Magdalen College is committed to protecting the privacy and security of personal data. This page explains how we handle and use personal information in accordance with data protection legislation.
Legislation and Principles
Under the General Data Protection Regulation (GDPR), the data protection principles set out the main responsibilities for organisations.
Data protection law requires that personal data shall be:
- Processed in a lawful, fair and transparent way
- Collected for explicit and legitimate purposes
- Collected where it is relevant, and limited to the purpose(s) for which it is intended
- Is accurate and up to date
- Not kept for longer than necessary for the purpose(s) for which it is intended
- Processed in a manner that ensures appropriate security measures are used to protect personal data
Privacy Notices
A key aspect of complying with data protection legislation is being transparent and providing accessible information to individuals about the use of personal data.
The College has set out below a number of privacy notices detailing how it uses personal data:
Accommodation, Conferences and Events
Applicants and Prospective Students
Finance, Commercial and Related Administration
IT Systems, Email and Telephones
Staff, Office Holders and Senior Members
Records of processing activities (ROPA) referenced by the privacy notices provide further details relating to the categories of personal data held and processed by the College.
Accommodation, Conferences and Events (ROPA)
Applicants and Prospective Students (ROPA)
Finance, Commercial and Related Administration (ROPA)
IT Systems, Email and Telephones (ROPA)
Staff, Office Holders and Senior Members (ROPA)
Rights
Subject to certain conditions and exceptions set out in UK data protection law, data subjects are given various rights:
- The right to be informed as to how your data is being used. This is commonly provided for by the use of privacy notices as detailed above
- The right to request access to a copy of your personal data – this is known as a ‘subject access request’. A subject access request should be made to the College data protection officer clearly stating the personal data required
- The right to have any inaccuracies in your data rectified
- The right to have your personal data erased in certain circumstances
- The right to have the processing of your data suspended, for example if you want us to establish the accuracy of the data we are processing
- The right to receive a copy of data you have provided to us, and have that transmitted to another data controller (for example, another University or College)
- The right to object to the processing of your personal data in certain circumstances or its use in any direct marketing
- The right not to be subject to a decision based solely on automated decision-making
- Where the lawful basis for processing your data is consent, you have the right to withdraw your consent at any time
If you wish to exercise any of your rights in relation to your data as processed by Magdalen College please contact our data protection officer. Some of your rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
A response to a rights request will be sent within one month.
Further guidance on your rights is available from the Information Commissioner’s Office (https://ico.org.uk/).
Contact Details
If you need to contact us about your data, please contact:
Data Protection Officer
Magdalen College
Oxford
OX1 4AU
United Kingdom
Telephone: (+44 or 0) 1865 276000
Email: dataprotection@magd.ox.ac.uk
This page was last updated May 2018.