Application system privacy policy

  • Oxford Brookes University (the University) is committed to protecting the privacy and security of personal data. Personal data is information that could identify you.

    The University will be the Data Controller of any personal data that you supply. This means that we will make the decisions on how your data is used and for what reasons. 

    The University publishes additional privacy notices applicable to other groups, facilities and activities.  Subject to your circumstances, other notices may also apply to you so please read this privacy notice in conjunction with other applicable privacy notices

  • We will use your personal data to process your enquiry, to review your application, to communicate with you to provide you with information relating to your application, to organise interview dates or for statistical purposes and internal reporting.

    Oxford Brookes University’s legal basis for collecting this data is:

    • The legal basis for processing your personal data for responding to your application is that processing is necessary for the purposes of legitimate interest pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

    • Oxford Brookes need to use this to enter into a contract with you in order to accept you as a student of the university.

    • Oxford Brookes have a legal obligation to use your data in order to provide statutory information such as reporting statistics to government bodies.

    If Oxford Brookes asks you for sensitive data such as; racial or ethnic origin, data concerning health or sexual life or safeguarding measures, Oxford Brookes will use these data because:

    • You have given Oxford Brookes explicit consent to do so

    In order to evaluate your application, Oxford Brookes will need to consider your:

    • Contact details
    • Residency information
    • English language fluency
    • Academic history & qualifications
    • Work experience and professional qualifications
    • Information required to monitor equality such as disability or ethnicity

    Your personal data will be processed and stored by a third-party processor, Ellucian, on behalf of the University. The privacy policy for Ellucian is available here: https://www.ellucian.com/privacy/

    Personal data may also be shared with Google Inc. (Oxford Brookes University uses Google applications for email and administration). For further information please see the Google Inc. Privacy Policy at https://policies.google.com/privacy

    For applicants applying for courses at one of our partner colleges, their application information will be shared with that college in order for them to make an admission decision.

    Applicant data will also be shared with our accommodation system, StarRez. The privacy policy for accommodation at Oxford Brookes can be seen at: https://www.brookes.ac.uk/documents/studying-at-brookes/accommodation/oxford-brookes-accommodation-privacy-notice/

    Where Oxford Brookes stores your data directly, this will be held in the United Kingdom. Information held on the Admissions system, CRM Recruit, will be stored by Ellucian, our partners, and will be held in the Republic of Ireland and the United States. Please note that all international data transfers are compliant with UK data protection legislation.
    • You have the right to be informed
    • You have the right of access to your data
    • You have the right to correct data if it is wrong
    • You have the right to ask for your data to be deleted
    • You have the right to restrict use of the data we hold
    • You have the right to data portability
    • You have the right to object to Oxford Brookes using your data
    • You have rights in relation to using your data automated decision making and profiling.
    Apart from applications entered directly into our admissions web portal, we receive information from two other sources. The first of these are alternate official admission routes, of these the most commonly used of these is the UCAS application system. Secondly, we receive some applications via authorised representatives, who will have obtained prior agreement from the subject in order to submit their information.

    Should Oxford Brookes not receive the information, the university would not be able to proceed with the evaluation of the application. This is because:

    • There would not be the relevant information in order to make a decision on the applicant’s academic suitability.
    • Not having contact information would mean the university would not be able to contact the applicant with regards to interview dates and offers of admission.
    • The university would not be able to fulfil its statutory duties with the relevant bodies.
    There is no automated decision making or profiling taking place as part of the admissions process.
    All personal data will be stored in accordance with the Oxford Brookes retention schedule. All personal information will be securely deleted after this period.

    If you have any questions or concerns about how your personal data is being used, please contact the IT Services Information Security Management team.

    Email: info.sec@brookes.ac.uk

    In certain circumstances we may refer your query or concern to the University Data Protection Officer (DPO), a semi-independent role at Brookes required by UK law.  If you would prefer to contact the DPO directly please email brookesdpo@brookes.ac.uk

    What is the Information Commissioner’s Office (ICO)? 

    The ICO is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. While we recommend that you raise any concerns or queries with us first you have the right to complain to the ICO directly if you believe Brookes is using your personal data unlawfully.

    Please visit www.ico.org.uk for information on how to make a complaint or would like independent and impartial guidance on data protection and privacy.