Privacy Policy

Changes to the privacy policy and your duty to inform us of changes

​

It is important to ensure that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.

​

Third-party links

This website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling such connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to review the privacy policy of every website you visit.

 

2. THE INFORMATION WE COLLECT ABOUT YOU

​

Personal data, also known as personal information, refers to any information that can identify an individual. It does not include data where the identity has been removed (anonymous data).

We collect, use, store, and transfer various types of personal data about you, which we have categorised as follows:

• Identity Data: This includes your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and gender.

• Contact Data: This includes your billing address, delivery address, email address, and telephone numbers.

• Financial Data: This includes your bank account and payment card details.

• Transaction Data: This includes details about payments made by you and to you, as well as other information related to products and services you have purchased from us.

• Technical Data: This includes your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology used on the devices you use to access our website.

• Profile Data: This includes information about your purchases or orders, your interests, preferences, feedback, and survey responses.

• Usage Data: This includes information about how you use our website, products, and services.

• Special Category Data: This may include information related to your health, religion, or gender, which is necessary to accommodate any special requirements you may have.

• Marketing and Communications Data: This includes your preferences for receiving marketing communications from us and our third parties, as well as your communication preferences.

 

We also collect, use, and share Aggregated Data, which is statistical or demographic data that does not directly or indirectly reveal your identity. Aggregated Data may be derived from your personal data but is not considered personal data in law. However, if Aggregated Data is combined with your personal data in a way that can directly or indirectly identify you, we treat the combined data as personal data and handle it in accordance with this privacy policy.

​

In order to ensure that we meet any specific requirements you may have during your attendance on our courses, we may collect information related to your health, religion, or gender. Such information is classified as Special Category Data under the General Data Protection Regulation. We only collect and use Special Category Data when necessary, and we provide the appropriate level of protection to safeguard this data.

​

Failure to provide personal data

​

If we are required by law or under a contract we have with you to collect personal data, and you fail to provide that data when requested, we may not be able to fulfil the contract or provide you with the requested services. In such cases, we may have to cancel a product or service you have with us, but we will inform you if this is the case at the time.

​

3. HOW WE COLLECT YOUR PERSONAL DATA

​

We employ various methods to collect data from and about you, including:

Direct interactions

​

You may provide us with your Identity, Contact, and Financial Data by filling in forms or corresponding with us via post, phone, email, or other means. This includes personal data you provide when you:

• Apply for a place in one of our programmes.

• Request to receive marketing materials.

• Provide feedback or contact us.

​

Automated technologies or interactions

​

When you interact with our website, we automatically collect Technical Data about your devices, browsing actions, and patterns. We gather this personal data through the use of cookies, server logs, and similar technologies. Additionally, if you visit other websites that employ our cookies, we may receive Technical Data about you. Please refer to our cookie policy for more information.

​

Third parties or publicly available sources

​

We may receive personal data about you from various third parties and public sources, as outlined below:

Technical Data from:

 – Analytics providers
– Advertising networks
– Search information providers

• Contact, Financial, and Transaction Data from providers of technical, payment, and delivery services.

• Identity and Contact Data from data brokers or aggregators.

• Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register, located within the EU.

​

5. DISCLOSURE OF YOUR PERSONAL DATA

​

We may disclose your personal data to the parties listed below for the purposes outlined in the table above.

• External Third Parties as defined in the Glossary.

• Third parties to whom we may choose to sell, transfer, or merge parts of our business or assets. In the event of such changes to our business, the new owners may use your personal data in the same manner described in this privacy policy.

 

We require all third parties to respect the security of your personal data and handle it in compliance with the law. We do not permit our third-party service providers to use your personal data for their own purposes. They are only authorised to process your personal data for specified purposes and in accordance with our instructions.

​

6. INTERNATIONAL TRANSFERS

​

We may share your personal data within Oxford Scholars Programme Ltd, which may involve transferring your data outside the European Economic Area (EEA).

​

When we transfer your personal data outside the EEA, we take steps to ensure that it receives an adequate level of protection. This includes implementing appropriate safeguards to protect your data.

​

7. DATA SECURITY

​

We have implemented comprehensive security measures to prevent the accidental loss, unauthorised access, misuse, alteration, or disclosure of your personal data. We also restrict access to your personal data to only those employees, agents, contractors, and third parties who have a legitimate business need to access it. They are bound by confidentiality obligations and will process your personal data only as instructed by us.

​

We have established procedures to address any suspected breaches of personal data. If a breach occurs and we are legally obligated to do so, we will promptly notify you and the relevant regulatory authority.

​

8. DATA RETENTION

​

What is the duration for which my personal data will be retained?

We will retain your personal data for a period of three years, unless there is a legitimate need to hold it for a longer duration to fulfil the purposes for which it was collected. This may include meeting legal, regulatory, tax, accounting, or reporting requirements, addressing complaints, or if there is a reasonable belief that litigation may arise concerning our relationship with you.

​

9. YOUR RIGHTS UNDER DATA PROTECTION LAWS

​

You have certain rights under data protection laws regarding your personal data, as outlined below. For further details, please refer to the Glossary.

• Right to request access to your personal data.

• Right to request correction of your personal data.

• Right to request erasure of your personal data.

• Right to object to the processing of your personal data.

• Right to request restriction of processing your personal data.

• Right to request the transfer of your personal data.

• Right to withdraw consent.

 

If you wish to exercise any of these rights, please contact us.

​

No fee usually required

There is no fee required to access your personal data or exercise any of the aforementioned rights. However, if your request is unfounded, repetitive, or excessive, we may charge a reasonable fee or refuse to comply with the request.

​

Information we may need from you

To confirm your identity and ensure your right to access your personal data or exercise any other rights, we may need to request specific information from you. This is a security measure to prevent unauthorised disclosure of personal data. We may also contact you for additional information to expedite our response.

​

Time limit for response

We strive to respond to all legitimate requests within one month. However, if your request is complex or if multiple requests have been made, it may take longer to process. In such cases, we will notify you and keep you informed of the progress.

​

10. GLOSSARY

 

LAWFUL BASIS

​

Legitimate Interest

This refers to our business’s interest in conducting and managing our operations to provide you with the best service and experience. Before processing your personal data based on our legitimate interests, we carefully consider and balance the potential impact on you, taking into account both positive and negative aspects and your rights. We do not use your personal data when our interests are overridden by their impact on you, unless we have your consent or are legally required or permitted to do so. For specific activities, you can contact us to obtain more information about how we assess our legitimate interests and their impact on you.

​

Performance of Contract

This means processing your data when it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.

​

Comply with a Legal Obligation

This involves processing your personal data when it is necessary to comply with a legal obligation to which we are subject.

 

THIRD PARTIES

​

External Third Parties

• Service providers acting as processors who provide IT and system administration services.

• Professional advisers, including lawyers, bankers, auditors, and insurers, who provide consultancy, banking, legal, insurance, and accounting services.

• HM Revenue & Customs, regulators, and other authorities based in the United Kingdom who require reporting of processing activities under certain circumstances.

 

YOUR LEGAL RIGHTS

​

You have the following rights under data protection laws:

• Right to request access to your personal data (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and verify its lawfulness of processing.

• Right to request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide.

• Right to request erasure of your personal data. You can ask us to delete or remove personal data where there is no legitimate reason for us to continue processing it. This right also applies if you have successfully exercised your right to object to processing, if we have processed your data unlawfully, or if we are required to erase your personal data to comply with local law. However, specific legal reasons may prevent us from fulfilling your request, which we will notify you of, if applicable.

• Right to object to processing of your personal data where we rely on legitimate interests (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground, as it impacts your fundamental rights and freedoms. You also have the right to object to the processing of your personal data for direct marketing purposes. In certain cases, we may have compelling legitimate grounds to override your rights and freedoms.

• Right to request restriction of processing of your personal data. This allows you to ask us to suspend the processing of your personal data in certain situations, including if you want to establish the data’s accuracy, if our use of the data is unlawful but you do not want it to be erased, or if you need us to retain the data even if we no longer require it, as you need it to establish, exercise, or defend legal claims. If you have objected to the use of your data, we need to verify whether we have overriding legitimate grounds to continue using it.

• Right to request the transfer of your personal data to you or to a third party. We will provide your personal data to you or a third party you have chosen in a structured, commonly used, and machine-readable format. This right applies only to automated information that you initially provided consent for us to use or where we used the information to perform a contract with you.

• Right to withdraw consent at any time, where we rely on consent to process your personal data. However, the lawfulness of processing before your withdrawal will not be affected. If you withdraw your consent, we may be unable to provide certain products or services to you. We will inform you if this is the case at the time of your withdrawal.