Oxford Brookes University Events privacy policy

Oxford Brookes University as Data Controller is committed to protecting the privacy and security of personal data or information. Personal data is information that could identify you.

We will make the decisions on how your data is used and for what reasons as well as how long it is kept for.

The purpose of this privacy notice is to:

  • be clear about the information the University collects and stores about you and its use

  • let you know what your rights are and whom you can contact  

  • comply with obligations under UK data protection and privacy law.

Other notices may also apply to you so please read this privacy notice in conjunction with other applicable privacy notices

Information compliance team


Why do we need your information?

  • You are coming to an event that will be run or hosted by Oxford Brookes and this information is needed to make arrangements

  • We may use this information so that you are told about other events or promote the University

  • Your feedback (either identifiable or not) might be used to gauge the success of an event or endorse future events 

  • We may collect statistical information from  attendees for the same reason: to look at the popularity of an event so that we can target future marketing, for example. Sponsors may ask for statistical information

  • We could photograph, record and/or live stream events and you may be visible

Oxford Brookes has to tell you the legal basis for collecting this information about you and it depends on the reasons that you are coming to the event:

  • Consent: you have given clear consent for us to process your personal data for a specific purpose.

  • Contract: the processing is necessary for a contract you have with Oxford Brookes, or because they have asked you to take specific steps before entering into a contract.

  • Public task: the processing is necessary for Oxford Brookes (or another organisation) to perform a task in the public interest or for official functions in line with the University’s legal powers and Constitution (core business). This is likely to be when the event is associated with teaching, education or research.

  • Legitimate interests: the processing is necessary for your legitimate interests, those of Oxford Brookes or the legitimate interests of a third party. 

The lawful basis that applies (provided above) will depend on the reason that you have provided the information to us, as well/or the reason for the event. 

If  you are sharing sensitive data (Special Category) with us:

This is information such as your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sexual life, genetic/biometric data or criminal records. Whilst it is unlikely that you will provide us with such information, again there could be one of several legal justifications for Oxford Brookes University to use it. 

The most likely reasons that the University is allowed to use your Special Category information are: 

  • You consent or agree to share this information 

  • This information is already in the public domain (lawfully)

  • Information may be used in an identified form for statistical purposes (such as looking at the popularity of events, perhaps, and the demographic of those people who attend)

What types of personal data will Oxford Brookes University use?

The data that you could share with Oxford Brookes may include:

  • biographical information about speakers or contributors could be quoted on advertising material 

  • your name - we may need your name when we book the event or you may need to give your name to show that you have attended for example

  • your email address so that we can be in contact with you about this event and similar ones 

  • you may give us details about access requirements or arrangements to facilitate your attendance (for example - dietary requirements for a catered event) 

  • payment details

  • your image - photography and filming may take place at the event. You will be told if that is the case

  • your voice if you contribute to a recorded discussion at an event. 

Where photographs or recordings are made, you need to know that the recording or photo could be used again. The recording could be used to promote other events or to promote the University elsewhere - for example on social media.  It is possible that it could be used for other purposes such as research. 

Whom will Oxford Brookes share your data with or transfer your data to?

Oxford Brookes University could share your information with companies or people who organise an event, or who are involved in the administration of this or similar events (including sponsors, consultants and others).

Oxford Brookes University uses software to arrange events (either virtually or otherwise) and take payment where it is due. This will necessitate your information being processed by that software and so we include those details here. These companies have their own Privacy Notices and you can look at those to see how they might use your information. 

It will be clear from your invitation or marketing material where other software is used and again you can look at the company Privacy Notice to see how the company uses your personal information. 

Will your data be shared, transferred or stored outside the UK?

Yes, for example the University stores information using Google Workspace. Google stores information overseas. Software companies may store information entered overseas - this could include a ticket provider for example. Please see the respective Privacy Notices above for further information on where your data could be transferred to outside the UK and EEA.

What rights can you have regarding your personal data which Oxford Brookes holds?

  • You have the right to be informed

  • You have the right of access to your data

  • You have the right to correct data if it is wrong

  • You have the right to ask for your data to be deleted

  • You have the right to restrict use of the data we hold

  • You have the right to data portability

  • the right to object to Oxford Brookes using your data

  • You have rights in relation to using your data automated decision making and profiling.

Your rights will depend on the legal ground used to process your data.

What was the source of your data?

From you, if you:

  • complete forms in relation to attending or participating in an event, (including buying or registering for tickets online)

  • attend an event

  • engage with us during an event (for example when you sign up to a mailing list or enter a competition)

  • complete our surveys and feedback forms

  • contact us by post, email, online chat, social media, telephone or another format

  • use the website, including when you search, register or use our online payment/ticketing portals or sign-up for an event

  • provided information for an earlier event, we may use this information to tell you about another one.

Or from other people or organisations such as: 

  • ticketing agencies who sell tickets or process ticket orders

  • someone else who may purchase tickets on your behalf or register your details with the University or elsewhere 

  • our payment provider who will confirm details of your payment

  • publicly available sources when researching and creating biographies of speakers and key attendees.

Are there any consequences if you do not want us to use your information in this way?

Yes, we are sorry but it may mean that you cannot attend the event.

Will there be any automated decision making using my data?

No - not by Oxford Brookes University. It is possible that software employed to support your attendance may do so.

How long will Oxford Brookes keep your data?

Oxford Brookes will keep your data for as long as is necessary, or in line with the University procedures. There is a retention schedule. Any information that is used for research for example could be kept indefinitely and could be used again. 

Whom can you contact if you have concerns?

You can contact: 

  • the event organiser if you have a concern about a particular event or need details about the arrangements 

  • the Information Security Management Team via info.sec@brookes.ac.uk if you have a concern about Data Protection matters or if you want to exercise your rights under Data Protection or Freedom of Information law 

  • Oxford Brookes‘ Data Protection Officer via BrookesDPO@brookes.ac.uk who ensures that Data Protection provisions are applied lawfully in Oxford Brookes if you are concerned about the use of your data 

  • the Information Commissioner via the website www.ICO.org.uk who is the national regulator for Data Protection or Freedom of Information matters.