Magdalen College is committed to protecting the privacy and security of personal data.
This privacy notice explains in detail what personal data Magdalen College (“us” or “we”) gather and hold about visitors to our website (“you”). It also explains how we use that data, how we share it, how long we keep it and what your legal rights are in relation to it. If you access other websites, including those linked to on our site, you will need to consult the appropriate information relating to their policies and or statements.
For the parts of your personal data that you supply to us, this notice also explains the basis on which you provide the information. For the parts of your personal data that we generate about you, or that we receive from others, it explains the source of the data.
There are some instances where we process your personal data on the basis of your consent. This notice sets out the categories and purposes of data where your consent is needed.
Click on the text below to expand each section of the notice.
“Personal data” is information relating to you as a living, identifiable individual. We refer to this as “your data”.
Data protection law requires Magdalen College as data controller for your data:
- To process your data in a lawful, fair and transparent way;
- To only collect your data for explicit and legitimate purposes;
- To only collect data that is relevant, and limited to the purpose(s) we have told you about;
- To ensure that your data is accurate and up to date;
- To ensure that your data is only kept as long as necessary for the purpose(s) we have told you about;
- To ensure that appropriate security measures are used to protect your data.
If you need to contact us about your data, please contact:
Data Protection Officer
Magdalen College
Oxford
OX1 4AU
United Kingdom
Telephone: (+44 or 0) 1865 276000
Email: dataprotection@magd.ox.ac.uk
Whenever you use a website, mobile application or other Internet service, certain information is created and recorded automatically.
In addition to the data we gather via web forms placed on our site (the handling of which will be governed by the relevant data protection notice covering the circumstances and context), we collect and generate a variety of data via our website(s).
Categories of data that we collect, store and use include (but are not limited to):
- Log data: Whenever you use our website, our servers automatically record information (“log data”) regarding that access, including:
- Any data sent by your browser or mobile app to enable you to access the site.
- Location data of users (if provided by the connecting device).
- Internet Protocol (IP) address of the connecting device or other unique device identifiers.
- Browser type and setting for the connecting device.
- The date and time of access.
- Details of any attempts to log on to closed systems.
- Crash data.
- Cookie data: We may use “cookies” (small text files sent by your computer each time you visit our website, unique to your visit or your browser) or similar technologies to record additional information.
- For further information on the cookies we use and the data each collects, please see our Cookie notice.
Most data collected is statistical data about our users’ browsing actions and patterns, and does not identify any individual. However, there may be occasions where browsing patterns are connected to IP addresses or location data such that the data as a whole is personal data.
Whether we collect some of the above information often depends on your device type and settings. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider
Other sources of your dataApart from the data that you provide to us, we may also receive data about you from other sources:
- We may get information about you and your activity outside the College from other third parties we work with. For example:
- The University of Oxford
- Google Analytics shares information with the websites or apps where it runs to provide statistics. We also receive this information, which may include information such as whether clicks on other sites led to visits to our site. For more information about Google Analytics see http://www.google.com/analytics/.
The law requires that we provide you with information about the lawful basis on which we process your personal data, and for what purpose(s).
In most circumstances, we require your consent to place cookies on your device(s). When you access our website you are notified that we use cookies, and continued use of the site following that notification is taken as consent to the use of cookies.
If you would prefer that we do not use cookies, you should adjust your browser settings to reject cookie use. Your operating system may allow you to set your preferences in a variety of ways, including a “Do Not Track” setting. [If you enable the setting, we will not track your activity on our site.]
Where we use cookies for site security, or to ensure the proper functioning of the site (for example via the use of load-bearing cookies), we do not require your consent to the use of these cookies, We have a legitimate interest in their use and we process all data, as collected by those cookies, on that basis.
The data that we collect via our website in the course of your accessing it, is provided by you on a voluntary basis. If you elect to adjust your browser settings to reject cookies, it may affect your experience in using the site, in the event that any blocked cookies support functionality.
We do not, and will not, sell your data to third parties. We will only share it with third parties if we are allowed or required to do so by law.Examples of bodies to whom we are required by law to disclose certain data include, but are not limited to:
| Organisation | Why? |
|---|---|
| UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security. | We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms. [in cases where the law places a duty on us to report] |
Examples of bodies to whom we may voluntarily disclose data, in appropriate circumstances, include but are not limited to:
| Organisation | Why? |
|---|---|
| Other Colleges and/or PPH’s within the University of Oxford, University offices and/or departments | Data from cookies may be shared in pursuit of our legitimate interest in maintaining the proper function and security of our website, or where the other party has a legitimate interest is receiving the data for similar purposes. Data may also be shared in an anonymized and/or statistical format. |
| Legal advisers and auditors | To support our legal and financial obligations and objectives. |
| Third party service providers | To facilitate activities of College. Any transfer will be subject to an appropriate, formal agreement between College and the processor. |
| UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security. | We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms. |
Where website information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.
All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies, and are only permitted to process your personal data for specific purposes in accordance with our instructions. We do not allow our third party providers to use your personal data for their own purposes.
The law provides various further safeguards where data is transferred outside of the EU.
When you are resident outside the EU in a country where there is no “adequacy decision” by the European Commission, and an alternative safeguard is not available, we may still transfer data to you which is necessary for performance of your contract with us .
We will not transfer your data outside the European Union without first notifying you of our intentions and of the safeguards that apply to your data.
We do not envisage that any decisions will be taken about you based solely on automated means. We will update this notice if this position changes.
We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, regulatory, disciplinary or reporting requirements.
Please note that we may keep anonymized statistical data indefinitely, but you cannot be identified from such data.
We adopt data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Subject to certain conditions and exception set out in UK data protection law, you have:
- The right to request access to a copy of your data, as well as to be informed of various information about how your data is being used;
- The right to have any inaccuracies in your data corrected, which may include the right to have any incomplete data completed;
- The right to have your personal data erased in certain circumstances;
- The right to have the processing of your data suspended, for example if you want us to establish the accuracy of the data we are processing.
- The right to receive a copy of data you have provided to us, and have that transmitted to another data controller (for example, another University or College).
- The right to object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
- The right to object to the processing of your information if we are relying on a “legitimate interest” for the processing or where the processing is necessary for the performance of a task carried out in the public interest.
- The right to object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
- Where the lawful basis for processing your data is consent, you have the right to withdraw your consent at any time. This will not affect the validity of any lawful processing of your data up until the time when you withdrew your consent. You may withdraw your consent by contacting the College Data Protection Officer.
If you wish to exercise any of your rights in relation to your data as processed by Magdalen College please contact our Data Protection Officer. Some of your rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
Further guidance on your rights is available from the Information Commissioner’s Office (https://ico.org.uk/). You have the right to complain to the UK’s supervisory office for data protection, the Information Commissioner’s Office at https://ico.org.uk/concerns/ if you believe that your data has been processed unlawfully.
We may need to update this notice from time to time, for example if the law or regulatory requirements change, if technology changes or to make Magdalen College or the University’s operations and procedures more efficient. If the change is material, we will give notice of the change so that you can exercise your rights, if appropriate, before the change comes into effect.
This notice was last updated May 2018.