Privacy Policy
At The Oxford Trust, the parent body to Science Oxford, we are committed to protecting and respecting your privacy.
We want you to be clear about your rights and how we use your personal data under the General Data Protection Regulations (GDPR) and DPA 2018.
This Policy explains when and why we collect personal information about people who visit our website and book tickets to our events, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page to ensure that you’re happy with any changes. By using our website, you are agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices can be sent by email to [email protected] or [email protected]
About us:-
We are The Oxford Trust, which is a charitable trust that aims to encourage the pursuit of science. The Oxford Trust is a registered charity (no.292664) and company limited by guarantee (no. 1898691). Our registered address is Oxford Centre for Innovation, New Road, Oxford, OX1 1BY. The Oxford Trust is the parent body to Science Oxford.
The legal basis for processing your personal data:-
The lawful bases on which we process your data are:
- Consent eg. where you ask to be kept informed of the services, opportunities and news we supply.
- To fulfil a contract with you for a service or event.
- Legitimate interest in order to pursue our business interests which would be reasonably expected.
- Compliance with legal obligations eg. disclosure upon provision of appropriate legally valid documentation by enforcement authorities.
How we collect information;-
We obtain information about you when you use our website, for example, to book tickets to our Science Oxford events, or if you register to receive one of our e-newsletters.
Information collected:-
The personal information we collect might include your name, address, email address, IP address, and information regarding the web pages that have been looked at and when. This information is held on a secure CRM system called SHEEP.
If you buy tickets to one of our Science Oxford events, your card information is not held by us, it is collected by our third party payment processors – Eventbrite, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below. If you have signed up for one of our e-newsletters, your information is held on Mailchimp, a secure third party system.
How information is used:-
We believe that the purposes listed below are justified on the basis of our legitimate interests in promoting our programmes. The exception is for sending email marketing and collecting non-essential cookies for which we rely on the basis of consent. We may use your information for the following:
- process ticket orders that you have submitted;
- to carry out our obligations arising from any contracts entered into by you and us, such as schools membership;
- deal with entries into a competition;
- notify you of changes to our services;
- send you communications which you have requested and that may be of interest to you, such as an e-newsletter about upcoming Science Oxford programmes and events or news on our innovation centres;
- process a grant or job application.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has access to your information:-
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Authorised partners:-
Very occasionally, we might pass your information to our authorised partners for the purposes of completing tasks and providing services to you on our behalf. For example booking information (name and contact email) to a venue hosting an event for us for health and safety purposes.
However, when we use authorised partners, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties, unless we are required to do so by law or by a court order or for the purposes of prevention of fraud or other crime. The types of third parties we work with include: IT companies supporting our business; Cloud storage companies; regulatory services; contracted partners. These companies are also obliged by law to meet GDPR.
Storing information outside the UK & Europe:-
The law which tells businesses how to use information about people and how to keep it safe is the same in most European Countries, including the UK. A lot of companies round the world offer services to record and store information, and sometimes we might use them to store your information. We have to tell you when we send or store information in other countries in the world. We also have to make sure that it is always stored safely, no matter where it is in the world. Here are some of the companies we use:
- We use Quickbooks to track money paid to us. Quickbooks is a company based in the United States (US) and they have big computers, known as servers, which store data for us. We have checked your information will still be safe and Quickbooks also obey the same laws that we have to here in the UK.
- We use a secure CRM system called SHEEP to record contact details of our customers and people who might become customers. It also records information about our projects and our team members. SHEEP is a company based in the UK and store data for us. We have checked your information will still be safe.
- We use Microsoft Teams, Zoom and Slack to to deliver training courses and free webinars to customers and make it easy to keep in touch with other team members about our work. All are companies based in the United States (US) and they have servers which store data for us. We have checked your information will still be safe and they also obey the same laws that we have to here in the UK.
- We use Mailchimp to let people sign up to our newsletters. Mailchimp is a company based in the United States (US) and they have servers which store data for us. We have checked your information will still be safe and Mailchimp also obey the same laws that we have to here in the UK.
- We use Eventbrite to book and take payment for our online event tickets and courses. Eventbrite is a company based in the United States (US) and they have servers which store data for us. We have checked your information will still be safe and they obey the same laws that we have to here in the UK.
- We use Hootsuite to organise our social media accounts more easily. If you send us a direct message on any of our social media accounts, it will also be kept in Hootsuite for 3 months. Eventbrite is a company based in Canada.
Marketing:-
We will only contact you for marketing purposes by email if you have given your prior consent. You can change your marketing preferences at any time by clicking ‘unsubscribe’ in any email or newsletter communication we sent you or by emailing us on [email protected] or [email protected] or calling us on 01865 810 000.
How to access and update your information:-
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate or out of date, please email us on [email protected] or [email protected]
Alternatively, you can call us 01865 810 000.
You have the right to ask for a copy of the information that The Oxford Trust holds about you. Please contact [email protected] or [email protected] or call 01865 810 000.
Withdrawal of consent:-
Whenever you have given us consent to use your personal data, you have the right to change your mind and withdraw consent.
Profiling:-
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may also use your personal information to detect and reduce fraud and credit risk.
Use of cookies:-
Like many other websites, The Oxford Trust and Science Oxford websites uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store the first three digits of your postcode. This helps us to improve our website and deliver a better more personalised service.
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website.
Links to other websites:-
Our website may contain links to websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
16 or under:-
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information
Consent for video, audio & photography:-
We sometimes take photographs/videos at events for website, social media and marketing purposes. These photographs are stored on a secure server, shared only with authorised partners and will automatically be deleted after 10 years, according to the photographic permissions form.
In accordance with our child protection policy, we will not permit photographs, video, sound or other images of young people to be taken without the consent of the parents/carers of the child.
The Oxford Trust will take all steps to ensure images are used solely for the purposes they are intended. If you become aware that any images are being used inappropriately you should inform The Oxford Trust immediately.
We keep this Policy under regular review.
See our Privacy Policy for Young Adults.
Updated December 2023.