University of Oxford & OxReach - Alumni, Donors and Supporters Privacy Notice
Published 11 May 2018
Throughout its history, Oxford has relied upon friends and benefactors to help realise its mission of learning and advancement. The colleges, academic departments, faculties, schools, research institutes, gardens, museums, and libraries that make up the collegiate University of Oxford, are committed to maintaining your confidence and trust with respect to your privacy. Our principles are simple - we will be transparent about what data we are collecting about you, where that data comes from, how we use the information we hold about you, and the choices you can make.
The overarching purpose of collecting and processing your data is to provide you with the best possible experience of being an alumnus/alumna, donor, or supporter of the collegiate University. It also enables us to ensure that any approaches we make to ask for your support of our alumni relations or fundraising goals are respectful, professional, and relevant to you. The colleges and the University work closely together to ensure we engage with you in a coordinated manner.
If at any point you have questions about our privacy notice, or how we are using your data, please contact us at email@example.com
About This Privacy Notice
The purpose of this privacy notice is to explain how the University of Oxford ("the University", "we", "our", "us") hold and use personal data about alumni, donors and supporters ("you"), and how we use it for the purposes of fundraising and alumni and supporter relations. The University of Oxford encompasses the University's central and international offices (North America, China and Japan); academic departments, gardens, libraries, and museums. Please see the University's privacy notices relating to other activities and relationships.
Each Oxford college has published its own privacy notices, including for alumni, donors and supporters. To view those notices, please visit your college's website. Development and Alumni Relations teams across the collegiate University work closely together and have aligned our policies around data privacy and our privacy notices to provide clarity for our alumni, donors and supporters.
What We Do
The University's Development and Alumni Relations teams exist to establish and develop lifelong relationships with and amongst our alumni, donors and supporters. We're here to help you stay connected with each other and with the news, research developments, events, exhibitions, collections and resources, reunions, volunteering opportunities, fundraising priorities and progress updates that are important to you.
We fundraise to ensure that, thanks to the incredible generosity of our donors, the University of Oxford, continues to create an inspirational and supportive environment in which students can fulfil their potential, and which motivates our world-leading academic community to drive forward ground-breaking research and innovation.
Oxford University Innovation contributes to the University’s societal benefit by working with staff and students to apply their expertise and research to maximise global impact. OxReach is the University’s rewards-based crowdfunding platform, which is operated by the Chancellors Masters and Scholars of the university of Oxford (the University) and Oxford University Innovation Limited, in collaboration with the University’s Development Office. OxReach exists to support funding for projects that will deliver on impact, but not necessarily on commercial return, thus receive limited support from research and commercial funding.
Information We Collect
Through your use of the OxReach crowdfunding platform, we collect personal data from you when you:
register on the OxReach website;
make a pledge on the OxReach website;
submit a proposed project for which you want to solicit donations;
provide information about any such project;
participate in discussions on the OxReach website;
use the OxReach website’s social media functions;
report and issue or problem on the OxReach website;
If you are providing information about a project or proposed project it will include whatever personal data you choose to provide in support of that project.
We, the University, collect information from you in three ways: directly from you during your ongoing relationship with us or with colleges participating in our shared relationship management system (DARS); from publicly available sources; and/or from third parties providing us with services or acting on our behalf.
The amount of data we collect and hold depends on the frequency and nature of your interactions and engagement with us. Information may be gathered across the lifetime of our relationship with you and from many different forms of interaction.
We may hold and process the following types of personal data about you:
Biographical information, which may include:
Name, title, contact details, date of birth, gender, marital status, spouse, partner and family details.
For current or past students: student ID, programme of study, department, college, matriculation or start date, graduation date, degree conferred.
Awards received whilst studying at Oxford (prizes, scholarships, accolades, bursaries); other education history and professional qualifications.
Involvement in sports teams, clubs and societies whilst at Oxford and subsequently.
Employment details (incl. salary/salary band), career history, professional activities.
Interests, activities and accolades, incl. honours, life achievements.
Profile pictures which come from publicly accessible sources (where copyright allows).
Links to your public social media presence e.g. LinkedIn, Twitter, website or blog.
Details of our ongoing relationship and your engagement with us, which may include:
Records of your personal interactions with us (e.g. correspondence, notes of meetings or conversations).
Your communication preferences; records of communications you have received from us, incl. copies of letters, emails or appeal literature sent, and of fundraising activities in which you have been included (e.g. annual fund mailings, telephone fundraising campaigns).
Your attendance (and that of your guests) on visits to, or at events across the collegiate University, including details of any payments made, and photographs, audio and video recordings in which you may be included.
Details of benefits and services provided to you, e.g. use of college or University libraries, Oxford University Careers Service.
Your connections to other alumni, students, staff, friends, groups or networks, donors and supporters within the collegiate University community.
Membership of college or University social media groups e.g. Facebook, LinkedIn.
A record of offers of voluntary support you have made, e.g. offers of expertise, advice, mentoring, internships, coaching, accommodation/support for students visiting your area.
A record of volunteer work you have undertaken.
**Information about your giving, which may include:**
Current and past donations and pledges, documentation relating to these gifts and records of the projects you have supported.
Financial information required to process your gifts.
If you have given it, an indication of your intent to leave a legacy, including copies of Wills or sections of Wills.
Any requests you have made for anonymity in relation to your giving.
Thank you letters, donor reports provided relating to gifts you have made, correspondence and notes of meetings.
Plans for activities and future interactions.
Records of membership of any societies or groups related to your giving.
Your relationship to friends and patrons groups associated with, or providing support to, the collegiate University.
Your relationship to relevant trusts, foundations and corporates, e.g. membership on board of trustees.
**Information relating to your willingness or financial capacity to support our charitable objectives, which may include:**
Our understanding of your likely philanthropic interests, and a note of particular projects we think may be of interest to you. This understanding may be provided by you or from information in the public domain.
Information about your giving to other organisations, and other support that you provide (e.g. volunteering roles, trusteeships), where this information is given to us by you or publicly reported, and where it helps us to understand your interests and capacity to provide support.
Other information which may give an indication of the scale of any potential philanthropic gift you may be able to give, such as information about earnings and assets, including property, or publicly reported estimates of wealth.
Any estimate we may make regarding the potential scale of your support on the basis of the above information and your previous giving.
Personal recommendations, where made by other supporters, that you may be willing and able to provide support.
**Sensitive personal data, which may include:**
Health information, including any medical conditions - we may use health information provided by you so we can make reasonable adjustments to improve the service we are able to offer you (e.g. seating or access at an event, dietary requirements, provision of disabled parking, or allocation of accommodation). With your permission, we may also hold health data to ensure our engagement with you is based on a suitable understanding of, and care and respect for, your particular circumstances. For more information please see our vulnerable persons policy.
Criminal convictions, offences and allegations of criminal activity - we may use publicly available information concerning criminal convictions and offences or allegations of criminal activity, including money laundering or bribery offences, to carry out due diligence on donors or prospective donors in line with our guidelines on the acceptance of gifts.
Race or ethnicity, religious beliefs, sexual orientation, political opinions - we do not seek to obtain these categories of sensitive data. However, they may sometimes be inferred from other data we hold, for example, your relationships, society memberships, job titles, donations to specific causes or interests.
###How We Use Your Data
Your personal data are used by us for the following purposes in support of alumni and supporter relations, and fundraising:
- For alumni and supporter engagement
- To manage our ongoing relationship with you and to provide a record of your interactions and contributions to college and University life.
- To offer and manage a varied programme of events tailored to your interests, including networking events, subject reunions, Gaudy dinners, sports events, concerts, seminars and lectures.
- To ensure you are aware of the wider programme of events, lectures and seminars taking place across the collegiate University which we believe may be relevant to you and that you may have an interest in attending.
- To keep you up to date with news from your college, department, or other areas in which you have shown an interest, e.g. by making a donation, attending an event, or becoming a member/friend.
- To provide you with information about alumni benefits and services, including access to the University of Oxford Careers Service.
- To let you know of volunteering opportunities across the collegiate University, including linking current students with alumni for careers advice and internships, or speaking opportunities.
- To provide the most relevant content and best possible user experience when you are interacting with our digital communications and platforms.
- To identify and profile potential volunteers, alumni ambassadors and event attendees.
- To accept and process commercial revenue, e.g. for merchandise or event tickets.
- To undertake surveys and market research.
- To create classifications and groupings (through manual or automated analyses) in order to best direct engagement activities.
- To analyse the success of our engagement activities, collect feedback, and manage complaints.
**For All Fundraising And Donor Stewardship**
To help ensure that our fundraising efforts are conducted as efficiently as possible, and that our approaches to potential donors are respectful, professional, and made, as far as possible, based on evidence and an understanding of what may interest you.
To ask you for your support for our fundraising programmes, always mindful of fundraising best practice, and according to the fundraising promise.
To accept and process philanthropic revenue.
To provide acknowledgement, recognition and stewardship of your gift.
To inform you of the impact of your gift.
To create classifications and groupings (through manual or automated analyses) in order to best direct fundraising activities.
To support peer-to-peer fundraising campaigns.
To inform fundraising, marketing and donor stewardship strategies.
**For Fundraising For Major Gifts**
In addition to analysing data shared with us, we may use publicly available information and recommendations from staff and supporters to identify individuals who we believe may have the interest and financial capacity to make a major gift.
Where we have reason to think a potential donor may possess an interest and financial capacity to donate, we may research and collate additional information from sources in the public domain, typically concerning a potential donor's interests in so far as they may coincide with our work, their philanthropic activity, financial capacity and networks in order to substantiate this. We may undertake this research ourselves or use the services of a third-party partner. This new information may be added to the record of a donor or potential donor.
Where this activity is being undertaken for a new contact with whom we have no previous relationship, we will provide the individual with a link to this privacy notice as part of our initial engagement.
Information may be collated into a briefing or profile in order to assist the planning of an approach to a potential donor to discuss that individual's interest in our work and in supporting it.
We may also carry out due diligence on potential donors using publicly available information in order to comply with our policy on the acceptance of gifts, and to fulfil our legal responsibilities.
**For Operational Reporting, Management Reporting, and Governance**
We may use your personal data for the purposes of operational reporting, to produce management information, and for other relevant purposes relating to the governance of the collegiate University. We will use only the data required and, unless necessary, we will use anonymised or pseudonymised data.
**In Our External Communications**
With your permission, we may publish your name in an online directory, in donor listings, as part of a guest list, or we may work with you to create press releases or case studies to be included in our publications or on our websites.
If you do not wish your data to be used in any of the ways listed above, or have any questions, please contact us: https://www.campaign.ox.ac.uk/privacy-notice#privacy10
###When And How We Share Your Data
We may, from time to time, need to share your personal data within the collegiate University of Oxford or with third-parties working on our behalf. We will only do this in appropriate circumstances, by secure means, and with the relevant data sharing agreements in place. We do not, and will not, sell your data.
Third parties will only process your personal data on our instructions and where they have agreed to treat your data confidentially and to keep it secure. We only permit them to process your personal data for specified purposes. We do not allow our third-party service providers to use your personal data for their own purposes nor to keep your data after the processing is complete. All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies.
Whenever your information is shared, we will always seek to share the minimum amount of information necessary to fulfil the purpose, this includes the use of anonymised or pseudonymised data where that is sufficient.
Your data may be shared in the following ways:
Within the collegiate University of Oxford
We may share your data with colleges and departments that make up the collegiate University. We will do this only where it is necessary in order to carry out any of the purposes listed in this privacy notice. For example, where the University is coordinating with one or more colleges to organise shared events to which you are invited; to manage and coordinate relationship management activities with you; to ensure your contact information is up-to-date, to distribute to your college any gifts received via the University's payment methods.
We may also share relevant data, in appropriate circumstances, with University Sports Clubs and Societies where you are (or were) a member of that club or society.
Within the collegiate University of Oxford via the Development and Alumni Relations System (DARS)
The collegiate University of Oxford utilises a shared relationship management system, known as DARS (Development and Alumni Relations System), to store and share data across participating teams, departments, and colleges. Our objective in doing so is to improve our mutual understanding of the multiple relationships you have across the collegiate University; we believe this understanding is crucial for us to be able to provide you with the best possible experience we can. Developing a better appreciation of our relationship with you should improve our communications with you and mean we are better able to respond to your preferences about how we stay connected with you. This includes improving the quality of the data we hold about you and ensuring that we are processing the latest and most accurate data you have provided.
In the case of colleges that use DARS, the University and colleges are joint "data controllers" of your personal data. This means that if you have questions about your data you can either contact the University or your college and we will liaise as appropriate to respond to your query. A list of participating colleges, including the University, can be found at the Joint Data Controllers page.
With organisations or individuals affiliated to the collegiate University of Oxford
We benefit from a network of organisations and individuals who volunteer their support to the collegiate University. We may share relevant data with them, in appropriate circumstances, by secure means, and with the relevant data sharing agreements in place. These may include:
Volunteers offering their expertise by serving on boards or otherwise advising on or assisting with alumni or development matters.
Recognised University or college alumni societies and networks, for example when they are helping to organise a dinner or host an event to which you are invited.
With partner organisations that accept gifts in support of the collegiate University of Oxford
The following organisations enable tax-efficient giving to the collegiate University of Oxford, from outside of the UK. Data may be shared by us with these organisations where it relates specifically to donations you have made, or have pledged to donate via these organisations.
- Americans for Oxford, Inc. (AFO) accepts gifts in support of the collegiate University of Oxford. AFO has been determined by the United States Internal Revenue Service to be a tax-exempt public charity. The personal data you provide when making a gift to AFO are collected and processed by the University of Oxford's North American Office using the shared Development and Alumni Relations System (DARS).
- Swiss Friends of Oxford (SFOU)
Swiss residents can give tax efficiently to the collegiate University of Oxford. SFOU is set up as an association (Verein) under Swiss law and has a tax ruling from the canton of Zug recognising its tax-exempt status.
- German Friends of Oxford University
Residents of Germany can also make tax-efficient donations via the German Friends of Oxford University without incurring any fees.
- Stripe Payments (Europe) Limited
- With third-party organisations engaged by the collegiate University of Oxford to provide crowdfunding services:
In addition to Stripe, these include:
- Sponsorcraft Ltd (Hubbub), who provide the online platform, and will hold and process your data securely in line with the EU's laws related to the storing of personal data. The data that collected from you for processing is stored in Dublin, Ireland, hosted by Amazon Web Services (AWS), in line with the EU-approved AWS Data Protection Agreement and Model Clauses. (https://hubbub.org/privacy/)
- With third-party organisations engaged by the collegiate University of Oxford to provide other services:
These include but are not limited to:
• Mailing houses, printers, event organisers or venues.
• Organisations providing tools such as relationship- or event-management systems; databases and reporting/analysis tools; alumni networking platforms ; email or survey tools; payment services (e.g. direct debit, online donation processing).
• Organisations assisting with activities such as market research, marketing and communications, organisational effectiveness, strategy and planning, auditing, business intelligence and analysis, customer experience.
###How we protect your data
The University of Oxford takes precautions to safeguard your personal information against loss, theft and misuse, unauthorized access, disclosure and destruction through the use of appropriate administrative, physical and technical security measures.
Our shared relationship management system, DARS, is hosted on infrastructure within the University of Oxford's network and is protected by logical access controls. Access is limited to individuals who need to see and use the data to carry out their duties, and access rights are restricted according to individual job roles in order to ensure that users only see information that is relevant to them. All DARS users receive appropriate training, including training on data privacy, before being granted access.
Where you have provided us with your credit or debit card information, over the phone, or on a printed giving form, that data is stored securely and destroyed after your payment has been processed. Bank details used for processing Direct Debits are stored under the Direct Debit Guarantee Scheme. Online donations are processed via our third-party payment service providers and your credit or debit card information is not collected or stored by us.
Transfers of your data outside of the European Economic Area (EEA) - although most of the information we collect, store and process stays within the UK, some information may be transferred to countries outside of the European Economic Area (EEA). This may occur if, for example, one of our third-party partners' servers are located in a country outside of the EEA. This may also occur where staff in our international offices access DARS, our shared relationship-management system.
Transfers outside of the EEA will only take place if one of the following applies:
- The country receiving the data is considered by the EU to provide an adequate level of data protection.
- The organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield.
- The transfer is governed by approved contractual clauses.
- The transfer has your consent.
- The transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into that contract.
- The transfer is necessary for the performance of a contract with another person, which is in your interests.
- The transfer is necessary in order to protect your vital interests or of those of other persons, where you or other persons are incapable of giving consent.
- The transfer is necessary for the exercise of legal claims.
- The transfer is necessary for important reasons of public interest.
###How long we keep your data
The University of Oxford considers its relationship with alumni, donors and supporters to be life-long and we will retain much of your data indefinitely unless you request otherwise. When determining how long we should retain your personal data we take into consideration our legal obligations and tax or accounting rules. If you have pledged a legacy gift, it will be necessary to retain your data until your gift is received, so that we can identify the gift against that pledge. When we no longer need to retain personal information, we ensure it is securely disposed of. We may keep anonymised statistical data indefinitely, but you cannot be identified from such data.
The legal basis for processing your data
We will only use your personal data where the law allows us to do so. Most commonly we rely on the following legal bases for processing your personal data:
- Where we have a legitimate interest to do so for purposes listed within this privacy notice. Where we use legitimate interest as the basis for our processing we have carefully considered each of the ways we process your data to ensure that we carry out our activities with a focus on the interests of our alumni, donors and supporters, and in the most efficient and effective way.
- Where we need to perform the contract we have entered into with you. Information processed for this purpose includes, but is not limited to, the information you provide when you register for an event, or to enable us to process a donation.
- Where we are required to comply with our legal obligations, such as for: reclamation of Gift Aid on your donations; statutory returns to the Office for Students (OfS), the Charity Commission or ICO; participation in the HESA Graduate Outcomes Survey; responses to the Charity Commission or ICO in relation to audits or official investigations; responses to FOI Requests, under the Freedom of Information Act 2000.
- Where your consent is required, for example where sensitive personal data is recorded. You can withdraw your consent at any time and we will stop any processing of your personal data requiring your consent. See: Your legal rights and choices in connection with your personal data.
###Change Of Purpose
We will only process your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose. Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Your Legal Rights And Choices In Connection With Your Data
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.
- Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- Request erasure of your data. This enables you to ask us to delete or remove your data where there is no good reason for us continuing to process it.
- You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
- Object to processing of your data where we are processing it to meet our public interest tasks or legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
- Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your data to another party.
Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop. However, where you have consented to the processing, you can withdraw your consent at any time by emailing the relevant department. In this event, we will stop the processing as soon as we can. If you choose to withdraw consent it will not invalidate past processing.
If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, please contact the University's Information Compliance Team at firstname.lastname@example.org. The same email address may be used to contact the University's Data Protection Officer. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office at the ICO website.
If you have any questions about this privacy notice or about your personal data, or if you want to provide updates to your data, make any changes to your communication preferences or exercise any of your rights as outlined above, please contact us at one of the following addresses:
University of Oxford Development and Alumni Relations Database Team
University of Oxford Development Office
University Offices, Wellington Square
Oxford, OX1 2JD, United Kingdom
Phone: +44 (0)1865 611530
University of Oxford Alumni Office
University Offices, Wellington Square
Oxford, OX1 2JD, United Kingdom
Phone: +44 (0)1865 611610
If possible, please quote your Alumni Number
If you have registered with Oxford Alumni Online, either via the central University Alumni Office or via your college, you can login to update your communication preferences at any time.
**Changes to this Privacy Notice**
This privacy notice was last updated on 28 May 2019.
We reserve the right to update this privacy notice at any time. Any changes to this privacy notice will be posted to this page.