CRM - Privacy Policy

Data protection

In the course of providing us with data about your membership and purchases, you have provided information about yourself (‘personal data’). We (the University of Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the UK General Data Protection Regulation and associated data protection legislation.

How we use your data

We will use your data to:

  • Access your application
  • Register you as a member
  • Provide you with the services and/ or products you have requested
  • Send you information about GLAM activities that you have undertaken or in which you may be interested

We are processing your data for this purpose/these purposes only because you have given us your consent to do so by signing up to receive communications from us. You can withdraw your consent at any time by contacting us at:

Alternatively, please get in touch with data.protection@GLAM.ox.ac.uk

 

In the event of you withdrawing consent, we will stop the processing as soon as we can.  However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent

 

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.

 

Who has access to your data?

Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above.

We may share your data with companies who provide services to us, such as for undertaking processing financial transaction and our email distribution provider. These companies are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.

Where we share your data with a third party, we will seek to share the minimum amount necessary.

Retaining your data

We will retain your data for 7 years after you cease to be a member or after your last transaction.

Security

Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website. Home | Information Security (ox.ac.uk)

Where we store and use your data

We store and use your data on University premises, in electronic form.   

Your rights

Information on your rights in relation to your personal data are explained here.

Contact

If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact the University’s Information Compliance Team at data.protection@admin.ox.ac.uk.   The same email address may be used to contact the University’s Data Protection Officer.  We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the UK GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.


If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns/.