Document

GDPR Agreement

Effective Date: 14 October 2024

The Oxford Romanian Society ("the Society") is committed to protecting your personal data and respecting your privacy in compliance with the General Data Protection Regulation (GDPR). This document outlines how we collect, use, and store personal data, particularly in relation to membership, event organization, and form submissions. By becoming a member of the Society or participating in our events, you agree to the terms outlined in this document.

1. Data Controller

The data controller responsible for the collection and use of your personal data is the Oxford Romanian Society, represented by the Society’s Committee.

2. Personal Data We Collect

The Society collects the following categories of personal data from its members and event participants:

  • Contact Information: Full name, email address, phone number.
  • Demographic Information: Nationality, academic status (e.g., student, alumni, staff).
  • Event Information: Registration details for events (RSVPs, dietary preferences, emergency contact information).
  • Photographs and Videos: Images or recordings taken at events.
  • Other Data: Any other information you provide via forms or communications for specific events or purposes.

3. Purpose of Processing

We collect and process your personal data for the following purposes:

  • Membership Management: To maintain a record of society members and communicate with them about events, announcements, and opportunities.
  • Event Organization: To organize and manage society events, including sending invitations, collecting RSVPs, and catering to special needs (e.g., dietary preferences, accessibility).
  • Communications: To keep you informed about upcoming events, news, and opportunities related to the Society via email or phone.
  • Compliance: To comply with legal obligations and ensure the security and safety of our members at events.
  • Photography and Videography: Photos or videos may be taken during events to promote the Society's activities on our website, social media, or internal communications.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Consent: We will seek your explicit consent for certain types of data processing, such as participation in events or inclusion in promotional materials (photos/videos).
  • Legitimate Interest: We process your personal data based on our legitimate interest to promote the Society, organize events, and communicate with our members.
  • Legal Obligations: We may process data to comply with legal obligations related to event safety, health regulations, or academic regulations of the University of Oxford.

5. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this document or as required by law. Typically, this means:

  • Contact information is retained for the duration of your membership and up to 1 year after your membership expires.
  • Event-related data (RSVPs, dietary preferences) is retained for the duration of the event and up to 6 months after the event concludes.
  • Photographs and videos may be retained indefinitely unless you request their removal.

6. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request access to your personal data held by the Society.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request that your personal data be erased (subject to certain limitations).
  • Right to Restrict Processing: You can request a restriction on the processing of your personal data.
  • Right to Object: You can object to the processing of your personal data for certain purposes.
  • Right to Data Portability: You can request a copy of your personal data in a machine-readable format.

To exercise any of these rights, please contact us using the methods mentioned on our "Contact" page.

7. Sharing of Personal Data

We do not share your personal data with third parties except:

  • Service Providers: Third-party service providers (e.g., venue coordinators, caterers) involved in the organization of events may receive your information when necessary.
  • University of Oxford: Data may be shared with relevant University departments for the purpose of event coordination or compliance with university regulations.
  • Legal Authorities: If required, we may share data to comply with a legal obligation.

We ensure that all third-party service providers adhere to GDPR regulations and treat your data securely.

8. Security of Your Data

We are committed to ensuring that your personal data is secure. We implement appropriate technical and organizational measures to safeguard your personal data from unauthorized access, loss, or misuse.

9. Changes to This Privacy Notice

We reserve the right to amend this privacy notice at any time to reflect changes in our practices or the law. Any significant changes will be communicated to you.

10. Contact Information

If you have any questions or concerns regarding this privacy notice or your personal data, please contact:

Oxford Romanian Society
oxrosoc [at] gmail [dot] com
Other methods of contacting us can be found on our "Contact" page.

By signing up for membership or attending events organized by the Oxford Romanian Society, you acknowledge that you have read and agree to this GDPR Agreement.