Privacy Policy
1. Introduction
At OSP, we are committed to ensuring the privacy and protection of the personal information of our participants, staff, and other stakeholders.
This Data Protection & Privacy Policy explains:
- What personal data we collect
- How we use it
- Who we share it with
- How we store and protect it
- Your rights under GDPR (UK & EU)
OSP is the Data Controller for all personal data collected through our:
- Application forms
- Consent forms
- Onboarding forms
- Email/WhatsApp communication with families
- Payment systems
We process personal data in accordance with the UK GDPR, EU GDPR, and the Data Protection Act 2018.
2. Data Collection
- OSP collects only essential information necessary for program administration, coordination, and communication.
- Information is obtained through transparent means, and participants and staff are informed about the purpose of data collection.
- We collect personal information directly from application form, consent forms (confirmed scholars), & onboarding forms (confirmed scholars).
- For confirmed scholars, we also specifically collect student information including nationality, contact details, passport information, medical information, allergies, medication needs, special educational needs, travel plans and arrival details, accommodation preferences, parent/guardian Information.
- Payment information is collected securely by third-party processors (Stripe / Flywire) including name, billing address, payment confirmation.
Note: OSP does not store or access full card numbers.
3. Data Usage
Data Security
OSP employs industry-standard security measures to protect data from unauthorized access, disclosure, alteration, and destruction.
Access to data is restricted to authorized personnel who require it for legitimate program purposes.
Data Sharing
OSP may share necessary information with trusted third-party service providers (e.g., Oxford University Colleges for accommodation providers, activity and excursion partners, payment processors for billing purpose only) for program-related services.
OSP shares necessary data with staff members including tutors, residential supervisors, welfare staff, activity staff, safeguarding team to perform their roles.
Data is not shared for commercial purposes, and strict confidentiality is maintained.
Data Protection Officer (DPO)
OSP has appointed the Operations Lead as the Data Protection Officer responsible for overseeing the implementation of this policy, ensuring compliance with data protection laws, and addressing data-related concerns.
4. Data Retention
Personal information is securely retained for 6 years after the programme ends (for records, safety documentation, and alumni updates).
Medical records and safeguarding incident files will be retained for a minimum of 6 years or until the student reaches 25 years of age, whichever is later, in line with legal and safeguarding advice, before secure disposal.
Participant and staff data is used exclusively for program-related activities, communication, and improving our services.
OSP ensures that data is used in a manner consistent with the provided purpose and the expectations of the individuals involved.
5. Data Protection Training
All OSP staff are trained on data protection principles, policies, and practices to ensure the secure handling of data.
6. Data Subject Rights
Participants and staff have the right to access, correct, and request the deletion of their personal information. Requests can be made to the Data Protection Officer.
7. Policy Review
This Data Protection Policy is subject to regular review to ensure alignment with evolving privacy standards and regulations.
8. Your Rights (UK & EU GDPR)
Under the UK and EU GDPR, you have the right to access your personal data, correct any inaccuracies, request the deletion of your information, restrict or object to its processing, withdraw consent (including for photo use or marketing), and request data portability. You also have the right to file a complaint with the Information Commissioner’s Office (ICO) in the UK. All rights-related requests should be submitted in writing to OSP.
9. Updates to This Policy
- OSP may update this Privacy Policy periodically.
- Any changes will be posted on our website and communicated to enrolled families.
10. Contact Information
For any privacy questions, data requests, or concerns, please contact:
Data Protection Officer (DPO)
Oxford Scholars Programme (OSP)
Email: info@oxfordscholars.org
By engaging with OSP, individuals agree to the terms outlined in this Data Protection Policy. We encourage stakeholders to review this policy regularly for updates.
