Privacy notice
-
WHAT IS THE PURPOSE OF THIS DOCUMENT?
The UK SPINE is committed to protecting the privacy and security of your personal information (‘personal data’).
This privacy policy describes how we collect and use your personal data during and after your employment or work with us, in accordance with the General Data Protection Regulation (GDPR) and related UK data protection legislation. It is important that you read this policy, together with any other privacy policy we may provide on specific occasions when we are collecting or processing information about you, so that you are aware of how and why we are using the information.
-
GLOSSARY
Where we refer in this policy to your ‘personal data’, we mean any recorded information that is about you and from which you can be identified, whether directly or indirectly. It does not include data where your identity has been removed (anonymous data).
Where we refer to the ‘processing’ of your personal data, we mean anything that we do with that information, including collection, use, storage, disclosure, deletion or retention.
-
WHO IS USING YOUR PERSONAL DATA?
The University of Oxford is the "data controller" for the information that we hold about you as a result of your involvement in UK SPINE, any projects connected to UK SPINE, and/or any events you have attended held by UK SPINE. This means that we decide how to use it and are responsible for looking after it in accordance with the GDPR.
This policy does not form part of any contract of employment or other contract to provide services. We may update this policy at any time.
-
THE TYPES OF DATA WE HOLD ABOUT YOU
The information we hold about you may include the following:
- Personal details such as name, title, address, telephone number, email address,
- Work related photographs and videos.
-
HOW THE UNIVERSITY OF OXFORD OBTAINED YOUR DATA
We obtain the information directly from you, or through your employer.
-
HOW THE UNIVERSITY USES YOUR DATA
We process your data for a number of purposes. We set out below those circumstances where it is necessary for us to process your data. (These circumstances are not mutually exclusive; we may use the same information under more than one heading.)
-
Where we need to comply with a legal obligation
-
Where we need to inform you of events and happenings relating the UK SPINE project
We may need to process your data for purpose-related events, conferences, newsletters
-
Where it is necessary to meet our legitimate interests
We need to process your data in order to meet our legitimate interests relating to the UK SPINE. Examples include, but are not limited to, the following activities:
- Your participation in events and other activities organised by or in conjunction with UK SPINE
- Nominations for external awards.
-
Where we have your consent
There may be situations where we ask for your consent to process your data e.g. where we ask you to volunteer information about yourself by taking part in a survey, or where we ask for your permission to share sensitive information.
-
Where it is necessary in order to protect your vital interests or the vital interests of another person
There may be circumstances in which it is necessary for us to process your data to protect an interest which is essential for your life or that of another person or where the processing serves important grounds of public interest and your vital interests for example humanitarian purposes which may include monitoring epidemics and their spread or in situations of humanitarian emergencies.
If you fail to provide personal information under F1 or F2 above
If you fail to provide certain information when requested under the circumstances described in F1 and F2 above, it may impair our ability to fulfil our obligations to you, or to comply with our other legal obligations.
-
-
CHANGE OF PURPOSE
We will only process your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Please note that we may process your data without your knowledge or consent where this is required or permitted by law.
-
DATA SHARING WITH THIRD PARTIES
We will not share your data with third parties. Should we feel a collaboration with a third party would be mutually beneficial we will contact you.
-
RETENTION PERIOD
We will retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements.
-
YOUR RIGHTS
Under certain circumstances, by law you have the right to:
- Request access to your data (commonly known as a "subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.
- Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate data we hold about you.
- Request erasure of your data. This enables you to ask us to delete or remove your data under certain circumstances, for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
- Object to processing of your data where we are processing it to meet our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
- Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your data to another party.
Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. Where you have consented to the processing you can withdraw your consent at any time, by emailing the relevant department. If you choose to withdraw consent it will not invalidate past processing. Further information on your rights is available from the Information Commissioner’s Office (ICO).
If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact Oxford University’s Information Compliance Team at data.protection@admin.ox.ac.uk. The same email address may be used to contact the University’s Data Protection Officer. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
If you remain dissatisfied, you have the right to lodge a complaint with the ICO at https://ico.org.uk/concerns/.
-
KEEPING YOUR DATA UP-TO-DATE
It is important that the data we hold about you is accurate and current. Please keep us informed of any changes that may be necessary during your working relationship with us.
-
CHANGES TO THIS PRIVACY POLICY
We reserve the right to update this privacy policy at any time, and will seek to inform you of any substantial changes. We may also notify you in other ways from time to time about the processing of your personal data.