Skip to main content

A venue for all occasions

Personal Data & Privacy Policy

How Rhodes House processes your personal data.

Rhodes House Ltd collects and processes personal data relating to its prospective customers, existing customers, event guests, and suppliers. We keep aspects of these records for varying lengths of time, both electronically and physically. Our principles are simple – we will be transparent about the data we are collecting and how we use the information we hold about you.

The overarching purpose of collecting and processing your data is to manage events from enquiry through to delivery, which includes supplying information about holding events at Rhodes House and providing event organisers and guests with the best possible experience of being a client of Rhodes House Ltd.

If at any point you have questions about this privacy notice, or how we are using your data, please contact us.

1. About this privacy notice 

The purpose of this privacy notice is to explain how Rhodes House Ltd ("RHL", “Rhodes House”, "we", "our", "us") holds and uses personal data about our clients, potential clients, event guests, and event suppliers ("you"), and how we use it for the purposes of meeting our legal obligations and in connection with our broader working relationship with you. RHL is a wholly owned subsidiary of the Rhodes Trust.

2. The data we collect about you 

We collect information about you when you correspond with us by phone, email, or in-person, or when you complete our online enquiry form. We may also collect information via indirect enquiry channels such as Conference Oxford or Venues of Excellence.

We may hold and process the following types of personal data about you:

  • Personal contact details, including your full name and title
  • Address and contact details, including email address and telephone number
  • Employer details and job title
  • Bank account

Sensitive personal data:

  • We may also need to process information you provide for guests such as dietary or accessibility information, or that your guests provide for children attending events, such as age, personal relationship, medical conditions, and dietary information (“Special Category Data”).

3. How we use your personal data 

RHL needs to process your personal data for the following purposes in support of providing the event venue services you request:

  • To provide you with an offer or contract
  • To provide you with invoices to accept and process payments for venue services
  • To provide a safe event venue for you and your guests
  • To engage and pay event suppliers

We may also need to process your data to:

  • ensure the safeguarding of children and vulnerable adults, where applicable

If you do not wish your data to be used in any of the ways listed above, or have any questions, please contact us on data.protection@rhodeshouse.ox.ac.uk. However, please be aware that we may need to continue processing your data in any event

Marketing

We also use your personal data in the following ways:

  • To keep you informed of news relating to RHL. You may ask us to stop sending these at any time by using the unsubscribe link in each email or by contacting us separately
  • To contact you about venue hire opportunities that may interest you (where relevant to you, your employer, or otherwise in accordance with your preferences)

We will not provide your data to other businesses so they can use it for marketing purposes.

If you do not wish your data to be used for marketing purposes, or have any questions, please contact us on events@rhodeshouse.ox.ac.uk.

4. When and how we share your data 

Your information will be shared internally, including with members of the Events, Catering, Front of House, Reception, AV & IT teams, and Estates staff if access to the data is necessary for the delivery of your event or the performance of their roles.

RHL shares your data with third parties who provide services on our behalf, such as our website provider or our event booking system. All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We permit them to process your data only for specified purposes and in accordance with our instructions.

Whenever your information is shared, we will always seek to share the minimum amount of information necessary to fulfil the purpose.

International transfers 

Most of the personal data we process for our prospective and current venue customers stays in the UK although there may be occasions when we transfer your data outside the European Economic Area (EEA), for example, when we communicate with you using a cloud-based service provide that operates outside the EEA such as our event booking system. Such transfers will only take place if one of the following applies:

  • The country receiving the data is considered by the EU to provide an adequate level of data protection;
  • The organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Data Privacy Framework;
  • The transfer is governed by approved contractual clauses;
  • The transfer is necessary for the performance of a contract with you or to take steps requested by you prior to entering into the contract; or
  • The transfer is necessary for the performance of a contract with another person, which is in your interests.

5. Our legal basis for processing your data 

We will only process your personal data where the law allows us to do so. Most commonly we rely on the following legal bases for processing your personal data:

  • Where it is necessary to perform a contract, we have entered into with you (the legal basis of “performance of a contract”), for example to arrange an event;
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (the legal basis of “legitimate interests”).

6. Data security 

RHL takes the security of your data very seriously and we have appropriate security measures in place to prevent your personal data from being accidentally lost or misused. Access to your personal data is limited to those employees and other third parties who have a need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

7. How long we keep your data 

We will only retain your data for as long as we need it to fulfil our purposes, including any relating to legal, accounting, or reporting requirements. The periods for which your data is held are set out in the following Events retention periods.

  • Event attendee information – 6 months;
  • Contact details for the person(s) booking the event – 5 years from the date of the most recent event held at Rhodes House;
  • Prospective clients – 12 months.

When, we no longer need to retain personal information, we ensure it is securely disposed of. We will also keep anonymised statistical data indefinitely. Please contact the Events department for further information on our retention policy (events@rhodeshouse.ox.ac.uk).

8. Your legal rights 

Under certain circumstances, you have the right to:

  • Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
  • Request erasure of your data. This enables you to ask us to delete or remove your data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
  • Object to processing of your data where we are processing it to meet our legitimate interests (or those of a third party). You also have the right to object where we are processing your data for direct marketing purposes.
  • Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example if you want to establish its accuracy or the reason for processing it.
  • Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.

Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a contractual, legal or statutory requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop.

However, where you have consented to the processing, you can withdraw your consent at any time by emailing events@rhodeshouse.ox.ac.uk 

In this event, we will stop the processing as soon as we can. If you choose to withdraw consent, it will not invalidate past processing.

If you have any concerns about how we are processing your personal data, and for further information about your rights, please see the Information Commissioner’s website at https://ico.org.uk/.

9. Contact us 

If you have any questions about this privacy notice or about your personal data, or if you want to provide updates to your data or exercise any of your rights as outlined above, please use the details below:

The Rhodes Trust

Rhodes House, South Parks Road

Oxford, OX1 3RG, United Kingdom

Email: data.protection@rhodeshouse.ox.ac.uk 

We reserve the right to update this privacy notice at any time. Any changes to this privacy notice will be posted to this page.