OxNet Academic Courses: Data Protection Statement
In the course of completing this application/registration form, you have provided information about yourself (‘personal data’). We (Pembroke College, Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.
How we use your data
We will use your data to process your application for one or more of the OxNet academic courses organised by Pembroke College.
Using your data in this way is necessary for a task that we carry out in the public interest (i.e. running events to promote access to Higher Education) and to meet our legitimate interests in promoting applications to the College and the University of Oxford.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
The College’s privacy policies can be viewed in full here: https://www.pmb.ox.ac.uk/about/privacy-policy
Who has access to your data?
Access to your data within the College and the University will be provided to those who need to view it as part of their work in carrying out the purposes described above. Access will also be provided to any third parties that we use to help organise the programmes. Where we share your data with a third party, we will seek to share the minimum amount necessary.
We will add some of your data to the Higher Education Access Tracker database (HEAT www.heat.ac.uk), which we use to record information about our outreach activities and those who take part in them. HEAT is a shared database used by a variety of organisations to identify which activities are most helpful in preparing students for higher education and progressing to employment. Users include the University, its colleges, student organisations, educational charities and relevant public bodies (e.g. UCAS). The data added to HEAT comprises your personal details (name, gender, date of birth, postcode and school) and the events or activities in which you have participated. You can read further details about how your data on HEAT is used here: http://www.ox.ac.uk/about/increasing-access/widening-access-and-participation/heat#
Retaining your data
We will only retain your data for as long as we need it to meet our purposes, including any relating to legal, accounting, or reporting requirements.
Where we store and use your data
We store and use your data on College premises, in both a manual and electronic form.
Electronic data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for example, when we communicate with you using a cloud based service provider that operates outside the EEA.
Such transfers will only take place if one of the following applies:
- the country receiving the data is considered by the EU to provide an adequate level of data protection;
- the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield;
- the transfer is governed by approved contractual clauses;
- the transfer has your consent;
- the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract; or
- the transfer is necessary for the performance of a contract with another person, which is in your interests.
Under certain circumstances, by law you have the right to:
• Request access to your data (commonly known as a "subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.
• Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
• Request erasure of your data. This enables you to ask us to delete or remove your data under certain circumstances, for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
• Object to processing of your data where we are relying on our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for any direct marketing purposes.
• Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your data to another party.
Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. Further information on your rights is available from the Information Commissioner’s Office (ICO).
If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact the College at email@example.com.
We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
If you remain dissatisfied, you have the right to lodge a complaint with the ICO at https://ico.org.uk/concerns/ .
If you wish to raise any queries or concerns about our use of your data, please contact us at firstname.lastname@example.org