General Privacy Notice and Copyright Statement
General Privacy Notice
Like all universities, Brunel University London collects and uses data about people which is called personal data. The use of this data is governed by data protection laws. In the UK these laws are the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018.
This page provides a general overview of how Brunel University London complies with the legislation, your rights about how your data is managed and how you can contact us if you have questions. You can find more detailed information about our approach to data protection and other information laws by visiting our dedicated pages.
Brunel University London is the Data Controller of your personal data. This means we make decisions about what data we collect from you and how we use it in line with the law.
What data we collect about you and how we use the data depends on your relationship with us e.g., whether you are an applicant, a student or former student, a research participant, or a member of staff. We have dedicated privacy notices for each of these areas. Please visit the relevant web pages of each section of our website to access the corresponding privacy notice which provides detailed information on how we use your data for that area. You can also contact the data protection team on the details below to get a copy of any privacy notice.
The following information provides an overview of key points that all individuals who provide personal data to us need to know.
How to contact us about data protection queries
If you have questions relating to data protection at the university you can contact our data protection team on email@example.com. The data protection team is led by our Head of Privacy who is also the Data Protection Officer.
Our Lawful Basis
When we process your personal data, we need to have a lawful basis to do so. A lawful basis is a reason in law that permits us to use your data for a specific purpose. The lawful basis we use depends on what we are doing with your data (our purpose for having it). We have summarised our key lawful basis and our purpose for having your data below.
1) Any activity related to awarding a degree including:
- Managing the student record
- Administering processes that affect progression and retention
- Examinations & assessments
2) Activities involved in participating in scientific research
3) The reporting of data to regulatory or statutory bodies including the Office for Students, HESA, NSS, etc.
4) The use of data for public health purposes including the monitoring of Covid-19 cases
5) The provision of occupational health and medical services
1) Any activity related to:
- Applying to study or work with us
- A contract of employment
- A contract to study including accepting our terms and conditions
- Payment of fees
- Assessing performance
- Providing you with services such as student support, access to accommodation or employee benefits
1) Any activity that is required by a law including:
- The collection and use of data to ensure we comply with the Equality Act 2010.
- The collection and use of data that is required to ensure compliance with Health & Safety legislation.
- The collection and use of data to ensure compliance with financial, taxation and pensions legislation.
- The collection and use of data to ensure compliance with immigration legislation and terms of our UKVI licencing conditions.
Activities that have minimal impact on you however are important for us to ensure that we can operate effectively including:
1) Recording our lectures.
2) Administering our events and open days.
3) Filming and photography at our events and open days.
4) Managing our alumni service.
5) Operating a secure computer and IT network.
6) Promoting our university to the outside world and seeking donations.
We will only seek your consent to process personal data in limited circumstances where you have a genuine choice, and you can say no without detriment. If we rely on consent, we will explain clearly what you are consenting to and how you can manage that consent. You can withdraw that consent at any time. Examples of when we will seek your consent:
1) When we want to send direct marketing to your personal email address, and we haven’t heard from you before.
2) When you want us to discuss your queries with someone else such as a relative or guardian
3) When you want us to share your details with a 3rd party so they can contact you.
Securing your Data
In order to protect your data, we ensure that there are appropriate technical and organisational controls in place on all of our systems and continuously review these controls to ensure they are effective. Examples of our controls include:
Technical measures such as role based access contorls, encryption, password protection, antivirus and antimalware mechanisms and intrusion detection systems.
Organisational measures including robust policies, documented processes, staff training, and managing access to data.
Location of your Data
Wherever possible, we will store personal data within the UK or in a data centre located within the European Union or European Economic Area. In some cases, we may use suppliers who run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. The steps we take will depend on the type of data and the location of the supplier however, some of our measures include a robust due diligenceprocess, technical measures to protect your data and contractual measures that require our suppliers to treat your data securely and in a way that maintains confidentiality.
Disclosing your Data
Some of our legal and regulatory obligations require us to disclose data about you to third parties. Each disclosure request will be considered carefully, and we will only disclose the minimum amount of personal data required to meet our obligations. The following organisations will receive information about you if a valid request is received or if we are legally required to provide it.
- The police and law enforcement agencies for the prevention and detection of crime
- Regulatory bodies including the Office for Students, the General Medical Council and the Disclosure & Barring Service.
- Statistical agencies including HESA.
- Examination and Assessment Boards.
- Student Finance England.
- The Home Office and UK Visas and Immigration.
- The Department of Work and Pensions.
- The Health & Safety Executive.
- Trade Unions including the UCU, UNISON, UNITE and the GMB.
- Pensions Providers.
- Occupational Health Providers.
- Public Heath England.
How long we keep your data depends on what we have collected it for and whether there is a law that sets a minimum legal retention period. We have a dedicated retention schedule that sets out how long we keep personal data. You can obtain a copy of our retention schedule by emailing firstname.lastname@example.org.
For applicants who decide not to study with us, we will keep your enquiry details on file one year after your specified year of entry expires.
You can update, cleanse or delete your own data via our enquiry platform, to ensure we have accurate contact details for you. If and when you apply to Brunel University London, your enquiry details will be overwritten by your application details.
To understand who is applying to our courses we will segment the information we hold about student applicants based on demographics and interests. Such data will be de-identified and used for statistical and analytical purposes only. Analysis of this helps us understand our enquiries and ensure we tailor our courses to meet the latest needs and expectations of learners who want to study with us.
When we send prospective applicants, or alumni electronic direct marketing, we must comply with the legislation called the Privacy & Electronic Communications Regulations 2003. This law sets rules that we have to follow to make sure that our electronic marketing is fair and respects peoples’ privacy. It is always the choice of the individual as to whether they want to receive information about studying at Brunel, our events and the ways people can get involved. We will always ask if you want to hear from us with these communications. If you do not want us to use your personal information in these ways, please indicate your preferences on the form on which we collect your data. You can also opt out of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of any of our marketing emails. You can also change any of your contact preferences at any time or you can opt-out of your data being utilised via the enquiry platform after you log in. Finally, you can withdraw your consent to receive direct marketing by emailing email@example.com.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes when you enquire to study at Brunel. However, once you apply to study at Brunel, we will contact you about your application and about life at Brunel. This is not considered direct marketing and we need to send you this information as part of a contract between us.
In the UK everyone has rights about how their personal data is managed. The rights are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
You can make an information rights request at any time by contacting our data protection team via email: firstname.lastname@example.org
By telephone: +44 (0) 1895 265389.
or by post: Data Protection Officer, Brunel University London, Kingston Lane, Uxbridge, UB8 3PH.
There is no charge to submit a rights request, but we may ask you to verify your identity. We may also communicate with you to determine the scope of your request.
In most cases we have one calendar month to respond to your request when we have verified your identity. Where a request is complex, we are permitted to extend that deadline by a further two months, but we will write to you and let you know ahead of the deadline if we need to do this.
Raising a Concern
If you are not satisfied with how we are processing your personal data, you should email email@example.com in the first instance. If you are not satisfied with our response, you have the right to make a complaint to the Information Commissioners Office. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website available at: www.ico.org.uk
Cookies and Log Files
The University maintains a log of web server activity to make sure we manage our site effectively, to investigate broken links and to provide statistics. These files contain your personal data including information such as your computer's IP address, what files you have requested and which browser you are using. They do not identify your email address or any other personal data about you.
See detailed information about cookies on the Brunel website.
The copyright and intellectual property rights of all material held on the Brunel University London website belong to the University and its staff or students or have been licensed to the University.
With the exception of the logo and trademarks, the University allows the copying of material from its website solely for personal use or for reference under the Freedom of Information but the reproduction, publication, distribution or broadcast of material for any commercial purpose is strictly forbidden without prior permission from the University. No content may be altered or adapted in any way and permission must be obtained for its inclusion in any papers or other publications. If you wish to apply for copyright clearance to reproduce content, please contact the Copyright and Digital Resources Officer.
The reproduction, adaptation or manipulation of the University logo, crest or any trademarks is not allowed without prior consent. Permission must be obtained from the University for the use of its logo on any documents, papers or reports, other than for official Brunel University London business. If you wish to use the logo for any reasonable purpose, please contact Print Room for permission and instructions on how to download a high-resolution version.
You may link to the University home page without permission and other educational establishments may link to specific pages and documents on the University website without prior consent. A link to the University from a third-party web page does not imply any endorsement from the University of that web site and no endorsement is implied by any links from Brunel's web pages to third party sites.