Privacy statement to members of the SRCF

Last changed: 26 May 2018

Edited 13 June 2020 without material change, to reflect renaming of CamCERT to UIS CSIRT.

Edited 26 July 2020 without material change, to replace references to 'societies' with 'groups'.


This statement explains how the Student-Run Computing Facility ("the SRCF", "the Society", "we", "our" or "us") collects and handles personal data about you as a member of the Society, and our reasons for doing so.

The latest version of this statement can be found on our website at The SRCF is the data controller for data held under this privacy statement. The SRCF Executive is the designated data protection contact, and are in charge of data protection matters. They can be contacted at

Please note: this statement only applies to data held by the SRCF for which it is the data controller. The SRCF also hosts, on its systems, users and groups who may hold personal data; however it is not the data controller in these cases, as such users/groups act as their own data controllers. You should refer to the privacy statements of those users/groups where this applies to you as a data subject.


"Personal data" or "personal information" means information relating to you that can be used in some way to identify you, either on its own or in combination with other such information available to its holder.

"Processing" of personal data is any action taken on that data, such as storage, retrieval, organisation, transmission or erasure, and/or as defined by relevant legislation.

"University" means the University of Cambridge.

A "CRSid" is a unique identifier issued to a person by the University. According to the University, CRSids are never reissued, so we assume that a CRSid will uniquely identify the same person forever. Usernames on our computer systems are also assigned to match a person’s CRSid.

The bases on which we process personal data

The SRCF usually processes members’ personal data on the basis that it is a legitimate interest of the Society. Where we process your personal information for a purpose falling outside those listed in this statement or our other privacy statements (if applicable to you), we will seek your explicit consent before doing so.

How members' personal data is used by the SRCF

The SRCF collects and processes members’ personal data for a number of purposes, including:

All of the above activities are carried out as a legitimate interest of the Society.

Please get in touch with the designated data protection contact if you have concerns or queries about any of these stated purposes.

How we obtain and share your personal data

We primarily obtain your personal data through you providing it to us, for example when you sign up as a member. However, this initial signup process also involves automatic retrieval of information available to any computer on the University network. Our systems look up this information using your CRSid, which is provided to us by the University's Raven service, which itself is used to authenticate to our Control Panel. When signing up, you will have a chance to correct and amend any or all of this automatically-obtained information.

Your personal data is not usually shared outside the SRCF and its members. The following information on an SRCF member may be made available to any SRCF member, to facilitate communication between members and also as a technical consequence of our computer systems:

The following additional information on an SRCF member is made available to the member in question and also to the System Administrators:

We share some of your personal data outside the SRCF and its members in the following cases:

Your rights

You have the right to ask for:

Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them.

If you have any questions or concerns about your personal information, please get in touch with the designated data protection contact listed at the top of this document. Please note that in dealing with your request, we may also need to share details of your request with entities with whom we have shared your personal data.

If you remain unhappy with the way your information is being handled, or with the response received from us, you have the right to lodge a complaint with the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF or online at