We are committed to protecting the privacy and security of your personal information. This notice describes how we collect and use your personal data submitted to us online, by email, on paper or face-to-face, in accordance with the General Data Protection Regulation (GDPR) and associated data protection legislation.
The University of Oxford is the “data controller" for the information that you provide to us. This means that we decide how to use it and are responsible for looking after it in accordance with the GDPR.
Data Protection Officer
The University’s Data Protection Officer can be contacted at firstname.lastname@example.org.
Access to your Data
Access to your personal data within the University will be provided to those staff who need to view it as part of their work.
Where we store or use your data
We may store the data we collect in hard copy or electronically. The data is stored on secure servers and/or in our premises within the UK. We may share your data with third parties or transfer your data outside the EAA under certain circumstances.
Retaining your data
We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements.
Full details on your rights to access and modify your personal data are available here.
You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). A complaint to the ICO can be made by visiting their website https://ico.org.uk/make-a-complaint/ or by calling their helpline on 0303 123 1113
Sharing Personal Data with Third Parties
We may share your data with third parties who provide services on our behalf.
All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our users, and others.
Where your data is shared with third parties, we will seek to share the minimum amount necessary.
Transfers outside the EAA
There may be occasions when we transfer your data outside the European Economic Area (EEA). Such transfers will only take place if one of the following applies:
the country receiving the data is considered by the EU to provide an adequate level of data protection;
the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield;
the transfer is governed by approved contractual clauses;
the transfer has your consent;
the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract; or
the transfer is necessary for the performance of a contract with another person, which is in your interests.
Data Collected on this Website
Details of the personal data we collect on this website
Personal data directly from you
When you fill in forms or surveys (for example for booking, asking us a question or reporting a problem with the website).
Unless otherwise stated on the form or survey, this information will be processed by our web content management system via servers based in the EAA in accordance with our standards for third party processors.
DATA AUTOMATICALLY COLLECTED ABOUT YOUR VISIT TO THIS WEBSITE
Type of device and unique device identifier
Browser type and version
Browser plug-in types
Mobile Network information and platform
URLs (web addresses) of pages visited
Clicks around the website
Page response times
Length of visit
This information is provided to us by your browser when you visit a webpage and passed to a third-party provider, Google Analytics. We take all possible steps to ensure that no personally identifiable information is processed.
The purpose and lawful basis for processing
- You will be able to find full details on the purpose and lawful basis for processing information you give to us via a form or survey on the form itself.
- Data collected for purposes arising from your use of this website is to ensure that we understand how our site is used, to improve our site, and ensure it is secure. This processing occurs because it is necessary to meet our legitimate interests in operating this website.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If you have any questions or concerns about a particular research study you are participating in, or wish to withdraw from the study, please use any contact details you have already been supplied with, or write to us at email@example.com
If you are unable to find the relevant contact details, you have any general questions about how your personal information is used by the Department, or wish to exercise any of your rights, please contact the University’s Information Compliance Team (firstname.lastname@example.org).