you are made aware of an individual’s personal information then you are expected to keep this confidential and to not tell anyone without the individual’s prior consent (unless there is an exceptional circumstance). You should also not seek to actively obtain another individual's personal information to which you are not entitled.

In the instance where data protection legislation or a duty of confidence has been breached, disciplinary action will be considered.

Changes to this notice

This privacy notice is reviewed annually or when required to ensure compliance with data protection legislation. If significant changes are made to this notice and the way we treat your personal information we will make this clear and may seek to communicate this directly to you.