Zoom privacy notice for guests and external speakers

You are a guest, or you have been invited to speak at a lecture or other event that will be delivered and / or recorded via the Zoom video conferencing platform.

Oxford Brookes University will be the Data Controller of any personal data that you supply. This means that Oxford Brookes will, in accordance with UK law, make the decisions on how your data is used and for what reasons.

Under the UK Data Protection Act, data controllers such as Oxford Brookes must inform data subjects (those individuals whose personal data we hold) of the legal basis for collecting it.

In this instance:

• Oxford Brookes has contracted with you to engage with us, your audience and /or our students; or
• you are contributing to the core business of Oxford Brookes (teaching etc.) (the processing ground being “public task”)
• It is in your legitimate interests, or those of Oxford Brookes, our students or your audience for you to share this information this way.

The specific relevant lawful basis (provided above) that applies will depend on the reason for the session. 

Under the UK Data Protection Act, certain information (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, data concerning health or sexual life, genetic/biometric data or criminal records) is afforded greater protection and data controllers must provide data subjects with the legal basis for processing it.

In this instance:

• You consent to share this information (usually this is written consent - occasionally it may be recorded).
• This information is already made public (lawfully).

The specific relevant lawful basis (provided above) that applies will depend on the reason for the session. 

The data that you could share with Oxford Brookes will include your image and the content of any discussion or information provided during the session.

• You should be advised before you start the Zoom session who will be present.
• Those people attending the session will have access to the information shared.
• It may be shared with others where necessary, further information should be available from your Oxford Brookes contact.

Oxford Brookes may lawfully share data with third parties providing its use is fair and transparent. In this instance your personal data will be shared with:

• Zoom Inc. (for video conferencing services; you can see more details on the Zoom Inc privacy policy)
• Panopto (for management of recorded media; for more details, see the Panopto privacy policy)
• Co-Sector (suppliers of Moodle VLE platform; used for publication of recorded material)
• Google Inc. (Transcripts and other recordings may be shared and stored via Google drive; for more details read the Google Inc privacy policy.). 

Yes, please see the respective Privacy Notices above for further information on where your data could be transferred to outside the EU and EEA.

It is predicted that the UK will be outside the immediate jurisdiction of the EU and EEA from 31 December 2020 when the withdrawal period is over; all processing will be outside the EEA.

The UK Data Protection Act affords data subjects with a number of rights in relation to the personal data they provide to data controllers such as Oxford Brookes. These rights are:

• You have the right to be informed
• You have the right of access to your data
• You have the right to correct data if it is wrong
• You have the right to ask for your data to be deleted
• You have the right to restrict use of the data we hold
• You have the right to data portability
• You have the right to object to Oxford Brookes University using your data
• You have rights in relation to using your data automated decision making and profiling.

Please note that the rights which you have regarding your personal data may depend on the legal basis for processing which applies to it.

This will depend on the reason for the Zoom session. It may be that any personal information comes from you, or another party to any discussion, or that it is publicly available, or it has been provided by a third party.

You will need to discuss that with whomever is arranging the session. It may be that using Zoom is the only way to engage with Oxford Brookes on this occasion.

No, your personal data will not be used to make any automated decisions.

Recordings will be typically stored for 6 months before being securely deleted. Under some circumstances (recorded material is required for resits or double-modules) your data will be stored for longer than 6 months but no longer than is necessary for the purposes for which it was provided.

In the first instance we recommend you contact the meeting or session organiser if you have a concern about a particular session. You can contact the Information Assurance Team via info.sec@brookes.ac.uk if you have a concern about Data Protection matters or if you want to exercise your rights under Data Protection or Freedom of Information law.

You can contact Oxford Brookes ‘Data Protection Officer via BrookesDPO@brookes.ac.uk. The Data Protection Officer ensures that Data Protection provisions are applied lawfully in Oxford Brookes.

You can contact the information Commissioner via the ICO website if you wish to contact the national regulator of Data Protection or Freedom of Information matters.