Join the society for free

Privacy Policy

Last updated: 13 June 2026

This privacy policy explains how Oxford Postgraduate Society collects and uses personal information. It applies to our website, membership forms, events, mailing lists, online groups, competitions, complaints, and other contact with us.

Who we are

Oxford Postgraduate Society is a trading name of Lyle Hopkins. Lyle Hopkins is the data controller for the personal information described in this policy. You can contact us about privacy matters by emailing admin (at) oxfordgradsoc.org.

Information we collect

We may collect the following information where relevant:

  • name, email address, phone number, and social media profile details;
  • student, alumni, professional, city, institution, or course information used to assess membership or event eligibility;
  • membership, event registration, attendance, payment, and communication preferences;
  • messages, enquiries, complaints, appeals, evidence, competition entries, and feedback you send to us;
  • photos, video, or social media posts from events, where this is made clear or you provide them to us;
  • accessibility, dietary, welfare, safety, or incident information where needed to run safe and inclusive activities; and
  • technical information about website use, such as IP address, device, browser, and cookies, where this is collected by our website, embedded forms, hosting provider, or analytics and security tools.

How we use personal information

We use personal information to:

  • manage membership applications and maintain our membership records;
  • organise events, online groups, newsletters, announcements, competitions, and society activities, including occasional sponsor-funded notices or features within our own channels;
  • respond to enquiries, complaints, appeals, welfare concerns, safety incidents, and legal requests;
  • keep our events and online spaces safe, respectful, and suitable for members;
  • promote the society and its activities, including by using event photographs where attendees have been told that photography may take place, content you provide to us, or social media posts that are already public;
  • administer and protect our website, forms, mailing lists, records, and communications; and
  • meet legal, regulatory, insurance, accounting, and dispute-resolution obligations.

Our lawful bases

Under UK data protection law, we rely on one or more of these lawful bases:

  • Consent, for example where you opt in to particular communications, provide optional information, or agree to a specific use of a photo or testimonial.
  • Contract, where we need information to process membership, event registration, or participation in a society activity.
  • Legitimate interests, including running the society, communicating with members, managing events, promoting activities, protecting safety, handling complaints, and maintaining appropriate records.
  • Legal obligation, where we must keep or disclose information to comply with the law.
  • Vital interests, where information is needed in an emergency to protect someone from serious harm.

If we process special category information, such as health, accessibility, welfare, or incident information, we will do so only where we have a suitable additional basis. This may include your explicit consent, vital interests, or the establishment, exercise, or defence of legal claims.

Who we share information with

We share personal information only with the following categories where it is necessary and proportionate:

  • committee members, organisers, volunteers, or advisers who need limited information for specific society purposes, such as running an event or handling a particular enquiry, complaint, safety matter, or legal issue;
  • service providers such as website hosts, email providers, form and membership platforms, event platforms, payment providers, cloud storage providers, and IT support;
  • venues, security, welfare contacts, emergency services, insurers, or professional advisers where needed for safety, incident management, complaints, legal claims, or event administration;
  • social media platforms or online group providers where you interact with us through those services; and
  • public authorities, regulators, courts, or law enforcement where required by law or where necessary to protect rights, safety, or security.

For security, access to the membership database and mailing list is restricted to the data controller. Membership information stored in the database, including email addresses, membership details, and communication preferences, is not shared with committee members as a general committee resource.

Where someone signs up for a specific event, limited event registration information is made available only to committee members or organisers who need it to help run that event. Some venues may also require a guest list for security, entry, safety, or event administration. Event information is handled separately from the membership database and mailing list, for example through ticketing or event administration software.

We do not sell, rent, or give the membership database, mailing list, or event attendee lists to sponsors or advertisers. Sponsors may pay to be featured in our newsletter, online groups, website, or events, but they do not receive member contact details or attendee lists from us. If a sponsor provides its own contact form, sign-up page, QR code, or similar facility and you choose to submit information to them, that information is handled by the sponsor under its own privacy arrangements.

Members may choose to join WhatsApp communities or groups linked to the society. If you join a WhatsApp community or group, your WhatsApp phone number may be visible to other users in that community or group, and that visibility is controlled by WhatsApp rather than by us. WhatsApp communities and groups are for members only. If you join or remain in them, your WhatsApp phone number must be saved to your membership profile so that we can confirm membership. Members whose WhatsApp number is not linked to their membership profile will be removed from the WhatsApp community or groups. This helps keep members safe and helps ensure that the groups are being used properly.

Where we run surveys or similar consultations using membership information, we share the results with members, committee members, or others only in aggregated or anonymised form so that individual respondents are not identified.

Our membership forms are currently embedded from GreenRope. When you use those forms, GreenRope may process the information you submit on our behalf and may also apply its own terms and privacy notices.

International transfers

Some service providers, online platforms, or embedded tools may process information outside the United Kingdom. Where this happens, we use providers and safeguards that are appropriate under UK data protection law, such as adequacy regulations or approved contractual protections.

How long we keep information

We keep personal information only for as long as reasonably needed for the purpose it was collected. In general:

  • membership and communication records are kept while you are a member or remain engaged with the society, and then reviewed periodically;
  • event records are usually kept for administration, safety, and accounting purposes, then deleted or anonymised when no longer needed;
  • complaints, appeals, incidents, safeguarding, legal, or insurance-related records may be kept for longer where needed to protect people, evidence decisions, or handle legal claims;
  • financial or accounting records are kept for the period required by law; and
  • membership and mailing list status records are kept so that we can manage membership, newsletter delivery, unsubscribe requests, and do-not-contact requests.

Your rights

You may have the right to ask us to:

  • confirm whether we process your personal information and provide a copy of it;
  • correct inaccurate or incomplete information;
  • delete information where there is no good reason for us to keep using it;
  • restrict or object to certain uses of your information;
  • provide certain information in a portable format; and
  • withdraw consent at any time, where we rely on consent.

You have the right to object to processing based on legitimate interests. The mailing list is the membership database and is used for society newsletters and announcements. If you unsubscribe from the membership mailing list, you are no longer a member of the society. Unsubscribing flags your record as inactive and records that you have left the society.

These rights are not absolute and depend on the circumstances. To make a request, email admin (at) oxfordgradsoc.org.

Cookies and third-party tools

Our website uses external services such as Bootstrap, Google Fonts, jQuery, social media links, and embedded membership forms. These services may receive technical information such as your IP address and may set cookies or similar technologies. You can control cookies through your browser settings. Some embedded forms or website features may not work properly if cookies or third-party content are blocked.

Automated decision-making

We do not use personal information for automated decision-making or profiling that has legal or similarly significant effects.

Complaints

Please contact us first if you have a concern about how we use your personal information. You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator, at ico.org.uk/make-a-complaint/.

Changes to this policy

We may update this policy from time to time. The latest version will be published on this page.