In the course of completing this application form, you have provided information about yourself (‘personal data’). We (the University of Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.
How we use your personal data
We will use the personal data you have provided (which may include sensitive or "special category" data such as health data, or data revealing racial or ethnic origin) to process and assess your UNIQ+ application. We need to process your data for these purposes in order to meet our legitimate interests in promoting access for postgraduate study at the University. This is known as our legal basis for processing personal data under data protection law.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Who has access to your data?
Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above and to Oxford’s colleges participating in the UNIQ+ programme.
We may also disclose your personal data to our third party service providers or subcontractors in connection with the UNIQ+ programme. Activities that may be carried out by third-party service providers include IT services and survey provision services. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes, but rather to only process your personal data for specified purposes and in accordance with our instructions.
Your personal data may be transferred to, and stored at, a destination outside the European Economic Area, in accordance with the law. For example, this may happen where we use IT systems which are hosted outside the EEA. We will make sure that identifiable data is removed whenever possible and that any data transfer is done securely. If any foreign country to which data is transferred does not have equivalent data protection standards to those required in the UK, appropriate safeguards will be adopted to protect and maintain the confidentiality of your data (including using standard data protection clauses adopted by the European Commission, where relevant). If you require any information about these safeguards, you may contact us (see the Data Protection Officer's email address below).
Retaining your data
We will only retain your data for as long as we need it to meet our purposes, including any relating to legal, accounting, or reporting requirements.
You have certain rights with respect to your personal data. These include being able to request access to it, correction of any mistakes in it, deletion of it, restriction of its use, as well as being able to object to any processing of it (ie any use of it), or request that it be transferred elsewhere.
However, depending on the circumstances, we may have grounds for not complying with your request, for example, where we consider that deleting your information would seriously harm the research or where we need to process your data for the performance of a task in the public interest
If you wish to raise any queries or concerns about our use of your data to assess your application, please contact us at firstname.lastname@example.org.
If you would like to exercise any of your rights mentioned above or if, for any reason, you are not happy with the way that we have handled your data, please contact the University’s Information Compliance Team at email@example.com. The same address can be used to contact the University’s Data Protection Officer.
If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office.