Privacy Policy

Who we are

Privacy Policy

Who will process my personal information?

The information published here applies to the use of your personal information (also known as ‘personal data’) by the University of Cambridge through the viewing or use of its main website ( or any website within the University of Cambridge domain which has pointed you to this page.  The information published here is limited to the use of personal information by University websites; various other notices are published in relation to our use of the personal information of applicants, students, staff, alumni, research participants, and others.

Personal information collected

When you visit we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. For information about how Google Analytics uses your personal information, please see and

For information about how we use cookies on our websites, please see

The use of your personal information in the above ways is necessary for the legitimate interests of the project and its parent organisation, the University of Cambridge, in operating and improving its websites, analysing their use, and ensuring their security. Our websites collect very little personal information and we use it in ways that are compatible with your individual rights and freedoms.  Where you enter your personal information into an online form on any of our websites for any specified purpose, you will be told about the use we will make of that information (e.g. to send you newsletters or to enable your attendance at an event).

Stop Communications

You can request to stop receiving our communications, or for us to erase your data, at any time by emailing us. Please note if you request to stop receiving communications, we will need to store your details on a secure database to enable us to comply with your request (even if we erase your data from our other systems).


Under the GDPR, data subjects are given various rights, which you are free to exercise:

  • The right to be informed of how your personal data are being used – (covered by this Privacy Policy page).
  • The right of access to your personal data – via a ‘subject access request’.
  • The right to have any inaccurate personal data rectified.
  • The right to have personal data erased where appropriate – also known as the right to be forgotten.
  • The right to restrict the processing of personal data pending its verification or correction.
  • The right to receive copies of personal data in a machine-readable and commonly-used format – known as the right to data portability.
  • The right to object: to processing (including profiling) of personal data that proceeds under particular legal bases; to direct marketing; and to processing of data for research purposes where that research is not in the public interest.
  • The right not to be subject to a significant decision based solely on automated decision-making using your personal data.

A response to a rights request normally needs to be sent within one month.  However, nearly all of these rights are qualified in various ways and there are numerous specific exemptions both in the GDPR and in the DPA 2018 (for example, nearly all the rights may not apply if the personal data are being processed solely in an academic research context). These rights build upon and strengthen rights previously given to data subjects under the DPA 1998.

Further information

For more information about how we handle your personal information, and your rights under data protection legislation, please see


We are committed to protecting your personal information. If, however, you have a concern about how we have handled your data or about the contents of this Privacy Statement, or if you feel we may have mishandled your personal information, please contact us. We will respond efficiently to any complaints we receive.

If you are not satisfied with our response you can contact the Information Commissioner’s Office with your concerns:

This page was last updated in February 2019.


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.