Your data and the Oxford Foundry
Who are we?
The Oxford Foundry is an entrepreneurship centre of the University of Oxford. We support all 24,000 students across the University in becoming more entrepreneurial in outlook and action. We are located on Hythe Bridge Street in Oxford.
Our activities include outreach, events and entrepreneurial and technology skills and training. We run a start-up accelerator in our venue for 10 ventures annually. Our event operations cover internal University and occasional external public events.
www.oxfordfoundry.ox.ac.uk ('our website') is operated by the Oxford Foundry, which is part of the University of Oxford.
We are committed to respecting and protecting the privacy and security of your personal information ('personal data').
Purpose of this Privacy Notice
This privacy notice describes how we collect and use your personal data during your interaction with The Oxford Foundry and our website in accordance with the General Data Protection Regulation (GDPR).
We may update this policy at any time. Any changes we may make to our privacy notice in the future will be posted on this page with a time stamp at the foot of the document. Please check back frequently to see any updates or changes to our privacy notice. We may also notify you in other ways from time to time about the processing of your personal information.
It is important that you read this notice, together with any other privacy statement we may provide on specific occasions when we are collecting or processing information about you, so that you are aware of how and why we are using your personal data.
Information about how we use your data if you are a student is covered in a separate policy which is available on the University website.
Where we refer in this policy to your ‘personal data’, we mean any recorded information that is about you and from which you can be identified. It does not include data where your identity has been removed (anonymous data).
Where we refer to the ‘processing’ of your personal data, we mean anything that we do with that information, including collection, use, storage, disclosure, retention or deletion.
Why are we collecting the data?
To administer and market our programmes but largely to demonstrate the impact and value of our programmes to our student, alumni and interested audiences as well as ensuring we are committed to our principles of diversity and inclusion.
Who is using your data?
The University of Oxford (the University’s legal title is the Chancellor, Masters and Scholars of the University of Oxford) is the "data controller" for the information that you provide to us. This means that we decide how to use it and are responsible for looking after it in accordance with the GDPR. We also may share your data with third parties, details of which are provided below.
Access to your personal data within the University will be provided to those staff who need to view it as part of their work in connection with the operations of The Oxford Foundry.
Types of data we collect about you
We may collect, store, and use the following categories of personal data when you use The Oxford Foundry:
Data you may give us includes:
- Your name and title
- Your date of birth
- Your address and country of residence
- Your email address
- Your telephone number
- Your affiliation to Oxford University
- Your field of study, college, department, division, graduation dates
- Your level of education
- Your nationality
- Your gender
- Skill and knowledge levels on workshop/event topics
- Your company or employer and its industry, sector and size
- Other company information when applying for our accelerator programmes
Data we collect about you on our website:
If you visit our website, we will automatically collect certain technical information, for example, the type of device (and its unique device identifier) you use to access our site, the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, mobile network information and platform.
We will automatically collect information about your visit to our site including the full Uniform Resource Locators (URL), clickstream to, through and from the Website (including date and time), pages you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Other types of data collected:
CCTV is used at our premises for the legitimate purposes of promoting security. We use the CCTV images solely for promoting security and safety of our personnel, members and general public, preventing and detecting crime and establishing, exercising and defending legal claims.
Photography and filming may take place at The Oxford Foundry for promotional purposes. This is especially likely and normal at our events where live streams and instant social media posts can also be part of the event delivery. Wherever possible we will let you know when photography and filming is to be active via in-venue signage and event communications. For individuals who may wish to opt out of image capture at an event please contact a member of Foundry staff at the venue.
When do we collect personal data?
We will collect the vast majority of data about you when you:
- consent to email or telephone communications via our webforms
- sign up as a member
- sign up for our newsletters
- sign up for our events or learning programmes (venue based or virtual)
- when you contact us or report a problem to us
- when you attend The Oxford Foundry
- complete a survey
- sometimes we receive data via our social media channels
How do we use your data?
We process your data for one or more of the following reasons:
To provide you with the information you have requested and for customer administration of programmes and/or events. This processing is necessary to meet our contractual obligations to you or to take steps requested by you prior to entering into a contract. We collate data for evaluation of Foundry programmes and to help us improve on content.
To provide you with marketing communications where we have your consent, such as on programmes or events in which you may be interested, or to seek your views on our products and services. We do this only where you have specifically indicated that you consent to receive such communications, for example, by ticking a box or through some other action, or by volunteering non-mandatory information. You can withdraw your consent at any time by contacting us at firstname.lastname@example.org. In this event, we will stop any processing as soon as we can. However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent and you may no longer be able to use our services in the same way you did before.
- For purposes arising from your use of our website, including personalising our service to you and ensuring that content from our site is presented in the most effective manner for you and your computer. This processing occurs because it is necessary to meet our legitimate interests in operating this website.
- For the purposes for which you use our website, such as to enable you to participate in interactive features of our service, when you choose to do so, including live chat features. This processing is necessary to meet our contractual obligations to you, to take steps requested by you prior to entering into a contract or to meet our legitimate interests.
Change of Purpose
We will only process your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose. Please note that there may be occasions where we may process your data without your knowledge or consent where this is required or permitted by law.
Sharing your data with third parties
All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
Where your data is shared with third parties, we will seek to share the minimum amount necessary.
Where we store or use your data
We may store data manually or electronically. The data is stored on our secure servers and/or in our premises within the UK.
We also use third party suppliers to support us in providing our services and to help run our internal administration. The servers facilitating these third-party services may sometimes be based outside the European Economic Area (EEA).
Any providers where data is transferred to or held in the United States will comply with the EU-US Privacy Shield Program. Further details of our current suppliers are shown below:
Role: Customer Relationship Management & Email Marketing
Address: Salesforce.com EMEA Limted, Village 9, Floor 26, Salesforce Tower, 110 Bishopsgate, London, EC2N 4AY
Address: Microsoft Ireland Operations Ltd, Attn: DPO, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Role: Surveys, Forms & Events
Address: Form Assembly Inc, 885 S College Mall Rd, #399 Bloomington, IN 47401, United States
Role: Messaging & Communications
Address: Slack Technologies Limited, 4th Floor, One Park Place, Hatch Street Upper, Dublin 2, Ireland
Role: Online Learning
Address: 400-369 Terminal Ave, Vancouver, BC V6A 4C4
Role: Video Conferencing
Address: Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted and any transmission is at your own risk.
Third party websites
Our website contains links to and from various third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Retaining your personal data
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a 'data subject access request'). This enables you to receive a copy of your data and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove your data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your data, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. However, where you have consented to the processing (for example where you have asked us to contact you for marketing purposes) you can withdraw your consent at any time by emailing us at email@example.com. In this event, we will stop the processing as soon as we can. However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent and you may no longer be able to use our services in the same way as you did before.
How do I make a complaint?
If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact the University’s Information Compliance Team at firstname.lastname@example.org. The same email address may be used to contact the University’s Data Protection Officer. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns.
If you have any questions about this privacy notice please contact us by email at email@example.com, or in writing to: The Oxford Foundry, 3-5 Hythe Bridge Street, Oxford, OX1 2EW.
We use Google Analytics cookies to manage the performance and design of our website. These cookies do not contain any personally identifying information. By using our website, you agree that we can place these types of cookies on your device.
Changes to this Privacy Notice
Any changes we may make to our privacy notice in the future will be posted on this page.
Last Updated: February 2021