This statement explains how St. Catharine's College ("we" and "our") handles and uses information we collect about event organisers that use College facilities ("you" and "your"). In broad terms, we use your information to manage the event(s) we either host for you or otherwise provide facilities, as well as maintain our records of previous, current and future clients for events business for the College.
The controller for your personal data is St. Catharine's College, Cambridge, CB2 1RL. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (OIS Ltd) [12B King's Parade, Cambridge; 01223 768745; email@example.com]. OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar via firstname.lastname@example.org.
The legal basis for processing your personal information is that it is necessary in order for you to enter into a contract to provide events facilities and resources to you. We will retain your information for the periods stated below unless or until you request us to do otherwise.
We collect and process your personal information for the following purposes:
A. maintaining clear contact information for the booking, provision and payment of events.
We will hold your name, address, email address, phone number and other relevant contact details you provide to us, and will use this information to maintain contact with you to provide your requested services, manage their delivery and bill you for them. We retain this information in our events record for 7 years after the most recent event we host for you, and for 7 years in our financial records (due to statutory requirements). Where we have not hosted an event for you, we will retain the details relating to your initial enquiries of services for no more than 2 years.
B. providing you with details about future event provision services.
While we retain your contact information, we will contact you about our services. You may unsubscribe from such communications at any time.
We do not share personal information with third parties. If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at email@example.com.
Personal information of delegates of your events
The provision or management of your event by us might require you to provide us with personal information relating to your event delegates (such as name, dietary requirements, accommodation requirements). This may include the provision of sensitive information. We will not retain this information for any longer than necessary for the provision of the specific event, which might require you to provide it on successive occasions. We will assume that you have obtained the consent from your delegates for us to hold their personal information for that purpose. Your delegates may wish to review our College Visitors and Guests Data Protection Statement for reference.
We operate CCTV on our sites, which will capture footage, and a SALTO lock system. Further details of the College’s CCTV system and procedures can be found in our CCTV Policy. If you have any questions regarding the College's CCTV please contact the Head Porter firstname.lastname@example.org. The SALTO lock system controls door access, and will by its nature record movements in and out of staircases and some College rooms, though this is not its primary purpose. Like all data we store, this information is kept confidentially. Please also contact the Head Porter email@example.com if you have questions about the SALTO lock system.
We also operate wifi across our sites, which can be accessed by members of the College and guests. We retain device information (such as physical MAC address and IP address) and details of the IP address the device connected to. The data is retained for 3 months.
You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.
You retain the right at all times to lodge a complaint about our management of your personal information with the Information Commissioner's Office at https://ico.org.uk/make-a-complaint/.