Privacy Policy

Privacy notice

  1. Introduction to St Anne’s College Privacy Notice


St Anne’s College privacy notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data, and keep it safe. St Anne’s College is committed to protecting the privacy and security of personal data.


The notice explains how we use data internally, how we share it, how long we keep it and what your legal rights are in relation to it.


It is likely that we will need to update our Privacy Notices from time to time. We will notify you of any significant changes, but you are welcome to come back and check it whenever you wish.


For the parts of your personal data that you supply to us to us, the notices also explain the basis on which you are required or requested to provide the information.  For the parts of your personal data that we generate about you, or that we receive from others, it explains the source of the data.


There are some instances where we process your personal data on the basis of your consent. The privacy notice sets out the categories and purposes of data where your consent is needed.


This privacy notice relates to the following areas:


The Development and Alumnae relations privacy notice (including details of our fundraising activities) can be viewed here.


  1. What is your personal data and how does the law regulate our use of it?

“Personal data” is information relating to you as a living, identifiable individual.  We refer to this as “your data”. It can include information such as your name, contact details, education history and other information about you that we may process.


“Processing” your data includes various operations that may be carried out on your data, including collecting, recording, organising, using, disclosing, storing and deleting it.


Data protection law requires St Anne’s College (“us” or “we”), as data controller for your data:



  1. What is St Anne’s College?

St Anne’s College can trace its origins to 1878 and the foundation of the Society of Oxford Home-Students. It is a registered charity and was established as a College of the University of Oxford by Royal Charter in 1952.


  1. What personal data we hold about you and how we use it

We may hold and use a range of data about you at different stages of our relationship with you.  We might receive this data from you; we might create it ourselves, or we might receive it from someone else (for example if someone provides us with a reference about you).


Categories of data that we collect, store and use include (but are not limited to):



  1. Data that you provide to us and the possible consequences of you not providing it

Most data that you provide to us is processed by us in order that we, and you, can each fulfil our contractual obligations and/or comply with obligations imposed by law.  For example (but not limited to):



Some data that you give to us is provided on a wholly voluntary basis – you have a choice whether to do so.  Examples include:


  1. Other sources of your data

Apart from the data that you provide to us, we may also process data about you from a range of sources.  These include (but are not limited to):

Our Record of Processing Activity (available on request) indicates the sources of each of the various categories of data that we process.


  1. Cookies

Whenever you use a website, mobile application or other Internet service, certain information is created and recorded automatically. The same is true for our website(s), being those with URLs in the domain


In addition to the data we gather via web forms placed on our site (the handling of which will be governed by the relevant data protection notice covering the circumstances and context), we collect and generate a variety of data via our website(s).


Categories of data that we collect, store and use include (but are not limited to):


Log data: Whenever you use our website, our servers automatically record information (“log data”) regarding that access, including:

For further information on the cookies we use and the data each collects, please see our Cookie notice.

Most data collected is statistical data about our users’ browsing actions and patterns, and does not identify any individual.  However, there may be occasions where browsing patterns are connected to IP addresses or location data such that the data as a whole is personal data.


Whether we collect some of the above information often depends on your device type and settings. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.


  1. The lawful basis on which we process your data

The law requires that we provide you with information about the lawful basis on which we process your personal data, and for what purpose(s).


Most commonly, we will process your data on the following lawful grounds:


We may also use your personal information, typically in an emergency, where this is necessary to protect your vital interests, or someone else’s vital interests.  In a small number of cases where other lawful bases do not apply, we will process your data on the basis of your consent. Where you are aged under 18, we may ask your parent or guardian for their consent also.


 8.1 Archives


The data we hold will generally have been obtained for other purposes originally and the law permits St Anne’s College to retain lawfully obtained data for the purposes of archiving in the public interest, for historical or scientific research purposes or for statistical purposes.  The law provides further safeguards that such processing must (a) not be likely to cause substantial damage or substantial distress to you or another individual; and/or (b) must not be carried out for the purposes of measures or decisions with respect to you or another individual, unless the purposes for which the processing is necessary include the purposes of approved medical research.


In addition, the College (or a third party such as researchers or donors of archive material) will typically also have a legitimate interest in processing data for such purposes, provided your interests and fundamental rights do not override those interests.


8.2   Cookies


In most circumstances, we require your consent to place cookies on your device(s).  When you access our website you are notified that we use cookies, and continued use of the site following that notification is taken as consent to the use of cookies.


If you would prefer that we do not use cookies, you should adjust your browser settings to reject cookie use.  Your operating system may allow you to set your preferences in a variety of ways, including a ‘Do not Track’ setting. If you enable the setting, we will not track your activity on our site.


Where we use cookies for site security, or to ensure the proper functioning of the site (for example via the use of load-bearing cookies), we do not require your consent to the use of these cookies,  We have a legitimate interest in their use and we process all data, as collected by those cookies, on that basis.


Data that you provide to us and the possible consequences of you not providing it


The data that we collect via our website in the course of your accessing it, is provided by you on a voluntary basis.  If you elect to adjust your browser settings to reject cookies, it may affect your experience in using the site, in the event that any blocked cookies support functionality.


  1. How we apply further protection in the case of “Special Categories” of personal data

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information.


The Special Categories of personal data consist of data revealing:


They also consist of the processing of:


We may process special categories of personal information in the following circumstances:


Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.


Criminal convictions and allegations of criminal activity

Further legal controls apply to data relating to criminal convictions and allegations of criminal activity.  We may process such data on the same grounds as those identified for “special categories” referred to above.


  1. Details of our processing activities, including our lawful basis for processing

We have prepared a details table (available on request) setting out the processing activities that we undertake, the source of the data, the reasons why we process it, how long we keep it and the lawful basis we rely on.


The table includes detailed information about how and why we process various categories of data, including but not limited to:


  1. How we share your data

We do not, and will not, sell your data to third parties.  We will only share it with third parties external to the collegiate University, if we are allowed or required to do so by law. This includes for example:

It also includes disclosures where the third party is an agent or service provider appointed by St Anne’s College to enable us to operate effectively, provided we are satisfied that appropriate safeguards have been put in place to ensure adequate levels of security for your data.


Examples of bodies to whom we are required by law to disclose certain data include, but are not limited to those listed in this PDF.


Examples of bodies to whom we may voluntarily disclose data, in appropriate circumstances, include but are not limited to those listed in this PDF.


Where information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.


All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies, and are only permitted to process your personal data for specific purposes in accordance with our instructions.  We do not allow our third party providers to use your personal data for their own purposes.


  1. Transfers of your data outside of the European Economic Area (EEA)

Although most of the information we collect, store and process stays within the UK, some information may be transferred to countries outside of the European Economic Area (EEA). This may occur if, for example, one of our third-party partners’ servers are located in a country outside of the EEA. This may also occur where staff in our international offices access DARS, our shared relationship-management system.


Transfers outside of the EEA will only take place if one of the following applies:


  1. Automated decision-making

We do not envisage that any decisions will be taken about you based solely on automated means, however we will notify you in writing if this position changes.


  1. How long we keep your data

We retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements. If your data is being processed for the purposes of archiving and historical research, we will keep it until the data is no longer required for this purpose.  In practice, this means your data is likely to be retained permanently.


Details of expected retention periods for the different categories of your personal information that we hold are set out in our Record of Processing Activity (available on request).


Retention periods may increase as a result of legislative changes, e.g. an increase in limitation periods for legal claims would mean that St Anne’s College is required to retain certain categories of personal data for longer.  Any such changes will be reflected in updated versions of our Record of Processing Activity.


If there are legal proceedings, a regulatory, disciplinary or criminal investigation, suspected criminal activity, or relevant requests under data protection or freedom of information legislation, it may be necessary for us to suspend the deletion of data until the proceedings, investigation or request have been fully disposed of.


Please note that we may keep anonymised statistical data indefinitely, but you cannot be identified from such data.


  1. Your legal rights over your data

Subject to certain conditions and exception set out in UK data protection law, you have:


Where the lawful basis for processing your data is consent, you have the right to withdraw your consent at any time.  This will not affect the validity of any lawful processing of your data up until the time when you withdrew your consent.  You may withdraw your consent by contacting us at St Anne’s College, 56 Woodstock Road, Oxford OX2 6HS, Tel no 01865 274800 email:


Some of your rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.


Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. However, where you have consented to the processing, you can withdraw your consent at any time by emailing the relevant department. In this event, we will stop the processing as soon as we can. If you choose to withdraw consent it will not invalidate past processing.


  1. Contacts

If you have a general query or wish to change the way in which your data is used, please contact


If you are dissatisfied with the way we have used your information, please contact the College Data Protection Officer, Simon Buchanan at Clear Core Limited t/a ClearComm, Devonshire House, 60 Goswell Road, London EC1M 7AD; Email: We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.


If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office at


  1. Future changes to this privacy notice

This privacy notice was last updated on 10 June 2019.


We reserve the right to update this privacy notice at any time. Any changes to this privacy notice will be posted to this page.


Version control: V2.0 (June 2019)