MLA College is a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As such, the College is legally required to maintain a Record of Processing Activities (ROPA) in accordance with Article 30 of the UK GDPR.
MLA College processes personal data in order to deliver higher education and related services. These processing activities take place across all areas of the organisation, including:
- Academic Registry and Teaching
- Student Experience and Safeguarding
- Admissions and Marketing
- Information Technology Services
- Finance and Payroll
- Human Resources
- Compliance, Risk and Governance
The ROPA is maintained in a secure register and documents:
- The categories of data subjects and personal data processed
- The purposes and lawful bases for processing
- Any internal or external recipients of the data
- The systems and platforms used
- Retention periods
- International transfers (where applicable)
- Security and organisational measures
Purpose of Processing
MLA College processes personal data for the purposes of:
- Providing education and support to our students
- Staff administration
- Safeguarding the health and safety of our staff, students and third parties
- Management and administration of MLA College
- Financial purposes
- Data security
- Event promotion management
- Fundraising and donation management
- The prevention and detection of crime
- Contractor management
- Procurement
- Statutory returns and other legal obligations
- Marketing
- Alumni engagement management
Recipients of Personal Data
- Suppliers and service providers, including for the administration of travel
- New and previous employers
- Regulatory bodies including the Office for Students (OfS)
- Third party statistical agencies, including HESA
- SLC
- Awarding bodies
- Work experience or other placement providers
- Accommodation providers
- Student support – providers
- Auditors
- Police services
- Students’ Union
- Legal representatives
- International agents
The ROPA is reviewed regularly and is made available to the Information Commissioner’s Office (ICO) upon request.
Further details regarding MLA College’s ROPA and data protection governance are available on request.
Contact Information
Data Protection Officer:
Charlotte Thompson (Office Manager)
dataprotection@mla.ac.uk
Data Controller:
MLA College
United Kingdom
Organisation name: MLA College Ltd
Reference: ZA871607
Further information about MLA College’s data protection registration is available from the Information Commissioner’s Office (ICO) register.
MLA College is a privately owned higher education provider and is subject to the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018.
