Zoom privacy notice for guests and external speakers

  • Oxford Brookes University (the University) is committed to protecting the privacy and security of personal data. Personal data is information that could identify you.

    The University will be the Data Controller of any personal data that you supply. This means that we will make the decisions on how your data is used and for what reasons. 

    The University publishes additional privacy notices applicable to other groups, facilities and activities.  Subject to your circumstances, other notices may also apply to you so please read this privacy notice in conjunction with other applicable privacy notices

  • You are a Guest, or you have been invited to speak at a lecture or other event that will be delivered and / or recorded via the Zoom video conferencing platform.

    Oxford Brookes University (‘Brookes’) will be the Data Controller of any personal data that you supply.  This means that Brookes will, in accordance with UK law, make the decisions on how your data is used and for what reasons.

    Under the UK Data Protection Act, data controllers such as Brookes must inform data subjects (those individuals whose personal data we hold) of the legal basis for collecting it.

    In this instance:

    • Brookes has contracted with you to engage with us, your audience and /or our students; or
    • you are contributing to the core business of Brookes (teaching etc.) (the processing ground being “public task”)
    • It is in your legitimate interests, or those of Brookes, our students or your audience for you to share this information this way

    The specific relevant lawful basis (provided above) that applies will depend on the reason for the session. 

    Under the UK Data Protection Act, certain information (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sexual life, genetic/biometric data or criminal records) is afforded greater protection and data controllers must provide data subjects with the legal basis for processing it.

    In this instance:

    • You consent to share this information (usually this is written consent - occasionally it may be recorded).
    • This information is already made public (lawfully)

    The specific relevant lawful basis (provided above) that applies will depend on the reason for the session. 

    The data that you could share with Brookes will include your image and the content of any discussion or information provided during the session.
    • You should be advised before you start the Zoom session who will be present
    • Those people attending the session will have access to the information shared.
    • It may be shared with others where necessary, further information should be available from your Brookes contact.

    Brookes may lawfully share data with third parties providing its use is fair and transparent. In this instance your personal data will be shared with:

    • Zoom Inc. (for video conferencing services; Privacy Notice here)
    • Panopto (for management of recorded media; Privacy Notice here)
    • Co-Sector (suppliers of Moodle VLE platform; used for publication of recorded material)
    • Google Inc. (Transcripts and other recordings may be shared and stored via Google drive; Privacy Notice here). 

    Yes, please see the respective Privacy Notices above for further information on where your data could be transferred to outside the EU and EEA.

    It is predicted that the UK will be outside the immediate jurisdiction of the EU and EEA from 31 December 2020 when the withdrawal period is over; all processing will be outside the EEA.

     

    The UK Data Protection Act affords data subjects with a number of rights in relation to the personal data they provide to data controllers such as Brookes. These rights are:

    • You have the right to be informed
    • You have the right of access to your data
    • You have the right to correct data if it is wrong
    • You have the right to ask for your data to be deleted
    • You have the right to restrict use of the data we hold
    • You have the right to data portability
    • The right to object to OBU using your data
    • You have rights in relation to using your data automated decision making and profiling.

    Please note that the rights which you have regarding your personal data may depend on the legal basis for processing which applies to it.

    This will depend on the reason for the Zoom session. It may be that any personal information comes from you, or another party to any discussion, or that it is publicly available, or it has been provided by a third party.
    You will need to discuss that with whomever is arranging the session. It may be that using Zoom is the only way to engage with Oxford Brookes on this occasion.
    No, your personal data will not be used to make any automated decisions.
    Recordings will be typically stored for six months before being securely deleted. Under some circumstances (recorded material is required for resits or double-modules) your data will be stored for longer than six months but no longer than is necessary for the purposes for which it was provided.

    In the first instance we recommend you contact the meeting or session organiser if you have a concern about a particular session.  You can contact the Information Assurance Team via info.sec@brookes.ac.uk if you have a concern about Data Protection matters or if you want to exercise your rights under Data Protection or Freedom of Information law.

    You can contact Oxford Brookes ‘Data Protection Officer via BrookesDPO@brookes.ac.uk. The Data Protection Officer ensures that Data Protection provisions are applied lawfully in Oxford Brookes.

    You can contact the information Commissioner via the website ICO.org.uk if you wish to contact the national regulator of Data Protection or Freedom of Information matters.