Trinity Hall adheres to the rules set out in data protection law in the UK (the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018) for processing personal information.
Data protection law applies to the processing (collection, storage, use and transfer) of personal information (data and other personal identifiers) about data subjects (living identifiable individuals).
These rules apply to some paper records as well as those held on computer and some automatically processed data, for example, document image processing, audio/video, photographs and CCTV.
Data protection principles state that personal data shall be:
- processed (i.e. collected, handled, stored, disclosed and destroyed) fairly, lawfully and transparently;
- processed only for specified, explicit and legitimate purposes;
- adequate, relevant and limited;
- accurate (and rectified if inaccurate);
- not kept for longer than necessary;
- processed securely
Under data protection law Trinity Hall (the “College”) is identified as a “Data Controller” for the processing of data and as such is subject to a range of legal obligations.
The College upholds data protection law as part of everyday working practices through:
- ensuring all personal information is managed appropriately;
- understanding, and applying as necessary, the data protection principles when processing personal information;
- understanding, and fulfilling as necessary, the rights given to data subjects under data protection law;
- understanding, and implementing as necessary, the College’s accountability obligations under data protection law; and
- the publication of data protection statements outlining the details of its personal data processing in a clear and transparent manner.
You can download the College’s full Data Protection Policy, including information about the rights of data subjects.
Any queries relating to the College’s Data Protection Policy or Subject Access Requests should be sent to the College’s data protection officer at firstname.lastname@example.org.
Notification to the Information Commissioner
The College has an obligation as a Data Controller to notify the Information Commissioner of the purposes for which it processes personal data. Individual data subjects can obtain full details of the College’s data protection registration from the Bursar or from the Information Commissioner’s website.
Making a Freedom of Information Request
You have the right, under the Freedom of Information Act 2000, to request any information held by the College which it has not already made available through its publication scheme. Requests should be made in writing to email@example.com and the College will responds as soon as possible and within the time limit of 20 working days.
Details of the College’s Publication Scheme are contained in the following documents: