Brasenose College Web Services Cookies & Privacy Notice (v1.4)
Scope
This privacy notice sets out how Brasenose College gathers and processes information from our websites:
- www.bnc.ox.ac.uk
- All sub-sites of bnc.ox.ac.uk (e.g. freshers.bnc.ox.ac.uk)
- brasenosejcr.org
- brasenosehcr.org
A summary of what this notice explains
Brasenose College is committed to protecting the privacy and security of personal data.
This notice explains what personal data Brasenose College (“us” or “we”) gathers and holds about visitors to our websites (“you”), how we use it, how we share it, how long we keep it and what your legal rights are in relation to it.
If you access other websites (including those linked from ours), please consult their respective privacy policies.
For information you supply to us via web forms, this notice explains how your data is handled. You may also need to refer to another relevant College privacy notice (for example, the Conferences and Events Privacy Notice).
Other applicable privacy notices
- Current Students
- Staff, Office Holders and Senior Members
- Staff, Office Holder and Senior Member Applicants
- Alumni and Donors
- Archives
- Security, Maintenance and Health & Safety (including CCTV)
- Conferences and Events
- IT Systems
- Cookie Notice
All are available at:
https://www.bnc.ox.ac.uk/privacypolicies
What is your personal data and how does the law regulate our use of it?
“Personal data” is information relating to you as a living, identifiable individual.
- To process your data lawfully, fairly and transparently;
- To collect it only for explicit and legitimate purposes;
- To ensure data is relevant and limited to those purposes;
- To ensure data is accurate and up to date;
- To retain it only as long as necessary; and
- To protect it using appropriate security measures.
Brasenose College’s Contact Details
Email: data.protection@bnc.ox.ac.uk
What personal data we hold about you and how we use it
When you use our websites, mobile applications, or other online services, certain information is automatically created and recorded.
Our websites include: bnc.ox.ac.uk, insidebrasenose.org, brasenosejcr.org, and brasenosehcr.org.
Categories of data collected
- Log data: Information automatically recorded when you access our site, such as:
- Data sent by your browser or mobile app to enable access
- Location data (if provided by your device)
- IP address or unique device identifier
- Browser type and settings
- Date and time of access
- Details of log-in attempts to closed systems
- Crash data
- Cookie data: Small text files used to store preferences or record session details, such as:
- Language preferences
- Contents of online “shopping baskets” (where applicable)
For details, see our Cookie Notice:
https://www.bnc.ox.ac.uk/cookie-policy
Most data collected is statistical and does not identify individuals. However, IP or location data may, in combination, make it personal data.
The lawful basis on which we process your data
- We require your consent to place cookies on your device(s). Continued site use implies consent.
- If you prefer not to allow cookies, adjust your browser settings to reject them. Note: this may affect site functionality.
- Cookies essential for site security or performance (e.g. load balancing) are used under the College’s legitimate interest and do not require consent.
Data that you provide to us and consequences of not providing it
Website data is provided voluntarily. Blocking cookies may impact certain website functions or user experience.
Other sources of your data
- The University of Oxford (for users authenticated with RAVEN or Shibboleth)
- Google Analytics (for site statistics; see
www.google.com/analytics) - Cloudflare (for website protection and IP security)
How we share your data
We do not sell your data. It is shared only where permitted or required by law.
Examples of required disclosures
| Organisation | Why? |
|---|---|
| UK agencies responsible for crime prevention, prosecution, safeguarding, or national security | Data may be shared with authorities when required by law or necessary to protect rights and freedoms. |
| Jisc Services Limited | As part of obligations under JANET (Joint Academic Network), user and device information may be disclosed on request. |
Examples of voluntary disclosures
| Organisation | Why? |
|---|---|
| Other Colleges and University departments | For website security or operational integrity. Shared data may be anonymised or aggregated for analysis. |
| Legal advisers and auditors | To meet legal and financial compliance obligations. |
| Third-party service providers | To facilitate College web operations under formal agreements ensuring compliance with data protection laws. |
Sharing your data outside the UK / EEA
Data may flow between the UK and EEA without additional safeguards. Transfers outside these areas are permitted where:
- The destination has an adequacy decision (e.g., EU–US Data Privacy Framework, UK–US Data Bridge);
- Standard contractual clauses or similar safeguards are in place; or
- An applicable legal derogation permits transfer.
Automated decision-making
We do not make decisions about you based solely on automated means. If this changes, we will update this notice.
How long we keep your data
Website data is typically retained for no more than one year. Longer retention is anonymised where possible. Anonymised statistical data may be kept indefinitely.
We use secure storage, encryption, and access controls to protect your personal data and login credentials.
Your legal rights over your data
- Right to access your data;
- Right to correct inaccuracies;
- Right to request erasure;
- Right to restrict processing;
- Right to receive and transfer your data to another controller;
- Right to object to direct marketing;
- Right to object to processing based on legitimate interest or public tasks;
- Right to object to automated decision-making with legal or significant effects;
- Right to withdraw consent at any time.
To exercise these rights, contact:
data.protection@bnc.ox.ac.uk
Further guidance: https://ico.org.uk/
Complaints: https://ico.org.uk/concerns/
Cookies used by Brasenose College websites
Cookies are small text files stored on your computer to make websites work or function more efficiently, as well as to provide analytics.
Types of cookies
- Session cookies: Temporary, deleted when your browser closes. They help maintain site navigation and logins.
- Persistent cookies: Retained between sessions to remember settings such as login details or preferences.
- Third-party cookies: Set by other domains (e.g., Google Analytics, YouTube).
For more information about cookies, see www.aboutcookies.org or www.allaboutcookies.org.
Cookie list
| Cookie | Duration | Purpose |
|---|---|---|
| cookieaccept | Session | Remembers a user’s acknowledgment of cookies on the website. |
| Google Analytics (_utma, _utmb, _utmc, _utmz) | Two years / Session / Not set / Six months | Collects anonymous visitor data (pages visited, referral sources). See Google’s privacy overview. |
| YouTube cookies | Variable | Used by YouTube’s privacy-enhanced mode for embedded videos. Personal data is not stored for playback. |
| Localisation | Session | Keeps track of the local time zone for the website CMS. |
| Language | Session | Records the user’s language preference for the site. |
| Mode | Session | Used by CMS to identify if the user is logged in or anonymous. |
| SiteId | Session | Used by CMS to manage users across domains (main, microsite, mobile). |
| NID / PREF / khcookie | Session | Google Maps cookies for embedded maps on contact/location pages. |
To opt out of Google Analytics tracking, visit:
https://tools.google.com/dlpage/gaoptout
Changes to our Cookie Statement
Any updates to this Cookie Statement will be posted on this page.
Version control: v1.4 (February 2024)
Last Review Date: February 2024
Next Review Date: February 2025