Privacy

This statement explains how Newnham College (“we” and “our”) handles and uses information we gather when you visit the College’s web site. Where you engage with the College for another purpose (e.g. as a prospective or current student, as a member of the College or visitor), there are other data protection statements to explain our management of your personal data.

 

The controller for your personal information is Newnham College, Sidgwick Avenue, Cambridge CB3 9DF. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (OIS Ltd) [12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk]. OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information is the Bursar, data-protection@newn.cam.ac.uk.

It is important for you to appreciate that the web site provides extensive links to other independent sites, within the College and University and elsewhere. This policy applies only to direct accesses to the main web site – URLs starting https://newn.cam.ac.uk/. You will need to consult the appropriate information on other sites for information on their policies.

The legal basis for processing your personal data is that it is necessary for the purposes of our legitimate interests, where we have concluded that our interests do not impact inappropriately on your fundamental rights and freedoms. You may ask us to explain our rationale at any time.

Any changes to this privacy policy will be posted on this page. It was last updated in June 2023.

Data collected

In common with most web sites, this site automatically logs certain information about every request made of it (see below for more details). This information is used for system administration, for bug tracking, and for producing usage statistics. The logged information may be kept indefinitely.

Relevant subsets of this data may be passed to computer security teams as part of investigations of computer misuse involving this site or other computing equipment in the College and in Cambridge University. Data may be passed to the administrators of other computer systems to enable investigation of problems accessing this site or of system misconfigurations. Data may incidentally be included in information passed to contractors and computer maintenance organisations working for the College, in which case they will be covered by appropriate non-disclosure agreements. Otherwise the logged information is not passed to any third party except if required by law. Summary statistics are extracted from these data and some of these may be made publicly available, but those that are do not include information from which individuals could be identified.

[You should appreciate that a log is a record of what a server sees, not necessarily what was initially sent. If a request is sent via a proxy the log file will show the proxy’s address. If someone has forged your address the log file will show your address.]

A number of fill-in forms are provided on this site. The pages containing these forms include information on how data submitted on them will be processed and used.

This site uses web “cookies”: in particular we use Google Analytics to see how people use our website. This helps us improve it. The data we have is anonymised. See our Cookie policy and Google’s Privacy Policy for more information.

Logged data

The following data are automatically logged for each request:

  • The name or network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request. Note also that the data recorded may be that of a web proxy rather than that of the originating client
  • The date and time of connection
  • The HTTP request, which contains the identification of the document requested
  • The status code of the request (success or failure etc.)
  • The number of data bytes sent in response
  • The contents of the HTTP Referrer header supplied by the browser
  • The content of the HTTP User-Agent header supplied by the browser

Logging of additional data may be enabled temporarily from time to time for specific purposes. In addition, the computers on which the web site is hosted keep records of attempts (authorised and unauthorised) to use them for purposes other than access to the web server. These data typically include the date and time of the attempt, the service to which access was attempted, the name or network address of the computer making the connection, and may include details of what was done or was attempted to be done.

Access to personal data

You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Officer at https://ico.org.uk/make-a-complaint.