PRIVACY POLICY

 

The University of Oxford is committed to protecting the privacy and security of your personal information (‘personal data’).  This policy describes how we collect and use your personal data in accordance with the General Data Protection Regulation (GDPR) and associated data protection legislation.

Types of data we collect about you

We will collect, store, and use the following categories of data:

Data you give us:  In completing our membership application process you may provide us with personal data including: title, gender, name, address, email address, telephone number, date of birth, University College/Department, OU Card number and expiry date, photo, sports interests, activity and health levels, bank account details. In using services you supply attendance data, which we will use to tailor communications on services and products.

Data provided by other University Departments: For Oxford University students, some of the information mentioned above is imported from the University’s Student Records system.

How we use your data

We process your data for the following reasons:

  • To provide you with the services, products and/or information you have requested e.g. membership or facility booking. Operational updates on the club, your activity or activities linked to your membership. This processing is necessary to meet our contractual obligations to you.

 

  • To send you marketing or other types of communication by email, eg information about new products, services or promotions.  We do this only where you have specifically indicated that you consent to receive such communications by ticking a box. You can withdraw this consent at any time by contacting us at [email protected]. In this event, we will stop the processing as soon as we can.  However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent.

 

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.

Who has access to your data?

We (the University of Oxford) are the ‘data controller’ for your personal data, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.  Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above.

We may share your data with companies who provide services to us. These companies are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions. Where we share your data with a third party, we will seek to share the minimum amount necessary.

Our 3rd party service providers are:

 

Name                                 Service Provided

Jonas Group                         Leisure management software supplier and data processor

GB Group plc                       Address verification and bank details validation

Verifone                               Card payment transactions

WPM                                   Online transaction processing

Bottom Line Technologies     Direct Debit processing

Wellbeats                            Wellbeats health and wellness streaming content

We may also share your data with the following organisation(s) for the reason(s) indicated:

OU Colleges                         Where your College pays your membership.

OU Sports Clubs                   Club membership services

 

Retaining your data

We will only retain your data for as long as we need it to fulfil our purposes, including relating to legal, accounting or reporting requirements.  OUS’s data retention policy is as follows:

  • OU Students: one year after you cease to be an OU student
  • OU Staff and External members: one year after expiry of your membership
  • Blues Awards records: indefinitely

 Security

Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website: https://www.infosec.ox.ac.uk.

Where we store and use your data

We store and use your data in both a manual and electronic form.  A paper copy of your membership form is stored securely on site.  Electronic data is stored on our 3rd party provider Gladstone MRM’s secure servers in the UK. If you are opted into 3rd Party Wellbeats, data (Your e-mail address) is stored in the USA and can be accessed or deleted by contacting the University or Wellbeats

 

Your rights

Under certain circumstances, by law you have the right to:

  • Request access to your data (commonly known as a “subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.
  • Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
  • Request erasure of your data. This enables you to ask us to delete or remove your data under certain circumstances, for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing.
  • Object to processing of your data where we are processing it to meet our public interest tasks or legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
  • Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your data to another party.

For further information on these rights please go to https://ico.org.uk.

Changes to this privacy policy

We reserve the right to update this privacy policy at any time and will seek to inform you of any substantial changes. We may also notify you in other ways from time to time about the processing of your personal data.

Contact

If you wish to raise any queries or concerns about our use of your data, please contact us at [email protected].