Applicant privacy notice
In the course of completing the Graduate Access Programme application form, you have provided information about yourself (‘personal data’). We (the University of Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.
How we use your personal data
We will use the personal data you have provided (which may include sensitive or "special category" data such as health data, or data revealing racial or ethnic origin) to process and assess your UNIQ+/Wellcome Biomedical Vacation Scholarship application. We need to process your data for these purposes in order to meet our legitimate interests in promoting access for postgraduate study at the University. This is known as our legal basis for processing personal data under data protection law.
We will add some of your data to the Higher Education Access Tracker database (HEAT), which we use to record information about our outreach activities and those who take part in them. HEAT is a shared database used by a variety of organisations to identify which activities are most helpful in preparing students for higher education and progressing to employment. Users include the University, its colleges, student organisations, educational charities and relevant public bodies (eg UCAS). The data added to HEAT comprises your personal details (name, gender, date of birth, postcode and school) and the events or activities in which you have participated. You can read further details about how your data on HEAT is used in the HEAT privacy notice.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Who has access to your data?
Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above and to Oxford’s colleges participating in the UNIQ+ and Wellcome Biomedical Vacation Scholarships programme.
Anonymised information will be provided to the Wellcome Trust for those allocated a place on the Wellcome Biomedical Vacation Scholarships. This will include demographic information: institution attended for undergraduate degree, gender, age, race and ethnicity, and socio-economic diversity information. Details of projects undertaken will also be shared with the Wellcome Trust and scholarship-recipients asked to complete a survey.
We may also disclose your personal data to our third party service providers or subcontractors in connection with both programmes. Activities that may be carried out by third-party service providers include IT services and survey provision services. All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes, but rather to only process your personal data for specified purposes and in accordance with our instructions.
Your personal data may be transferred to, and stored at, a destination outside the European Economic Area, in accordance with the law. For example, this may happen where we use IT systems which are hosted outside the EEA. We will make sure that identifiable data is removed whenever possible and that any data transfer is done securely. If any foreign country to which data is transferred does not have equivalent data protection standards to those required in the UK, appropriate safeguards will be adopted to protect and maintain the confidentiality of your data (including using standard data protection clauses adopted by the European Commission, where relevant). If you require any information about these safeguards, you may contact us (see the Data Protection Officer's email address in the contact details section below).
Retaining your data
We will only retain your data for as long as we need it to meet our purposes, including any relating to legal, accounting, or reporting requirements. Data will be retained in accordance with the University’s student records data retention policy.
You have certain rights with respect to your personal data. These include being able to request access to it, correction of any mistakes in it, deletion of it, restriction of its use, as well as being able to object to any processing of it (ie any use of it), or request that it be transferred elsewhere.
However, depending on the circumstances, we may have grounds for not complying with your request, for example, where we consider that deleting your information would seriously harm the research or where we need to process your data for the performance of a task in the public interest
If you wish to raise any queries or concerns about our use of your data to assess your application, please contact us at firstname.lastname@example.org.
If you would like to exercise any of your rights mentioned above or if, for any reason, you are not happy with the way that we have handled your data, please contact the University’s Information Compliance Team at email@example.com. The same address can be used to contact the University’s Data Protection Officer.
If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office.