Privacy Policy for the Restore Respect to the Oxford Union Campaign

Last Updated: September 16, 2025

Introduction

Restore Respect to the Oxford Union is dedicated to removing the incoming Hilary Term Oxford Union President and providing oversight of Oxford Union activities, particularly in relation to free speech.

We respect your privacy and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with us.

For the purposes of the GDPR, we act as the data controller and can be contacted at: contact@restorerespectoxfordunion.co.uk

1. Personal Data We Collect

We may collect and process the following types of personal data:

  • Identity and Contact Data: Name, email address, and phone number (e.g., when you sign up for our newsletter or voting reminders).

  • Event-Related Data: Information related to your participation in our activities (e.g., card collection).

  • Technical Data: IP address, browser type, and device information when you visit our website or online platforms.

  • Correspondence Data: Information you provide when contacting us, such as inquiries or feedback.

We collect this data when you:

  • Register for or attend our events.

  • Subscribe to our communications (e.g., newsletters).

  • Visit our website or social media pages.

  • Contact us directly.

2. Legal Basis for Processing

We process your personal data under the following legal bases provided by the GDPR:

  • Consent: When you have explicitly given consent (e.g., to receive newsletters or voting reminders).

  • Legitimate Interests: For activities necessary to operate our group (e.g., organizing events, responding to inquiries), provided your rights do not override these interests.

  • Contract: When processing is necessary to fulfill an agreement with you (e.g., event registration or card collection).

  • Legal Obligation: To comply with applicable laws or regulations.

3. How We Use Your Data

We use your personal data to:

  • Organize and manage events or activities you participate in.

  • Send updates, newsletters, or other communications (where you have consented).

  • Respond to your inquiries or feedback.

  • Improve our website and services (e.g., through analytics).

  • Comply with legal or regulatory requirements.

4. Data Sharing

We do not sell your personal data. However, we may share your data with:

  • Service Providers: Trusted third parties that assist with our activities (e.g., email platforms like Mailchimp or event management tools). These providers act as data processors under GDPR and are contractually obligated to protect your data.

  • Authorities: When required by law or to protect our legal rights.

We ensure all third parties comply with GDPR and process data only for legitimate, specified purposes.

5. International Data Transfers

If your data is transferred outside the European Economic Area (EEA) (for example, when using a US-based email service), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs), or

  • Confirming the recipient is in a country with an adequacy decision from the European Commission.

6. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this policy:

  • Event registration data: 1 year after the event (unless deletion is requested).

  • Newsletter subscription data: Until you unsubscribe.

  • Technical data: 24 months (for analytics purposes).

When data is no longer required, it is securely deleted or anonymized.

7. Your Rights Under GDPR

As an individual within the EEA, you have the following rights:

  • Access: Request a copy of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Request deletion of your data (subject to legal obligations).

  • Restriction: Limit processing of your data in certain situations.

  • Portability: Receive your data in a structured, commonly used format.

  • Object: Object to processing based on legitimate interests.

  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent).

To exercise these rights, please contact us at: contact@restorerespectoxfordunion.co.uk

We will respond within one month, as required by GDPR.

8. Data Security

We apply appropriate technical and organizational measures to protect your data, including:

  • Using secure and encrypted storage platforms.

  • Restricting access to authorized team members only.

  • Regularly reviewing data protection practices to ensure ongoing compliance.

9. Cookies and Tracking

If our website uses cookies, we will:

  • Inform you and obtain consent before placing non-essential cookies.

  • Provide tools to manage cookie preferences.

  • Use cookies only for analytics and essential functionality.

You can also manage or disable cookies through your browser settings.

10. Complaints

If you have any concerns about how we handle your data, please contact us first at: contact@restorerespectoxfordunion.co.uk

You also have the right to lodge a complaint with your local data protection authority — for example:

  • UK: Information Commissioner’s Office (ICO)

  • Ireland: Data Protection Commission (DPC)

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations.
Significant updates will be communicated via a notice on our website.

 Contact Us

For questions or to exercise your GDPR rights, contact us at:

  • Email: contact@restorerespectoxfordunion.co.uk