This page explains how and why we collect, and use, your personal information when you visit the University of Cambridge’s central website (www.cam.ac.uk) or any website within the University’s domain (cam.ac.uk) that has referred you to this privacy notice.
Who will process my personal information?
When you view or use www.cam.ac.uk, or any website within the University’s domain (cam.ac.uk) that has referred you to this privacy notice, the University of Cambridge (‘we’, ‘us’ and ‘the University’) is the data controller.
This notice applies to the use of your personal information (also known as ‘personal data’) by the University of Cambridge, including its Departments, Institutes and Research Centres/Units, when you view or use a website within the University’s domain. Each of the 31 Colleges of the University is a separate legal entity for these purposes and each College’s website will supply you with its own information.
What personal information is collected and why?
For site security and performance
To allow you to use additional functionality
We use the third-party ShareThis service to allow you to share our news and research articles easily on social media. If you click or tap a ‘Share’ button on our website, your Device ID and IP address will be collected and sent to ShareThis. For information about how ShareThis uses your personal information, please see ShareThis’ privacy notice.
To improve our service to you
Our website search is powered by Funnelback. Search queries and results are logged anonymously to help us improve our website and search functionality. No identifiable personal information is collected by us or Funnelback.
At times, we use a third-party service, Qualtrics, to gather answers to survey questions that we may ask about how you use our website. We collect your IP address if you submit a response, or if you do not wish to reply and ask us not to ask you again. For more information about how Qualtrics uses your personal information, please see Qualtrics’ privacy statement.
To remember marketing preferences
Third-party services that we embed on some of our webpages – such as YouTube videos – may set cookies to measure how you use their services and record what advertising you see during your use of their service. This will only happen if you interact with the embedded content or opt in to ‘Social marketing preferences’ cookies.
What should you expect to happen with the information?
The use of your personal information in the ways described above is necessary for the legitimate interests of the University in operating and improving its websites, analysing their use and ensuring their security, or is carried out with your consent when you opt in to receive ‘Personalisation settings’ cookies or ‘Social marketing preferences’ cookies.
We are committed to respecting the information you trust us with. We do all that we can to keep your data secure. We have established systems and processes to prevent unauthorised access or disclosure of your data - for example, we protect your data using varying levels of encryption. We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
Where we do need to collect any additional personal data not listed above via our website, you will be told at that time about the use we will make of that information. For example, you may need to complete an online form in order for us to send you newsletters or to book to attend a University event.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible, both while it’s processed and when it’s stored.
We may need to transfer your personal information outside of the United Kingdom in order to provide you with the services and products you require or as necessary for our legitimate interests. Any such transfers are carried out with safeguards in place to ensure the confidentiality and security of your personal information. Transfers are protected either by 'adequacy regulations' issued by the UK Government (declaring the recipient country as a 'safe' territory for personal data) or by standard contractual clauses issued by the UK Information Commissioner's Office (which give obligations for the recipient to safeguard the data).
Children’s privacy protection
Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain data about anyone under the age of 13.
How do I get further information?
For more information about how we handle your personal information, for contact details and to understand your rights under data protection legislation, please see our general data protection notice.
Page last updated: 27 October 2023