Somerville College – public website privacy notice
Privacy notice – how Somerville College gathers and processes information from our public website
A summary of what this notice explains
Somerville College is committed to protecting the privacy and security of personal data.
This notice explains what personal data Somerville College or (“us” or “we”) gathers and hold about visitors to our website (“you”), how we use it internally, how we share it, how long we keep it and what your legal rights are in relation to it. If you access other websites, include those linked to on our site, you will need to consult the appropriate information on other sites for information on their policies and or statements.
For the parts of your personal data that you supply to us, this notice also explains the basis on which you provide the information. For the parts of your personal data that we generate about you, or that we receive from others, it explains the source of the data.
There are some instances where we process your personal data on the basis of your consent. This notice sets out the categories and purposes of data where your consent is needed.
Somerville College has also published separate notices, which are applicable to other groups and activities. To the extent that you complete a web form on our site, which asks you to give us certain information voluntarily (such as your name, contact information, email addresses or phone numbers) for a specific purpose, you may need to consult another of our notices to see how that data will be handled. For example, if you use a web form to register to attend a College event, you should also consult the conferences and events privacy notice. To obtain a full picture of how your data is treated, it is important that you read this privacy notice together with any other applicable privacy notices:
- current students
- staff, office holder and senior members
- staff, office holder and senior member applicants
- alumni and donors (including what financial information we hold about our alumni and how we use it when considering fundraising initiatives)
- archives (which explains what data we hold in our archive)
- security, maintenance and health and safety (including how we use CCTV)
- conferences and events
- IT systems (including how we monitor internet usage)
- Cookie notice.
You can access past versions of our privacy notices via the Policies page of the College website
What is your personal data and how does the law regulate our use of it?
“Personal data” is information relating to you as a living, identifiable individual. We refer to this as “your data”.
Data protection law requires Somerville College as data controller for your data:
- To process your data in a lawful, fair and transparent way;
- To only collect your data for explicit and legitimate purposes;
- To only collect data that is relevant, and limited to the purpose(s) we have told you about;
- To ensure that your data is accurate and up to date;
- To ensure that your data is only kept as long as necessary for the purpose(s) we have told you about;
- To ensure that appropriate security measures are used to protect your data.
Somerville College’s Contact Details
If you need to contact us about your data, please contact: email@example.com
What personal data we hold about you and how we use it
Whenever you use a website, mobile application or other Internet service, certain information is created and recorded automatically. The same is true for our websites, being those with URLs starting https://www.some.ox.ac.uk
In addition to the data we gather via web forms placed on our site (the handling of which will be governed by the relevant data protection notice covering the circumstances and context), we collect and generate a variety of data via our website(s).
Categories of data that we collect, store and use include (but are not limited to):
- Log data: Whenever you use our website, our servers automatically record information (“log data”) regarding that access, including:
- Any data sent by your browser or mobile app to enable you to access the site.
- Location data of users (if provided by the connecting device).
- Internet Protocol (IP) address of the connecting device or other unique device identifiers.
- Browser type and setting for the connecting device.
- The date and time of access.
- Details of any attempts to log on to closed systems.
- Crash data.
- Cookie data: We may use “cookies” (small text files sent by your computer each time you visit our website, unique to your visit or your browser) or similar technologies to record additional information. For further information on the cookies we use and the data each collects, please see our Cookie notice at the foot of this document.
Most data collected is statistical data about our users’ browsing actions and patterns, and does not identify any individual. However, there may be occasions where browsing patterns are connected to IP addresses or location data such that the data as a whole is personal data.
Whether we collect some of the above information often depends on your device type and settings. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
The lawful basis on which we process your data
The law requires that we provide you with information about the lawful basis on which we process your personal data, and for what purpose(s).
Data that you provide to us and the possible consequences of you not providing it
The data that we collect via our website in the course of your accessing it, is provided by you on a voluntary basis. If you elect to adjust your browser settings to reject cookies, it may affect your experience in using the site, in the event that any blocked cookies support functionality.
Other sources of your data
Apart from the data that you provide to us, we may also receive data about you from other sources:
- We may get information about you and your activity outside Somerville College from other third parties we work with. For example:
- The University of Oxford
- Google Analytics shares information with the websites or apps where it runs to provide statistics. We also receive this information, which may include information such as whether clicks on other sites led to visits to our site. For more information about Google Analytics see http://www.google.com/analytics/.
How we share your data
We do not, and will not, sell your data to third parties. We will only share it with third parties if we are allowed or required to do so by law.
Examples of bodies to whom we are required by law to disclose certain data include, but are not limited to:
|UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security.||We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms. [in cases where the law places a duty on us to report]|
Examples of bodies to whom we may voluntarily disclose data, in appropriate circumstances, include but are not limited to:
|Other Colleges and/or PPH’s within the University of Oxford, University offices and/or departments||Data from cookies may be shared in pursuit of our legitimate interest in maintaining the proper function and security of our website, or where the other party has a legitimate interest is receiving the data for similar purposes. Data may also be shared in an anonymized and/or statistical format.]|
|Legal advisers and auditors||To support our legal and financial obligations and objectives.|
|Third party service providers||To facilitate activities of Somerville College or SJE. Any transfer will be subject to an appropriate, formal agreement between Somerville College or SJE, and the processor.|
|UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security.||We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms.|
Where website information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.
All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies, and are only permitted to process your personal data for specific purposes in accordance with our instructions. We do not allow our third party providers to use your personal data for their own purposes.
Sharing your data outside the European Union
The law provides various further safeguards where data is transferred outside of the EU.
When you are resident outside the EU in a country where there is no “adequacy decision” by the European Commission, and an alternative safeguard is not available, we may still transfer data to you which is necessary for performance of your contract with us.
Otherwise, we may transfer your data outside the European Union, but only for the purposes referred to in this notice and provided either:
- There is a decision of the European Commission that the level of protection of personal data in the recipient country is adequate; or
- Appropriate safeguards are in place to ensure that your data is treated in accordance with UK data protection law, for example through the use of standard contractual clauses; or
- There is an applicable derogation in law which permits the transfer in the absence of an adequacy decision or an appropriate safeguard.
We do not envisage that any decisions will be taken about you based solely on automated means. We will update this notice if this position changes.
How long we keep your data
We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, regulatory, disciplinary or reporting requirements.
The majority of website data is not held in a personally identifiable for more than one year. Data which we need to hold for longer periods will be anonymized where possible.
Please note that we may keep anonymized statistical data indefinitely, but you cannot be identified from such data.
We adopt data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored with respect to our Site. Data that we have collected is held on protected devices, including where it is held as part of a back-up version. We use layered security software to prevent unauthorised access, alteration, disclosure or destruction of the data. Our security system is subject to regular audit and testing.
Your legal rights over your data
Subject to certain conditions and exception set out in UK data protection law, you have:
- The right to request access to a copy of your data, as well as to be informed of various information about how your data is being used;
- The right to have any inaccuracies in your data corrected, which may include the right to have any incomplete data completed;
- The right to have your personal data erased in certain circumstances;
- The right to have the processing of your data suspended, for example if you want us to establish the accuracy of the data we are processing.
- The right to receive a copy of data you have provided to us, and have that transmitted to another data controller (for example, another University or College).
- The right to object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
- The right to object to the processing of your information if we are relying on a “legitimate interest” for the processing or where the processing is necessary for the performance of a task carried out in the public interest.
- The right to object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
- Where the lawful basis for processing your data is consent, you have the right to withdraw your consent at any time. This will not affect the validity of any lawful processing of your data up until the time when you withdrew your consent. You may withdraw your consent by contacting the College Data Protection Officer at firstname.lastname@example.org
If you wish to exercise any of your rights in relation to your data as processed by Somerville College please contact our Data Protection Officer at email@example.com Some of your rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
Further guidance on your rights is available from the Information Commissioner’s Office (ico.org.uk). You have the right to complain to the UK’s supervisory office for data protection, the Information Commissioner’s Office at ico.org.uk/concerns/ if you believe that your data has been processed unlawfully.
Future changes to this privacy notice
We may need to update this notice from time to time, for example if the law or regulatory requirements change, if technology changes or to make the Somerville College’s or the University’s operations and procedures more efficient. If the change is material, we will publish details of the change not less than two months’ notice of the change so that you can exercise your rights, if appropriate, before the change comes into effect.
Version control: V.1.1 (May 2018)
Cookies used by Somerville College on public websites
Some of web pages of Somerville College use “cookies”. Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Different types of cookies have different purposes and operate for different amounts of time.
- Session cookies are stored in temporary files on your device and are erased form your device when you close your browser. Session cookies allow websites to link the actions of a website visitor during single browser session, so that any page changes or selections are remembered as you move form page to page. For example, session cookies will make sure items you put into virtual ‘shopping baskets’ are transferred to ‘checkout’, or keep you logged in as you move within private sections of a website.
- Persistent cookies are stored on your device between browser sessions, either for a long term or time-limited period. They are only deleted when they either ’expire’ or when you or your browser delete cookies from your device. Persistent cookies are used so that a website ‘remembers’ inputs and settings, including recalling log on data so that you do not have to log in again when you next visit.. Persistent cookies may also recall which areas of a website interested you, in order to help you access those areas more easily in the future. They may also be used to collect data about your interests, choices, and other organisations and websites that you visit, in order to create a profile enabling marketing materials to be appropriately targeted.
- Third party cookies are cookies that are set by a domain other than the one being visited by the user. For details of any third party cookies we include in our domain, please consult the table below.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
|Session||This cookie is used to remember a user’s acknowledgement of cookies on the website.|
|These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Click here for an overview of privacy at Google
|YouTube cookies||We may embed videos from YouTube or similar services. This may set cookies on your computer once you click on the YouTube video player.
Read more at YouTube’s embedding videos information page.
|Language||Session||This is used by the website content management systems to know the language of the website|
|Mode||Session||This is used by the Content Management System (CMS) for reference. It helps identify if the website user is anonymous or logged in (for editing).|
|Siteld||Session||This is used by the CMS for reference of the site identifier. It helps manage users across multiple domains for the same client (main site, microsite, mobile site).|
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Version control: V.1.1 (May 2018)