Privacy Policy

This privacy notice explains how the Chancellor, Masters, and Scholars of the University of Cambridge acting through the Department of Psychiatry of Herchel Smith Buidling for Brain & Mind Sciences, Forvie Site, Robinson Way, Cambridge CB2 0SZ, UK (“the University”) collects, uses safeguards and shares your personal data, and your rights in relation to the personal data we hold. In this policy “we”, “us” and “our” refers to the University.

Please read this Privacy Policy carefully.  By accessing and/or using our website and/or Services you consent to the data practices described in this Privacy Policy.  The University will take all reasonable steps to make sure that your data is treated securely and in agreement with this Privacy Policy.  IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY PLEASE DO NOT ACCESS, OR USE THE WEBSITE AND/OR THE SERVICES.

This policy concerns our processing of personal data of Website users and those making enquiries about our services.

The Chancellor, Masters, and Scholars of the University of Cambridge is the data controller for your personal data and is subject to and responsible for complying with the Data Protection Legislation as defined in section 16 below.

In order to operate and to enable you to use and access the Website and/or the Services, the University sometimes needs to collect information about you. The University is committed to being transparent about how it collects and uses that data, and to meeting its data protection obligations.

The University reserves the right to make changes to this Privacy Policy at any time and for any reason.  We will alert you about any changes by updating the “date of this Privacy Policy”.  Please see section 15 below.  You are encouraged to periodically review this Privacy Policy to check for any form of updates.  You will be deemed to have been made aware of, will be subject to, and will deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Website after the date such revised Privacy Policy is posted.

1. How we collect your information

The University may collect your personal data in a number of ways, for example:

  • We collect the vast majority of the information directly from you;
  • We may also collect additional information directly from you using information you provide to us, for example when you visit our website, or contact us by email or telephone;
  • We may obtain personal data about you from third parties including government departments and agencies. You may also have given other organisations permission to share your personal data.

This Privacy Policy does not apply to any linked third party sites or services referredto or accessible via the Website, which may also collect and use data aboutyou.  Such parties will have their ownprivacy policies which govern their use of your data and the University is notresponsible for and shall not be liable for any of the data collected by anysuch third party.

2. The types of information we collect

Personal data is any data that relates to you or identifies you as a living individual. This may be specific, such as your name, but also includes any data that it is possible to identify you from if it is combined with other information that is readily available.

For example, while data may not contain your name, if it does contain your postcode, gender and your workplace, it may be possible to identify you using this combination of information or this information combined with other information available elsewhere. As this is the case, we would treat this data as personal data and protect it accordingly.

Personal data also includes sensitive personal data (known as special category data under the law), which includes things such as race, sexuality, religious beliefs or physical or mental health status.

We will collect personal details (including personally identifiable information) such as your name, address, email address, telephone number to respond to your requests for information and/or assistance; to fulfil any contractual obligations we may have to you.

Derivative data

We may also collect derivative data, including information our servers automatically collect when you access our Website.

Collect data and log files - For each visitor to the Website, our web server automatically logs the visitor's activity. These log files include the details of the visitor's IP address, browser type, page last visited and other such information. Log files are used to analyse usage of the Website, and may be kept in an aggregated and anonymised form for historical records. We use the analysis to improve the content of our Website and our Services. The University does not share this information with any other organisation for commercial purposes.

Push notifications

We may request to send you push notifications regarding your account or the Website.  If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.

3.      How we use your personal data

Having accurate information about you permits us to provide you with a smooth, efficient, and customised experience.  We will use your data to create and manage your account if you register with us, to keep a record of your relationship with the University and to deliver a range of support services, including processing and responding to any support requests or enquiries you submit to us, registering and maintaining a record of users, and sending you relevant communications.

Specifically, we may use information collected about you via the Website to:

  • To notify you of updates to the Website and/or the Services.
  • To respond to service requests and for other customer service purposes.
  • To create a user account for you.
  • To email or otherwise contact you regarding your account or order or to send you other communications.
  • To generate a personal profile about you to make future visits to the Website more personalised.
  • To request feedback and contact you about the use of the Website and/or the Services
  • To monitor and analyse usage and trends to improve your experience with the Website and/or the Services.
  • To develop, operate, improve, deliver, maintain and protect our products and services
  • To increase the efficiency and operation of the Website and/or the Services and for data analysis and research and development purposes both internally within the University and/or with other third party service providers.

Marketing communications

We may use email to share information about our products, services and promotional offers that we think may interest you.

With your consent, we may share your information with third parties for marketing purposes as permitted by law.  Please see section 8 below.  


We may share your information with our affiliates, in which case we will require those affiliates to honour this Privacy Policy.  Affiliates include any subsidiaries, joint venture partners or other companies that we control or are under common control with us.

4. On what basis do you process my data?

Data protection laws require the University to have a valid legal basis for processing your personal data.  

When we process your information, we do this based on the following:

  • We have a contractual obligation;
  • We have a legal obligation;
  • It is necessary to meet a task in the public interest;
  • It is necessary to meet our legitimate interests or the legitimate interests of others.
  • There may be situations where we ask for your consent to process your data.

Please note that we may process your data without your knowledge or consent where this is required or permitted by law.

6. Who we share personal data with

We may share personal data as discussed in this Privacy Policy but we won’t sell it to advertisers or other third parties.  We do not share personally identifiable information with third parties other than as described in this Privacy Policy.
We may also share your data within the University and with its departments, faculties and employees, contractors, and students only where necessary to request and receive information regarding the Website and/or the Services, for responding to enquiries or requests for support and assistance, for the delivery of reports and for research and development purposes and ancillary services.

Other Third Parties

In addition, we may disclose your information to third parties, including personally identifiable information, if we determine that such disclosure is reasonably necessary in order to (a) protect or defend the legal rights or property of the University, or the legal rights of our business/service partners, employees, agents and contractors (including enforcement of our agreements); and (b) to protect the health, safety and security of University employees, students, other users of the Website and/or our Services, or members of the public including acting in urgent circumstances; and (c) to prevent and protect against fraud or abuse or to conduct risk management; or (d) to comply with applicable law, legal process or legal request.  Additionally, we may share your data, including any personally identifiable information, with our successor in interest in the event of a corporate reorganisation, merger, or sale of all or substantially all of our assets.

In the event that you give any third parties access to your information and/or account with us, please remember that their use of your information will be governed by their privacy policies and terms.  The University is not responsible for and shall not be liable for any use that such third parties make of your personal or other information.  

7. Where is my data stored?

The secure database used to store your data is kept in the UK. However, some of the personal data we process about you may be transferred to, and stored at, a destination outside the UK; for example, where it is processed by staff operating outside the UK who work for the University or for one of our suppliers, or where personal data is processed by one of our suppliers who is based outside the UK or who uses storage facilities outside the UK.

8. Will you be contacted for marketing purposes?

The University will only send you marketing emails or contact you via your preferred method where you have expressly agreed to this. We may personalise the message content based on information you have provided. You can update your preferences at any time; see section 10 below.

9. How we keep your data safe

The University is committed to safeguarding your personal data. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018 and the United Kingdom General Data Protection Regulation. We use administrative, technical and physical security measures to help protect your personal information.  While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other type of misuse.  Any information disclosed online is vulnerable to interception and misuse by unauthorised parties.  Therefore, the University cannot guarantee complete security if you provide personal information.  Policies and procedures explaining to our employees about how to collect, use and store your information safely have been published and disseminated amongst University employees.  All of our records are held within the University’s  dedicated and secure database system hosted on a secure network with access limited on a ‘need to know’ basis. For more information, a copy of the University’s overarching Data Protection Policy is available on the policies page of the University’s website.

Policy for children

We do not knowingly solicit information from or market to children under the age of 13.  If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

Use of Cookies

A cookie is a small piece of information sent by an organisation to your computer and stored on your hard drive to allow that organisation to recognise the user when you next visit.

The University’s websites may use cookies to help you personalise your online experience. One of the purposes of a cookie is to save you time and to tell the web server that you have returned to a specific page.

Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

You may choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience all of the features of the Website and/or the Services.

Further information about cookies may be found at]

10. How long is your information kept?

We will hold your personal information within a secure dedicated database for as long as is necessary to provide the Website and/or the Services, support, assistance and ancillary services to you or for a longer period if required byapplicable law.  Where you have indicatedyou no longer wish to receive any services, your information will be retainedor securely and permanently destroyed in accordance with the University’s website Retention and destruction policy.

11. How we keep your information up to date and communication preferences

The University wants to ensure that we keep the details we hold about you up to date and communicate with you fully in accordance with your wishes. You should also get in touch with us if any of your personal details change. You can update your details and your communication preferences at any time using the following contact details:

By email to:

By post to: Data Protection Officer

University of Cambridge
The Old Schools
Trinity Lane
United Kingdom

12. Your rights

Account information

If you have an account with us, you may, at any time, review or change the information in your account or terminate your account by logging into your account settings and updating your account or contacting us using the contact information provided in section 11 above.  Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases.  However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use for the Website and/or comply with legal requirements.

Under the Data Protection Laws, you have the right to:

  • Request access to your data (commonly known as a ‘subject access request’). This enables you to receive a copy of your data and to check that we are lawfully processing it.
  • Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate data we hold about you.
  • Request erasure of your data. This enables you to ask us to delete or remove your data in certain circumstances; for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
  • Object to processing of your data where we are relying on our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing for this reason. You also have the right to object where we are processing your data for direct marketing purposes.
  • Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data; for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your data to another party.

Depending on the circumstances and the nature of your request, it may not be possible for us to do what you have asked; for example, where there is a statutory or contractual requirement and it would not be possible to fulfil our legal obligations if we were to stop. However, where you have consented to the processing, you can withdraw your consent at any time, by emailing us at In this event, we will stop the processing as soon as we can. Further information on your rights is available from the Information Commissioner’s Office (ICO) (

13. How to exercise your data rights

If you wish to exercise any of your rights, please contact our Data Protection Officer using the contact details in section 11 above.

14. How to ask or raise concerns

If you have any questions, comments or concerns about how we use or handle yourpersonal data, please contact the Data Protection Officer using the contactdetails in section 11above.

If you are not content with how we handle your information we would ask you tocontact our Data Protection Officer to help you. However, you do also have theright to complain directly to the Information Commissioner via their website orvia post at: Information Commissioner's Office, Wycliffe House, Water Lane,Wilmslow, Cheshire, SK9 5AF. Information about the Information Commissioner isavailable at:

15. Changes to this privacy notice

This privacy notice may be updated from time to time so you may wish to check it each time you submit personal information to the University. The date of the most recent versions will appear on this page (see version control details below).

16. Definitions

“Data Protection Legislation” means any applicable law relating to the processing, privacy and use of Personal Data, as applicable to either party under these Terms, including the Data Protection Act 2018, the United Kingdom General Data Protection Regulation (“UK GDPR”), the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and all applicable laws and regulations relating to processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner;

Document version control

Version: 0.1

PrivacyPolicy Updated: 01/03/2021