Oxford Brookes University (the University) is committed to protecting the privacy and security of personal data. Personal data is information that could identify you.
The University will be the Data Controller of any personal data that you supply. This means that we will make the decisions on how your data is used and for what reasons.
The University publishes additional privacy notices applicable to other groups, facilities and activities. Subject to your circumstances, other notices may also apply to you so please read this privacy notice in conjunction with other applicable privacy notices.
Why do we need your data?
You are a guest, or you have been invited to speak at a lecture or other event that will be delivered and / or recorded via the Zoom video conferencing platform.
Oxford Brookes University will be the Data Controller of any personal data that you supply. This means that Oxford Brookes will, in accordance with UK law, make the decisions on how your data is used and for what reasons.
Oxford Brookes Unversity’s legal basis for collecting this data
Under the UK Data Protection Act, data controllers such as Oxford Brookes must inform data subjects (those individuals whose personal data we hold) of the legal basis for collecting it.
In this instance:
- Oxford Brookes has contracted with you to engage with us, your audience and /or our students; or
- you are contributing to the core business of Oxford Brookes (teaching etc.) (the processing ground being “public task”)
- It is in your legitimate interests, or those of Oxford Brookes, our students or your audience for you to share this information this way.
The specific relevant lawful basis (provided above) that applies will depend on the reason for the session.
If you are sharing Special Category personal data with Oxford Brookes it is lawful for this data to be processed because one of the following processing grounds applies
Under the UK Data Protection Act, certain information (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sexual life, genetic/biometric data or criminal records) is afforded greater protection and data controllers must provide data subjects with the legal basis for processing it.
In this instance:
- You consent to share this information (usually this is written consent - occasionally it may be recorded).
- This information is already made public (lawfully).
The specific relevant lawful basis (provided above) that applies will depend on the reason for the session.
What types of personal data will Oxford Brookes University use?
The data that you could share with Oxford Brookes will include your image and the content of any discussion or information provided during the session.
Who will Oxford Brookes share your data with?
- You should be advised before you start the Zoom session who will be present.
- Those people attending the session will have access to the information shared.
- It may be shared with others where necessary, further information should be available from your Oxford Brookes contact.
Oxford Brookes may lawfully share data with third parties providing its use is fair and transparent. In this instance your personal data will be shared with:
- Zoom Inc. (for video conferencing services; you can see more details on the Zoom Inc privacy policy)
- Panopto (for management of recorded media; for more details, see the Panopto privacy policy)
- Co-Sector (suppliers of Moodle VLE platform; used for publication of recorded material)
- Google Inc. (Transcripts and other recordings may be shared and stored via Google drive; for more details read the Google Inc privacy policy.).
Will your data be transferred outside the European Economic Area (EEA)?
Yes, please see the respective Privacy Notices above for further information on where your data could be transferred to outside the EU and EEA.
It is predicted that the UK will be outside the immediate jurisdiction of the EU and EEA from 31 December 2020 when the withdrawal period is over; all processing will be outside the EEA.
What rights do you have regarding your personal data that is held by Oxford Brookes?
The UK Data Protection Act affords data subjects with a number of rights in relation to the personal data they provide to data controllers such as Oxford Brookes. These rights are:
- You have the right to be informed
- You have the right of access to your data
- You have the right to correct data if it is wrong
- You have the right to ask for your data to be deleted
- You have the right to restrict use of the data we hold
- You have the right to data portability
- You have the right to object to Oxford Brookes University using your data
- You have rights in relation to using your data automated decision making and profiling.
Please note that the rights which you have regarding your personal data may depend on the legal basis for processing which applies to it.
What was the source of your data?
This will depend on the reason for the Zoom session. It may be that any personal information comes from you, or another party to any discussion, or that it is publicly available, or it has been provided by a third party.
Are there any consequences if you do not want to use Zoom or the associated platforms?
You will need to discuss that with whomever is arranging the session. It may be that using Zoom is the only way to engage with Oxford Brookes on this occasion.
Will there be any automated decision making using my data?
No, your personal data will not be used to make any automated decisions.
How long will Oxford Brookes keep your data?
Recordings will be typically stored for 6 months before being securely deleted. Under some circumstances (recorded material is required for resits or double-modules) your data will be stored for longer than 6 months but no longer than is necessary for the purposes for which it was provided.
Who can I contact if I have concerns?
In the first instance we recommend you contact the meeting or session organiser if you have a concern about a particular session. You can contact the Information Assurance Team via info.sec@brookes.ac.uk if you have a concern about Data Protection matters or if you want to exercise your rights under Data Protection or Freedom of Information law.
You can contact Oxford Brookes ‘Data Protection Officer via BrookesDPO@brookes.ac.uk. The Data Protection Officer ensures that Data Protection provisions are applied lawfully in Oxford Brookes.
You can contact the information Commissioner via the ICO website if you wish to contact the national regulator of Data Protection or Freedom of Information matters.
Information Security Office
Oxford Brookes University
Headington Campus
Oxford
UK
OX3 0BP