Data Protection

St Edmund’s College Policies

• Data Protection Policy
• CCTV and ANPR Policy

Data Protection Statements

• Data Protection Statement for Alumni and Supporters
• Data Protection Statement for Job applicants and candidates for election to College (non-student) membership
• Data Protection Statement for Visitors and Guests
• Data Protection Statement for Staff
• Data Protection Statement for College Members (other than students and alumni)
• Data Protection Statement for Students
• Data Protection Statement for Applicants (Students)
• Data Protection Statement for Users of the College’s websites(s)
• Data Protection Statement for Health & Wellbeing Records
• Data Protection Statement for OSTicket Users
• Data Protection Statement for DBS (Dinner Booking System) Users

Data Sharing Agreement

• Data Sharing Agreement with the University of Cambridge

Freedom of Information (FOI)

Making requests

If you wish to make a request under the Freedom of Information Act 2000, Environmental Information Regulations 2004 or the Data Protection Act 1998, please make your request to grcm@st-edmunds.cam.ac.uk

We will write to you to acknowledge your request and let you know the legal deadline by which we will respond. Within 20 working days, we will write again with our response. This will let you know whether we hold the information, and, if we do, we will either supply a copy or set out the reasons why we believe an exemption applies.

Charges

The College has the right to charge applicants for the supply of information in certain circumstances and is under no obligation to provide information if the cost of doing so would be in excess of an ‘appropriate limit’. The appropriate limit is £450 in the case of the College. This represents the estimated cost of one person spending 18 hours in determining whether the College holds the information, and thereafter locating, retrieving and extracting it. If we intend to levy a charge, we will contact you as soon as possible after you have submitted your request.

Complaints

If you are unhappy about the way in which your request has been handled (usually if your request for information has been denied, in whole or in part), you should complain to the to grcm@st-edmunds.cam.ac.uk in the first instance. Such a complaint is known as a request for an ‘internal review’ and will be handled by a senior Officer rather than the person who handled your original request. Details of how to submit a request for an internal review will be provided in the email setting out our original response; it is important that you follow these procedures to ensure that your internal review request is attended to.

If you are not content with the outcome of your complaint or internal review, you may apply to the Information Commissioner’s Office who will investigate the case and decide whether your request for information has been dealt with in accordance with the requirements of the FOIA.

Use of personal information to handle FOI requests

The College will use your personal information to log, consider and answer your FOI request to the College. We will liaise with colleagues internally (including those collating the information requested and any other offices with an interest in the response) as well as, on occasion, external advisors and/or third parties who may need to be consulted on any potential disclosure. From time to time we analyse requests to look for trends or collate statistics. If you pursue a complaint to the ICO (and thereafter the relevant Tribunal system), we will share your information as necessary in answering regulatory enquiries and making submissions.

These uses of your personal information are necessary to fulfil our legal obligations and public interest tasks in handling such requests.

For more information about how we handle your personal information, and your rights under data protection legislation, please refer to the College’s Data Protection Policies and Statements, which can be found on this page.

Further information

The controller for your personal information is St Edmund’s College, Mount Pleasant, Cambridge CB3 0BN. The Data Protection Officer for the College is Intercollegiate Services Limited (ISL) (64 Bridge Street, Cambridge CB2 1UR ; 01223 768745; dpo@isl.colleges.cam.ac.uk. ISL Ltd should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College with overall responsibility for the protection of information is the Senior Information Risk Owner who at at the time of issue is the Bursar (bursar@st-edmunds.cam.ac.uk). The person who is responsible for day-to-day monitoring of compliance with relevant legislation and dealing with any concerns relating to the College’s data protection arrangements is the College Data Protection Lead, who at the time of issue is the Governance, Risk & Compliance Manager (grcm@st-edmunds.cam.ac.uk).