Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

Privacy

Privacy Notice

1. About this Privacy Notice

The purpose of this privacy notice is to explain how Christ Church (“we”, “our”, “us”) holds and uses personal data about alumni, donors and supporters (“you”), and how we use it for alumni and supporter relations, and fundraising purposes. You can read Christ Church’s privacy notices relating to other activities and relationships here.

Development and Alumni Relations teams across the collegiate University work closely together and have aligned our policies around data privacy and our privacy notices to provide clarity for our alumni, donors and supporters. You can read the University’s privacy notices here.

2. What we do

Christ Church’s Alumni Relations and Development team exists to establish and develop lifelong relationships with and amongst our alumni, donors and supporters. We’re here to help you stay connected with each other, with Christ Church and with the University of Oxford. Our communications with you will include news, research developments, events, exhibitions, collections and resources, reunions, volunteering opportunities, fundraising priorities and progress updates that are important to you.

We fundraise to ensure that, thanks to the incredible generosity of our donors, Christ Church can ensure an open and competitive admissions process based on merit, preserve the tutorial system, promote scholarship and research at all levels and honour our obligations to the buildings of the college.

3. Information we collect

We, Christ Church, collect information from you in three ways: directly from you during your ongoing relationship with us or with the University of Oxford; from publicly available sources; and/or from third parties providing us with services or acting on our behalf.

The amount of data we collect and hold depends on the frequency and nature of your interactions and engagement with us. Information may be gathered across the lifetime of our relationship with you and from many different forms of interaction.

We may hold and process the following types of personal data about you:

Biographical information, which may include: 

  • name, title, contact details, date of birth, gender, marital status, spouse, partner and family details
  • for current or past students of the college and Christ Church Cathedral School: student ID, programme of study, department, college, matriculation or start date, graduation date, degree conferred
  • awards received whilst studying at Oxford (prizes, scholarships, accolades, bursaries); other education history and professional qualifications
  • involvement in sports teams, clubs and societies whilst at Oxford and subsequently
  • employment details (incl. salary/salary band), career history, professional activities
  • interests, activities and accolades, incl. honours, life achievements
  • profile pictures which come from publicly accessible sources (where copyright allows)
  • links to your public social media presence e.g. LinkedIn, Twitter, website or blog

Details of our ongoing relationship and your engagement with us, which may include: 

  • records of your personal interactions with us (e.g. correspondence, notes of meetings or conversations)
  • your communication preferences; records of communications you have received from us, incl. copies of letters, emails or appeal literature sent, and of fundraising activities in which you have been included (e.g. annual fund mailings, telephone fundraising campaigns)
  • data obtained through cookies and similar technologies such as pixels, tags, web beacons, and other identifiers. These help us understand how you interact with our email communications, websites and other online services we provide, e.g. crowdfunding, alumni networking sites. You will find a link to the relevant cookie policy on each of our websites
  • your attendance (and that of your guests) on visits to, or at events across the collegiate University, including details of any payments made, and photographs, audio and video recordings in which you may be included
  • details of benefits and services provided to you, e.g. use of college or University libraries, Oxford University Careers Service
  • your connections to other alumni, students, staff, friends, groups or networks, donors and supporters within the collegiate University community
  • membership of college or University social media groups e.g. Facebook, LinkedIn
  • a record of offers of voluntary support you have made, e.g. offers of expertise, advice, mentoring, internships, coaching, accommodation/support for students visiting your area
  • a record of volunteer work you have undertaken

Information about your giving, which may include: 

  • current and past donations and pledges, documentation relating to these gifts and records of the projects you have supported
  • financial information required to process your gifts
  • if you have given it, an indication of your intent to leave a legacy, including copies of Wills or sections of Wills
  • any requests you have made for anonymity in relation to your giving
  • thank you letters, donor reports provided relating to gifts you have made, correspondence and notes of meetings
  • plans for activities and future interactions
  • records of membership of any societies or groups related to your giving
  • your relationship to friends and patrons groups associated with, or providing support to, the collegiate University
  • your relationship to relevant trusts, foundations and corporates, e.g. membership on board of trustees

Information relating to your willingness or financial capacity to support our charitable objectives, which may include:

  • Our understanding of your likely philanthropic interests, and a note of particular projects we think may be of interest to you. This understanding may be provided by you or from information in the public domain
  • Information about your giving to other organisations, and other support that you provide (e.g. volunteering roles, trusteeships), where this information is given to us by you or publicly reported, and where it helps us to understand your interests and capacity to provide support
  • Other information which may give an indication of the scale of any potential philanthropic gift you may be able to give, such as information about earnings and assets, including property, or publicly reported estimates of wealth
  • Any estimate we may make regarding the potential scale of your support on the basis of the above information and your previous giving
  • Personal recommendations, where made by other supporters, that you may be willing and able to provide support

Sensitive personal data, which may include:

  • Health information, including any medical conditions - we may use health information provided by you so we can make reasonable adjustments to improve the service we are able to offer you (e.g. seating or access at an event, dietary requirements, provision of disabled parking, or allocation of accommodation). With your permission, we may also hold health data to ensure our engagement with you is based on a suitable understanding of, and care and respect for, your particular circumstances. 
  • Criminal convictions, offences and allegations of criminal activity - we may use publicly available information concerning criminal convictions and offences or allegations of criminal activity, including money laundering or bribery offences, to carry out due diligence on donors or prospective donors in line with our guidelines on the acceptance of gifts.
  • Race or ethnicity, religious beliefs, sexual orientation, political opinions - we do not seek to obtain these categories of sensitive data. However, they may sometimes be inferred from other data we hold, for example, your relationships, society memberships, job titles, donations to specific causes or interests.

4. How we use your data

Your personal data are used by us for the following purposes in support of alumni and supporter relations, and fundraising:

  • For alumni and supporter engagement
    • To manage our ongoing relationship with you and to provide a record of your interactions and contributions to college life
    • To offer and manage a varied programme of events tailored to your interests, including networking events, subject reunions, Gaudy dinners, sports events, concerts, seminars and lectures
    • To ensure you are aware of the wider programme of events, lectures and seminars taking place across the collegiate University which we believe may be relevant to you and that you may have an interest in attending
    • To keep you up to date with news from your college, department, or other areas in which you have shown an interest, e.g. by making a donation, attending an event, or becoming a member/friend
    • To provide you with information about alumni benefits and services, including access to the University of Oxford Careers Service
    • To let you know of volunteering opportunities, including linking current students with alumni for careers advice and internships, or speaking opportunities
    • To provide the most relevant content and best possible user experience when you are interacting with our digital communications and platforms
    • To identify and profile potential volunteers, alumni ambassadors and event attendees
    • To accept and process commercial revenue, e.g. for merchandise or event tickets
    • To undertake surveys and market research
    • To create classifications and groupings (through manual or automated analyses) in order to best direct engagement activities
    • To analyse the success of our engagement activities, collect feedback, and manage complaints
  • For all fundraising and donor stewardship
    • To help ensure that our fundraising efforts are conducted as efficiently as possible, and that our approaches to potential donors are respectful, professional, and made, as far as possible, based on evidence and an understanding of what may interest you
    • To ask you for your support for our fundraising programmes, always mindful of fundraising best practice
    • To accept and process philanthropic revenue
    • To provide acknowledgement, recognition and stewardship of your gift
    • To inform you of the impact of your gift
    • To create classifications and groupings (through manual or automated analyses) in order to best direct fundraising activities
    • To support peer-to-peer fundraising campaigns
    • To inform fundraising, marketing and donor stewardship strategies
  • For fundraising for major gifts
    • In addition to analysing data shared with us, we may use publicly available information and recommendations from staff and supporters to identify individuals who we believe may have the interest and financial capacity to make a major gift.
    • Where we have reason to think a potential donor may possess an interest and financial capacity to donate, we may research and collate additional information from sources in the public domain, typically concerning a potential donor’s interests in so far as they may coincide with our work, their philanthropic activity, financial capacity and networks in order to substantiate this. We may undertake this research ourselves or use the services of a third-party partner. This new information may be added to the record of a donor or potential donor.
    • Where this activity is being undertaken for a new contact with whom we have no previous relationship, we will provide the individual with a link to this privacy notice as part of our initial engagement. 
    • Information may be collated into a briefing or profile in order to assist the planning of an approach to a potential donor to discuss that individual’s interest in our work and in supporting it.
    • We may also carry out due diligence on potential donors using publicly available information in order to comply with our policy on the acceptance of gifts, and to fulfil our legal responsibilities. 
  • For operational reporting, management reporting, and governance
    • We may use your personal data for the purposes of operational reporting, to produce management information, and for other relevant purposes relating to the governance of the college. We will use only the data required and, unless necessary, we will use anonymised or pseudonymised data.
  • In our external communications
    • Unless you request otherwise, we may publish your name in an online directory, in donor listings, as part of a guest list, or we may work with you to create press releases or case studies to be included in our publications or on our websites.

If you do not wish your data to be used in any of the ways listed above, or have any questions, please contact us using the details here.

5. When and how we share your data

We may, from time to time, need to share your personal data within the collegiate University of Oxford or with third-parties working on our behalf. We will only do this in appropriate circumstances, by secure means, and with the relevant data sharing agreements in place. We do not, and will not, sell your data. 

Third parties will only process your personal data on our instructions and where they have agreed to treat your data confidentially and to keep it secure. We only permit them to process your personal data for specified purposes. We do not allow our third-party service providers to use your personal data for their own purposes nor to keep your data after the processing is complete. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies.

Whenever your information is shared, we will always seek to share the minimum amount of information necessary to fulfil the purpose, this includes the use of anonymised or pseudonymised data where that is sufficient.
Your data may be shared in the following ways:

  • Within the collegiate University of Oxford
  • We may share your data with colleges and departments that make up the collegiate University. We will do this only where it is necessary in order to carry out any of the purposes listed in this privacy notice. For example, where the University is coordinating with one or more colleges to organise shared events to which you are invited; to manage and coordinate relationship management activities with you; or to ensure your contact information and communication preferences are up-to-date. 
  • We may also share relevant data, in appropriate circumstances, with college or University Sports Clubs and Societies where you are (or were) a member of that club or society.
  • With organisations or individuals affiliated to Christ Church

We benefit from a network of organisations and individuals who volunteer their support to Christ Church. We may share relevant data with them, in appropriate circumstances, by secure means, and with the relevant data sharing agreements in place. These may include:

  • Volunteers offering their expertise by serving on boards or otherwise advising on or assisting with alumni or development matters
  • Recognised college or University alumni societies and networks, for example when they are helping to organise a dinner or host an event to which you are invited. 
  • With partner organisations that accept gifts in support of Christ Church

The following organisations enable tax-efficient giving to Christ Church and/or the collegiate University of Oxford, from outside of the UK. Data may be shared by us with these organisations where it relates specifically to donations you have made, or have pledged to donate via these organisations.

  • American Friends of Christ Church (AFCC) accepts gifts in support of Christ Church. AFCC has been determined by the United States Internal Revenue Service to be a tax-exempt public charity.
  • Americans for Oxford, Inc. (AFO) accepts gifts in support of the collegiate University of Oxford. AFO has been determined by the United States Internal Revenue Service to be a tax-exempt public charity. The personal data you provide when making a gift to AFO are collected and processed by Oxford University’s North American Office using the shared Development and Alumni Relations System (DARS).
  • Swiss Friends of Oxford (SFOU). Swiss residents can give tax efficiently to the collegiate University of Oxford. SFOU is set up as an association (Verein) under Swiss law and has a tax ruling from the canton of Zug recognising its tax-exempt status.
  • German Friends of Oxford University. Residents of Germany can also make tax-efficient donations to the collegiate University of Oxford via the German Friends of Oxford University without incurring any fees.

With third-party organisations engaged by Christ Church to provide services. These include but are not limited to: 

  • mailing houses, printers, event organisers or venues
  • organisations providing tools such as relationship- or event-management systems; databases and reporting/analysis tools; alumni networking or crowdfunding platforms; email or survey tools; payment services (e.g. direct debit, online donation processing)
  • organisations assisting with activities such as market research, marketing and communications, organisational effectiveness, strategy and planning, auditing, business intelligence and analysis, customer experience

6. How we protect your data

Christ Church takes precautions to safeguard your personal information against loss, theft and misuse, unauthorized access, disclosure and destruction through the use of appropriate administrative, physical and technical security measures.

All departments within the college have drawn up Information Asset Registers which include information on the measures in place to protect both physical and digital data during its collection, processing, and destruction (if relevant).  These Information Asset Registers (or Records of Processing Activities) will be made available on the website.  

Access to your personal data is limited to those who need to process it.  As far as possible, paper records are kept in locked cabinets or cupboards which are themselves behind access-controlled doors.  The whole site is monitored during the day by custodial staff and CCTV is used in public areas.  Digital files are always password-protected and encryption is encouraged when personal data is moved.  Servers are protected by firewalls and security software.  When data is deleted, every effort is made to ensure the deletion of all copies.

Where you have provided us with your credit or debit card information, over the phone, or on a printed giving form, that data is stored securely and destroyed after your payment has been processed. Bank details used for processing Direct Debits are stored under the Direct Debit Guarantee Scheme. Online donations are processed via our third-party payment service providers and your credit or debit card information is not collected or stored by us.

Transfers of your data outside of the European Economic Area (EEA) - although most of the information we collect, store and process stays within the UK, some information may be transferred to countries outside of the European Economic Area (EEA). This may occur if, for example, one of our third-party partners’ servers are located in a country outside of the EEA. This may also occur where staff in our international offices access DARS, our shared relationship-management system. 

Transfers outside of the EEA will only take place if one of the following applies:

  • the country receiving the data is considered by the EU to provide an adequate level of data protection
  • the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield
  • the transfer is governed by approved contractual clauses
  • the transfer has your consent
  • the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract
  • the transfer is necessary for the performance of a contract with another person, which is in your interests
  • the transfer is necessary in order to protect your vital interests or of those of other persons, where you or other persons are incapable of giving consent
  • the transfer is necessary for the exercise of legal claims
  • the transfer is necessary for important reasons of public interest.

7. How long we keep your data

Christ Church considers its relationship with alumni, donors and supporters to be life-long and we will retain much of your data indefinitely unless you request otherwise. When determining how long we should retain your personal data we take into consideration our legal obligations and tax or accounting rules. If you have pledged a legacy gift, it will be necessary to retain your data until your gift is received, so that we can identify the gift against that pledge. When we no longer need to retain personal information, we ensure it is securely disposed of. We may keep anonymised statistical data indefinitely, but you cannot be identified from such data.

8. The legal basis for processing your data

We will only use your personal data where the law allows us to do so. Most commonly we rely on the following legal bases for processing your personal data:

Where we have a legitimate interest to do so for purposes listed within this privacy notice. Where we use legitimate interest as the basis for our processing we have carefully considered each of the ways we process your data to ensure that we carry out our activities with a focus on the interests of our alumni, donors and supporters, and in the most efficient and effective way.

Where we need to perform the contract we have entered into with you. Information processed for this purpose includes, but is not limited to, the information you provide when you register for an event, or to enable us to process a donation.

Where we are required to comply with our legal obligations, such as for: reclamation of Gift Aid on your donations; statutory returns to the Office for Students (OfS), the Charity Commission or ICO; participation in the HESA Graduate Outcomes Survey; responses to the Charity Commission or ICO in relation to audits or official investigations; responses to FOI Requests, under the Freedom of Information Act 2000.

Where your consent is required, for example where sensitive personal data is recorded. You can withdraw your consent at any time and we will stop any processing of your personal data requiring your consent. See section 9: “Your legal rights and choices in connection with your personal data”.

Change of purpose
We will only process your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose. Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9. Your legal rights and choices in connection with your personal data

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.
  • Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
  • Request erasure of your data. This enables you to ask us to delete or remove your data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
  • Object to processing of your data where we are processing it to meet our public interest tasks or legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
  • Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your data to another party.

Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. However, where you have consented to the processing, you can withdraw your consent at any time by emailing us. In this event, we will stop the processing as soon as we can. If you choose to withdraw consent it will not invalidate past processing.

If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, please contact the Database Manager[OT1] .  We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office. 

10. Contact us

If you have any questions about this privacy notice or about your personal data, or if you want to provide updates to your data, make any changes to your communication preferences or exercise any of your rights as outlined above, please contact us in the Development Office.

11. Changes to this Privacy Notice

This privacy notice was last updated on 24th May 2018.

We reserve the right to update this privacy notice at any time. Any changes to this privacy notice will be posted to this page. 

Privacy Policy

Christ Church Data Privacy Notice

1. Introduction

Christ Church is committed to protecting the privacy and security of personal data.

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we store and handle that data, and keep it safe.

“Personal data” is information relating to you as a living, identifiable individual.

“Processing” your data includes various operations that may be carried out on your data, including collecting, recording, organising, using, disclosing, storing and deleting it.

The law requires us:

  • To process your data in a lawful, fair and transparent way;
  • To only collect your data for explicit and legitimate purposes;
  • To only collect data that is relevant, and limited to the purpose(s) we have told you about;
  • To ensure that your data is accurate and up to date;
  • To ensure that your data is only kept as long as necessary for the purpose(s) we have told you about;
  • To ensure that appropriate security measures are used to protect your data.

We know that there is a lot of information here but we want you to be fully informed about your rights, and how Christ Church uses your data.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

It is likely that we will need to update this Privacy Notice from time to time.  Notification of any significant changes will be posted on our website, but you are welcome to come back and check it whenever you wish.

Christ Church has two data controllers: the Governing Body of Christ Church, and the Dean and Canons of Christ Church.

2. What is Christ Church?

Christ Church is, formally, the Cathedral Church of Christ of the Foundation of King Henry VIII in Oxford.  It was founded by Henry VIII in 1546 as a joint establishment of college of the University of Oxford and as the cathedral of the Diocese of Oxford.  It is governed by statutes ratified by the Christ Church Oxford Act of 1867, and most recently updated in 2015.

3. Explaining the legal bases we rely on

The law on data protection sets out a number of difference reasons for which a company may collect and process your personal data.  When collecting your personal data, we will always make clear to you which data is necessary for each purpose or type of data.  Most commonly, we will process your data on the following lawful grounds:

  • Consent
    • In specific situations, we can collect and process your data with your consent.
    • This is usually in relation to direct marketing, but is also used extensively in the collection of personal data by schools.
  • Contractual obligations
    • In certain circumstances, we need your personal data to comply with our contractual obligations.
  • Legal compliance
    • If the law requires us to, we may need to collect and process your data.
  • Legitimate interest
    • In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of the running of the college, cathedral, and cathedral school, and which does not materially impact your rights, freedom or interest.
  • We may also use your data, typically in an emergency, where this is necessary to protect your vital interests, or someone else’s vital interests.  In a small number of cases where other lawful bases do not apply, we will process your data on the basis of your consent.  If you are aged under 18, we may ask your parent or guardian for their consent also.

Special category data

"Special categories" of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data.  We aim to collect and process special category data as little as possible and, when we do, it is usually to do with your health and well-being.  Christ Church has documented all incidents of our processing of special category data in our Information Asset Registers, and will be preparing a separate document itemising all of these, with reasons, having conducted assessment on each occasion.

The Special Categories of personal data consist of data revealing:

  • racial or ethnic origin;
  • political opinions;
  • religious or philosophical beliefs;
  • trade union membership.

They also consist of the processing of:

  • genetic data;
  • biometric data (e.g. fingerprints) for the purpose of uniquely identifying someone;
  • data concerning health;
  • data concerning someone's sex life or sexual orientation.

We may process special categories of personal data in the following circumstances:

  • With your explicit written consent; or
  • Where it is necessary in the substantial public interest, and further conditions are met;
  • Where the processing is necessary for archiving purposes in the public interest, or for scientific or historical research purposes, or statistical purposes, subject to further safeguards for your fundamental rights and interests specified in law.

Further legal controls apply to data relating to criminal convictions and allegations of criminal activity.  We may process such data on the same grounds as those identified for “special categories” referred to above.

4. When do we collect your personal data?

  • When you are a student of Christ Church;
  • When you are an alumnus/alumna of Christ Church;
  • When you are a senior member of Christ Church;
  • When you are an honorary or emeritus member of Christ Church;
  • When you are employed by Christ Church;
  • When you are employed by Christ Church as a contractor;
  • When you are a volunteer at Christ Church;
  • When you visit Christ Church as a tourist, or as a member of the cathedral congregation, or as a researcher in the library or archive, or as a guest at a conference, event, or a continuing education student;
  • When you are a tenant of Christ Church;
  • When you are a supplier to or purchaser from Christ Church;
  • When you access or engage with our website;
  • When you communicate or engage with Christ Church by letter, or email, or other means, including social media;
  • When your image is collected on our CCTV system;
  • When you contribute to any Christ Church publications.

5. What sort of personal data do we collect?

Depending on your relationship with Christ Church, we may collect the following personal data:

  • Your name and contact details (including, but possibly not exclusively, address, email address, telephone number(s), URLs;
  • Your date of birth;
  • Your payment card and bank details;
  • Your employment record;
  • Your educational record;
  • Your health data;
  • Your image on CCTV and details of access to buildings and grounds;
  • Your car type and registration number;
  • Technical information about your access to the website.

NB.  This list is not exclusive.  Christ Church will collect more data on some subjects than on others. 

For example: a tourist purchasing a ticket at the Visitor Centre will provide minimal personal details and may be recorded on CCTV whereas the personal data collected and processed on members of staff and on students is much more extensive.  Christ Church aims, as part of its Data Protection compliance, to collect only what is necessary and to retain that information only for as long as it is needed.

6. How and why do we use your personal data?

Christ Church collects personal data in order to manage its functions as college, cathedral, and tourist destination:

  • To teach, supervise, house, and protect our students;
  • To process applications from prospective students;
  • To manage the employment of our staff, both academic and non-academic;
  • To administer the endowment and our finances generally;
  • To manage the cathedral;
  • To manage the cathedral school and the choir, and to protect the staff and pupils at the school;
  • To manage and protect visitors to the college and cathedral;
  • To manage the site and its buildings;
  • To keep in touch with alumni and alumnae, and friends of both college and cathedral;
  • To manage our website;
  • To comply with our contractual and legal obligations;

7. How we protect your personal data

Christ Church makes every effort to keep your personal data safe.  All departments within college and cathedral have drawn up Information Asset Registers which include information on the measures in place to protect both physical and digital data during its collection, processing, and destruction (if relevant).  These Information Asset Registers (or Records of Processing Activities) are under constant review to ensure they are correct and current. Enquiries should be directed to the Data Protection Officer at the address below.

Access to your personal data is limited to those who need to process it.  As far as possible, paper records are kept in locked cabinets or cupboards which are themselves behind access-controlled doors.  The whole site is monitored during the day by custodial staff and CCTV is used in public areas.  Digital files are always password-protected and encryption is encouraged when personal data is moved.  Servers are protected by firewalls and security software.  When data is deleted, every effort is made to ensure the deletion of all copies.

8. How long will we keep your personal data?

Data Protection legislation requires that personal data is only retained for as long as it is necessary, and all Information Asset Registers include retention periods.  In some cases, personal data will be kept in perpetuity, and these Registers will indicate the types of data which are archived for historical or statistical purposes.  Regular reviews will ensure that retention schedules are followed.

9. With whom do we share your personal data?

Christ Church will not sell your data to third parties.  We may sometimes share your personal data with trusted third parties if we are allowed or required to do so by law.  We do not allow third parties to use your data for their own purposes.  Third parties may include:

  • Your relatives, guardians, and next of kin;
  • The University of Oxford;
  • Conference of Colleges;
  • Loan and financial support providers (including the Student Loans Company);
  • Pension providers
  • Mailing companies for magazines and reports, etc.;
  • Till management company;
  • Investment and property management companies;
  • Letting agencies and mortgage providers;
  • GPs and hospitals, and other health service providers;
  • Potential employees;
  • Other educational institutions;
  • Electoral
  • Law enforcement agencies, if required;
  • Government departments, such as HMRC, and the Disclosure and Barring Service (DBS).

Data Protection legislation requires that data sharing agreements are acquired from each of these third parties, and that the companies guarantee that they comply with the data protection legislation.  This list is designed to indicate the possible recipients of your personal data, not to suggest that your personal data will be shared with any or all.  A data sharing form will soon be added here, which gives further information on the types of personal data that may be shared and the reasons for doing so.

10. Where your personal data may be processed

Data Protection legislation does not allow the transfer of data outside the EEA without consent or without guarantees from those countries that there is adequate data protection legislation in place.

Christ Church has students, staff, and visitors from all over the world, and every effort will be made to ensure that no personal data is transmitted to any country without relevant and adequate legislation without your consent.  Data which may be transferred outside the EEA is noted on the Information Asset Registers.

11. What are your rights over your personal data?

You have the right to request, in most circumstances:

  • Access to the personal data we hold about you, free of charge unless your request is unreasonable;
  • The correction of your personal data if it is incorrect, out-of-date, or incomplete;
  • In certain circumstances, the erasure of your data;
  • The suspension of the processing of your data;
  • Copies of any data shared with another Data Controller

You can contact us to exercise these rights at any time by contacting the Data Protection Officer at the address below.

If you wish to make an access request for data collected by CCTV, contact the Steward of Christ Church, Ms Pauline Linières-Hartley, at pauline.linières-hartley@chch.ox.ac.uk or on 01865 286580.

If you have given consent for Christ Church to collect and process your personal data, you have the right to change your mind at any time and to withdraw that consent.

When Christ Church relies on legitimate interest to collect and process your data, you may ask for processing to be stopped.  If, however, Christ Church believes it has a legitimate and over-riding reason to collect and process your personal data, we may continue to do so.

12. Contacts

The Data Protection Officer (DPO) at Christ Church is Mr James Lawrie.  He can be reached at Christ Church, Oxford, OX1 1DP or at james.lawrie@chch.ox.ac.uk or on 01865 276177.

If you feel that your data has not been handled correctly, then you may lodge a complaint with the Information Commissioner’s Office on 0303 123 1113 or on their website.

13. If you live outside the UK

If you love outside the UK, then complaints can be lodged with the relevant office in your own country.

14. Any questions?

If there is anything you would like to ask about the handling of your personal data, please contact the DPO at the address above in section 12.

 

This website is powered by
ToucanTech