PRIVACY STATEMENT VERSION 5 DATED 18/09/2023

IICP College will keep a record of the details you provided on your application form, any supporting documents requested as part of your admission, and additional details provided by any referees and recorded following any interview process. Where your application leads to your registration as a student, we will maintain records about your studies, and about your use of the academic and non-academic facilities and services that we offer. This personal information will include data such as your name, home address, date of birth, course studied, fee payments, and information about your examinations, assessments and results.

Your personal information is created, stored and transmitted securely in a variety of paper and electronic formats, including databases that are shared between the College and the main student records system, MIT. Other than outlined below, access to your personal information is limited to College staff for the purpose of carrying out their employment duties, and our use of your personal information will not be excessive.

It is important to keep in mind that students communicate with the College and not individuals within the College. No individual College staff member can provide confidentiality for information provided by a student. The College is careful to ensure that personal information is managed with due care and attention. However the management of information is carried out by the College and not by any individual staff member.

In addition to this, the College may process some information about you that is classed as ‘sensitive’ or ‘special category’ personal data, and which requires additional protections. This includes information concerning your ethnicity, sexual orientation, religious beliefs or health/disability that we use for course delivery, planning and monitoring purposes, or in order to provide care, help or suitable adjustments. For certain courses of study, other sensitive information may be processed, such as information about past criminal convictions, working with children or vulnerable adults, and your fitness to practise. Access to, and the sharing of, your ‘sensitive’ personal data, is managed carefully by the college to ensure that personal information is treated with due care and attention. When requesting ‘sensitive’ data, the college will provide information on the reason for gathering this information and the purpose to which it will be put. Students may choose to provide ‘sensitive’ data, for example in assignments or as part of student care, and in such situations should satisfy themselves before providing that information that they are aware of and consent to the uses to which it will be put.

It should be kept in mind that the confidentiality of your information is not absolute.
Confidentiality cannot be maintained where there are concerns that a child or a vulnerable adult may have been abused or neglected, is being abused or neglected, or is at risk of abuse or neglect. This applies equally to historic abuse – ie where there is a suspicion of past abuse, irrespective of how long ago. Under such circumstances statutory services such as HSE, Tusla and the Gardai may need to be informed of the concerns. In addition, where the college has concerns for the safety, health or welfare of any person then it may be required to act to manage that harm, including through the involvement of statutory, health or welfare services. The welfare of vulnerable people is of paramount concern in such circumstances and therefore in certain limited circumstances, this may occur without your knowledge and/ or consent.

What is the purpose and legal basis of the processing?
The College will process your personal information for a range of contractual, statutory or public interest purposes, including the following:

  • To deliver and administer your education, record the details of your studies (including any placements with external organisations), and determine/confirm your academic achievements, such as results.
  • To administer the financial aspects of your relationship with us and any funders.
  • To deliver IT facilities to you. Some of these IT services are specific to an educational context (e.g. the use of lecture capture facilities, anti-plagiarism software or online learning environments).
  • To deliver facilities and services to you (e.g. libraries, academic support).
  • To enable your participation at events (e.g. functions, graduation).
  • To communicate effectively with you by post, email and phone, including the distribution of relevant newsletters and circulars.
  • To operate security, governance, disciplinary, complaint, audit and quality assurance processes and arrangements. Note that information collected for a different purpose may be re-used for disciplinary purposes, including to identify you, where this is proportionate and necessary (e.g. IT logs showing your network/computer access and use).
  • To support your training, safety, welfare and wellbeing requirements
  • To compile statistics and conduct surveys and research for internal, statutory reporting, or public or legitimate interest purposes.
  • To fulfil and monitor our statutory responsibilities, including equality and public safety legislation.
  • To fulfil and monitor our statutory and professional responsibility in relation to the protection and care of others, including but not confined to children and vulnerable adults.
  • To enable us to contact others in the event of an emergency. We will assume that you have checked with the individuals before you supply their contact details to us.

We consider the processing of your personal information for these purposes to be either necessary for the performance of our contractual obligations with you (e.g. to manage your education, student experience and welfare while studying at IICP College), or necessary for compliance with a legal obligation (e.g. reporting to QQI), or necessary for the performance of tasks we carry out in the public interest (e.g. teaching and placements), or necessary for the pursuit of the legitimate interests of the College or an external organisation (e.g. to enable your access to external services). We require you to provide us with any information we reasonably ask for to enable us to administer your student contract. If we require your consent for any specific use of your personal information, we will collect it at the appropriate time and you can withdraw this at any time. However, in the event that such withdrawal affects our ability to provide services to you (including the administration of any Courses) or comply with our legal or professional obligations, you will be unable to remain registered as a learner with IICP and we may not be able to complete certain processes for you.

Who will my personal information be shared with?
As described above, your personal information is provided to IICP College and not to any individual within the college. In addition, it is shared as permitted or required by law, on a considered and confidential basis, with a range of external organisations, including but not conf the following:

  • QQI. IICP College provides to the Statutory Body, Qualifications and Quality Ireland, student details, assessment results and PPSN numbers. This is required in order to process examination results.
  • Protection for Enrolled Learners. IICP College is part of the Higher Education Colleges Association (HECA) Protection for Enrolled Learners (PEL) scheme. Learners enrolled on a QQI course of more than 3 months duration are covered by arrangements under section 65 (4) of the Qualifications and Quality Assurance (Education and Training) Act 2012 whereby, in the event of IICP College ceasing to provide the programme for any reason, enrolled learners may transfer to a similar programme at another agreed provider, or, in the event that this is not practicable, the fees most recently paid will be refunded. In order to comply with GDPR, students must be aware that as part of the PEL Scheme you are giving permission for your personal data to be shared with QQI, Protecting Colleges and relevant HECA administration in the event of a PEL event / non-continuance of their programme.
  • Student Management System. Every College keeps records about learners and is required by Data Protection regulations to inform learners about the personal data held. IICP College engages a student management system provider to provide Admissions Management, Payment Solutions, & Administrative Solutions. The provider does not store credit/debit card details; this data is handled by online payment processors. The types of personal data that are processed include: demographic data, payment records and academic records. The provider also holds communication records between the College and stakeholders, such as students, staff and examiners, as well as PPS numbers. The processing occurs for the purposes of providing education programmes. The PPS number is intended to be used for the purpose of accurately identifying the individual in the administration of publicservices and for QQI purposes. PPSN is part of a mandatory provision of data by the College to QQI.
  • Department of Employment Affairs and Social Protection. Student data and PPSNs must be provided to the Department of Employment Affairs and Social Protection on request. This is required by S.I. No. 142/2007 – Social Welfare (Consolidated Claims, Payments and Control) Regulations 2007. Students who are receiving social welfare should ensure that they are aware of the requirements for notifying the Department, and of the impact on their social welfare payments, before they begin their programme of study.
  • IT Support Provider. IICP College must have a reliable, sustainable IT infrastructure to ensure business related tasks are completed effectively and efficiently. This means that we have in place data backup and restore procedures to ensure business continuity. IICP College engages an external IT support provider to provide IT service desk assistance. This provider may have to access personal data when their expertise is required to resolve IT related issues. This provider may also hold communication records between the College and stakeholders (such as students, teachers, employers, examiners and PPS Numbers) as part of their data backup service. PPSNs are stored on the backup server to ensure that accurate returns can be made to QQI.
  • The providers of training placements.
  • External examiners and assessors, and external individuals involved in relevant College committees or procedures.
  • On occasion statutory, health or welfare services where circumstances so require.

On occasion, the above types of sharing may involve the transfer of your personal information outside the European Economic Area. Such transfers usually are necessary in order to meet our contractual obligations with you, and are carried out with appropriate safeguards in place.

How long will my data be held:
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, after you graduate a core record of your results is retained indefinitely so that the details of your academic achievements can be confirmed. With your consent your personal contact details are retained for marketing purposes.

Your annual registration with IICP College is taken as consent to such processing. Where you do not register with the college for a programme stage and pay the appropriate fee, then your information, including your Moodle page, will be removed from IICP College systems. In order to ensure that your access to Moodle, library resources etc is maintained you should ensure that you register and pay the appropriate fee in good time.

IICP College collect your name, email address and telephone number when you register for the taster. It also collects information on your professional background. This information is stored in ZOOM and WordPress, and this information is deleted within 3 months of the taster event.
During our Virtual Tasters we will be using Zoom Webinar to host our live course sessions, where you will have the opportunity to interact with our faculty in a live Q&A.

Will my personal information be visible during or after the session?
Once the session has been started by the host, you will be placed in a Webinar room where the only participants will be the registered participants and IICP College faculty. During the session, you will be encouraged to submit any questions for the faculty member hosting the event. These questions and your name will be visible to any other attendees, and so we recommend that you do not use your full name or your email address when prompted to allow access to the session.

These sessions will not be recorded. It should be noted that chat/messaging is recorded in order to allow the host to respond to questions. Students who attend the sessions are aware of and agree to the chat/messaging being recorded.

Zoom collects certain personal data by default, while other data collection is optional (i.e., the host or individual user may choose not to provide the data to Zoom). Personal data collected includes:

  • User profile: first name, last name, phone (optional), email, password (if single sign-on is not used), profile picture (optional), department (optional)
  • Meeting metadata: topic, description (optional), participant IP address, device/hardware
  • Cloud recordings (optional): Mp4 of all video, audio and presentations, M4A of all audio, text file of all in meeting chats, audio transcript file
  • Instant messaging chat logs
  • Telephony usage data (optional): call in number, call out number, country name, IP address, 911 address (registered service address), start and end time, host name, host email, MAC address of device used.

Data Retention Policy
A Data Retention Policy has been implemented for Zoom Recordings of taster chats. By default any recordings will be deleted within 6 months of the event.

In order to provide a resource to students IICP College may record a teaching session, live stream a teaching session, and/or post a recording of a teaching session to Moodle. The recorded lecture is made and posted up to enable absent students to access the teaching session, students who attended to review the session and lecturers to reflect on the teaching session and plan future teaching sessions accordingly. Depending on how the teaching session is delivered this may include the recording of audio or video of the lecturers and / or students.

How do I know whether teaching sessions are being recorded?
Participants need to know if the session is being recorded so as to enable them to make personal choices with regard to their involvement in the recording.

If the teaching session is happening online you will know if it is being recorded as a text stating ‘Recording’ or a similar label/icon/notice will show on your computer screen. If you are being taught on campus you will be advised at the start of each session by the person giving the session.

If you are not certain whether a session is being recorded you should ask prior to contributing to the class. This will ensure that you are aware of whether your contribution will be recorded.

Can a student record a session?
No. Students must not make their own recordings from their computer/device as personal data recordings need to be controlled by the College to protect the rights of other students and staff.

What is the legal basis for processing personal data on class recordings
The College processes this personal data:

  • Where we need to perform a contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where processing is necessary for the purposes of the legitimate interests of the College, its students or a third party

Is all personal data treated the same?
Lecturers will take extra measures to ensure the security of a session if recording sessions where special categories of personal data are likely to be recorded. Special categories of personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data processed for the purpose of uniquely identifying a natural person. The measures required will be assessed on a case by-case basis but may include, for example:

  • Not recording or live streaming a session in some instances
  • Reminding students of their privacy rights prior to a discussion
  • Ending or pausing a recording
  • Not uploading the recording, or a portion of the recording,


Can I opt out of having my personal data recorded?

Where a student is online for a recorded training session they can mute their microphone and/or turn off their webcam. The exception here is where a session is being recorded for assessment purposes.

Where a student is attending a recorded training session in person and a student chooses not to be recorded the student can sit out of the view of the video camera and the student can choose not to speak during that session.

What software is used by the College?
IICP College uses Zoom for remote teaching and Learning. Class Recordings are uploaded to VIMEO and are made available on the Moodle class page. Class recordings are only made available to the class who are enrolled in that given cohort.

In the case of By Your Side Inputs that are recorded, every student and lecturer is enrolled in the By Your Side page, so all can view. As described in QAM Policy 11.5 Incorporating Digital Technology into the Curriculum, all materials stored in Moodle sites are considered active and dynamic for the duration of the academic year during which the module runs. While the module is active, the College staff, faculty and class will have access to the class Moodle page.

At the end of the academic year, a phased process of deletion is begun. At this stage students will no longer have access to their class Moodle page. However –

What data is collected by Zoom
Everyone who uses Zoom will have some of their personal data collected as part of this delivery.

Zoom collects certain personal data by default, while other data collection is optional (i.e., the host or individual user may choose not to provide the data to Zoom). Personal data collected includes:

  • User profile: first name, last name, phone (optional), email, password (if single sign-on is not used), profile picture (optional), department (optional)
  • Meeting metadata: topic, description (optional), participant IP address,
    device/hardware
  • Instant messaging chat logs
  • Telephone usage data (optional): call in number, call out number, country name, IP address, 911 address (registered service address), start and end time, host name, host email, MAC address of device used.

Personal data collected by Zoom is stored in data centres within the EEA. Zoom uses security measures to protect personal data from unauthorized access. These are detailed in the ZOOM Privacy Notice, available here: https://zoom.us/privacy#Toc44414842.

Zoom recordings may be stored locally on the host’s computer, or may be stored on the Zoom cloud.

Zoom Cloud Recordings
Where recordings are stored on the ZOOM cloud, the following information will be stored:

  • User names, Mp4 of all video, audio and presentations, M4A of all audio, text file of all in meeting chats, audio transcript file.

Zoom Cloud recordings are manually deleted by staff in accordance with our Retention and Deletion Schedule.

Zoom Local Recordings
Where recordings are stored locally, the following information will be stored on the meeting host’s device:

  • User names, Mp4 of all video, audio and presentations, M4A of all audio, text file of all in meeting chats, audio transcript file.

Local recordings are manually deleted by IICP College staff in accordance with our Retention and Deletion Schedule

What is collected by VIMEO?
Vimeo is operated by Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA.
Using Vimeo establishes a connection to the Vimeo Servers, and data on the browser and computer system you are using can be collected. Vimeo is responsible for data processing and more information can be found in the Vimeo Privacy Policy available here: https://vimeo.com/privacy#data_we_collect_about_you

Privacy of recordings
The following settings are used to protect the privacy of a recording:

  • Only people with access to the Moodle class page can watch the class recordings.
  • Every student and lecturer is enrolled in the By Your Side page, so all can view any BYS recordings.
  • Recordings cannot be embedded in other locations.
  • Comments are disabled.
  • Downloading is disabled.

Will my personal information be visible during or after the session?
Once the session has been started by the host, you will be placed in a Webinar room where the only participants will be the classes’ enrolled students and teachers. Your contributions, your image and your name will be visible to any other attendees, and as required to IICP College staff. These sessions will be recorded.
The host may move you to breakout rooms during class. Breakout rooms are not recorded.