How we use your personal information
This statement explains how Wolfson College (“we” and “our”) handles and uses information we collect about our senior members (“you” and “your”). For these purposes, “senior members” is intended to include Fellows, Junior Research Fellows, Emeritus Fellows, Honorary Fellows, Bredon Fellows, Visiting Fellows, Press Fellows, College Teaching Associates, College Research Associates, Visiting College Research Associates and Senior Members. In broad terms, we use your data to manage your membership of the College. Senior members who are employed by the College should also refer to the separate Data Protection Statement for Staff.
The controller for your personal data is Wolfson College, Cambridge CB3 9BB. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (OIS LTD.) [12B King’s Parade, Cambridge; 01223 768745; firstname.lastname@example.org]. OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal data, is the Bursar.
Unless otherwise stated, the legal basis for processing your personal data is that it is necessary for the performance of the membership agreement we hold with you.
How your data is used by the College
Your data is used by us for a number of purposes, including:
A. supporting your membership:
Personal data includes:
i) * personal details, including name, contact details (phone, email, postal, both work and personal) and photograph;
ii) your current and any previous role descriptions;
B. ensuring that you have the right to be a member of the College:
Personal data includes:
i) * your membership application information (including your original application form and associated information submitted at that time); ii) other data relating to your application (including your offer of membership and related correspondence, and references we took up as part of your application);
C. maintaining an emergency contact point for you and details of your immediate family: Personal data includes details of your preferred emergency contact, including their name, relationship to you and their contact details; and details of any spouse or partner and any children.*
D. monitoring equality and diversity within the College:
Personal data includes information relating to your age, nationality and gender.
E. disclosing personal information about you to external organisations, as permitted or required by law.
If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us. Data marked with an * relate to information provided by you, or created in discussion and agreement with you. Other data and information is generated by the College or, where self-evident, provided by a third party.
We also operate CCTV on our site, which will capture footage. Our CCTV policy is currently being finalised and will be published online shortly. In the meantime, any queries should be directed to the Bursar.
The XPlan Door Security System controls door access, and will by its nature record around College, though this is not its primary purpose. Like all data we store, this information is kept confidentially.
We also operate wifi across our sites, which can be accessed by members of the College and guests. We retain device information (such as physical MAC address and IP address) and details of the IP address the device connected to. The data is retained for 2 years.
Please contact the IT Department if you have questions about the Xplan system or the wifi system.
Who we share your data with
We would normally publish (on our website and elsewhere) your name, and in some cases basic biographical information and (if you have provided one) your photograph. We share your personal information where necessary and appropriate across the collegiate University. The University and its partners (including all of the Colleges) have a data sharing protocol to govern the sharing of personal information of the College’s members. This is necessary because they are distinct legal entities. The parties may share any of the above categories of personal information, and the agreement can be viewed in full here.
Information is not shared with other third parties without your written consent, other than your name and membership category, which are made publicly available. Generally, personal data is not shared outside of the European Economic Area.
We hold all information for the duration of your membership and for the lifetime of the College. Your rights You have the right: to ask us for access to, rectification or erasure of your data; to restrict processing (pending correction or deletion); and to ask for the transfer of your data electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them. You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Office.
Updated: May 2018