Data protection

General Data Protection Regulation (GDPR) and Data Protection Act 2018

Girton College is committed to protecting the privacy and personal information that we collect, maintain and process about our College members and associates.

Following the implementation of the European Union’s General Data Protection Regulation (GDPR) and Data Protection Policy Act 2018 on 25 May 2018, the College has produced the following policy and privacy statements. Each document describes how information is collected, the lawful basis of processing, use and disclosure, and the retention or destruction of personal data, for the different purposes and activities the College may undertake.

The statements will be regularly reviewed and updated whenever necessary to reflect changes in the College’s activities and to ensure its continued accountability.

If you have any queries or concerns relating to your personal data that is held by the College, please contact the College Data Protection Lead.

Cybersecurity

Cybersecurity statement - December 2019

The College has had reports recently from members and associates that they have received spam emails purportedly from members of the College staff.

The College would like to reassure recipients of these emails that the College IT systems are secure and our systems have not been compromised. The messages received are part of a known ‘spear phishing’ attempt targeting the University and Colleges.

The College continues to monitor and implement security measures to mitigate any potential breaches of personal information – both technically and through user training and awareness – in line with the National Cyber Security Centre (NCSC) guidelines. However, if you receive an email from the College and have any concerns regarding its content or authenticity, please contact the College department (link to ‘contact’ page) directly without clicking any links or attached documents.

To assist members and associates, the following mitigating measures are recommended:

• All emails from the College are sent via the University’s email system. Check that the email you receive has an ‘@cam.ac.uk’ or ‘@girton.cam.ac.uk’ email address by looking at the full email address, not just the name.
• Filter or block spam emails using guidance provided by your email provider.
• Similarly, set up ‘safe’ or ‘approved’ contacts in your email program.
• Make use of the additional security features from your email provider. E.g. Two-step authentication and/or Secure Account Recovery assistance.
• Regularly review your security activity and permissions. E.g. check what data or permissions you have given to external apps on your mobile device and/or which devices have recently logged into your account.
• Set up secure passwords for your email account(s) and consider using a password manager if you have several passwords.
• Ensure your operating system on any device (e.g. laptop, tablet, mobile phone etc.) is up-to-date with recent patches or security fixes.
• Install an accredited antivirus program (e.g. McAfee or Norton) and anti-malware programs (e.g. Malwarebytes) to provide ‘real-time’ protection on your devices.

Data Protection Policy and Privacy Statements

• Data Protection Policy – December 2020 (PDF)
• CCTV Policy - November 2021 (PDF)
• Pre-applicants – statements managed by the Cambridge Admissions Office and Board of Graduate Studies
• Applicants for Employment, College memberships and academic appointments - May 2018 (PDF)
• Current students - May 2018 (PDF)
• Fellows, staff and senior members - May 2018 (PDF)
• Alumni and supporters - May 2018 (PDF)
• Visitors and guests: general - May 2018 (PDF)
• Visitors and guests: Admissions and Widening Participation – in progress
• Visitors and guests: Archive and Special Collections – in progress
• Girton College Summer Programmes - May 2018 (PDF)
• Event Organisers - May 2018 (PDF)
• Student Societies and Groups – in progress
• Website Users - May 2018 (PDF)

Data Sharing Agreements

The University, Cambridge In America And The Colleges:

• Office of Intercollegiate Services - Personal data sharing agreement

Withdrawal of consent

Girton College will only collect, process and store your personal data in accordance with the policies and statements above. 

However, if you wish to withdraw your consent – you may do so at any time by contacting the College Data Protection Lead.

Requesting personal information about yourself

Under the terms of the General Data Protection Regulation (GDPR) you may ask the College for any information it processes about you as an individual. Please note the College will normally have a month from receipt to respond to your request. Valid proof of identity will be required before a request will be processed.

If you wish to make an enquiry about data that relates to yourself, please complete the Subject Access Form, which is also available in hard copy from the College’s Data Protection Lead.

Please see ‘How to complete the Subject Access Request Form‘ for further guidance.

Requests for personal information on behalf of someone

If you wish to make an enquiry about data on behalf of someone, please complete the Subject Access Form, which is also available in hard copy from the College’s Data Protection Lead.  Please note, that written authorisation and valid proof of identity is required from the data subject before a request will be processed.

Please see ‘How to complete the Subject Access Request Form‘ for further guidance.

Contact Information:

College Data Protection Lead

Girton College, Cambridge, CB3 0JG
T: +44 (0)1223 338987
E: data.protection@girton.cam.ac.uk 

For Complaints and Concerns:

Data Protection Officer Office of Intercollegiate Services

12b King’s Parade, Cambridge, CB2 1S
T:+44 (0)1223 768745
E: college.dpo@ois.cam.ac.uk

Website: Information regarding the Statutory Data Protection Officer