Who we are
The University of Oxford is the Data Controller for personal data processed by the Central IT Service Desk who process personal data in accordance with the UK GDPR and Data Protection Act 2018.
What we collect
When you contact the central IT Service Desk, we may process:
- Your name, University ID, department/course
- Contact details (University email, phone number)
- Device and account identifiers
- Details of your support request
- Call recordings (where telephone recording is in operation)
- Notes and actions taken by IT staff
Why we process your data
We process personal data to:
- Provide IT support and resolve technical issues
- Maintain system security and integrity
- Monitor and improve service quality
- Train staff and investigate complaints
- Meet legal and regulatory obligations
Lawful basis (UK GDPR)
- Article 6(1)(b) – Contract
- Article 6(1)(e) – Public Task
- Article 6(1)(f) – Legitimate Interests
- Article 6(1)(c) – Legal Obligation
- Special category data is processed only where necessary under Article 9 UK GDPR
Retention
- Call recordings are typically retained for 6 months
- Support calls are typically retained for [6 years after closure]
Your rights
You have the right to access, rectify, erase, restrict or object to processing in certain circumstances. To exercise your rights, contact the University’s Information Compliance Team at data.protection@admin.ox.ac.uk. The same email address may be used to contact the University’s Data Protection Officer.
