Brasenose College Senior Common Room (SCR) Member Privacy Notice (v1.4, February 2024)

A summary of what this notice explains

Brasenose College is committed to protecting the privacy and security of personal data.

This notice explains what personal data Brasenose College (“us” or “we”) holds about applicants or members of the Senior Common Room (SCR) (“you”), how we use it internally, how we share it, how long we keep it and what your legal rights are in relation to it.

For personal data you supply to us, this notice explains the basis on which you are required or requested to provide it. For personal data we generate about you, or receive from others, it explains the source.

The main instances where we process your personal data are based on your consent. This notice sets out the categories and purposes of data where consent is required.

Brasenose College also publishes separate notices which may apply depending on your circumstances:

  1. Current students
  2. Staff (if you are also employed by the College)
  3. Alumni and donors
  4. Archives
  5. Security, maintenance and health and safety (including CCTV)
  6. Website and cookies
  7. IT systems (including internet and email usage)

You can access all College privacy notices at:
https://www.bnc.ox.ac.uk/privacypolicies

What is your personal data and how does the law regulate our use of it?

“Personal data” means information relating to you as a living, identifiable individual. “Processing” includes collecting, recording, organising, using, disclosing, storing and deleting data.

  • To process your data in a lawful, fair and transparent way;
  • To collect your data only for explicit and legitimate purposes;
  • To ensure it is relevant and limited to those purposes;
  • To keep it accurate and up to date;
  • To retain it only as long as necessary; and
  • To use appropriate security measures to protect it.

Brasenose College’s Contact Details

The Data Protection Officer
Brasenose College
Radcliffe Square
Oxford OX1 4AJ
data.protection@bnc.ox.ac.uk

What personal data we hold about you and how we use it

  • Contact details (names, addresses, telephone numbers).
  • Application paperwork.
  • Details of qualifications and correspondence relating to them.
  • References received about you, including contact details of referees.
  • Requests for special arrangements or waivers of eligibility criteria and related decisions.
  • Communications regarding the outcome of your application.
  • Records of committee or panel decisions.
  • Medical issues or disabilities notified to us, including reasonable adjustments made.
  • Equality monitoring data.
  • Dietary requirements.
  • Financial details (bank or building society account numbers, sort codes, BACS IDs, etc.).
  • Records regarding grievances, disciplinary proceedings, or investigations involving you.
  • Computing and email information: login credentials, IP address(es), allocated equipment, and network access records.

Further details are available in our Record of Processing Activities (ROPA):
https://www.bnc.ox.ac.uk/privacypolicies

The lawful basis on which we process your data

  • Where you have given consent;
  • Where necessary to comply with a legal obligation;
  • Where necessary for the performance of a task in the public interest;
  • Where necessary for legitimate interests (ours or a third party’s) provided your rights are not overridden;
  • Where necessary to protect your or another person’s vital interests (e.g. emergencies).

Special Categories of personal data

These include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health data, or data concerning sex life or orientation.

We may process such data where:

  • Processing is required by law in connection with employment or social protection;
  • We have your explicit written consent;
  • It is necessary in the substantial public interest (e.g. for legal or equal opportunities monitoring); or
  • It is necessary for archiving, research, or statistical purposes under safeguards.

We maintain a data handling policy and legal safeguards for this processing.

Criminal convictions and allegations of criminal activity

We may process such data on the same lawful bases as those identified above.

Data you provide and consequences of not providing it

Most data you provide is processed so we can comply with legal obligations. Failure to provide required data may mean you cannot take up SCR membership.

Some data is voluntary — for example:

  • Dietary information.
  • Disability or health condition information (to consider reasonable adjustments).

Other sources of your data

  • Data we generate while processing your membership application.
  • Previous educational establishments or employers providing references.

How we share your data

We do not sell your data. We only share it where required or permitted by law, and only the minimum necessary for the purpose.

Third-party providers are required to protect your data and may process it only under our instructions. They may not use it for their own purposes.

Further details of data recipients are in the Brasenose Data Sharing table:
https://www.bnc.ox.ac.uk/privacypolicies

Sharing your data outside the UK / European Economic Area (EEA)

Personal data may flow between the UK and EEA without additional measures. Transfers outside these areas will only occur where safeguards or adequacy decisions are in place, or where necessary for membership purposes.

Automated decision-making

We do not make decisions about you based solely on automated means. If this changes, you will be notified in writing.

How long we keep your data

We retain your personal information as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Details are listed in our ROPA:
https://www.bnc.ox.ac.uk/privacypolicies

Anonymised statistical data may be retained indefinitely, but you cannot be identified from it.

Your legal rights over your data

  • Right to request access to your data and information about its use;
  • Right to correct inaccuracies or complete incomplete data;
  • Right to erase personal data in certain circumstances;
  • Right to restrict processing (for example, to verify accuracy);
  • Right to receive and transfer your data to another controller;
  • Right to object to direct marketing;
  • Right to object to processing based on legitimate interest or public tasks;
  • Right to object to automated decision-making with legal or significant effects;
  • Right to withdraw consent at any time (where applicable).

Contact:

The Data Protection Officer
Brasenose College
Radcliffe Square
Oxford OX1 4AJ
data.protection@bnc.ox.ac.uk

Further guidance: https://ico.org.uk/
Complaints: https://ico.org.uk/concerns/

Future changes to this privacy notice

We may update this notice from time to time if the law, technology, or University/College operations change. If material, at least two months’ notice will be given by email before changes take effect.

Past versions are available at:
https://www.bnc.ox.ac.uk/privacypolicies

Version control: v1.4 (February 2024)

Last Review Date: February 2024
Next Review Date: February 2025