Privacy notice

August 2023

1. Introduction

1.1 Commitment to privacy

We are committed to protecting the privacy of visitors to this website including, but not limited to, current and prospective tenants. New technologies have changed the way information is gathered and used, but our continuing commitment to preserving the security and confidentiality of personal information has remained one of our core priorities.

1.2 Purpose

Oxford University Endowment Management Limited (“OUem”) is the controller responsible for your personal data. OUem have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy.

We collect and process personal data when you visit our website or request more information about or enter into a tenancy agreement with us. This privacy policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

We keep our privacy policy under regular review. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2. Data we collect about you

2.1 Personal data

Under the UK GDPR ‘personal data’ (referred to as personal information in this notice) means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

It does not include data where the identity has been removed (anonymous data).

2.2 Collection

We collect personal information from you so we can provide the tenancy and tenancy related services to you. The types and categories of information we collect and maintain about you include:

Information we receive from you to enter into a tenancy agreement and in its implementation (such as address, telephone number, and financial information);

Information we receive from professional advisers authorised to act on your behalf (such as your accountant and solicitor), if applicable.

2.3 If you fail to provide personal information.

3. How we use your personal information

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may not be able to enter into an agreement with you, but we will notify you if this is the case at the time.

Where we need to perform services under the contract we are about to enter into or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamentalrights do not override those interests.

Where we need to comply with a legal obligation.

4. Disclosure of personal information

4.1 Disclosure

We disclose your personal information to non‐affiliated third parties only in limited instances and then only in connection with providing services to you. Some of the instances are listed below:

Disclosures to companies that perform services on our behalf (such as our technology consultants who maintain our computer systems, property management firms and our external auditors) subject to agreements that prohibit such companies from disclosing or using the information other than for the services required or as permitted bylaw;

Disclosures at your direction to your professional advisers (such as your accountant, solicitor and appointedconsultant, if applicable);

Disclosures necessary to provide tenancy services to your account; and

Disclosures required by law, for example for anti‐money laundering purposes.

4.2 International transfers

The disclosure of personal information to third parties may involve the transfer of data to jurisdictions outside the European Economic Area (EEA). Such countries may not have the same data protection laws. Any transmission of personal information by us or our delegates (being entities which we have appointed or engaged to carry out functions or tasks on its behalf) outside the EEA shall be in accordance with the conditions in the GDPR.

5. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements

We seek to ensure that all third parties respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. Your rights

We respect your right to access and control your information. We will respond to requests for information and, where applicable, will correct, amend, or delete your personal information unless legal or regulatory restrictions prevent us. Under the GDPR your rights include:

The right to be informed;

The right of access;

The right to rectification;

The right of erasure;

The right to restrict processing;

The right to data portability;

The right to object; and

Rights related to automated decision making.8. Further questionsIf you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Officer (

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Back to Home Page