Application system privacy policy

Oxford Brookes University will be the Data Controller of any personal data that you supply. This means that we will make the decisions on how your data is used and for what reasons.
Why do we need your data?
We will use your personal data to process your enquiry, to review your application, to communicate with you to provide you with information relating to your application, to organise interview dates or for statistical purposes and internal reporting.

Oxford Brookes University’s legal basis for collecting this data is:

The legal basis for processing your personal data for responding to your application is that processing is necessary for the purposes of legitimate interest pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Oxford Brookes need to use this to enter into a contract with you in order to accept you as a student of the university.

Oxford Brookes have a legal obligation to use your data in order to provide statutory information such as reporting statistics to government bodies.

If Oxford Brookes asks you for sensitive data such as; racial or ethnic origin, data concerning health or sexual life or safeguarding measures, Oxford Brookes will use these data because:

You have given Oxford Brookes explicit consent to do so

What types of personal data will Oxford Brookes use?
In order to evaluate your application, Oxford Brookes will need to consider your:

Contact details

Residency information

English language fluency

Academic history & qualifications

Work experience and professional qualifications

Information required to monitor equality such as disability or ethnicity

Who will Oxford Brookes share your data with?
Your personal data will be processed and stored by a third-party processor, Ellucian, on behalf of the University. The privacy policy for Ellucian is available here: https://www.ellucian.com/privacy/

Personal data may also be shared with Google Inc. (Oxford Brookes University uses Google applications for email and administration). For further information please see the Google Inc. Privacy Policy at https://policies.google.com/privacy.

For applicants applying for courses at one of our partner colleges, their application information will be shared with that college in order for them to make an admission decision.

Applicant data will also be shared with our accommodation system, StarRez. The privacy policy for accommodation at Oxford Brookes can be seen at: /documents/studying-at-brookes/accommodation/oxford-brookes-accommodation-privacy-notice/

Will Oxford Brookes transfer my data outside of the EEA?
Where Oxford Brookes stores your data directly, this will be held in the United Kingdom. Information held on the Admissions system, CRM Recruit, will be stored by Ellucian, our partners, and will be held in the Republic of Ireland and the United States. Please note that all international data transfers are compliant with UK data protection legislation.
What rights do I have regarding my personal data that Oxford Brookes holds?

You have the right to be informed

You have the right of access to your data

You have the right to correct data if it is wrong

You have the right to ask for your data to be deleted

You have the right to restrict use of the data we hold

You have the right to data portability

You have the right to object to Oxford Brookes using your data

You have rights in relation to using your data automated decision making and profiling.

Where does Oxford Brookes source my data from?
Apart from applications entered directly into our admissions web portal, we receive information from two other sources. The first of these are alternate official admission routes, of these the most commonly used of these is the UCAS application system. Secondly, we receive some applications via authorised representatives, who will have obtained prior agreement from the subject in order to submit their information.
Are there any consequences of not providing the requested data?
Should Oxford Brookes not receive the information, the university would not be able to proceed with the evaluation of the application. This is because:

There would not be the relevant information in order to make a decision on the applicant’s academic suitability.

Not having contact information would mean the university would not be able to contact the applicant with regards to interview dates and offers of admission.

The university would not be able to fulfil its statutory duties with the relevant bodies.

Will there be any automated decision making or profiling using my data?
There is no automated decision making or profiling taking place as part of the admissions process.
How long will Oxford Brookes keep your data?
All personal data will be stored in accordance with the Oxford Brookes retention schedule. All personal information will be securely deleted after this period.
Who can I contact if I have concerns?
If you have any questions or concerns about how your personal data is being used, please contact the Information Security Management team.

Postal Address: GDPR Queries, Information Security Management Team, IT Services, Room 2.12, Gibbs Building, Headington Campus, Headington, Oxford, OX3 0BP

Email: info.sec@brookes.ac.uk

Contact us
Data Protection Officer

c/o Information Security Management team
Oxford Brookes University
Headington Campus
Headington
Oxford
OX3 0BP

BrookesDPO@brookes.ac.uk
Related links
Cookie policy