KCGS Data Protection and Use of Student Data Policy
Published on May 24 2018.
- The Data Protection Act 1998 (DPA) regulates the processing of personal data in any format, including both digital and hard copy personal data and all other formats. ‘Personal data’ is any information relating to a living individual, and ‘processing’ is any activity carried out involving personal data, including holding and storing it. On 25th May 2018 the DPA will be superseded in the UK by the General Data Protection Regulation (GPDR), which provides individuals with enhanced rights, and imposes increased responsibilities on organisations processing personal data. This statement applies under both the DPA and GDPR.
- This policy establishes the procedures governing how King’s College Graduate Society (KCGS) will collect and release student data. It also includes information about how student data is used.
Usages of student data
- Contact details for King’s graduates, including names and @cam.ac.uk email addresses, are stored on the KCGS mailing lists. These are hosted by the University of Cambridge lists service. They are used to share information about events within college and the university.
KCGS operates the following lists:
- kings-grads - all graduate students and part III undergraduates
- kings-grads-affiliates - unused
- kings-grads-announce - all graduate students
- kings-grads-members - all graduate students
- kings-grads-committee - the KCGS executive committee
All members are able to unsubscribe from these mailing lists via lists.cam.ac.uk. The information is held for the duration of the time a student is at Cambridge. Once they leave, the mailing lists system will automatically remove those emails which have been deactivated by the central computing system.
These lists are administrated by the acting President and Computing Officer. It is the responsibility of the incoming Computing Officer to ensure that these administrative rights are updated for the new committee.
- KCGS operate an online ticketing system for graduate formals. This system records:
- Email addresses
- Dietary / medical requirements
This information is held in a secure database until payment has been secured through the internal college system. After this, the data will be held for up to a year before it is wiped.
- Subsidiary societies of KCGS are required to provide a GDPR policy statement upon their foundation. This statement should address the forms of data they may retain and how it is processed.
Existing KCGS societies:
- King's Graduate Bar
- Home brew society (dormant)
- Scrabble society