In the course of your application for a Walking or Research Permit with us, you have provided information about yourself (‘personal data’). We (the University of Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.
How we use your data
We will use your data to provide you with your permit, and, if you have given us your consent to receive further correspondence either via email or post, to send you occasional newsletters, invitations to events or to get involved in fundraising activities.
If you make a donation, we will use any personal informatino you give us to record the nature and amount of your gift, claim gift aid where you have told us you are eligible, and thank you for your gift.
We are processing your data for these purposes only because you have given us your consent to do so, by completing our web form or giving us written confirmation. You can withdraw your consent at any time by contacting us at firstname.lastname@example.org. In this event, we will stop the processing as soon as we can. However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Who has access to your data?
Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above.
We may share your data with companies who provide services to us, such as for catering, AV, marquee and other equipment hire. These companies are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
Retaining your data
We will only retain your data for as long as we need it to meet our purposes, including any relating to legal, accounting, or reporting requirements.
We will retain your data for three year(s). If you have not been in contact with us after this three year period we will remove you from our records and mailing lists, if you have opted to receive updates.
Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website.
Where we store and use your data.
We store and use your data on University premises, in both a manual and electronic form.
Electronic data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for example, when we communicate with you using a cloud based service provider that operates outside the EEA such as MailChimp.
Such transfers will only take place if one of the following applies:
Information on your rights in relation to your personal data are explained here.
If you wish to raise any queries or concerns about our use of your data, please contact us at email@example.com or The Data Controller, Wytham Woods, Sawmill Yard, Keeper’s Hill, Wytham, Oxford, OX2 8QQ