Data Protection

How we use your personal information

Darwin College is committed to the proper management of personal data. On this page below you will find a collection of data protection policies, statements, and documents that can help you understand how we manage personal data and how to contact us for further information.

Data Sharing Agreement

Information on the terms of the information sharing agreement between the College and the University can be found here: Data Sharing Agreement with the University of Cambridge

Further information

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, (bursar@darwin.cam.ac.uk).

↑ Top of the page

Data Protection Policy

Personal information, its processing and privacy

Purpose and scope

The purpose of this policy is to ensure compliance with data protection law in the UK (the General Data Protection Regulation and related EU and national legislation). Data protection law applies to the processing (collection, storage, use and transfer) of personal information (data and other personal identifiers) about data subjects (living identifiable individuals).

Under data protection law, the College is identified as a data controller and as such is subject to a range of legal obligations. For clarity, the University of Cambridge and the other Colleges in Cambridge are separate data controllers, with their own policies and procedures. Sharing of personal information between the University and the Colleges is covered by a formal data sharing protocol.

This policy applies to all staff and members of the college, except when they are acting in a private or external capacity. For clarity, the term staff means anyone working in any context for the College at any level or grade (whether permanent, fixed term or temporary) and including employees, retired but active members and staff, workers, trainees, seconded staff, agency staff, agents, volunteers, and external members of College committees. Equally, the term member includes all Fellows, students, alumni, and all other categories of College membership under the College’s Statutes and Ordinances when they are handling or processing personal information on behalf of the College, except when they are acting in a private or external capacity.

This policy should be read in conjunction with:

  • College Statutes and Ordinances;
  • staff employment contracts and comparable documents (which outline confidentiality obligations when processing information of the College);
  • policies, procedures and terms of conditions of the College and, where relevant, similar documents of the University of Cambridge with regard to:
    • information security;
    • acceptable use of IT facilities (including use of personal devices);
    • records management and retention;
    • any other contractual obligations on the College or the individual which impose confidentiality or information management obligations (which may at times exceed those of College policies with respect to storage or security requirements – e.g. for funded research).

This policy is reviewed by the College Council and approved by it. It is reviewed at least once every three years. The College Council remains responsible for ensuring appropriate resources are in place to achieve compliance with data protection law in line with an appropriate overall risk profile.

Obligations of the College

The College upholds data protection law as part of everyday working practices, through:

  • ensuring all personal information (see Annex) is managed appropriately through this policy;
  • understanding, and applying as necessary, the data protection principles (see Annex) when processing personal information;
  • understanding, and fulfilling as necessary, the rights given to data subjects (see Annex) under data protection law;
  • understanding, and implementing as necessary, the College’s accountability obligations (see Annex) under data protection law; and
  • the publication of data protection statements outlining the details of its personal data processing in a clear and transparent manner.

The College shall appoint a statutory data protection officer, who will be responsible for:

  • monitoring and auditing the College’s compliance with its obligations under data protection law, especially its overall risk profile, and reporting on such annually to the College;
  • advising the College on all aspects of its compliance with data protection law;
  • acting as the College’s standard point of contact with the Information Commissioner’s Office with regard to data protection law, including in the case of personal data breaches; and
  • acting as an available point of contact for complaints from data subjects.

The College shall otherwise ensure all members and staff are aware of this policy and any associated procedures and notes of guidance relating to data protection compliance, provide training as appropriate, and review regularly its procedures and processes to ensure they are fit for purpose. It shall also maintain records of its information assets.

Individual members and staff are responsible for:

  • completing relevant data protection training, as advised by the College;
  • following relevant College policies, procedures and notes of guidance;
  • only accessing and using personal information as necessary for their contractual duties and/or other College roles;
  • ensuring personal information they have access to is not disclosed unnecessarily or inappropriately;
  • where identified, reporting personal data breaches, and co-operating with College officers and management to address them; and
  • only deleting, copying or removing personal information when leaving the College as agreed with the College and as appropriate.Non-observance of these responsibilities may result in disciplinary action against individual members or staff.

The obligations outlined above do not waive any personal liability for individual criminal offences for the wilful misuse of personal data under data protection legislation.

Annex

Legal Definition of personal information

Personal information is defined as data or other information about a living person who may be identified from it or combined with other data or information held. Some “special category data” (formerly sensitive personal data) are defined as information regarding an individual’s racial or ethnic origin; political opinion; religious or other beliefs; trade union membership; physical or mental health or condition; sexual life; or criminal proceedings or convictions, as well as their genetic or biometric information.

Data Protection Principles

The data protection principles state that personal data shall be:

  • processed (i.e. collected, handled, stored, disclosed and destroyed) fairly, lawfully and transparently. As part of this, the College must have a ‘legal basis’ for processing an individual’s personal data (most commonly, the processing is necessary for the College to operate a contract with them, the processing is necessary to fulfil a legal obligation, the processing is in the legitimate interests of the College and does not override their privacy considerations, or they have consented to the processing);
  • processed only for specified, explicit and legitimate purposes;
  • adequate, relevant and limited;
  • accurate (and rectified if inaccurate);
  • not kept for longer than necessary;
  • processed securely.

Data Subject Rights

An individual’s rights (all of which are qualified in different ways) are as follows:

  • the right to be informed of how their personal data are being used. This right is usually fulfilled by the provision of ‘privacy notices’ (also known as ‘data protection statements’ or, especially in the context of websites, ‘privacy policies’) which set out how an organisation plans to use an individual’s personal data, who it will be shared with, ways to complain, and so on;
  • the right of access to their personal data;
  • the right to have their inaccurate personal data rectified;
  • the right to have their personal data erased (right to be forgotten);
  • the right to restrict the processing of their personal data pending its verification or correction;
  • the right to receive copies of their personal data in a machine-readable and commonly-used format (right to data portability);
  • the right to object: to processing (including profiling) of their data that proceeds under particular legal bases; to direct marketing; and to processing of their data for research purposes where that research is not in the public interest;
  • the right not to be subject to a decision based solely on automated decision-making using their personal data.

Accountability

The College is required under law to:

  • comply with data protection law and hold records demonstrating this;
  • implement policies, procedures, processes and training to promote “data protection by design and by default”;
  • have appropriate contracts in place when outsourcing functions that involve the processing of personal data;
  • maintain records of the data processing that is carried out across the College;
  • record and report personal data breaches;
  • carry out, where relevant, data protection impact assessment on high risk processing activities;
  • cooperate with the Information Commissioner’s Office (ICO) as the UK regulator of data protection law;
  • respond to regulatory/court action and pay administrative levies and fines issued by the ICO.

↑ Top of the page

CCTV Code of Practice

Introduction

This Code of Practice aims to ensure that the scope, purpose and use of the CCTV systems installed and operated by Darwin College are clearly defined.

Scope

This Code of Practice is binding on all members of Darwin College and employees of contracted out services.  It also applies to all other persons who maybe present, for whatever reason, on College property.

Principles

The following principles will govern the operation of the CCTV system:

  • The CCTV system will be operated fairly and lawfully and only for the legitimate purposes as specifically authorised by the College.
  • The CCTV system will be operated with due regard for privacy of the individual and in accordance with Article 8 of the European Convention on Human Rights i.e. an individual’s right to privacy.
  • The CCTV system is fundamentally an overt system, using non-hidden cameras within the confines of the College in public spaces.

Purpose of the CCTV system

The system is intended to provide an increased level of security for the benefit of those who study, work, live in or visit the College.
The CCTV system will be used to respond to the following legitimate aims / key objectives, which will be subject to annual review.

  • To detect, prevent or reduce the incidence of crime.
  • To prevent and respond effectively to all forms of harassment and public disorder.
  • To improve communications and the operational response of staff in and around the areas where CCTV operates.
  • To reduce the fear of crime.
  • To create a safer community.
  • To gather evidence by a fair and accountable method.
  • To provide emergency services assistance.
  • To assist with health and safety.
  • To monitor the use of College car parking areas.

System details

The CCTV system comprises at any one time between 30 and 40 overt colour motion sensing cameras situated on the College main and ancillary sites, displaying live video of the covered areas on screens on the staff side of the counter in the Porters Lodge and recording motion events on local storage (per building or camera).

Installation and signage

Cameras shall be installed in such a manner as not to intrude on private domestic areas. Cameras shall not be hidden from view and signs will be prominently displayed in the locality of the cameras.  The signs will indicate:

  • The presence of monitoring and recording.
  • The ownership of the system.
  • Contact telephone number.

If at any time mobile cameras are employed, their use will also be governed by this Code of Practice.

Data Protection legislation

Where images of living, identifiable individuals are deliberately recorded, this creates personal data, the collection, use and storage of which is governed by data protection law in the UK (the General Data Protection Regulation and related EU and national legislation). Under data protection law, the College is identified as a data controller and as such is subject to a range of legal obligations when operating CCTV. Given that any particular sequence of CCTV recording may include personal data, all such recordings will be processed in accordance with the Data Protection Principles under the law, and Data Subject Rights, including the right of access to personal data, will be respected where recordings are confirmed to comprise personal data.  These Data Protection Principles and Data Subject Rights are set out in full in Appendix 1. Where an individual requests access to recordings believed to include their personal data, the matter shall be referred to the Bursar.

Access to Live Footage

Images captured by the system will be monitored in the Porters Lodge. For operational purposes, and in accordance with the stated purposes of the system, only designated College staff trained in their duties and required to do so shall have access to live CCTV footage.

Access to the Porters Lodge is controlled and all staff are trained in their responsibilities in respect of the use of CCTV.

Access to Recordings

For operational purposes and in accordance with the stated purposes of the system, only designated staff shall have primary access to CCTV recordings.

The Bursar or nominee must provide permission for the viewing of the CCTV recorded materials by specific College staff where this is necessary in connection with the prevention of crime and anti-social behaviour, assisting in the apprehension and prosecution of offenders or matters of national security. Permission to disclose recordings will normally be granted in response to a legitimate request made by the Police in the course of their duties.

Disclosure of Recorded Material

As the main purpose of the CCTV system is to prevent crime and assist in the apprehension and prosecution of offenders, designated College staff may release CCTV recorded materials to the police where the College has initiated contact with the police and there is a reasonable belief that the CCTV recorded materials will be of assistance.

Where the police or other official body with prosecuting powers approach the College and request access to CCTV recorded materials they shall be asked to provide a Section 29 Notice (in the case of the police) or similar document confirming that the information is necessary for either the prevention of crime or the apprehension or prosecution of offenders, or matters of national security.

Where any other person requests access to CCTV recorded materials, this request shall be forwarded to the Bursar.
In all cases where recorded materials are disclosed outside the College, the appropriate College staff shall ensure that the disclosure is logged and duly signed for.

A log will be kept recording all requests to the Bursar to review stored material. Note the log will not contain any personal data other than who requested and reviewed the material. The log can be made available on request for the purpose of establishing the frequency and purpose of requests made.

Retention of recorded materials and disposal

CCTV recordings and other materials produced from them shall be retained for no more than 30 days unless an incident is recorded which requires further investigation either by the College, the police or another external body with prosecuting powers.

In the case of an incident requiring further investigation recordings shall be kept for a maximum period of three years from the date of recording and in any event no longer than is necessary.

All media, on which recordings were made, that are no longer required will be destroyed.

Breaches of the code and complaints

A copy of this Code of Practice will be made available to anyone requesting it.  Any complaint concerning misuse of the system will be treated seriously and investigated by the Bursar or nominee.

Breaches of this Code of Practice shall be dealt with in accordance with the appropriate disciplinary policy. Serious breaches of the Code may result in criminal liability on behalf of the individual which could be considered as gross misconduct.

Where appropriate, consideration will be given as to whether the police will be asked to investigate any matter relating to the CCTV system which may be deemed to be of a criminal nature.

Appendix

Data Protection Principles

The data protection principles state that personal data shall be:

  • processed (i.e. collected, handled, stored, disclosed and destroyed) fairly, lawfully and transparently.  As part of this, the College must have a ‘legal basis’ for processing an individual’s personal data (most commonly,  the processing is necessary for the College to operate a contract with them, the processing is necessary to fulfil a legal obligation, the processing is in the legitimate interests of the College and does not override their privacy considerations, or they have consented to the processing);
  • processed only for specified, explicit and legitimate purposes;
  • adequate, relevant and limited;
  • accurate (and rectified if inaccurate);
  • not kept for longer than necessary;
  • processed securely.

Data Subject Rights

An individual’s rights (all of which are qualified in different ways) are as follows:

  • the right to be informed of how their personal data are being used.  This right is usually fulfilled by the provision of ‘privacy notices’ (also known as ‘data protection statements’ or, especially in the context of websites, ‘privacy policies’) which set out how an organisation plans to use an individual’s personal data, who it will be shared with, ways to complain, and so on;
  • the right of access to their personal data;
  • the right to have their inaccurate personal data rectified;
  • the right to have their personal data erased (right to be forgotten);
  • the right to restrict the processing of their personal data pending its verification or correction;
  • the right to receive copies of their personal data in a machine-readable and commonly-used format (right to data portability);
  • the right to object: to processing (including profiling) of their data that proceeds under particular legal bases; to direct marketing; and to processing of their data for research purposes where that research is not in the public interest;
  • the right not to be subject to a decision based solely on automated decision-making using their personal data.

Data Protection Statement (DPS)

↑ Top of the page

DPS for Alumni and Supporters

The College Development Office uses the highest standards to maintain your personal details. Our Data Protection Statement was last updated on 19th March 2019, and will be reviewed regularly in accordance with any changes of our understanding of the law.

This statement explains how Darwin College (“we” and “our”) handles and uses data we collect about our alumni and supporters (“you” and “your”). In broad terms, we use your data to keep in touch with you as part of our lifelong community of scholars. This includes (but is not exclusive to) keeping in touch with you, keeping up to date on your achievements, and engaging with you on how you can continue to contribute to College life and otherwise support the College. We will retain your data indefinitely or until you request us to do otherwise. When changes are made to this statement, we will publish the updated version to our website and notify you by other communication channels as we deem appropriate or necessary.

Contact Information at Darwin College

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU.

The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, bursar@darwin.cam.ac.uk.

The legal basis for processing your personal data is that it is necessary for the purposes of our legitimate interests, where we have concluded that our interests do not impact inappropriately on your fundamental rights and freedoms, except where elsewhere in this statement we have indicated otherwise. You may ask us to explain our rationale at any time.

How your data is used by the College

We collect and process your personal data for a number of purposes, including those outlined below:

(a) We maintain a record of your academic progress and achievements at the College and the University of Cambridge and elsewhere. We retain personal data (provided by you or by the University of Cambridge, or created by us), including:

  • your current name and any previous names you have had;
  • unique personal identifiers (e.g. student number, CRSID, date of birth, photograph);
  • your current and previous contact details;
  • your application details, our assessment of your application and the details of any offer(s) of study we have made;
  • records of your academic provision from the College (including supervisions, College examinations and other academic support);
  • matriculation and graduation details and records of your academic qualifications (including those prior to becoming a member of the College);
  • other details of your academic progress or achievement (e.g. College or University awards or prizes).

(b) We retain a record of your career, academic successes beyond Darwin, or other life achievements in order to promote and improve the reputation of the College and help you to network with other College members effectively. We retain personal data (provided by you), including:

  • details of your achievements since you completed your course(s) of study;
  • membership of College and external clubs and societies (including alumni groups);
  • your previous and current employment status (including retirement), including job title, sector, income and work contact details, dates of employment.

When you provide this information, we will assume (unless you notify us otherwise) that we can promote these achievements in our public literature, and can use this information for other purposes outlined in this statement. We may supplement information from other public sources that we consider to be reliable (e.g. your public social media profile(s), National Honours Lists, Companies House, high-profile news reports or articles) and may check their accuracy with you from time to time.

(c) We retain personal data (provided by you or by the University of Cambridge, or created by us) in order to engage you in College and University events that we believe will be of interest to you, including alumni and open events, volunteering opportunities, and other ways you can contribute to the life of the College. This might include:

  • known relationships with other members (past or present) of the University of Cambridge or any of the Colleges;
  • your previous attendance at College or University events;
  • information about your areas of personal interest;
  • personal data relating to your attendance at events and your personal preferences (e.g. dietary or accommodation requirements or requests);
  • records of any communications (verbal or written) we have had with you, including the purpose and outcome of those communications.

When you provide this information, we will assume (unless you notify us otherwise) that we can use this information for other purposes outlined in this statement. We may supplement information from other public sources that we consider to be reliable (e.g. your public social media profile(s), University publications, high profile news reports or articles) and may check their accuracy with your from time to time.

(d) We retain personal data (provided by you or by the University of Cambridge, or created by us), in order to provide you with information about the development of the College, including major initiatives and programmes relating to either the academic endeavour or the provision of services and facilities to members and the wider public. In particular, we retain:

  • any communication preferences confirmed by you;
  • ways in which you have supported the College.

By providing us with email addresses and telephone numbers, we have taken this to be consent to use those channels to contact you for this and other purposes outlined in this statement, unless you have told us otherwise.

(e) We value any financial contribution from our members: donations form one of our major income streams. Accordingly, we retain personal data (provided by you or by the University of Cambridge, or created by us) in order to encourage you to make a financial contribution to the College and/or the University, and for the processing of any such contributions. In particular, we retain:

  • the purposes and amounts of any donations or other support previously provided to the University or the College by you;
  • the method(s) of payments used and related payment references;
  • your bank details (for processing direct debit or other financial transactions);
  • your tax status and Gift Aid declaration.

Some of this financial information needs to be retained for statutory purposes for a number of years (e.g. Gift Aid, anti-fraud, and accounting /audit matters). When you provide this information, we will assume (unless you notify us otherwise) that we can use this information for other purposes outlined in this statement.

(f) The College undertakes research to determine the capacity of its alumni and supporters to provide financial support to the College either now or in the future. This results in us creating personal data, including:

  • your estimated income or asset worth (where this is not provided by you);
  • your potential capacity to make a gift, including our internal classification of you as a major gift prospect which is determined by a combination of your giving history, your attendance at College and University events, and your other interactions with the College since you graduated, including any positive or negative indications from you about your capacity or willingness to give to the College;
  • gifts you have made to other charitable organisations where such information is obviously in the public domain.

Our research includes incorporating information from public sources that we consider to be reliable (e.g.: your public social media profile(s), National Honours Lists, Companies House, high-profile news reports or articles). In using these sources, we have considered the potential intrusion of your privacy. In most cases, our assessment above aims to exclude you from unwelcome or inappropriate approaches so as not to compromise your ongoing relationship with us.  We may use external contractors or consultants to assist us in this research. Where we do so, any sharing of your personal data is on the strict understanding that they may not repurpose it, or pass it on to other third parties. We do not sell your personal data under any circumstances.

(g) We retain personal data (provided by you) in order from time to time to promote third party services we believe will be of interest to you. The personal data we retain provided by you includes any preference to be excluded from such services.

If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given at the end of this document.

Communications

If you are a new contact for our Development Office, we will ask you at the outset how you would like to receive news and other communications from us. If you are already receiving such communications, you are able to change your preferences (or ask us to stop sending you news and other communications completely) by contacting the Development Office by post (The Development Office, Darwin College, Silver Street, Cambridge CB3 9EU), by phone (+44 (0) 1223 335690), or by email (development@darwin.cam.ac.uk). You may request changes at any time.

Additionally, if you are already receiving our termly electronic newsletter (the “e-bulletin”) you can unsubscribe from this at any time by clicking the “unsubscribe” link included in the email.

How we share your personal data

We believe that most alumni understand in detail the complex and many interactions of the College with the University of Cambridge. Personal data of our members is shared with the University routinely throughout any course of study, and it is our strong preference to continue such collaborative working thereafter.

The University and its partners (including the College) have a data sharing agreement to govern the sharing of personal data of alumni and other supporters.  This is necessary because they are distinct legal entities. The agreement outlines that, depending on constraints set by you, and which you may change at any time, the University and College may share any of the above categories of personal data with the University.

The agreement can be found here Data Sharing Agreement with the University of Cambridge.  Any transmission of data to or from the University is managed through agreed processes which comply with UK data protection legislation.

The College shares a database of alumni and supporter records with the University: additionally, we maintain other electronic and paper records within College. The University has its own data protection statement and procedures which can be viewed here.

Additionally, we share data on a considered and confidential basis, where appropriate, with:

  • Cambridge in America (the University’s affiliate alumni office in the USA),
  • third-party agencies who provide us with data in the public domain about alumni and supporters, as outlined above,
  • selected companies who provide College-branded or College-endorsed products and services, as outlined above,
  • volunteer partners closely related to us (e.g. College trustees, Development Committee members, alumni group (including the Darwin College Society) representatives), and
  • contractors providing services to you on our behalf or services to us (our “data processors”), as outlined above.

We also facilitate communication between individual alumni (of the College or the University), but in doing so we do not release personal contact details without prior permission.

Any transfers of your data overseas or to international organisations, as set out above, are protected either by an adequacy decision by the European Commission or by standard data protection clauses adopted by the European Commission (which are available from our Data Protection Officer, the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk).

Your rights

You have the right: to ask us for access to, rectification or erasure of your data; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your data electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.  Where you opt out of all future communications or exercise your right to erasure, we will continue to maintain a core set of personal data (name, subject(s), matriculation and graduation details, unique University identification number and date of birth) to ensure we do not contact you inadvertently in future, while still maintaining our record of your academic achievements. We may also need to retain some financial records about you for statutory purposes (e.g. Gift Aid, anti-fraud and accounting/audit matters).

You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Office.

↑ Top of the page

DPS for Students

How we use your personal information​

This statement explains how Darwin College (“we” and “our”) handles and uses information we collect about those applicants we make an offer of study to, and students once they join the College (“you” and “your”). In broad terms, we use your personal information to manage the ongoing relationship between the College and you as part of our lifelong community of scholars. This includes guiding and supporting your academic studies, maintaining and reviewing your academic progress and pastoral welfare, reviewing your financial commitments to the College and (if you live in College accommodation) managing our relationship with you as a resident. When changes are made to this statement, we will publish the updated version on our website and notify you by other communications channels as we deem appropriate or necessary.

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, (bursar@darwin.cam.ac.uk).

The normal legal basis for processing your personal information is that it is necessary in the performance of one or more contracts with us (including preparing to become a student and member of the College, the expectations on both sides during your course of studies and any related accommodation contract). We have commitments to other external bodies (particularly the University of Cambridge) as part of those contracts, and we outline below (see “How we share your personal information) how and when we ordinarily will share your personal information. For some specific purposes, we may rely on another legal basis, including where we are required for compliance with a legal obligation (e.g. financial records, equal opportunities monitoring), or where we believe it is in our legitimate interest to do so (e.g. to enable your access to external services). You may ask us for further information on these matters at any time if you have specific concerns.

How your data is used by the College

We collect and process your personal information, as specified below, for a number of purposes, including:

  • maintaining your personal details, including ensuring effective communications with you;
  • maintaining a formal record of your academic progress and achievements at the College, the University of Cambridge and elsewhere;
  • maintaining a formal record of your other engagements with and achievements at the College, the University of Cambridge and elsewhere
  • maintaining a record, where appropriate, of any particular personal needs you require to participate fully in College and University life (including any support needs that are, or have been, provided by the College or the University during your course of studies), as well as information about your general health and wellbeing;
  • maintaining financial records relating to your studies, your funding and other financial support arrangements;
  • provision of references to third parties;
  • maintaining a record of your behaviour and in particular where there has been concerns or complaints raised about you;
  • maintaining a record of any complaints you make to the College and their outcomes;
  • maintaining data to enable the College and the University to produce statistics and research for internal and statutory reporting purposes.

Further details are provided in the Annex. If you have concerns or queries about any of these purposes, please contact us at the address given below, or speak to the Dean, Dr Duncan Needham (djn33@cam.ac.uk).

We also operate CCTV on our sites, which will capture footage. Our CCTV policy is set out in the section above entitled “CCTV Code of Practice”.

Please note that if you engage with us for any other purpose (e.g. you work for us, or volunteer for us), there are additional data protection statements that you will be provided with for those other purposes, usually at the first point of engagement.

How long we keep your information for

The Annex outlines specific retention periods for certain categories of information: most of these are determined by legal requirements relating to that specific information.

Where no specific retention period is noted, at the point of graduation, the College reduces your personal information to a subset of information so that the College can retain a sufficient record of your academic achievements for references and other related purposes, and your time at the College. The archived record would retain:

  • your current name and any previous names you have had;
  • unique personal identifiers (e.g. student number, CRSID, date of birth, photograph);
  • your current and previous contact details;
  • your application details, our assessment of your application and the details of any offer(s) of study we have made;
  • academic records for which the College is responsible;
  • matriculation and graduation details and records of your academic qualifications (including those prior to becoming a member of the College);
  • other details of your academic progress or achievements (e.g. College or University awards or prizes);
  • details of your significant involvement with the Darwin College Students Association, or with College affairs, societies and clubs.

Finally, we strongly encourage all of our students to remain in touch with the College after they leave and, for that reason, we transfer a subset of this information to our Development and Alumni Office. You are encouraged to read our separate statement about personal information for alumni, which covers your ongoing lifelong membership of the College – see above.

How we share your personal information

Within the College

We share the following information with relevant people within the College: such as Accounts and the Deanery (including your Graduate Tutor). Again, this is considered necessary for the College to operate smoothly but you can request a greater level of privacy by contacting the Dean. The College also takes photographs of its students, either individually and/or as a group annually, and at graduations. These are widely used within the College and may be on public display. Otherwise, the College restricts the sharing of your personal information within the College in line with the data protection polices set out on this page.

With the University

By being a member of a College and registering for a course of study, you are automatically a member of the University of Cambridge. The academic and student support arrangements between the College and the University of Cambridge are complex and varied depending on your course and level of study. Information relating to you (and particularly your academic studies) is shared routinely and often with the University, and the University and its partners (including the College) have a data sharing agreement to govern such interactions and information transfers in both directions, as well as a shared student record system and database.

The personal information shared with the University will include only that which is necessary for you to undertake and complete your studies and your examinations, and in addition will include any information necessary for the College to fulfill its obligations and agreements with the University about the shared University community (including sufficient information for the University to record and collate instances of student behaviour or complaints across all of the Colleges and the University). Where possible, the College will notify you of its intention to share such data in advance.

The University is a separate legal entity to the College and has its own statement about your personal information and its procedures, which you can view at: https://www.information-compliance.admin.cam.ac.uk/data-protection/stude…. It in turns shares information with the affiliated student unions and a number of other bodies for statutory and other purposes.

With other organisations

The College routinely shares information with, and receives information from, where appropriate:

  • the Cambridge City Council and other local authorities (to provide evidence of any rights to or exemptions from local services and taxes, including electoral registration and council tax);
  • your funding providers or sponsors, as agreed with them and/or you, including the Student Loans Company;
  • Universities and Colleges Admissions Service.

We may also be subject to a legal requirement (with or without your consent) to share your personal information with some government agencies under special circumstances (e.g. relating to crime or health and safety), such as the police or security services or other statutory authorities with investigatory powers. Where possible, the College will notify you of its intention to share such information in advance.

We will normally provide confirmation of your qualifications and other academic references to a prospective employer or financial sponsor if you have requested us to do so or if it is reasonably clear that it would be in your interests for us to do so, and we have made reasonable checks to ensure the information is being requested for that purpose.

We may also provide personal information to agencies and trusted advisers in order to receive professional advice or guidance in relation to a number of matters (examples of such advice include legal and audit services, fee status verification services, intercollegiate agreement services) or to provide services to you through a third party on our behalf. In such circumstances, data sharing agreements are in place to ensure your personal information is not retained by them for longer than necessary or otherwise shared more widely.

The College may share information with organisations overseas as part of arrangements related to your membership of the College (e.g. an overseas funding provider). In most cases, this will be related to the operation of a contract.

Publication of your personal information

We would not normally make your personal information publicly available without your consent.

We would encourage you to be careful when sharing personal information about other students in public social media sites and other similar environments.

Please also note the University’s people search function (on www.lookup.cam.ac.uk) may also be widened to be accessible to the general public by changing the settings at your own page; its default setting is otherwise access to all members of the University and all Colleges: we share this because we believe it helps significantly in building community relations and networks and helps others get in touch with you easily.

Your rights

You have the right: to ask us for access to, rectification or erasure of your personal information; to restrict processing (pending correction or deletion); to object to communications; and to ask for the transfer of your personal information electronically to a third party (data portability).

Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

If you have questions or concerns about your personal information, or how it used, please speak to the relevant College staff in the first instance. If you need further guidance, please contact the Dean using the details given above.

If you remain unhappy with the way your information is being handled, or with the response received from us, you have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (https://ico.org.uk/).

Annex

We collect and process your personal information, as specified below, for a number of purposes, including:

Maintaining your personal details, including ensuring effective communications with you

We retain personal information (provided by you or by the University of Cambridge, or created by us), including:

  • your current name and any previous names you have had;
  • unique personal identifiers (e.g. student number, CRSID, date of birth, photograph);
  • your current and previous contact details;
  • next-of-kin or emergency contacts.

We will assume that you have obtained permission from your next-of-kin or emergency contact for us to hold their information for that purpose.

Maintaining a formal record of your academic progress and achievements at the College, the University of Cambridge and elsewhere

We retain personal information (provided by you or by the University of Cambridge, or created by us), including:

  • your application details, our assessment of your application and the details of any offer(s) of study we have made;
  • academic records for which the College is responsible;
  • matriculation and graduation details and records of your academic qualifications (including those prior to becoming a member of the College);
  • other details of your academic progress or achievements (e.g. College or University awards or prizes).

Where an award or prize is provided by an external sponsor, we will normally share details about you and your academic performance with them.

Maintaining a formal record of your other engagements with and achievements at the College, the University of Cambridge and elsewhere

We retain personal information (provided by you or by the University of Cambridge, or created by us), including:

  • records of your membership of College committees, the Darwin College Student Association, and College clubs and societies;
  • awards, prizes and achievements in College or University-related activities (e.g music, arts, sports etc.).

Maintaining a record, where appropriate, of any particular personal needs you require to participate fully in College and University life (including any support needs that are, or have been, provided by the College or the University during your course of studies), as well as information about your general health and wellbeing

We retain personal information (provided by you or by the University of Cambridge, or created by us), including:

  • details of any disability, illness, and any consequent learning support, social support or other support needs;
  • details of any serious risks affecting you (e.g. severe allergies);
  • arrangements agreed with you to manage your use of College and University facilities (e.g. computing services, sports facilities, libraries, accommodation, learning spaces), including any special requirements that may be linked to your health or religious beliefs;
  • other information to support your health, safety and wellbeing.

We may also retain copies of statements from professional medical advisers, provided either by you or directly to us. All personal information will be managed in line with our confidentiality policy. We recognise that much of the personal information outlined above is of a sensitive nature and requires a high level of discretion. Wherever possible, we will discuss and agree with you in advance with whom and when we share this information, but reserve the right to disclose information to others in matters relating to significant risks to your health and safety or the health and safety of others.

This information is normally retained until one year after you complete your studies.

Please note that where you are referred to services not offered directly by the College (e.g. the University Counselling Centre and the University’s Disability Resource Centre), these support services will have their own data protection statement (or privacy notice) and we advise you pay close attention to these.

Maintaining financial records relating to your studies, your funding and other financial support arrangements

We retain personal information (provided by you or by the University of Cambridge, or created by us), including:

  • records of your sources of funding support and tuition fee liabilities and, where relevant, records of your accommodation liabilities and other related charges, as well as what monies are to be, and have been, collected by the College on behalf of itself and the University;
  • records of any financial support agreed by the University and/or the College (studentships or awards, additional discretionary funding, benefits or waivers approved by the College);
  • where you reside in accommodation owned or managed by the College, copies of any accommodation contract(s);
  • where appropriate, your banking details in order to conduct financial transactions, and records of such transactions;
  • records of your College financial account, including balance and transactions;
  • copies of any correspondence with you about any of the above matters.

Where this information includes the personal information of others (e.g. parental income evidence), we will assume that you have their permission to provide it to us for our purposes. This information is normally retained until seven years after you complete your studies.

Provision of references to third parties

In addition to the information above (and particularly your achievements in B and C above), we retain personal information (provided by you or created by us), including:

  • records of your advisers, including where relevant your Tutor, Director of Studies and other nominated College personnel who provided you with personal support.

Maintaining a record of your behaviour and in particular where there has been concerns or complaints raised about you

We retain personal information (provided by you or by others, or created by us), including:

  • details of any investigations undertaken by the College into your conduct or behaviour (e.g. disciplinary investigations, fitness to study investigations, complaints made against you);
  • a record, including the final outcome, of any investigation of the University into your conduct or behaviour.

The College has several complaints procedures, relating to different matters, which you are expected to familiarise yourself with and, in all cases, personal information will be managed in line with our confidentiality policy. We recognise that investigations may include information or statements of either a sensitive or disputed nature, and that such records require a high level of confidentiality. Wherever possible, we will discuss and agree with you in advance with whom and when we share this information, but reserve the right to disclose information to others in matters relating to significant risks to your health and safety or the health and safety of others.

This information is normally retained until one year after you complete your studies.

Maintaining a record of any complaints you make to the College and their outcomes

We retain personal information (provided by you or by others, or created by us), including:

  • details of any complaints you have made to the College and their outcomes, where these have been taken through the College complaints procedure.

This information is normally retained until three years after you complete your studies.

Maintaining data to enable the College and the University to produce statistics and research for internal and statutory reporting purposes

It is difficult to provide a comprehensive list, but we retain personal information (provided by you), including:

  • information relating to “equal opportunities” (e.g. nationality, ethnicity, religious and other beliefs, gender, sexuality, age) in order to fulfill legal requirements of the College or the University;
  • information relating to known relationships with other members (past or present) of the University of Cambridge or any of the Colleges;
  • information relating to your rights to live, work and study in the United Kingdom;
  • any criminal record that may affect your status as a student of the University or the College.

If you have concerns or queries about any of these purposes, please contact us, or speak to the Dean.

 

 

↑ Top of the page

DPS for Staff

How we use your personal information​

This statement explains how Darwin College (“we” and “our”) handles and uses information we collect about our staff (“you” and “your”). For these purposes, “staff” is intended to include employees, workers and casual workers and contractors (e.g. ad-hoc or temporary maintenance, kitchen or catering staff etc.) In broad terms, we use your data to manage your with the College, including your role and the performance of it, how we support you as an employer, and how you are paid, as well as other statutory requirements.

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, (bursar@darwin.cam.ac.uk).

Unless otherwise stated, the legal basis for processing your personal data is that it is necessary for the performance of the employment contract we hold with you, or for statutory purposes (e.g. processing your monthly salary, tax and pension contributions).

How your data is used by the College

Your data is used by us for a number of purposes, including:

  • supporting your employment and your performance in your role. Such personal data includes:
    • *personal details, including name, contact details (phone, email, postal, both work and personal) and photograph;
    • your current and any previous role descriptions;
    • your current and any previous contracts of employment and related correspondence;
    • any occupational health assessments and medical information you have provided, and related work requirements; and
    • *your training and development qualifications, requests and requirements.
  • ensuring that you have the right to work for the College. Such personal data includes:
    • *your recruitment information (including your original application form and associated information submitted at that time);
    • other data relating to your recruitment (including your offer of employment and related correspondence, references we took up on your appointment, and any pre-employment assessment of you); and
    • *evidence of your right to work in the UK (e.g. copies of your passport).
  • paying and rewarding you for your work. Such personal data includes:
    • *your bank details;
    • *details of your preferred pension scheme;
    • your current and previous salary and other earnings (e.g. maternity pay, overtime), and the amounts you have paid in statutory taxes; and
    • correspondence between you and the College, and between members and staff of the College, relating to your pay, pension, benefits and other remuneration.

In addition, we maintain records of your use or take-up of any benefit schemes provided by us, which we collate and monitor to review the effectiveness of these staff benefits. The legal basis for this processing is that it is in our legitimate interest to ensure that any staff benefit schemes represent good value for money to both you and us, and to ensure that you do not overuse your entitlements.

  • administering HR-related processes, including records of absences and regular appraisals of your performance and, where necessary, investigations or reviews into your conduct or performance. Such personal data includes:
    • *records of your induction programme and its completion;
    • *records of your performance appraisals with your line manager;
    • records, where they exist, of any investigation or review into your conduct or performance;
    • records of absences from work (including but not limited to annual leave entitlement, sickness leave, parental leave and compassionate leave); and
    • correspondence between you and the College, and between members and staff of the College, regarding any matters relating to your employment and any related issues (including but not limited to changes to duties, responsibilities and benefits, your retirement, resignation or exit from the College and personal and professional references provided by the College to you or a third party at your request).
  • maintaining an emergency contact point for you. Such personal data includes details of your preferred emergency contact, including their name, relationship to you and their contact details.*
  • monitoring equality and diversity within the College. Such personal data includes information relating to your age, nationality, gender, religion or beliefs, sexual orientation and ethnicity.*
  • disclosing personal information about you to external organisations, as permitted or required by law.

If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given below.

Data marked with an * above relate to information provided by you, or created in discussion and agreement with you. Other data and information is generated by the College or, where self-evident, provided by a third party.

We would not monitor social media sites for any personal data relating to you, unless we believed there was a legitimate interest for us to do so (e.g. monitoring compliance with an agreed plan, such as a homeworking agreement) and only if we inform you we might do this in advance. Consequently, we do not routinely screen your social media profiles but, if aspects of these are brought to our attention and give rise to concerns about your conduct, we may need to consider them.

We also operate CCTV on our sites, which will capture footage. Our CCTV policy is set out in the section above entitled “CCTV Code of Practice”.

For certain posts, we may use the Disclosure and Barring Services (DBS) and Disclosure Scotland to help assess your suitability for certain positions of trust. If this is the case, we will make this clear to you in separate correspondence. Certificate and status check information is only used for this specific purpose, and we comply fully with the DBS code of Practice regarding the correct use, handling, storage, retention and destruction of certificates and certificate information. We recognise that it is a criminal offence to pass this information on to anyone who is not entitled to receive it.

Who we share your data with 

We would normally publish your name, photograph (if you have provided one) in College on a photoboard, and for certain senior staff your name, photograph, your email and College contact phone number may be published on our website and elsewhere.

We share your personal information where necessary and appropriate across the collegiate University. The University and its partners (including all of the Colleges) have a data sharing protocol to govern the sharing of staff and members of the College. This is necessary because they are distinct legal entities. The parties may share any of the above categories of personal information, and the agreement can be viewed in full at https://www.ois.cam.ac.uk/policies-and-protocols/data-sharing-protocols. Any transmission of information between partners is managed through agreed processes that comply with UK data protection legislation.

We share relevant personal data with our sub-contracting agents (including but not limited to payroll and health and safety) and with relevant government agencies (e.g. HMRC) and your pension provider. Information is not shared with other third parties without your written consent, other than your name, role and employment contact details which are made publicly available. Generally, personal data is not shared outside of the European Economic Area.

We hold all information for the duration of your employment and for no more than twelve monthsafter the end of your employment. After that time, we retain a small subset of personal data for up to seven years after your relationship with the College ends:

  • *personal details, including name and your preferred personal contact details (if we still have these);
  • your previous salaries and other earnings, pensions and the amounts you have paid in statutory taxes;
  • records of your performance appraisals with your line manager;
  • records, where they exist, of any investigation or review into your conduct or performance;
  • your reasons for leaving and any related correspondence;
  • any references we have written subsequent to your employment with us.

Those marked with an * relate to information provided by you, or created in discussion and agreement with you.

We reserve the right to retain the personal data longer than the periods stated above, where it becomes apparent that there is a need to do so – for example, in the event of a major health or personal injury incident, records may need to be kept for up to forty years. We then store in a permanent archive your full name and title, and your job title(s) or College affiliation(s) and the corresponding dates of employment/membership.

Your rights

You have the right: to ask us for access to, rectification or erasure of your data; to restrict processing (pending correction or deletion); and to ask for the transfer of your data electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

Failure to provide the information reasonably requested of you may result in disciplinary action taken by the College, which could ultimately lead to your dismissal from employment.

You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Office at https://ico.org.uk/concerns

↑ Top of the page

DPS for Job applicants

How we use your personal information​

This statement explains how Darwin College (“we” and “our”) handles and uses information we collect about applicants (“you” and “your”) for jobs, senior memberships and Fellowships. In broad terms, we use your data to manage your application to the College and our subsequent recruitment or election processes.

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, (bursar@darwin.cam.ac.uk).

The legal basis for processing your personal data is that it is necessary either in order for you to enter into an employment contract with us, or for you to enter into membership of the College, where you will be subject to the College’s governing documents.

How your data is used by the College

Your data is used by us for in the first instance solely for the purposes of considering your suitability for employment or election and for us to manage our recruitment processes, including our monitoring of equality and diversity within the College.

If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given below.

The College holds the following personal data relating to you, in line with the purposes above:

  • *personal details, including name, contact details (phone, email, postal);
  • *your application form and associated information submitted by you at that time;
  • other data relating to your recruitment (including references we take up as part of the recruitment process, any pre-employment assessment of you, and any assessment of you at an informal or formal interview);
  • any occupational health assessments and/or medical information you have provided, and related work requirements;
  • *evidence of your right to work in the UK (e.g. copies of your passport);
  • *information relating to your age, nationality, and gender, and, if you have provided us with it, information relating to your religion or beliefs, sexual orientation and ethnicity which we do not otherwise routinely collect;
  • any correspondence relating to the outcome of the recruitment process (either successful or unsuccessful).

Those marked with an *relate to information provided by you. Other data and information is generated by us or, where self-evident, provided by a third party.

We will not access personal data about you from social media sites, unless there is a legitimate interest for us to do so (for example, the role you have applied for has a significant public-facing element to it, or is involved with publicity and presenting us to the general public). Consequently, we do not routinely screen applicants’ social media profiles but, if aspects of your social media profile are brought to our attention and give rise to concerns about your suitability for the role in question, we may need to consider them.

For certain posts, we may use the Disclosure and Barring Services (DBS) and Disclosure Scotland to help assess your suitability for certain positions of trust. If this is the case, we will make this clear to you in separate correspondence. Certificate and status check information is only used for this specific purpose, and we comply fully with the DBS code of Practice regarding the correct use, handling, storage, retention and destruction of certificates and certificate information. We recognise that it is a criminal offence to pass this information on to anyone who is not entitled to receive it.

Who we share your data with

If you have applied for a post using CASC (Colleges’ Administrative Software Consortium) Fellowship Application System please see their Data Protection Statement.

If recruitment to the post to which you are applying is being undertaken by an agent of the College (which may include CASC) we share relevant personal data with that agent.

Information is not shared with other third parties without your written consent. Generally, personal data is not shared outside of the European Economic Area.

If you are successful in your application, the data is subsequently held as part of your employment or membership record with us.

If you are unsuccessful in your application, we retain all data and information for no more than twelve months after the closing date of the application process.

In either case, where the post has required a “resident market test” (needed if the post is open to applicants from outside the European Union), the College will retain the application records of any shortlisted candidates for the duration of the sponsored post and twelve months thereafter.

Your rights

You have the right: to ask us for access to, rectification or erasure of your data; to restrict processing (pending correction or deletion); and to ask for the transfer of your data electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

Failure to provide the information reasonably requested of you may result in an automatic disqualification from the recruitment process.

You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Office at https://ico.org.uk/concerns

↑ Top of the page

DPS for College Members

How we use your personal information​

This statement explains how Darwin College (“we” and “our”) handles and uses information we collect about our College members (“you” and “your”). For these purposes, “College members” is intended to include all categories of fellows, distinguished associates, senior members, bye-fellows, visiting researchers, research associates, visiting associates, ordinary members, and widows/widowers of fellows. It excludes staff, students and alumni, who are covered by separate Data Protection Statements – see www.darwin.cam.ac.uk/data-protection. In broad terms, we use your data to manage your membership of the College. If you have a role in the College, we use your data in connection with your role and the performance of it, how we support you in the role, and, if applicable, how you are paid, as well as other statutory requirements.

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, (bursar@darwin.cam.ac.uk).

Unless otherwise stated, the legal basis for processing your personal data is that it is necessary for the performance of the terms of membership existing and agreed between us, or for statutory purposes (e.g. in connection with the processing if applicable of salary, tax and pension contributions).

How your data is used by the College

Your data is used by us for a number of purposes, including:

  • supporting your membership and if applicable your performance in your role. Such personal data includes:
    • *personal details, including name, contact details (phone, email, postal, both work and personal) and photograph, your dietary needs and preferences;
    • your attendance at College events, your academic achievements and interests, and your involvement in College activities; and
    • your current and any previous role descriptions;
    • your current and any previous contracts of employment, membership agreements and related correspondence;
    • any occupational health assessments and medical information you have provided, and related work requirements; and
    • *your training and development qualifications, requests and requirements.
  • ensuring that you have the right to work for the College. Such personal data includes:
    • *your recruitment information (including your original application form and associated information submitted at that time);
    • other data relating to your recruitment (including your offer of membership and related correspondence, references we took up on your appointment, and any pre-membership assessment of you); and
    • *evidence of your right to work in the UK (e.g. copies of your passport).
  • maintaining an emergency contact point for you. Such personal data may include details of your preferred emergency contact, including their name, relationship to you and their contact details.*
  • monitoring equality and diversity within the College. Such personal data may include information relating to your age, nationality, gender, religion or beliefs, sexual orientation and ethnicity.*
  • disclosing personal information about you to external organisations, as permitted or required by law.

[The following paragraphs apply where your role with the College is remunerated:]

  • paying and rewarding you for your work. Such personal data includes:
    • *your bank details;
    • *details of your preferred pension scheme;
    • your current and previous salary and other earnings (e.g. maternity pay, overtime), and the amounts you have paid in statutory taxes; and
    • correspondence between you and the College, and between members and staff of the College, relating to your pay, pension, benefits and other remuneration.

In addition, we maintain records of your use or take-up of any benefit schemes provided by us, which we collate and monitor to review the effectiveness of these College members’ benefits. The legal basis for this processing is that it is in our legitimate interest to ensure that any staff benefit schemes represent good value for money to both you and us, and to ensure that you do not overuse your entitlements.

  • administering HR-related processes, including records of absences and regular appraisals of your performance and, where necessary, investigations or reviews into your conduct or performance. Such personal data includes:
    • *records of your induction programme and its completion;
    • *records of your performance appraisals with your line manager;
    • records, where they exist, of any investigation or review into your conduct or performance;
    • records of absences from work (including but not limited to annual leave entitlement, sickness leave, parental leave and compassionate leave); and
    • correspondence between you and the College, and between members and staff of the College, regarding any matters relating to your membership and any related issues (including but not limited to changes to duties, responsibilities and benefits, your retirement, resignation or exit from the College and personal and professional references provided by the College to you or a third party at your request).

If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given below.

Data marked with an * above relate to information provided by you, or created in discussion and agreement with you. Other data and information is generated by the College or, where self-evident, provided by a third party.

We would not monitor social media sites for any personal data relating to you, unless we believed there was a legitimate interest for us to do so (e.g. monitoring compliance with an agreed plan, such as a homeworking agreement) and only if we inform you we might do this in advance. Consequently, we do not routinely screen your social media profiles but, if aspects of these are brought to our attention and give rise to concerns about your conduct, we may need to consider them.

We also operate CCTV on our sites, which will capture footage. Our CCTV policy is set out in the section above entitled “CCTV Code of Practice”.

Who we share your data with

In respect of the senior membership of the College we would normally publish (on our website and elsewhere) your name, photograph (if you have provided one, also displayed with your name in College on a photoboard), your email and College contact phone number and basic biographical information relating to your College and University posts.

We share your personal information where necessary and appropriate across the collegiate University. The University and its partners (including all of the Colleges) have a data sharing protocol to govern the sharing of staff and members of the College. This is necessary because they are distinct legal entities. The parties may share any of the above categories of personal information, and the agreement can be viewed in full at https://www.ois.cam.ac.uk/policies-and-protocols/data-sharing-protocols. Any transmission of information between partners is managed through agreed processes that comply with UK data protection legislation.

We share relevant personal data with our sub-contracting agents (including but not limited to payroll and health and safety) and with relevant government agencies. If your role in College is remunerated we share relevant personal data with our payroll bureau, with HMRC, and with your pension provider. Information is not shared with other third parties without your written consent, other than your name, role and employment contact details which are made publicly available. Generally, personal data is not shared outside of the European Economic Area.

We hold all information for the duration of your membership. Where your role with the College is remunerated we will hold your information for no more than twelve months after the end of your employment, and after that time, we retain a small subset of personal data for up to seven years after your remunerated role with the College ends:

  • *personal details, including name and your preferred personal contact details (if we still have these);
  • your previous salaries and other earnings, pensions and the amounts you have paid in statutory taxes;
  • records of your performance appraisals with the relevant College officer;
  • records, where they exist, of any investigation or review into your conduct or performance;
  • your reasons for leaving and any related correspondence;
  • any references we have written subsequent to your employment with us.

Those marked with an * relate to information provided by you, or created in discussion and agreement with you.

We reserve the right to retain the personal data longer than the periods stated above, where it becomes apparent that there is a need to do so – for example, in the event of a major health or personal injury incident, records may need to be kept for up to forty years.

We then store in a permanent archive:

  • your full name and title, and photograph;
  • your job title(s), College office(s) and role(s) held, and College affiliation(s) and the corresponding dates of employment/membership;
  • information relating to significant involvement with College affairs and events;
  • information on your academic work provided by you in connection with your appointment or election, including the identity and any letter of recommendation by the Fellow sponsor; and
  • information relating to your significant academic achievements and awards.

Your rights

You have the right: to ask us for access to, rectification or erasure of your data; to restrict processing (pending correction or deletion); and to ask for the transfer of your data electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

Failure to provide the information reasonably requested of you may result in disciplinary action taken by the College, which could ultimately lead to the termination of your membership.

You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Office at https://ico.org.uk/concerns

↑ Top of the page

DPS for College Visitors and Guests

How we use your personal information​

This statement explains how Darwin College (“we” and “our”) handles and uses information we collect about visitors, guests and attendees of the College (“you” and “your”), for events and other reasons. In broad terms, we use your information to manage your visit or the event(s) you are attending, including dinners and accommodation and other needs requested by you, as well as to maintain our records of previous, current and future attendees for events management for the College.

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, (bursar@darwin.cam.ac.uk).

The legal basis for processing your personal information is that it is necessary in order for you to enter into a contract to provide facilities and resources to you. In many cases, you will be providing the personal information to us alongside consent for us to use that information to provide for your needs or otherwise to provide you with an improved service while you are at the College. We will retain your information for the periods stated below unless or until you request us to do otherwise.

We collect and process your personal information for the following purposes:

  • maintaining clear contact information for the booking, provision and payment of services:
    We will hold your name, address, email address, phone number and other relevant contact details you provide to us, and will use this information to maintain contact with you to provide your requested services, manage their delivery and bill you for them. We retain relevant information in our events records for five years after the most recent visit or event you attend. If you are a member of the College (including if you are a former student), we will provide our Development Office with your contact details in order for them to update their records, if you are happy for us to do this;
  • providing you with necessary and preferred services:
    Where relevant, we will also collect data for the provision of services, your reason(s) for attending the event, your nationality and passport details, your car registration, your credit or debit card information and/or any service preferences you request specifically (e.g. room type, dietary requirements, amenities requested). This may include you providing sensitive personal information. We will not retain this information for any longer than necessary for the provision of the specific event or visit, which might require you to provide it on successive occasions;
  • providing you with details about future College events:
    While we retain your contact information, we will contact you about future College events we believe may be of interest to you, providing you have given us explicit consent to do so. Consent may be withdrawn at any time; and
  • fulfilling our legal obligations: The College is required to keep for 12 months the names and nationalities of all those staying in accommodation. In the case of nationals of countries outside the UK, Republic of Ireland and the Commonwealth, we must also keep a record of your passport details and next destination. The College is also required to keep details relating to any financial transaction for a period of seven years.

We also operate CCTV on our sites, which will capture footage. Our CCTV policy is set out in the section above entitled “CCTV Code of Practice”.

We do not share personal information with third parties. If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given above.

You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

You retain the right at all times to lodge a complaint about our management of your personal information with the Information Commissioner’s Office at https://ico.org.uk/concerns

 

↑ Top of the page

DPS for Users of the College’s Websites

How we use your personal information​

This statement explains how Darwin College (“we” and “our”) handles and uses information we collect when you visit the College website(s) – www.darwin.cam.ac.uk.  Where you engage with the College for another purpose (e.g. as a prospective or current student, as a previous student, as a member of the College or as a visitor to the College), there are other data protection statements to explain our management of your personal information as set out above. Where you enter your personal information into an online form for any specified purpose, you will be told about the use we will make of that information (e.g. to send you newsletters or to enable your attendance at an event).

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, (bursar@darwin.cam.ac.uk).

The legal basis for processing your personal data is that it is necessary for the purposes of our legitimate interests, where we have concluded that our interests do not impact inappropriately on your fundamental rights and freedoms. You may ask us to explain our rationale at any time.

We collect and process your personal information for operating and improving our webpages, analysing their use and ensuring the security of our websites.

  • We do not currently use any third-party services to collect standard internet log information and details of your visitor behaviour patterns. This statement will be updated if such services are used in the future.
  • We also collect the request made by your browser to the server hosting the website which includes the IP address, the date and time of connection and the page you ask for. We use this information to ensure the security of our websites and we delete it after a maximum of 3 months. We may use and disclose it as necessary in the event of a security concern or incident. For more technical details please see https://www.uis.cam.ac.uk/privacy-policies-for-uis-services.
  • For information about how we use cookies on our websites, please see http://www.cam.ac.uk/about-this-site/cookies.

If you have concerns or queries about any of the above, please contact us at the address given above.

You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

You retain the right at all times to lodge a complaint about our management of your personal information with the Information Commissioner’s Office at https://ico.org.uk/concerns

↑ Top of the page

DPS for Users of osTicket

This is a Data Protection Statement outlining how we do this with in Trouble Ticketing System (osTicket) specifically. Further information on how we handle and use the personal data of constituent groups, such as alumni, students and staff, more generally is set out in the relevant sections above.

What information do we collect?

We collect background information about you when you use our website, including your IP address, date and time of connection and the pages you visit. We also employ cookies on our websites. The legal basis for processing your personal information is that it is our legitimate interests to provide and monitor the usefulness of our website and to ensure it is kept secure.

In addition, we ask for specific personal information from you when you submit a ticket on this website.

When you submit a ticked, we ask you to provide your name and e-mail address and optionally CRSID (If a member of the University of Cambridge), telephone number and any additional information which will help us resolve the issue your are reporting. The legal basis for processing your personal information is that it is necessary in order for you to enter into a contract to provide the stated services to you.

What do we use your information for?

The information requested is used to process your service request through the ticketing system.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you create a ticket.

Data retained by the College is kept on secure servers and shared only with staff that are directly involved with providing services requested through the ticketing process and the running of the ticketing service itself. Ticketing data as described above is held for as long as you are formally affiliated with the College.

Do we disclose any information to outside parties?

Information from a ticket may be shared with outside contractors engaged in supplying services relating to the service request for the purposes of resolving the reported problem only.

We do not sell, trade, or otherwise transfer to outside parties your personal information. This does not include trusted third parties who assist us as noted above in conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.

Your rights

You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

You retain the right at all times to lodge a complaint about our management of your personal information with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (https://ico.org.uk/).

Contact

The controller for your personal information is Darwin College, Silver Street, Cambridge CB3 9EU. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk). OIS Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Mr John Dix, (bursar@darwin.cam.ac.uk).

↑ Top of the page