Website privacy policy

Oxford Brookes University (the University) is committed to protecting the privacy and security of personal data. Personal data is information that could identify you.

The University will be the Data Controller of any personal data that you supply. This means that we will make the decisions on how your data is used and for what reasons.

The University publishes additional privacy notices applicable to other groups, facilities and activities. Subject to your circumstances, other notices may also apply to you so please read this privacy notice in conjunction with other applicable privacy notices

What information do we collect about you?

We collect information about you when you visit this website and voluntarily provide us with personal details in order to enquire about, apply for, or access the courses, services and facilities we offer.

You may choose to provide these personal details by completing an online form or by contacting us by email or by other means.

We also collect information about how you use our website and the services you access.


Information about your usage of our website is collected using cookies. See our cookie policy for further details of what we are collecting and why.

Session capture

This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data.

The Mouseflow installation present on our site does not collect any information about how you use other websites, nor does it track or collect information outside your web browser. If you'd like to opt out, you can do so on the Mouseflow opt out webpage..

If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at

For more information, see Mouseflow’s Privacy Policy and the Mouseflow and UK GDPR webpage.


When you contact the University by telephone we may record or monitor your telephone call for training and quality purposes.

How will we use the information about you?

We collect and store information about you in order to respond to your enquiry or to process your application for our services or courses and, if you agree, to contact you about other services we offer which may be of interest to you.

We will also use the information we gather to improve your experience of using our website.

Who will we share your data with?

Depending on the services you use / access, your data may be shared with the following third parties:

  • Data Harvesting CRM system (course queries, ordering a prospectus, booking an open day and similar activities).
  • Campus Management CRM system (queries from prospective international students).
  • Gecko Labs Ltd provide hosting for the forms used by Campus Management CRM.
  • GoToWebinar provided by LogMeIn (online platform to facilitate webinars).  Please refer to the LogMeIn Privacy Policy
  • Google Inc. (the University uses Google applications for email and administration). For further information, please see the Google Inc. Privacy Policy.
  • Google Hangouts and Google Meet  (Provision of audio and video conferencing services (to include recording where necessary).
  • Zoom Inc.(provision of audio and video conferencing services (to include recording where necessary), please see our Zoom Privacy Notice.
  • Other third parties through the use of cookies. Our websites use cookies (session, persistent, third party, advertising and performance) so they function correctly, to help us improve them and for targeted advertising. To find out more and learn how to disable these cookies, please see our cookie policy.

What is our legal basis for processing your personal data?

  • You consent to providing it to us.
  • Any information subsequently shared with third parties (see above) is considered to be in the legitimate interests of Oxford Brookes and does not violate your fundamental right to privacy.

Will we transfer your data outside the UK?

Unless third party cookies are disabled, limited personal data (principally your IP address and limited device information) may be stored on third party servers that are located outside the UK.

Please see our cookie policy for further details or contact our IT Services Information Security Management team (contact details are at the end of this notice).

What rights do you have regarding your personal data that we hold?

  • You have the right to be informed.
  • You have the right of access to your data.
  • You have the right to correct data if it is wrong.
  • You have the right to ask for your data to be deleted.
  • You have the right to restrict use of the data we hold.
  • You have the right to data portability.
  • You have the right to object to Oxford Brookes using your data.
  • You have rights in relation to using your data automated decision making and profiling.

Your rights will depend on the legal ground used to process your data.

For further information on the above rights, please see the ICO website.

Are there any consequences if you do not provide the requested data?

Yes, we may be unable to provide you with the information you request from us.

Will there be any automated decision-making using your data?

Yes, this website uses behavioural cookies that could alter the information presented to you based on how you use the website. If you do not wish to be subject to such processing please see our cookie policy for details of how to disable cookies.

How long will we keep your data?

Our cookie policy contains details of the retention periods for each cookie that our websites create or modify on your computer.

Data that you submit using one of our online forms hosted by Data Harvesting (course queries, ordering a prospectus, booking an open day and similar activities) is retained for three years since your last interaction with us, unless you request otherwise.

Data sent to the Mouseflow analytics tool is stored for 6 months.

We use Google Analytics to monitor the usage of our website. User-level data is retained in Google Analytics for 14 months after your use of our website.

Personal data not otherwise described above (including limited personal data shared with third parties) will only be retained for as long as necessary to fulfil the purpose for which it was collected after which time it will be securely deleted.

Other websites

Our website contains links to other websites. This privacy policy only applies to this website. When you link to other websites you should read their own privacy policies.

Changes to our privacy policy

We keep our privacy policy under review and we will place any updates on this web page. This privacy policy was last updated on 30 July 2021.

Who to contact if you have any questions or concerns

If you have any questions or concerns about how your personal data is being used, please contact the IT Services Information Security Management team.


In certain circumstances we may refer your query or concern to the University Data Protection Officer (DPO), a semi-independent role at Brookes required by UK law.  If you would prefer to contact the DPO directly please email

What is the Information Commissioner’s Office (ICO)? 

The ICO is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. While we recommend that you raise any concerns or queries with us first you have the right to complain to the ICO directly if you believe Brookes is using your personal data unlawfully.

Please visit the ICO website for information on how to make a complaint or if you would like independent and impartial guidance on data protection and privacy.

Contact us

Information Security Management team

Related links