The University collects and processes a variety of personal data in order to provide services, manage its operations effectively, and meet legal requirements. The privacy notices in the links below provide more details about this for specific activities.
The Open University is the data controller for the personal data that we process, apart from any circumstances which will be set out in the relevant privacy notice.
Generally, information you provide to us is stored on our secure servers, or on our cloud based systems which are located within the UK or the EEA. Where we use service providers outside the UK, or we transfer data to international partners, we use appropriate contractual safeguards, i.e. the standard contractual clauses for international transfers.
For example, our student and staff records are held on IT services in Germany. We also use offshore IT services for testing and developing our systems, which in some cases requires access to personal data. We have standard contractual clauses in place for these services.
The main establishment of the Open University is in the UK. If your data is collected by our office in the Republic of Ireland, then this will also be processed in the UK.
Please direct any queries about this policy or about the way we process your personal information to our Data Protection Officer using the contact details below.
Depending on our relationship with you, you can update your contact preferences for marketing and research when you sign into the Open University website, by using any unsubscribe options available in communications we send you, or by contacting us.
You have a number of rights in relation to your personal information, which apply in certain circumstances. In order to exercise any of these rights, please contact us using the details in this document. These are described in more detail by the Information Commissioner’s Office.
You have the right
In some circumstances, you also have the right
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are concerned about the way we have processed your personal information, you can complain to the Information Commissioner’s Office (ICO). Please visit the ICO’s website www.ico.org.uk for further details, or you can use their online tool for reporting concerns: https://ico.org.uk/concerns/
This document sets out how we deal with the personal data of staff, workers, job applicants, contractors, agency staff, volunteers and anyone who works with or on behalf of the Open University
For more information about how we use your information as an enquirer or as a registered website user, please see our
If you use OpenLearn or OpenLearn Create, please see their specific privacy notices:
If you have registered as an OU student, we will collect and use more information about you in connection with your study, and we will keep long term academic transcript data.
Our Development Office maintains records on OU alumni (students who have completed an OU qualification), supporters of the University, and individuals who have been identified as a potential supporter of the Open University.
To manage our relationships with external organisations we are required to maintain a variety of records.
Some parts of The Open University website store a cookie on your computer to track user traffic patterns. We do this in order to determine the usefulness of our website and to see how effective our navigational structure is. We do not release this information to third parties.
When you browse our websites, we also collect and use IP addresses and device identifiers to identify the location of users, to block disruptive use, to establish the number of visits from different countries, and to determine whether you are accessing the services from the UK or not.
If you register to use our website, we will store some of your website activity when you are signed in as part of your record
On Open University owned and operated sites as well as unaffiliated sites and internet based applications, we might display interest-based advertising using information you make available to us when you interact with our sites, content, or services. Interest-based ads, also sometimes referred to as personalised or targeted ads, are displayed to you based on information from activities such as completing a web-form on our sites, use of apps or software, or by visiting unaffiliated sites that contain Open University content or ads.
We do not associate your interaction with unaffiliated or third party sites/applications with your identity in providing you with interest-based ads.
If you prefer not to receive cookies while browsing our website, you can set your browser to refuse all cookies that are stored on your computer. You do not need to have cookies turned on to use or navigate through many parts of our website.
If you are a registered user of the University and wish to sign in to password protected websites you will need to allow “per-session” cookies. These are only stored on your computer for the duration of your visit and are deleted when you close your browser or sign out of The Open University website.
For more detailed information see Cookie use on the OU website.
We take security very seriously. All staff are made aware of the security procedures they must follow when handling personal information. Data is protected from unauthorised access and we are confident no-one will be able to access your personal information unlawfully.
We also protect data being transferred. As long as your web browser supports the Secure Sockets Layer (SSL), any personal data transmitted from your browser to our web service, or from the service to your browser, will be encrypted.
Please note that email is never a 100% secure way of communicating. By using it, you agree that you will send any information by email at your own risk.
The Open University is under a statutory duty to have regard to the need to prevent people being drawn into terrorism. If the use of OU computer equipment, information and systems gives rise to a concern that a person may be at risk, this may result in action being taken in accordance with the OU Prevent Strategy.
While we will take all reasonable precautions to make sure that other organisations who we deal with have good security practices, we are not responsible for the privacy practices of those organisations whose websites may be linked to our service.