Data protection
As a member of the University Club, or in the course of registering with us for sports, the gym, accommodation or events, you have provided information about yourself (‘personal data’). We (the University of Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.
How we use your data
We will use your data to provide you with the services you have requested including accommodation, event management, membership of the Club and sports bookings.
We need to process your data for this purpose/these purposes to meet our legitimate interests in managing the University Club and managing the accommodation and facilities.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Who has access to your data?
Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above.
We may share your data with companies who provide services to us, such Compass who manage the University Club on our behalf. These companies are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
Retaining your data
We have specific retention periods for the different services we offer:
- Room booking data is held on our system for a period of 6 years from the time you check out.
- Membership of the University Club and gym – data is held for a maximum of one month after membership expires if the customer decides not to renew.
- Sports booking information is kept our system until the booking expires, at which point it is deleted.
- If you hire our venue for an event we will hold your data for 3 years after which time it will be deleted from our system.
Security
Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website.
Where we store and use your data
We store and use your data on University premises, [in both a manual and electronic form].
Electronic data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for example, [when we communicate with you using a cloud based service provider that operates outside the EEA such as [Survey Monkey/MailChimp/ Eventbrite/Wuhoo/etc].
Such transfers will only take place if one of the following applies:
- the country receiving the data is considered by the EU to provide an adequate level of data protection;
- the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield;
- the transfer is governed by approved contractual clauses;
- the transfer has your consent;
- the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract; or
- the transfer is necessary for the performance of a contract with another person, which is in your interests.
Your rights
Information on your rights in relation to your personal data are explained on the Individual rights page on the Compliance website.
Contact
If you wish to raise any queries or concerns about our use of your data, please contact us at facilities@admin.ox.ac.uk.
For information about your rights please contact data.protection@admin.ox.ac.uk.
