We are committed to protecting the privacy and security of your personal information. This notice describes how we collect and use your personal data submitted to us online, by email, on paper or face-to-face, in accordance with the General Data Protection Regulation (GDPR) and associated data protection legislation.
The University of Oxford is the “data controller" for the information that you provide to us. This means that we decide how to use it and are responsible for looking after it in accordance with the GDPR.
The University’s Data Protection Officer can be contacted at firstname.lastname@example.org.
Access to your personal data within the University will be provided to those staff who need to view it as part of their work.
We may store the data we collect in hard copy or electronically. The data is stored on secure servers and/or in our premises within the UK. We may share your data with third parties or transfer your data outside the EAA under certain circumstances.
We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements.
Full details on your rights to access and modify your personal data are available here.
You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). A complaint to the ICO can be made by visiting their website https://ico.org.uk/make-a-complaint/ or by calling their helpline on 0303 123 1113
We may share your data with third parties who provide services on our behalf.
All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our users, and others.
Where your data is shared with third parties, we will seek to share the minimum amount necessary.
There may be occasions when we transfer your data outside the European Economic Area (EEA). Such transfers will only take place if one of the following applies:
Details of the personal data we collect on this website
When you fill in forms or surveys (for example for booking, asking us a question or reporting a problem with the website).
Unless otherwise stated on the form or survey, this information will be processed by our web content management system via servers based in the EAA in accordance with our standards for third party processors.
This information is provided to us by your browser when you visit a webpage and passed to a third-party provider, Google Analytics. We take all possible steps to ensure that no personally identifiable information is processed.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If you have any questions or concerns about a particular research study you are participating in, or wish to withdraw from the study, please contact us at ARUK ODDI, NDM Research Building, Old Road Campus, Roosevelt Drive, Headington, Oxford OX3 7FZ. [TW1]
If you are unable to find the relevant contact details, you have any general questions about how your personal information is used by the Department, or wish to exercise any of your rights, please contact the University’s Information Compliance Team (email@example.com).