Data Protection Statement

This statement explains how Newnham College (“we” and “our”) handles and uses information we gather when you visit the College’s web site, its subdirectories and subdomains. Where you engage with the College for another purpose (e.g. as a prospective or current student, as a member of the College or visitor), there are other data protection statements to explain our management of your personal data. Where you enter personal information into an online form for an specified purpose, you will be told about the use that will me made of the information (e.g. to book you onto an event).


The controller for your personal information is Newnham College, Sidgwick Avenue, Cambridge CB3 9DF. The Data Protection Officer for the College is the Office of Intercollegiate Services Ltd (OIS Ltd) [12B King’s Parade, Cambridge; 01223 768745; college.dpo@ois.cam.ac.uk]. OIS Ltd. should be contacted if you have any concerns about how the College is managing your personal information, or if you require advice on how to exercise your rights as outlined in this statement. The person within the College otherwise responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information is the Bursar, data-protection@newn.cam.ac.uk.

It is important for you to appreciate that the website provides extensive links to other independent sites, within the College, the University of Cambridge and elsewhere. This policy applies only to direct accesses to the main website – URLs containing https://newn.cam.ac.uk/. You will need to consult the appropriate information on other sites for information on their policies.

The legal basis for processing your personal data is that it is necessary for the purposes of our legitimate interests, where we have concluded that our interests do not impact inappropriately on your fundamental rights and freedoms. You may ask us to explain our rationale at any time.

Any changes to this privacy policy will be posted on this page. It was last updated in January 2025.

 

Data collected

The College collects data for a number of purposes outlined below. 

  1. For site security and performance.
  • When you visit our website, we use cookies and page-tagging techniques to collect the request made my your browser to the server hosting the website. This may include:
  • The name of the network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request. Note also that the data recorded may be that of a web proxy rather than that of the originating client.
  • The date and time of the connection.
  • The HTTP request, which contains the indentification of the document requested.
  • The status code of the request (success or failure etc).
  • The number of data bytes sent in response.
  • The contents of the HTTP Referrer header supplied by the browser.
  • The contents of the HTTP User-Agent header supplied by the browser.

    Logging of additional data may be enabled temporarily from time to time for specific purposes. In addition, the computers on which the website is hosted keep records of attempts (authorised and unauthorised) to use them for purposes other than access to the web server. These data typically include the date and time of the attempt, the service to which access was attempted, the name or network address of the computer making the connection, and may include details of what was done or was attempted to be done.

  1. To improve our service to you

    When you visit our website, we use the third-party Google Analytics service to collect standard internet log information. We use Google Analytics 4 which does not log or store individual IP addresses. We use Analytics to find out how visitors use our website and to improve its usability. The data is anonymised before it is stored and before we see or use it for analytics processing. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our site. For more information about how Google Analytics uses this information please see the Google privacy policy. For further details about the cookies used on our websites see cookies information. 

  2. To remember marketing preferences

    Third-party services that we embed on some of our webpages, e.g. YouTube videos, may set cookies to analyse how you use their services and record what advertising you see during your use of their service. This will only happen if you interact with the embedded content or opt into 'Social marketing preferences' cookies.

 

Data Sharing

Relevant subsets of this data may be passed to the College IT Manager and IT Department as part of investigations of computer misuse involving this site or other computing equipment in the College or in the University of Cambridge. Data may be passed to the administrators of other computer systems used by the College to enable investigation of problems accessing their site or system misconfigurations. Data may incidentally be included in information passed to contractors and computer maintenance organisations working for the College, in which case they will be covered by appropriate non-disclosure agreements. Otherwise the logged information is not passed to nay third party except if required by law. Summary statistics are extracted from these data and some of these may be made publicly available, but those that are do not include information from which an individual could be identified.

You should appreciate that a log is a record of what a server sees, not necessarily what was initially sent. If a request is sent via a proxy the log file will show the proxy's address. 

 

Your Rights

You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

You retain the right at all times to lodge a complaint about our management of your personal data with the Information Commissioner’s Officer at https://ico.org.uk/make-a-complaint.