Privacy Statement
This website runs on Oxford Mosaic, the University of Oxford’s web platform. The Oxford Mosaic Privacy Statement explains what types of personal information will generally be gathered when you visit sites created using the platform. Where this specific site differs, or collects additional information, further details are given below.
University of Oxford, Residential Lettings, Privacy Notice
University of Oxford, Residential Lettings, Privacy Notice
Data protection
In the course of applying for and completing your tenancy agreement you have provided information about yourself (‘personal data’) to the University. We (the University of Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.
How we use your data
We will use your data to assess your application for a tenancy and in connection with your tenancy agreement and in respect of references requested at the end of your tenancy agreement.
We may supply your data, which will include your contact details both past and present, to utility suppliers, the local authority, authorised contractors; any credit agencies; reference agencies; the University’s legal advisers, debt collectors; and tracing agencies and the University’s appointed letting agents.
We need to process your data in order to fulfil our contractual obligations to you and to meet our legitimate interests relating to the supply of residential accommodation to you and in order to comply with our legal obligations in supplying that residential accommodation.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Who has access to your data?
Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above.
We may share your data with companies who provide services to us. These companies are required to take appropriate security measures to protect your data by law in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
We may also share your data with the following organisations for the reasons indicated:
- Utility companies who supply services to your accommodation. In order to ensure that you receive the services and that you are billed for those services;
- The local authority, to update them in respect of Council Tax;
- Credit agencies to consider your application for accommodation;
- Reference Agencies to consider your application for accommodation and where requested by you to provide a reference;
- The University’s Legal Advisers in the event of a breach of your tenancy agreement and if necessary in connection with our agreement;
- Debt Collectors and tracing Agencies in the event that you have failed to pay your rent or owe the University money in connection with your tenancy agreement;
- Letting agents, who we work with in the course of providing our service to you.
Where we share your data with a third party, we will seek to share the minimum amount necessary.
Retaining your data
We will only retain your data for as long as we need it to meet our purposes, including any relating to legal, accounting, or reporting requirements which is until the later of three years after the conclusion of the tenancy and the payment of all outstanding rent and any other liabilities.
Security
Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website https://www.infosec.ox.ac.uk/
Where we store and use your data
We store and use your data on University premises, in both a manual and electronic form.
Electronic data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for example when we communicate with you using a cloud based service provider that operates outside the EEA such as Survey Monkey.
Such transfers will only take place if one of the following applies:
- the country receiving the data is considered by the EU to provide an adequate level of data protection;
- the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield;
- the transfer is governed by approved contractual clauses;
- the transfer has your consent;
- the transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract; or
- the transfer is necessary for the performance of a contract with another person, which is in your interests.
Your rights
Under the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018, you have the following rights in relation to the information that we hold about you (your ‘personal data’).
- The right to request access to your data (commonly known as a "subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.
- The right to request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- The right to request erasure of your data. This enables you to ask us to delete or remove your data in certain circumstances for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
- The right to object to the processing of your data, where we are processing it to meet our public tasks or legitimate interests (or the legitimate interests of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
- The right to request that the processing of your data is restricted. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your data to another party.
Further information on these rights is available from the Information Commissioner’s Office at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. However, where you have consented to the processing (for example, where you have asked us to contact you for marketing purposes) you can withdraw your consent at any time by emailing the department that is processing your data.
If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact the University’s Information Compliance Team data.protection@admin.ox.ac.uk We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Contact
If you wish to raise any queries or concerns about our use of your data, please contact us at residential-lettings@admin.ox.ac.uk. For further information on your rights please contact data.protection@admin.ox.ac.uk.