Library and Archive Users - Data Protection Statement

This statement explains how St. Catharine's College ("we" and "our") handles and uses data we collect about researchers who use the Library and Archive of the College ("you" and "your"), both in person and remotely. In broad terms, we use your data to manage your visit to the College and facilitate any research you are conducting.

When changes are made to this statement, we will publish the updated version on our website and notify you by other communication channels as we deem appropriate or necessary.

The controller for your personal data is St. Catharine's College, Cambridge, CB2 1RL.  The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (OIS Ltd) [12B King's Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk]. OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Bursar, Simon Summers, data.protection@caths.cam.ac.uk.

The legal basis for processing your personal data is that it is necessary for the purposes of our legitimate interests, where we have considered that our interest do not impact inappropriately on your fundamental rights and freedoms. You may ask us to explain our rationale at any time.

How your data is used by the College

We collect and process your personal data, as specified below, for a number of purposes, including:

A.  Maintaining a record of your contact details to enable the management of your visit.

We will hold your name, email address, phone number and other relevant contact details that you provide us with, and we will use this information to maintain cotact with you in order to manage your visit. This information is retained for no longer than 10 years after your first visit to the Library or Archive.

B.  Keeping a record of visits to the Library and Archive.

We will record your name, address, email address, phone number, educational affiliation, research interests and details of items consulted in order to manage and maintain the security of our collections. This information is retained for no longer for 10 years after your first visit to the Library or Archive.

C.   Maintaining records of reprographics orders and requests to publish copies of items held by the College.

We will hold your name, address, details of copies supplied, detailed of images to be published with accompanying publication data such as the name of the publication in which it will appear. This information is retained for 10 years.

D.   Maintaining records of enquiries received by the Library and Archive.

We will record your name, your contact details (email address, postal address or telephone number depending on your preferred method of contact) and details of the information we have supplied. Enquiries will be retained for a maximum of 3 years. Anonymised enquiry data may be retained for longer periods.

We operate CCTV on our sites, which will capture footage. Further details can be found in our CCTV Policy. If you have any questions regarding the College's CCTV please contact the Head Porter head.porter@caths.cam.ac.uk.

We also operate wifi across our sites, which can be accessed by members of the College and guests. We retain device information (such as physical MAC address and IP address) and details of the IP address the device connected to. The data is retained for 3 months.

If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at data.protection@caths.cam.ac.uk or Simon Summers, Bursar, St. Catharine's College, Cambridge, CB2 1RL.

Your rights

You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

Where you opt out of all future communications or exercise your right to erasure, we will continue to maintain a core set of personal data (name and limited contact details) to ensure we do not contact you inadvertently in the future, while still maintaining a record of your contact with the College. We may also need to retain some financial records about you for statutory purposes (e.g. accounting matters).

You retain the right at all times to lodge a complaint about our management of your personal information with the Information Commissioner's Office at https://ico.org.uk/concerns/.