Who we are
The Oxford and Cambridge Club, registered office at 71 Pall Mall, London, SW1Y 5HD.
The Oxford and Cambridge Club complies with the relevant national data protection regulations. We are committed to keeping personal information accurate, up-to-date, safe, secure and will not keep personal information longer than necessary. This privacy notice explains how we use personal information, who we share it with and the ways in which we protect and account for the protections to privacy. This notice applies to all personal data collected for and on behalf of the Oxford and Cambridge Club. This pertains to information collected in analogue (forms, documents, in writing) and through technological means such as information systems and email.
From time to time, we will make you aware when we require additional personal information for processing through a separate specific privacy notice.
The type of personal information we collect
The Oxford and Cambridge Club collects personal information for the purposes of communicating with individuals who have expressed an interest in the Club, who are members of the Club, who are members of associated organisations, who are employed by an organisation contracted to the Club for the delivery of services or have or are entering a business relationship with the Club.
We currently collect and process the following information:
How we obtain the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
We also receive personal information indirectly, from the following sources in the following scenarios:
Under the UK General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting firstname.lastname@example.org
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a legitimate interest
Retention and storing of personal data
The Oxford and Cambridge Club recognises that by efficiently managing its records, it will be able to comply with its legal and regulatory obligations. All personal information is always kept securely. Paper and electronic records have appropriate security measures in place ensuring that confidentiality is maintained. Personal information is only kept for the time required to undertake the purposes it is used for.
The Club maintains a separate Records Management Policy and Schedule which includes the following retention periods:
Using appropriate technical and organisational measures we store and use your personal data applying security protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Who do we share personal information with?
We do not share any personal information with anyone unless we have a lawful basis to do so.
The Club may, at times, share Club related information with members of the elected Committees for the purpose of supporting the Club’s activities. All Committees adhere to Terms of Reference to ensure that papers and electronic correspondence containing personal data are handled in accordance with the requirements of the UK GDPR and the Data Protection Act 2018, and in accordance with the Club’s policies on Data Protection.
Who do we share workforce information with?
We do not share information about workforce members with anyone without consent unless the law and our policies allow us to do so.
Processing and transfers to third countries
We do not transfer any personal information to third countries.
We do not undertake any automated profiling.
We collect information in the form of Closed-Circuit Television (CCTV) to ensure the safety and security of those with a lawful reason for being on the Club’s premises. We retain CCTV images for a maximum of 30 days after which they are deleted. Access to these images can be requested through the Data Protection Lead (contact details below). Please refer to our CCTV Policy for further information.
For the purposes of IT hosting and maintenance all the Club’s information including personal data is located within hosted servers provided by our service providers. No third parties have access to your personal data unless the law allows them to do so. Where the law allows, and information is shared with third parties, we ensure they have the same protections in place as we do. We cannot deliver our membership services without processing the data we collect and share.
In following the principles of Article 32 – Security of Processing of the GDPR, we have in place proportionate organisational and technical measures to protect your personal information. We actively assess our cyber and physical security on a regular basis.
Requesting access to your personal data
Under data protection legislation you have the right to request access to information that we hold.
You also have certain additional rights to:
If you have any concerns about the way we are collecting or using your personal data, you should raise your concern with us in the first instance.
You can also directly contact the Supervisory Authority in the UK which is:
If you would like to discuss anything in this privacy notice, please contact: