Student CRM privacy policy

  • Oxford Brookes University will be the Data Controller of any personal data that you supply.  This means that they will make the decisions on how your data is used and for what reasons. You can contact the University’s Information Security Management Team on BrookesDPO@brookes.ac.uk.

    Why do we need your data?

    We will use your personal data to process your enquiry, to send you an electronic or hard copy prospectus, to communicate with you to provide you with information relating to your enquiry, or for statistical purposes and internal reporting

    If you opt in to receive further information, we will use your personal data to inform you about our courses, events, scholarships, bursaries, services or student life. You can update your preferences at any time using the links at the bottom of any emails you receive from us.

    Oxford Brookes University’s legal basis for collecting this data is:

    • The legal basis for processing your personal data for responding to your enquiry or prospectus request is that processing is necessary for the purposes of legitimate interest pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

    • The legal basis for processing your data for marketing purposes is based on the consent of the data subject.

    What types of personal data will Oxford Brookes University use?

    Name, date of birth, address, email address, phone number, course of interest, year of entry, and UCAS status.

    Who will Oxford Brookes University share your data with?

    Your personal data will be processed and stored by a third-party processor, Student CRM, on behalf of the University.

    Personal data may also be shared with:

    • Google Inc. (Oxford Brookes University uses Google applications for email and administration). For further information, please see the Google Inc. Privacy Policy at https://policies.google.com/privacy
    • New Visions who provide functionality that enables us to process your application more efficiently. For further information, please see the New Visions Privacy Policy.
    • Google Hangouts and Google Meet  (Provision of audio and video conferencing services (to include recording where necessary)).
    • GoToWebinar provided by LogMeIn (online platform to facilitate webinars). For further information, please see the LogMeIn Privacy Policy

    We may also use your data to connect with you on other digital platforms using Facebook and Google advertising. You can opt out of this activity at any time by updating your privacy settings on these sites. View our website privacy policy for further details on the use of cookies and data sharing.

    Will Oxford Brookes University transfer my data outside of the UK?

    No.

    What rights do I have regarding my personal data that Oxford Brookes University holds?

    • You have the right to be informed

    • You have the right of access to your data

    • You have the right to correct data if it is wrong

    • You have the right to ask for your data to be deleted

    • You have the right to restrict use of the data we hold

    • You have the right to data portability

    • the right to object to Oxford Brookes University using your data

    • You have rights in relation to using your data automated decision making and profiling.

    Are there any consequences of not providing the requested data?

    Yes, we may not be able to respond to your enquiry or effectively provide information you have requested,

    Will there be any automated decision making using my data?

    No

    How long will Oxford Brookes University keep your data?

    Unless you request otherwise, Oxford Brookes University will keep your data for three years after your last interaction with us. 

    Who can I contact if I have concerns?

    You can contact the Information Security Management team.

    Email: info.sec@brookes.ac.uk

    In certain circumstances we may refer your query or concern to the University Data Protection Officer (DPO), a semi-independent role at Brookes required by UK law.  If you would prefer to contact the DPO directly please email brookesdpo@brookes.ac.uk

    What is the Information Commissioner’s Office (ICO)? 

    The ICO is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. While we recommend that you raise any concerns or queries with us first you have the right to complain to the ICO directly if you believe Brookes is using your personal data unlawfully.

    Please visit www.ico.org.uk for information on how to make a complaint or would like independent and impartial guidance on data protection and privacy.