Brasenose College Conference and Event Guest Privacy Notice (v1.4)
A summary of what this notice explains
Brasenose College is committed to protecting the privacy and security of personal data.
This notice explains what personal data Brasenose College holds about attendees, organisers, and others involved in conferences, bed & breakfast accommodation, and events (“you”), how we use it internally, how we share it, how long we keep it and what your legal rights are in relation to it.
For the parts of your personal data that you supply to us, this notice also explains the basis on which you are required or requested to provide the information. For the parts of your personal data that we generate about you, or that we receive from others, it explains the source of the data.
There are some instances where we process your personal data on the basis of your consent. This notice sets out the categories and purposes of data where your consent is needed.
Brasenose College has also published separate notices which are applicable to other groups and activities. Those notices may also apply to you, depending on your circumstances:
- Current students
- Current staff, office holders and senior members
- Archives (which explains what data we hold in our archive)
- Security, maintenance and health and safety (including how we use CCTV)
- Website and cookies (including how we monitor use of our website)
You can access these and past versions of our privacy notices at:
https://www.bnc.ox.ac.uk/privacypolicies
What is your personal data and how does the law regulate our use of it?
“Personal data” means information relating to you as a living, identifiable individual. We refer to this as “your data”.
- To process your data in a lawful, fair and transparent way;
- To only collect your data for explicit and legitimate purposes;
- To only collect data that is relevant and limited to those purposes;
- To ensure that your data is accurate and up to date;
- To ensure that your data is kept only as long as necessary; and
- To ensure that appropriate security measures are used to protect your data.
Brasenose College’s Contact Details
The Data Protection Officer
Brasenose College
Radcliffe Square
Oxford OX1 4AJ
data.protection@bnc.ox.ac.uk
What personal data we hold about you and how we use it
- Contact details that you provide, including names, addresses and telephone numbers.
- Details of event organisers and guests, including organisations represented and event purpose.
- Financial information including invoicing, payments, and banking or card details for facilities and services provided by the College.
- Room and meal booking information, including any medical issues or disabilities you notify us about.
- Dietary requirements.
- Photographs, audio and video recordings of events (where applicable).
- Computing and email information, including Guest Wi-Fi login data (IP addresses, devices connected, and traffic data).
Full processing activity details (ROPA) are available at:
https://www.bnc.ox.ac.uk/privacypolicies
The lawful basis on which we process your data
- Where it is necessary to perform a contract we have entered into with you;
- Where necessary to comply with a legal obligation;
- Where necessary for the performance of a task in the public interest;
- Where necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests;
- In emergencies, to protect vital interests; and
- On the basis of consent, where no other lawful basis applies.
Special Categories of personal data
These include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or orientation.
We may process such data where:
- We have your explicit written consent;
- It is necessary in the substantial public interest (e.g. equality monitoring or legal functions);
- It is necessary for archiving, research, or statistical purposes under legal safeguards.
Data you provide and consequences of not providing it
Most data you provide is required so we can fulfil contractual or legal obligations. For example:
- Financial information must be provided for invoicing and payments.
- Details of organisers, organisations, and event purpose must be provided to manage College facilities and prevent misuse.
Failure to provide necessary data (e.g. financial or event details) may prevent us from entering into or continuing a contract with you. Voluntary data, such as health or dietary information, is optional but helps us meet your needs.
Other sources of your data
- Data generated by us during event communication, booking, or payment processes.
- Guests attending conferences or events.
- Third parties with an interest in your organisation’s activities.
Details of sources appear in our ROPA:
https://www.bnc.ox.ac.uk/privacypolicies
How we share your data
We do not sell your data. We share it only where required or permitted by law.
Required by law:
| Organisation | Why? |
|---|---|
| Agencies with responsibilities for the prevention and detection of crime, apprehension and prosecution of offenders | For the prevention, detection or investigation of crime, the location and apprehension of offenders, and/or protection of the public. |
| HM Revenue & Customs (HMRC) | Invoicing information to meet College tax reporting obligations. |
Voluntary disclosures:
| Organisation | Why? |
|---|---|
| Other Colleges and/or PPHs within the University of Oxford | Where events are progressed on a joint basis. |
| Third-party service providers | To facilitate activities of Brasenose College under formal agreements. |
| Agencies with responsibilities for the prevention and detection of crime, apprehension and prosecution of offenders | For crime prevention, detection, or public protection purposes. |
Third-party providers must comply with data protection and security policies and process data only under our instructions. Details of data recipients appear in the Brasenose Data Sharing table:
https://www.bnc.ox.ac.uk/privacypolicies
Sharing your data outside the UK / European Economic Area (EEA)
Data may flow between the UK and EEA without additional measures. Transfers outside these areas will follow adequacy decisions or legal safeguards, or occur where necessary for contract performance or pre-contract steps.
Automated decision-making
We do not make decisions about you based solely on automated means. If this changes, we will notify you.
How long we keep your data
We retain your data as long as necessary for the purposes collected and legal, accounting or reporting requirements. Retention periods are detailed in our ROPA:
https://www.bnc.ox.ac.uk/privacypolicies
Anonymised statistical data may be kept indefinitely. Deletion may be delayed if legal, regulatory or criminal investigations are ongoing.
Your legal rights over your data
- Right to access your data and information about its use;
- Right to correct inaccuracies;
- Right to have personal data erased in certain circumstances;
- Right to restrict processing;
- Right to receive and transfer your data to another controller;
- Right to object to direct marketing;
- Right to object to processing based on legitimate interest or public-interest tasks;
- Right to object to automated decision-making with legal or significant effects;
- Right to withdraw consent at any time (where applicable).
Contact:
The Data Protection Officer
Brasenose College
Radcliffe Square
Oxford OX1 4AJ
data.protection@bnc.ox.ac.uk
Guidance: https://ico.org.uk/
Complaints: https://ico.org.uk/concerns/
Future changes to this privacy notice
We may update this notice from time to time if the law, regulation, or College/University procedures change. If material, at least two months’ notice will be given by email before changes take effect.
Past versions are available at:
https://www.bnc.ox.ac.uk/privacypolicies
Version control: v1.4 (February 2024)
Last Review Date: February 2024
Next Review Date: February 2025