Data Protection Statement

The primary purpose of data protection legislation is to protect individuals against possible misuse of information about them held by others. It is the policy of the College to ensure that all members are aware of the requirements of data protection legislation in relation to their individual responsibilities.

The General Data Protection Regulation (GDPR) covers personal data, whether held on computer or in manual files/paperwork.

The College is obliged to ensure that all data shall:

  1. be processed fairly and lawfully;
  2. be held only for specified purposes and not used or disclosed in any way incompatible with those purposes;
  3. be adequate, relevant and not excessive;
  4. be accurate and kept up-to-date;
  5. not be kept for longer than necessary for the particular purpose;
  6. be processed in accordance with data subjects’ rights;
  7. be kept secure;
  8. not be transferred outside the European Economic Area unless the recipient country ensures an adequate level of protection.

Definitions and guidance on these principles and further information on Data Protection may be found at the University’s data protection pages (Single Sign-On Access).

The GDPR provides individuals with rights in connection with personal data held about them. It provides individuals with the right to access data concerning themselves (subject to the rights of third parties). It also includes the right to seek compensation through the courts for damages and distress suffered by reason of inaccuracy or the unauthorised destruction or wrongful disclosure of data. Information on how to make a request for access to personal data may be obtained from the PA to the Bursar.

All staff or other individuals who have access to, or who use, personal data, have a responsibility to exercise care in the treatment of that data and to ensure that such information is not disclosed to any unauthorised person. Examples of data include address lists and contact details as well as individual files. Any processing of such information must be done in accordance with the principles outlined above. To comply with the first principle (fair and lawful processing), at least one of the following conditions must be met:

  • the individual has given his or her consent to the processing;
  • the processing is necessary for the performance of a contract with the individual;
  • processing is required under a legal obligation;
  • processing is necessary to protect the vital interests of the individual;
  • processing is necessary to carry out public functions;
  • processing is necessary in order to pursue the legitimate interests of the controller or third parties (unless it could prejudice the interests of the individual).

In the case of sensitive personal data, which includes information about racial or ethnic origins; political beliefs; religious or other beliefs; trade union membership; health; sex life; criminal allegations, proceedings or convictions, explicit consent is required.

The College will take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. All staff and members should be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for access to relevant data held on computer should be strictly observed.

Staff should also note that personal data should not normally be provided to external parties unless specific arrangements have been put in place.

Personal data about an individual must not be placed on the world wide web unless the individual whose data is used has given his or her express consent. 

Any failure to comply with the provisions of the GDPR could result in reputational and financial costs to the College. All staff must therefore familiarise themselves with the general aspects of Data Protection and complete the online training course at  www.infosec.ox.ac.uk/module

Any query on data protection should be addressed to the PA to the Bursar in the first instance.

News
Events

The latest from Wolfson College

15 June 2018
Sir Tim Hitchens' Foundation Speech

"It’s my great honour to give this year’s Foundation Dinner speech, and my first. May I start with personal thanks, from Sara and me, to all of...

Tim Hitchens
11 June 2018
Tim Hitchens honoured by The Queen

Congratulation to Sir Tim Hitchens, who has been appointed Knight Commander of the Royal Victorian Order (KCVO) in the Queen's Birthday Honours...

Masterchef Dr Nawamin
4 June 2018
How a Wolfson PhD student became a finalist in MasterChef UK 2018

Dr Nawamin Pinpathomrat is one of Wolfson’s PhD students, who finished as a finalist on MasterChef UK 2018 while researching a cure for...

Our upcoming events

Courses and Workshops
22 - 22
Jun Jun
China’s One Belt One Road and its implications for South Asia
Friday 22 June - 10:00am to 6:00pm

China’s $800 bn investment in land communications (the belt) and sea routes (the road) is perhaps the biggest infrastructure project the world has ever seen. It will have impacts on transport and trade, on industrial competitiveness and market access, on development finance and debt, on geopolitical and military relations.

Parties and Dinners
23 - 23
Jun Jun
The Wolfson Gaudy and Syme Legacy Society Lunch (by invite only)
Saturday 23 June - 12:30pm to 3:00pm

We would be delighted if you could join us for the Annual Gaudy and Syme Legacy Society Summer Lunch taking place on Saturday, 23 June to welcome our new President Mr Tim Hitchens CMG LVO to Wolfson. We will announce the schedule of the day in due course. Please note this event is by invitation only.

Concert and Plays
24 - 24
Jun Jun
Wolfson College Choir - Summer Concert
Sunday 24 June - 5:00pm

The Wolfson College Choir will have its summer concert on Sunday the 24th of June at 5 pm in the Leonard Wolfson Auditorium. The choir will be joined by the Thame Children’s Choir. Come and join us for an afternoon of music. Everyone is welcome and admission is free.