Privacy Notice - Website Users
How we use your personal information - users of the College’s website(s)
This statement explains how Magdalene College (“we” and “our”) handles and uses information we collect when you visit the College website – URLs starting http://www.magd.cam.ac.uk/. Where you engage with the College for another purpose (e.g. as a prospective or current student, as a previous student, as a member of the College or as a visitor to the College), there are other data protection statements to explain our management of your personal information – see https://www.magd.cam.ac.uk/data-protection. Where you enter your personal information into an online form for any specified purpose, you will be told about the use we will make of that information (e.g. to send you newsletters or to enable your attendance at an event).
The controller for your personal information is the Magdalene College, Cambridge CB3 0AG. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd [12B King’s Parade, Cambridge; 01223 768745; email@example.com]: OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Assistant Bursar, Mrs H Foord, firstname.lastname@example.org.
The legal basis for processing your personal data is that it is necessary for the purposes of our legitimate interests, where we have concluded that our interests do not impact inappropriately on your fundamental rights and freedoms. You may ask us to explain our rationale at any time.
We collect and process your personal information for operating and improving our webpages, analysing their use and ensuring the security of our website.
In common with most websites, we automatically log certain information about every request made of it (see below for more details). This information is used for system administration, for bug tracking, and for producing usage statistics. The logged information may be kept indefinitely.
Relevant subsets of this data may be passed to computer security teams as part of investigations of computer misuse involving this site or other computing equipment in Magdalene College and the University of Cambridge. Data may be passed to the administrators of other computer systems to enable investigation of problems in accessing this site or of system misconfigurations. Data may incidentally be included in information passed to contractors and computer maintenance organisations working for the University, in which case it will be covered by appropriate non-disclosure agreements. Otherwise the logged information is not passed to any third party except if required by law. Summary statistics are extracted from this data and some of these may be made publicly available, but those that are do not include information from which individuals could be identified.
The following data is automatically collected for each request:
- The name or network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request. Note also that the data
- The username, when known during authenticated (logged in) access to the site
- The date and time of connection
- The HTTP request, which contains the identification of the document requested
- The status code of the request (success or failure etc.)
- The number of data bytes sent in response
- The contents of the HTTP Referrer header supplied by the browser
- The content of the HTTP User-Agent header supplied by the browser
Logging of additional data may be enabled temporarily from time to time for specific purposes.
In addition, the computers on which the website is hosted keep records of attempts (authorised and unauthorised) to use them for purposes other than access to the web server. This data typically includes:
- the date and time of the attempt,
- the service to which access was attempted,
- the name or network address of the computer making the connection,
- and may include details of what was done or was attempted to be done.
In the event of a security concern or incident, we may use and disclose details as necessary. For more technical details please see https://www.uis.cam.ac.uk/privacy-policies-for-uis-services.
If you have concerns or queries about any of the above, please contact us at the address given above.
You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
You retain the right at all times to lodge a complaint about our management of your personal information with the Information Commissioner’s Office at https://ico.org.uk/concerns/.