Skip to content

Toggle service links

Coronavirus: Please be aware it may take us slightly longer to respond than usual. Find out about our coronavirus response and current contact hours.

You are here

  1. Home
  2. Strategy and policies
  3. Policies and statements
  4. Privacy at the OU

Privacy at the OU

This page describes how we use your personal data, and how we use cookies on OU websites.

Your Personal data

The University collects and processes a variety of personal data in order to provide services, manage its operations effectively, and meet legal requirements. The privacy notices in the links below provide more details about this for specific activities.

The Open University is the data controller for the personal data that we process, apart from any circumstances which will be set out in the relevant privacy notice.

Generally, information you provide to us is stored on our secure servers, or on our cloud based systems which are located within the UK or the EEA. Where we use service providers outside the UK, or we transfer data to international partners, we use appropriate contractual safeguards, i.e. the standard contractual clauses for international transfers.

For example, our student and staff records are held on IT services in Germany. We also use offshore IT services for testing and developing our systems, which in some cases requires access to personal data. We have standard contractual clauses in place for these services.

The main establishment of the Open University is in the UK. If your data is collected by our office in the Republic of Ireland, then this will also be processed in the UK.

Contact us

Please direct any queries about this policy or about the way we process your personal information to our Data Protection Officer using the contact details below.

  • Email:
  • Telephone: +44(0)1908 653994
  • By post: The Data Protection Officer, PO Box 497, The Open University, Walton Hall, Milton Keynes MK7 6AT.
  • Data subjects within the EU can contact the Data Protection Officer c/o the Open University in Ireland: Holbrook House, Holles Street off Merrion Square, North Dublin 2, D02 EY84.

Depending on our relationship with you, you can update your contact preferences for marketing and research when you sign into the Open University website, by using any unsubscribe options available in communications we send you, or by contacting us.

Your Rights

You have a number of rights in relation to your personal information, which apply in certain circumstances. In order to exercise any of these rights, please contact us using the details in this document. These are described in more detail by the Information Commissioner’s Office.

You have the right

In some circumstances, you also have the right

Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.

If you are concerned about the way we have processed your personal information, you can complain to the Information Commissioner’s Office (ICO). Please visit the ICO’s website for further details, or you can use their online tool for reporting concerns:    

Data Protection for Staff

This document sets out how we deal with the personal data of staff, workers, job applicants, contractors, agency staff, volunteers and anyone who works with or on behalf of the Open University

Enquirers and registered users

For more information about how we use your information as an enquirer or as a registered website user, please see our 

If you use OpenLearn or OpenLearn Create, please see their specific privacy notices:


If you have registered as an OU student, we will collect and use more information about you in connection with your study, and we will keep long term academic transcript data.

Supplementary student privacy notices


Our Development Office maintains records on OU alumni (students who have completed an OU qualification), supporters of the University, and individuals who have been identified as a potential supporter of the Open University.

Mailing lists, attending events and business contacts

External organisations

To manage our relationships with external organisations we are required to maintain a variety of records.

Mobile Applications (apps)

Some of our apps utilise personal information for functionality purposes. As per the iOS and Android app publishing guidelines, each one has an individual privacy policy.

Cookies and similar technology

Tracking and analytics

Some parts of The Open University website store a cookie on your computer to track user traffic patterns. We do this in order to determine the usefulness of our website and to see how effective our navigational structure is. We do not release this information to third parties.

When you browse our websites, we also collect and use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits from different countries, and to determine whether you are accessing the services from the UK or not.

If you register to use our website, we will store some of your website activity when you are signed in as part of your record


On Open University owned and operated sites as well as unaffiliated sites and internet based applications, we might display interest-based advertising using information you make available to us when you interact with our sites, content, or services. Interest-based ads, also sometimes referred to as personalised or targeted ads, are displayed to you based on information from activities such as completing a web-form on our sites, use of apps or software, or by visiting unaffiliated sites that contain Open University content or ads.

Like other online advertisers, we use cookies, web beacons (also known as action tags or single-pixel gifs), and other technologies (collectively, "cookies"). Cookies enable us to learn about what content and ads you interact with. This allows us to provide you with more useful and relevant ads. For example, if we know what ads you are shown we can be careful not to show you the same ones repeatedly.

Third party applications may also use cookies to measure the effectiveness of their advertisements and to personalise content. We do not have access to or control over cookies or other features that those applications and third party sites may use, and the information practices of these advertisers and third party websites are not covered by this Privacy Notice or our Cookies information page. Please contact them directly for more information about their privacy practices.

We do not associate your interaction with unaffiliated or third party sites/applications with your identity in providing you with interest-based ads.

How to turn off cookies

If you prefer not to receive cookies while browsing our website, you can set your browser to refuse all cookies that are stored on your computer. You do not need to have cookies turned on to use or navigate through many parts of our website.

If you are a registered user of the University and wish to sign in to password protected websites you will need to allow “per-session” cookies. These are only stored on your computer for the duration of your visit and are deleted when you close your browser or sign out of The Open University website.

For more detailed information see Cookie use on the OU website.


We take security very seriously. All staff are made aware of the security procedures they must follow when handling personal information. Data is protected from unauthorised access and we are confident no-one will be able to access your personal information unlawfully.

We also protect data being transferred. As long as your web browser supports the Secure Sockets Layer (SSL), any personal data transmitted from your browser to our web service, or from the service to your browser, will be encrypted.

Please note that email is never a 100% secure way of communicating. By using it, you agree that you will send any information by email at your own risk.


The Open University is under a statutory duty to have regard to the need to prevent people being drawn into terrorism. If the use of OU computer equipment, information and systems gives rise to a concern that a person may be at risk, this may result in action being taken in accordance with the OU Prevent Strategy.

Links to third party websites

While we will take all reasonable precautions to make sure that other organisations who we deal with have good security practices, we are not responsible for the privacy practices of those organisations whose websites may be linked to our service.

Address your request to:

The Data Protection Co-ordinator
PO Box 497
The Open University
Milton Keynes

Email data-protection

Phone +44 (0)1908 653994