How Lady Margaret Hall gathers and processes information from our website
A summary of what this notice explains
Lady Margaret Hall is committed to protecting the privacy and security of personal data.
This notice explains what personal data Lady Margaret Hall gather and hold about visitors to our website, how we use it internally, how we share it, how long we keep it and what your legal rights are in relation to it. If you access other websites, include those linked to on our site, you will need to consult the appropriate information on other sites for information on their policies and or statements.
For the parts of your personal data that you supply to us to us, this notice also explains the basis on which you provide the information. For the parts of your personal data that we generate about you, or that we receive from others, it explains the source of the data.
There are some instances where we process your personal data on the basis of your consent. This notice sets out the categories and purposes of data where your consent is needed.
Lady Margaret Hall has also published separate notices, which are applicable to other groups and activities. To the extent that you complete a web form on our site, which asks you to give us certain information voluntarily (such as your name, contact information, email addresses or phone numbers) for a specific purpose, you may need to consult another of our notices to see how that data will be handled. For example, if you use a web form to register to attend a College event, you should also consult the conferences and events privacy notice. To obtain a full picture of how your data is treated, it is important that you read this privacy notice together with any other applicable privacy notices:
1. current students
2. staff, office holder sand senior members
3. staff, office holder sand senior member applicants
4. alumni and donors (including what financial information we hold about our alumni and how we use it when considering fundraising initiatives)
5. archives (which explains what data we hold in our archive)
6. security, maintenance and health and safety (including how we use CCTV)
7. conferences and events
8. IT systems (including how we monitor internet usage)
9. Cookie notice.
You can access past versions of our privacy notices here.
What is your personal data and how does the law regulate our use of it?
“Personal data” is information relating to you as a living, identifiable individual. We refer to this as “your data”.
Data protection law requires Lady Margaret Hall as data controller for your data:
o To process your data in a lawful, fair and transparent way;
o To only collect your data for explicit and legitimate purposes;
o To only collect data that is relevant, and limited to the purpose(s) we have told you about;
o To ensure that your data is accurate and up to date;
o To ensure that your data is only kept as long as necessary for the purpose(s) we have told you about;
o To ensure that appropriate security measures are used to protect your data.
Lady Margaret Hall’s Contact Details
If you need to contact us about your data, please contact:
Data Protection Officer
Lady Margaret Hall, University of Oxford
Norham Gardens, Oxford, OX2 6QA
+44(0) 1865 274322
treasurer@lmh.ox.ac.uk
What personal data we hold about you and how we use it
Whenever you use a website, mobile application or other Internet service, certain information is created and recorded automatically. The same is true for our website(s), being those with URLs/domain names ending .lmh.ox.ac.uk.
In addition to the data we gather via web forms placed on our site (the handling of which will be governed by the relevant data protection notice covering the circumstances and context), we collect and generate a variety of data via our website(s).
Categories of data that we collect, store and use include (but are not limited to):
o Log data: Whenever you use our website, our servers automatically record information (“log data”) regarding that access, including:
o Any data sent by your browser or mobile app to enable you to access the site.
o Location data of users (if provided by the connecting device).
o Internet Protocol (IP) address of the connecting device or other unique device identifiers.
o Browser type and setting for the connecting device.
o The date and time of access.
o Details of any attempts to log on to closed systems.
o Crash data.
o Cookie data: We may use “cookies” (small text files sent by your computer each time you visit our website, unique to your visit or your browser) or similar technologies to record additional information. Our cookies record information including:
- Language preferences.
- Contents of online ‘shopping baskets’ (where relevant).
For further information on the cookies we use and the data each collects, please see our Cookie notice at the end of this document.
Most data collected is statistical data about our users' browsing actions and patterns, and does not identify any individual. However, there may be occasions where browsing patterns are connected to IP addresses or location data such that the data as a whole is personal data.
Whether we collect some of the above information often depends on your device type and settings. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
The lawful basis on which we process your data
The law requires that we provide you with information about the lawful basis on which we process your personal data, and for what purpose(s).
In most circumstances, we require your consent to place cookies on your device(s). When you access our website you are notified that we use cookies, and continued use of the site following that notification is taken as consent to the use of cookies.
If you would prefer that we do not use cookies, you should adjust your browser settings to reject cookie use. Your operating system may allow you to set your preferences in a variety of ways, including a “Do Not Track” setting. [If you enable the setting, we will not track your activity on our site.]
Where we use cookies for site security, or to ensure the proper functioning of the site (for example via the use of load-bearing cookies), we do not require your consent to the use of these cookies. We have a legitimate interest in their use and we process all data, as collected by those cookies, on that basis.
Data that you provide to us and the possible consequences of you not providing it
The data that we collect via our website in the course of your accessing it, is provided by you on a voluntary basis. If you elect to adjust your browser settings to reject cookies, it may affect your experience in using the site, in the event that any blocked cookies support functionality.
Other sources of your data
Apart from the data that you provide to us, we may also receive data about you from other sources. We may get information about you and your activity outside Lady Margaret Hall from other third parties we work with. For example:
o The University of Oxford (If you are authenticated with Webauth)
o Google Analytics shares information with the websites or apps where it runs to provide statistics. We also receive this information, which may include information such as whether clicks on other sites led to visits to our site. For more information about Google Analytics, click here.
How we share your data
We do not, and will not, sell your data to third parties. We will only share it with third parties if we are allowed or required to do so by law.
Examples of bodies to whom we are required by law to disclose certain data include, but are not limited to:
o Organisation - UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security.
Why? We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms. [in cases where the law places a duty on us to report]
Examples of bodies to whom we may voluntarily disclose data, in appropriate circumstances, include but are not limited to:
o Organisation - Other Colleges and/or PPH’s within the University of Oxford, University offices and/or departments
Why? - Data from cookies may be shared in pursuit of our legitimate interest in maintaining the proper function and security of our website, or where the other party has a legitimate interest is receiving the data for similar purposes. Data may also be shared in an anonymised and/or statistical format.
o Organisation - Legal advisers and auditors
Why? - To support our legal and financial obligations and objectives.
o Organisation - Third party service providers
Why? - To facilitate activities of Lady Margaret Hall. Any transfer will be subject to an appropriate, formal agreement between Lady Margaret Hall and the processor.
o Organisation - UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, safeguarding, or national security.
Why? -We may share data with government departments, crime prevention and law enforcement agencies when required or considered appropriate in the circumstances and with the proper consideration of your rights and freedoms.
Where website information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.
All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies, and are only permitted to process your personal data for specific purposes in accordance with our instructions. We do not allow our third party providers to use your personal data for their own purposes.
Sharing your data outside the European Union
The law provides various further safeguards where data is transferred outside of the EU.
When you are resident outside the EU in a country where there is no “adequacy decision” by the European Commission, and an alternative safeguard is not available, we may still transfer data to you which is necessary for performance of your contract with us .
Otherwise, we will not transfer your data outside the European Union without first notifying you of our intentions and of the safeguards that apply to your data.
Automated decision-making
We do not envisage that any decisions will be taken about you based solely on automated means. We will update this notice if this position changes.
How long we keep your data
We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, regulatory, disciplinary or reporting requirements.
[The majority of website data is not held in a personally identifiable for more than [1] year. Data which we need to hold for longer periods will be anonymized where possible.]
Please note that we may keep anonymized statistical data indefinitely, but you cannot be identified from such data.
We adopt data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. For example:
Your legal rights over your data
Subject to certain conditions and exception set out in UK data protection law, you have:
o The right to request access to a copy of your data, as well as to be informed of various information about how your data is being used;
o The right to have any inaccuracies in your data corrected, which may include the right to have any incomplete data completed;
o The right to have your personal data erased in certain circumstances;
o The right to have the processing of your data suspended, for example if you want us to establish the accuracy of the data we are processing.
o The right to receive a copy of data you have provided to us, and have that transmitted to another data controller (for example, another University or College).
o The right to object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
o The right to object to the processing of your information if we are relying on a “legitimate interest” for the processing or where the processing is necessary for the performance of a task carried out in the public interest.
o The right to object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
o Where the lawful basis for processing your data is consent, you have the right to withdraw your consent at any time. This will not affect the validity of any lawful processing of your data up until the time when you withdrew your consent. You may withdraw your consent by contacting the College/PPH Data Protection Officer at dpo@lmh.ox.ac.uk
If you wish to exercise any of your rights in relation to your data as processed by Lady Margaret Hall please contact our Data Protection Officer at dpo@lmh.ox.ac.uk. Some of your rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
Further guidance on your rights is available from the Information Commissioner’s Office. You have the right to complain to the UK’s supervisory office for data protection, the Information Commissioner’s Office if you believe that your data has been processed unlawfully.
Future changes to this privacy notice
We may need to update this notice from time to time, for example if the law or regulatory requirements change, if technology changes or to make the Lady Margaret Hall’s or the University’s operations and procedures more efficient. If the change is material, we will publish details of the change not less than two months’ notice of the change so that you can exercise your rights, if appropriate, before the change comes into effect.
Version control: V.1.0 (March 2018)
Cookies used by Lady Margaret Hall on our website
All of our webpages use “cookies”. Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Different types of cookies have different purposes and operate for different amounts of time.
o Session cookies are stored in temporary files on your device and are erased form your device when you close your browser. Session cookies allow websites to link the actions of a website visitor during single browser session, so that any page changes or selections are remembered as you move form page to page. For example, session cookies will make sure items you put into virtual ‘shopping baskets’ are transferred to ‘checkout’, or keep you logged in as you move within private sections of a website.
o Persistent cookies are stored on your device between browser sessions, either for a long term or time-limited period. They are only deleted when they either ’expire’ or when you or your browser delete cookies from your device. Persistent cookies are used so that a website ‘remembers’ inputs and settings, including recalling log on data so that you do not have to log in again when you next visit.. Persistent cookies may also recall which areas of a website interested you, in order to help you access those areas more easily in the future. They may also be used to collect data about your interests, choices, and other organisations and websites that you visit, in order to create a profile enabling marketing materials to be appropriately targeted.
o Third party cookies are cookies that are set by a domain other than the one being visited by the user. For details of any third party cookies we include in our domain, please consult the table below.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.