Privacy & Cookie Policy

SCIO’s formal documentation for following GDPR requirements can be downloaded from the table below. It provides details concerning SCIO’s management of data on students who attend its programmes, participants who attend its projects and events, and all staff, including tutors and lectures who work for us. The text that follows provides guidelines for students and participants who attend our programmes and events, and has been provided to help you anticipate how your data would be managed if you were to attend a SCIO programme, project, or event.

Document download: SCIO privacy policies and records of processing activities

What this policy covers

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

  1. What information we collect about you
  2. How we use information we collect
  3. How we share information we collect
  4. How we store and secure information we collect
  5. How to access and control your information
  6. How we transfer information we collect internationally
  7. Other important privacy information

This privacy policy covers the information we collect about you when you apply to our programmes or otherwise interact with SCIO (for example, attending SCIO conferences), unless a different privacy policy is displayed. This policy also explains your choices about how we use information about you.

When we refer to ‘SCIO’, ‘we’, or ‘us’ in this policy, we mean SCIO, an educational charity in partnership with Wycliffe Hall, University of Oxford, and trading as CCCU-UK, a subsidiary of the CCCU (Council of Christian Colleges and Universities). In partnership with Wycliffe Hall, SCIO manages programmes for Registered Visiting Students with the University of Oxford, and for Affiliate Members with Wycliffe Hall, University of Oxford. We refer to these student events as ‘Programme’ and ‘Programmes’ in this policy. We also run conferences, and other academic programmes and events. We refer to all of these as “Project” or ‘Projects’ in this policy.

1. What information we collect about you


We collect information about you when you provide it to us, when you use our Programmes and Services, and when other sources provide it to us, as further described below.

Information you provide to us: Programmes

As part of our Programmes, we collect information about you from BestSemester that you input as part of the application process.

  • Application process: For each accepted candidate a student file is created, and a printed copy of your application is added to that file. All files are secured in a locked cabinet in SCIO’s offices in Oxford when not in use. During the course of the programme, a student’s file may be referred to by senior staff at Oxford to help evaluate performance and/or behaviour.
  • Medical details and rooming preferences: Your medical data are reviewed for safeguarding and risk assessment purposes by the Associate Director of SCIO, and when determining housing and rooming arrangements. Once the programme has started your medical data may also be viewed by the Associate Director to help evaluate behaviour. Salient data may be passed by the Associate Director to academic staff to enable them to support students’ studies. Detailed data will be passed to academic staff only with the students’ permission but the Associate Director may tell staff of the presence of medical mitigating factors (without revealing their nature) without student permission. Your medical details are stored electronically in an encrypted folder, and in the event of a medical emergency is available for reference by senior SCIO staff, your Junior Dean, and a first aider at Wycliffe Hall. The medical data is taken in encrypted form on all official field trips by a senior SCIO staff member.

Information you provide to us: Programmes and Projects

  • Payment Information: We may if needed collect certain payment and billing information from you as needed for our Programmes and Projects. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.

Information we generate when you are on a Programme

We generate information about you as part of you being on a Programme

  • Transcript details: we store details necessary for your transcript, including the topics you study, your tutors and other academic teachers, and your grades and reports.
  • Disciplinary matters: We store details on any events that may require investigating a breach in the regulations as maintained by your sending institution, the University of Oxford, Wycliffe Hall, or SCIO.

Information we generate when you are on a Programme or Project

  • Accommodation details: we hold information about your housing and rooming arrangements.
  • Emergency details: we store details on any events that required emergency attention, including medical and personal events.

Information we receive from other sources when on a Programme

We receive information about you from the University of Oxford.

  • The University of Oxford provides us with your University card for us to distribute, your single sign on details (but not your password), and other administrative details necessary for your enrolment.

2. How we use information we collect


Below are the specific purposes for which we use the information we collect about you.

  • To run our Programmes and Projects: We use information about you to run the Programmes and Projects, including arranging academic events and accommodation. We use the name and picture you provide to identify you.
  • For marketing: We may use some of your application details and evaluation information for marketing purposes. This information is always anonymised first, such that the information remaining cannot identify the person from whom it came.
  • To communicate with you: Your contact information is used to keep you updated on Programme and Project activities.
  • For safety and security: We use personal data to assist with safeguarding and risk assessment during your time on the programme.
  • To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions.
  • With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote our Programmes and Projects, with your permission. With your consent, we also maintain an alumni list with contact details.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

3. How we share information we collect


As part of your contractual relationship with the University of Oxford and Wycliffe Hall and SCIO, personal data necessary for the running of your studies and accommodation is shared between these organizations. All parties operate under GDPR regulations that manage and control how your personal data is stored, transferred, and shared.

Sharing with third parties

Your personal information is not shared with third parties.

4. How we store and secure information we collect


Information storage and security

All personal data is securely stored on site and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

  • Successful admission information: end of Programme/Project relationship + six years
  • Unsuccessful admission information: end of admissions cycle + 1 year
  • Record of prizes: Permanent
  • Personal data to assist with safeguarding and risk assessment: end of Programme/Project relationship + six years
  • Emergency information: end of Programme/Project relationship + six years
  • Medical information: end of Programme/Project relationship + six years
  • Marketing information: anonymised: permanent.
  • Grade moderation (Programme only): end of student relationship + six year
  • Transcript information (Programme only): permanent

5. How to access and control your information


You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations. We will respond to requests about this within a reasonable timeframe, usually within three working days.

Your Choices:

You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), and to request the deletion or restriction of your information,. Below, we describe the process for making such a request. For all requests, contact us as provided in the Contact Us section (link below) to request assistance.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where we have been required to share data with the University of Oxford or Wycliffe Hall you will need to contact those providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns or feel your rights have been infringed, you may have the right to complain to the ICO, which is the UK’s data protection authority.

  • Access and update your information: As part of our processes we give you the opportunity to update certain information about you, including your name and emergency contact details, and your transcript (using the ‘transcript memo’).
  • Delete your information: You have the right to require certain details on you to be deleted but please note that we may need to retain certain information for record keeping purposes, to complete transactions, or to comply with our legal obligations.
  • Request that we stop using your information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don’t have the appropriate rights to do so.
  • Opt out of communications: You may opt out of receiving communications from us three months after the end of a programme.

6. How we transfer information we collect internationally


International transfers of information we collect

We collect information locally and primarily store that information in the United Kingdom. Whenever we transfer your information, we take steps to protect it.

  • Transfers within SCIO, Wycliffe Hall, and the University of Oxford: All personal data that is considered to be either ‘protected’ or ‘highly protected’ is encrypted before transfer, or is transferred using third-party software that is GDPR compliant.
  • Transfers with CCCU GlobalEd: CCCU GloablEd offices are assessed under ICO guidelines for assessing adequacy of International data transfers. All data is encrypted before transfer, or uses third-party software that is GDPR compliant.

7. Other important privacy information


Our policy towards children

The Programmes and Projects are not available to individuals under 18. We do not knowingly collect personal information from children under 18. If we become aware that an individual under 18 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us (link is below).

Changes to our Privacy Policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page.

You can contact us if you have any questions.

Date of last update: 30 May 2018