Skip to main content

Data Protection

Fitzwilliam College adheres to the rules set out in data protection law in the UK (the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018) for processing personal information.  Data protection law applies to the processing (collection, storage, use and transfer) of personal information (data and other personal identifiers) about data subjects (living identifiable individuals).

These rules apply to some paper records as well as those held on computer and some automatically processed data, for example, document image processing, audio/video, photographs and CCTV.

Data protection principles state that personal data shall be:

  • processed (i.e. collected, handled, stored, disclosed and destroyed) fairly, lawfully and transparently;
  • processed only for specified, explicit and legitimate purposes;
  • adequate, relevant and limited;
  • accurate (and rectified if inaccurate);
  • not kept for longer than necessary;
  • processed securely

Under data protection law Fitzwilliam College (the “College”) is identified as a “Data Controller” for the processing of data and as such is subject to a range of legal obligations.  The College upholds data protection law as part of everyday working practices through:

  • ensuring all personal information is managed appropriately;
  • understanding, and applying as necessary, the data protection principles when processing personal information;
  • understanding, and fulfilling as necessary, the rights given to data subjects under data protection law;
  • understanding, and implementing as necessary, the College’s accountability obligations under data protection law; and
  • the publication of data protection statements outlining the details of its personal data processing in a clear and transparent manner.

On this page you will find the College's Data Protection Policy; statements that set out how we use your personal data, the legal basis for processing and how to exercise your rights; and our Data Retention Schedule.

In case of queries, please contact the College Data Protection Officer (

Data Protection Policy (04 May 2022)

Data Retention Schedule (19 May 2021)

All visitors to the College are made aware that CCTV is in use on the College site(s). For further details see our CCTV Policy (9 May 2018)

How we use your information​ 

The following Data Protection Statements tell you what to expect when the College collects personal data. You may need to refer to more than one statement (e.g. a student will also be a Library user, a website user and probably a member of a club or society). 

It applies to information we collect about:

Your Rights

You have the following rights:

  • to ask us for access to your personal data,
  • to ask us to restrict processing (pending correction or deletion)
  • to object to communications or direct marketing
  • to ask us to transfer your data electronically to a third party

Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

Please note that Fitzwilliam College does not use automated decision making.

If you wish to exercise your rights, or have any other queries about the College’s Data Protection policies please contact the College Data Protection Officer at

If having done so you remain dissatisfied you have a right to lodge a complaint about our management of your personal data with the Information Commissioner’s Office at

Freedom of Information

Fitzwilliam College makes information available to the public as part of its normal activities. Fitzwilliam's publication scheme follows the model prepared and approved by the Information Commissioner.

Fitzwilliam College Publication Scheme