GDPR: Data Protection Policy - User Profiles

The Data Controller is Homerton College, Cambridge. Questions on this Statement should be addressed to the College’s Data Protection Officer, Homerton College, Cambridge, CB2 8PH. 01223 747180 -

Data Subject

The scope of this policy covers website author and publishers (staff)

What data is processed, and why?

  • Username *
  • E-mail address *
  • Password
  • Status (Blocked/Active)
  • Roles (within the CMS)
  • Picture (Not in use)
  • Locale settings (timezone)

Data is processed to allow users access to the system for creating and publishing content. Picture field is not used.

Where does the data come from?

Data is collected directly from the Homerton Active Directory (CRSID is used as their username) once a request is received to add users to their correct role.

Sharing with Third Parties

All data is processed by Homerton College and is not shared with 3rd parties.

Retention of data

Data is retained for the duration of their employment at Homerton College and removed once they leave and Homerton IT Department has been informed by Personnel or Principals secretary.

Data is stored on the CMS.

CRSID remains in the system after user deletion of the user profile in reference to log files for moderation of work and cannot be removed.

Rights of the Data Subject

Those whose personal data is recorded by these means – the data subjects – have the right: to ask for access to, rectification or erasure of their personal information; to restrict processing (pending correction or deletion); to object to communications; and to ask for the transfer of their personal information electronically to a third party (data portability).

Some of these rights are not automatic, and we reserve the right to discuss with the data subject why we might not comply with a request from them to exercise such rights.

If data subjects have questions or concerns about their personal information, or how it used, they are invited to speak to the Data Protection Officer.


April 2018