How we use your personal information
This statement explains how Wolfson College (“we” and “our”) handles and uses information we collect about event organisers that use College facilities (“you” and “your”). In broad terms, we use your information to manage the event(s) we either host for you or otherwise provide facilities, as well as maintain our records of previous, current and future clients for events business for the College.
The controller for your personal data is Wolfson College, Cambridge CB3 9BB. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (OIS LTD.) [12B King’s Parade, Cambridge; 01223 768745; firstname.lastname@example.org]. OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal data, is the Bursar.
The legal basis for processing your personal information is that it is necessary in order for you to enter into a contract to provide events facilities and resources to you. We will retain your information for the periods stated below unless or until you request us to do otherwise.
We collect and process your personal information for the following purposes:
A. maintaining clear contact information for the booking, provision and payment of events.
We will hold your name, address, email address, phone number and other relevant contact details you provide to us, and will use this information to maintain contact with you to provide your requested services, manage their delivery and bill you for them. We retain this information in our events records for five years after the most recent event we host for you, and for seven years in our financial records (due to statutory requirements). Where we have not hosted an event for you, we will retain the details relating to your initial enquiries of services for no more than two years.
B. providing you with details about future event provision services.
While we retain your contact information, we will contact you about our services. You may unsubscribe from such communications at any time.
We do not share personal information with third parties. If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given above.
Personal information of delegates of your event
The provision or management of your event by us might require you to provide us with personal information relating to your event delegates (such as name, dietary requirements, accommodation requirements. This may include the provision of sensitive personal information. We will not retain this information for any longer than necessary for the provision of the specific event, which might require you to provide it on successive occasions. We will assume that you have obtained the consent from your delegates for us to hold their personal information for that purpose.
We also operate CCTV on our site, which will capture footage. Our CCTV policy is currently being finalised and will be published online shortly. In the meantime, any queries should be directed to the Bursar.
The XPlan Door Security System controls door access, and will by its nature record around College, though this is not its primary purpose. Like all data we store, this information is kept confidentially.
We also operate wifi across our sites, which can be accessed by members of the College and guests. We retain device information (such as physical MAC address and IP address) and details of the IP address the device connected to. The data is retained for 2 years.
Please contact the IT Department if you have questions about the Xplan system or the wifi system.
You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
You retain the right at all times to lodge a complaint about our management of your personal information with the Information Commissioner’s Office.
Updated: December 2019