Privacy Notice


  1. This privacy notice provides information on how The Open University collects and processes your personal data when you visit our website.

Who we are

  1. The Open University is the data controller in relation to the processing activities described below. This means that the Open University decides why and how your personal information is processed.
  2. Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to the Open University

What information do we collect about you, and how do we collect it?

Information that you give to us

  1. We collect information that you supply when you contact us to access the website or to make an enquiry, such as your name, contact details and nature of your request. We do not normally collect sensitive personal information to do this. This list is not intended to be exhaustive and may be updated from time to time as our business needs and legal requirements dictate.  This information is held by the team managing the Website and is also made available to the OU Information Rights team.  It will be stored separately to any other records the University holds about you.

How do we use your personal information?

  1. We need to know some personal information about you so that we can provide access to the website, and respond to any queries.
  1. We also use personal data to analyse how successful our activities have been. This is in our legitimate interest, as it helps us to be more efficient in planning and improving our activities and communications.
  2. We process information about you as part of our public task of conducting academic research and providing access to it.

Who do we share your information with?

  1. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

Do we transfer information outside the UK and the EEA?

  1. Generally, information you provide to us is stored on our secure servers, or on our cloud-based systems which are located within the UK or the EEA.

How long do we keep your personal information for?

  1. If we collect your personal information, the length of time we keep it for is determined by a number of factors including our purpose for using the information and our legal obligations.
  2. We have a retention schedule for information and keep identifiable records only for as long as they have a legal or business purpose.

Your rights

  1. You have a number of rights in relation to your personal information, which apply in certain circumstances. In order to exercise any of these rights, please contact us using the details in section 13 of this document.
  2. You have the right;
  • To access your personal information that we process
  • To Rectify inaccuracies in the personal information that we hold about you

In some circumstances, you also have the right

  • To have your details removed from systems that we use to process your personal data
  • To restrict the processing of your personal data in certain ways
  • To obtain a copy of your personal data in a structured electronic data file
  • To object to certain processing of your personal data by us
  • To request that we stop sending you direct marketing communications.

If you are concerned about the way we have processed your personal information, you can complain to the Information Commissioner’s Office (ICO). Please visit the ICO’s website  for further details.

Contact us

  1. Please direct any queries about this policy or about the way we process your personal information to our Data Protection Officer using the contact details below.
  • Email
  • Telephone +44 (0)1908 653994
  • By post: The Data Protection Officer, PO Box 497, The Open University, Walton Hall, Milton Keynes MK7 6AT.