Personal Data

Downing College is committed to the proper management of personal data.

What information do we collect?
We collect information from you when you create a booking account and when you make a booking. At these points you may be asked to enter your: name, e-mail address, CRSID (If a member of the University of Cambridge), telephone number, organisation name, address, not-for-profit status, credit card information. The legal basis for processing your personal information is that it is necessary in order for you to enter into a contract to provide facilities and resources to you.

What do we use your information for?
To make bookings, process transactions, and manage the delivery of rowing tank operations.

How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you open an account or make a booking.
Booking data is processed by our booking gateway providers, Checkfront. Their privacy policy can be read here: https://www.checkfront.com/privacy<https://www.checkfront.com/privacy
Payment data is processed by our payment gateway providers, Stripe. Their privacy policy can be read here: https://stripe.com/gb/privacy<https://stripe.com/gb/privacy
Some data is retained by Downing College for the purposes of managing the delivery of rowing tank operations. This is kept on secure servers and shared only with staff that are directly involved with the running of the Cambridge Rowing Tank. Data held by the College relating to individual bookings and accounts is held for a period of seven years from creation and then permanently deleted.

Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Your Rights
You have the right: to ask us for access to, rectification or erasure of your information; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability). Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

You retain the right at all times to lodge a complaint about our management of your personal information with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (https://ico.org.uk/).

Contact
The controller for your personal information is Downing College, Cambridge, CB2 1DQ. The person responsible for data protection at the time of issue, and the person who is responsible for monitoring compliance with relevant legislation in relation to the protection of personal information, is the Data Protection Officer. Please contact us at data.protection@dow.cam.ac.uk if you have any questions about this statement or how we manage your personal data.