Data privacy policy

Study Higher privacy notice

This privacy notice explains how Oxford Brookes University, as Data Controller for the Study Higher Uni Connect partnership, collects, uses, shares, transfers and retains personal data for outreach, evaluation and reporting purposes. It is designed for children and parents with a child‑friendly summary first and the full policy following.

Child‑friendly summary (ages 12+)

  • Who we are: Study Higher is run by Oxford Brookes University to help students learn about future education and careers, and Brookes is responsible for keeping your information safe.
  • What we collect under personal data: Name, School, Date of birth, Postcode and Photos or videos (with separate permission)​

And for Special category data:

  • Gender (if collected as sex/gender identity), Free school meal eligibility (socioeconomic proxy), Care status / young carer status, Service pupil status (military family background), Disability and Ethnicity, if shared, plus photos or videos only with separate permission.
  • Why we collect it: to run activities, keep in touch about events, and check later if the programme helped students with choices and progress into education or jobs.
  • How we use it: information is combined with national education records to understand what works, and results are about groups, not about making decisions about any one person.
  • Who sees it: the Study Higher partners and trusted organisations that help with the programme, like OfS, HEAT, HESA, the Department for Education (NPD), UCAS, and approved evaluators.
  • Where it’s stored: most data is kept in the UK; some tools like Google may store data outside the UK but only with extra legal protections to keep it safe.
  • How long we keep it: only as long as needed to run activities and complete evaluations, then details are removed or the data is made anonymous.
  • Choices and rights: it’s okay to say no to photos; there is a right to see information, ask for corrections, and ask questions or raise concerns using the contacts below.
  • No automated decisions: computers don’t make decisions about individuals that affect them; only patterns are examined to see what works for groups.
  • Need help: talk to a parent, carer or teacher, or email the Study Higher team or the university’s data protection officer using the contacts on this page.

Quick read (under 12s)

  • We are Oxford Brookes’ Study Higher team, and information is kept safe.
  • Names and school details are used to run events and help plan what works.
  • No decisions about anyone are made by a computer.
  • Photos or videos are only used with permission, and saying no is fine.
  • Ask to see or fix information, or ask questions using the contacts below.

Who we are

Study Higher is one of the Uni Connect partnerships funded by the Office for Students to support progression to higher education for groups statistically less likely to progress.

Oxford Brookes University is the controller for Study Higher processing and makes decisions about the purposes and means of processing. Controller contact: info@studyhigher.ac.uk; Information Security Management: info.sec@brookes.ac.uk; independent DPO: BrookesDPO@brookes.ac.uk.

What Study Higher does

Study Higher designs and delivers outreach activities, workshops, mentoring, and information sessions in schools, colleges, and community settings to help young people understand and plan future education and employment choices. Information from these activities is used to evaluate programme effectiveness over time through longitudinal linkage to national education and outcomes datasets.

The data collected

Data may include identifiers and demographics such as name, date of birth, postcode, school, gender, free school meal eligibility, care/young carer status, service pupils status, disability status, and racial or ethnic origin. Where separate consent is obtained, images or video may be collected and used strictly for the purposes described in the relevant consent form. 

If you complete online forms or surveys, we may also collect contact details (such as email address or phone number), responses to feedback questions, and basic technical data (such as IP address and browser type) for security and to understand how our webpages are used.

We do not use cookies or analytics to track individual children across other websites.

Why the data is needed (purposes)

Data is used to register and deliver activities, communicate event information to parents/carers, evaluate engagement, and assess whether Study Higher support influences educational progression and outcomes. As a condition of our funding, we use the HEAT monitoring, tracking and evaluation database to track the educational journey of the learners we work with.  

Individuals’ data collected by Study Higher and stored in the HEAT database may be matched with other national datasets including HESA (Higher Education Statistics Agency) data, UCAS (University and Colleges Application Service) Application data, and Department for Education (DfE) data, including data stored within the National Pupil Database (NPD) and Individualised Learner Record (ILR). This allows us to see and report on the number of learners we have worked with that have gone on to apply to and attend Higher Education, as per the purpose of the Programme. 

Lawful bases for processing

For most personal data we rely on Article 6(1)(e) UK GDPR (public task) because Study Higher is funded by the Office for Students to improve access and participation in higher education.

For special category data (for example disability or ethnicity), we rely on Article 9(2)(g) together with Schedule 1 paragraph 8 DPA 2018 (equality of opportunity or treatment), so that we can monitor participation and outcomes for different groups.

For longer‑term evaluation and archiving for research and statistical purposes, we additionally rely on Article 9(2)(j) with Article 89(1) safeguards (see below).

Note that photos/videos and any optional comms use rely on consent (6(1)(a)) and that saying no does not affect participation.

HEAT stores your information in a secure central database with strict role‑based access controls; staff only see the minimum details needed for their work, system use is logged for audit, and analyses for monitoring and evaluation are carried out on pseudonymised or aggregated data using limited matching fields such as name, date of birth and postcode rather than full contact details.

Sources of data

Data is sourced directly from participants, parents/carers, teachers and delivery partners through event registrations, forms, and feedback.

Data is sourced indirectly from national datasets such as NPD (DfE), HESA, and UCAS for linkage and evaluation purposes. 

We also receive information from schools, colleges, local authorities and evaluation partners such as Ipsos and Villiers Park Educational Trust, where they share details of participants on our activities. We do not use data from social media or other publicly accessible sources for this programme.”

When we receive your information from someone else rather than directly from you, we will provide this privacy information within one month, or at the point we first contact you, or before we share your data with anyone else, whichever happens first (in line with Article 14 UK GDPR).

Sharing and recipients

Most organisations we work with (such as OfS, HESA, UCAS and DfE/NPD) act as independent controllers of the data they receive for their own statutory purposes, under their own privacy notices.

Service providers that only act on our instructions (such as HEAT and external evaluators like Ipsos and SEER) act as our processors under Article 28 contracts that require them to keep your data secure and confidential.

Further details of the organisations we share data with, and whether they act as independent controllers or processors on our behalf, are provided in Annex A.

International transfers

Google Drive is configured to store data in the UK/EEA region. If Google or any other supplier needs to access data from outside the UK (for example, to provide technical support), we use approved UK transfer tools such as the International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, and, where needed, extra safeguards to protect your information.

Profiling and automated decision‑making

Study Higher does not use automated decision‑making that produces legal or similarly significant effects on individuals. Longitudinal linkage and outcome analyses constitute profiling for research/statistical purposes only, and are not used to make decisions about individuals, with Article 89 safeguards applied.

Retention

The original programme timeline indicated activities running to July 2025, with partner universities retaining copies of data in HEAT to continue longitudinal tracking and other Study Higher data deleted at programme end. This notice now uses dataset‑specific retention periods based on necessity and Article 89 safeguards. We keep identifiable data only for as long as needed for OfS reporting and evaluation; after that, we either delete it or turn it into anonymised statistical data, in line with Article 5(1)(e) and Article 89 UK GDPR.

This notice adopts a dataset‑specific retention aligned to necessity and Article 89 safeguards, with anonymisation as soon as purposes can be achieved without identifiable data.Registration/attendance: e.g. “kept for up to 6 years after the end of the academic year of your last activity, to allow for evaluation and resolution of any queries.”

Linkage keys (identifiers for matching): “kept only while matching and quality checks are still taking place, then removed or replaced with a pseudonymous ID.”

Pseudonymised outcome datasets: e.g. “kept for up to 10 years to allow time‑series analysis and OfS reporting, then fully anonymised so no individual can be identified.

We keep identifiable data only as long as necessary for OfS reporting and evaluation; after that, we either delete it or convert it into anonymised statistical data, in line with Article 5(1)(e) and Article 89 UK GDPR.

Proposed retention table

Dataset Retention Rationale
Registration and attendance records Until the end of the Study Higher programme + 1 year and Up to 6 years after the end of the academic year of your last Study Higher activity. Provides evidence of delivery, validates participation, and supports linkage and query resolution without keeping data longer than necessary.
Paper copies of learners’ personal data, including special category data, provided by learners through completion of Study Higher data capture forms Until data has been inputted onto HEAT or electronic systems which will be within a maximum of 12 weeks from receiving the form This enables us to match students to activities attended and accurately report on this to our funders.
Electronic copies of learners’ personal data, including special category data, provided by learners or schools and colleges through completion of Study Higher online Google data capture forms Until data has been inputted onto HEAT or electronic systems which will be within a maximum of 12 weeks from receiving the form This enables us to match students to activities attended and accurately report on this to our funders.
Paper or electronic copies of sign up forms for residential events or other high intensity events containing additional student information including emergency contact details and allergies/medical conditions Until the end of the residential event or last cohort activity This data is required for health and safety and safeguarding purposes.
Electronic records on HEAT database, from data collection forms and gathered directly from the learners or their schools/colleges under a valid DSA, containing learners’ personal data and including special category data. From the year you are ready to enter Higher Education, your data will be used for 15 years for the purpose of monitoring and evaluation: HEAT retention policy can be found here: https://heat.ac.uk/privacy-notice/.  This is in line with the HEAT retention policy, with which we are contractually agreed to comply. 
Evaluation linkage keys (identifiers for matching) Kept only while matching and quality checks are taking place and for no longer than 6 years after the relevant cohort finishes, then deleted or replaced with a pseudonymous ID. Supports longitudinal outcomes analysis while minimising the period during which direct identifiers are held.
Outcomes analysis datasets (pseudonymised) Kept for up to 10 years to complete OfS reporting and time‑series evaluation, then fully anonymised so no individual can be identified. Enables longer‑term statistical analysis without decisions about individuals, then converted to non‑personal data.
Images/videos with consent Until consent is withdrawn or until the end of the Study Higher programme plus 1 year, whichever is earlier. Used only for the purposes explained in the consent form and removed on withdrawal or schedule expiry.
Communications to parents/carers Until the end of the Study Higher programme. Necessary to send relevant information during the life of the programme, then deleted to minimise holding periods.

 

Rights

Individuals have rights to be informed, access, rectification, erasure, restriction, data portability, objection, and rights related to automated decision‑making and profiling, though applicability varies by lawful basis and research provisions. Objections under public task will be assessed against necessity and proportionality, and research/statistical use under Article 89 does not result in decisions about individuals; requests can be made via the contacts below.

Security

Appropriate technical and organisational (ToM) under Article 32 (1-4) measures to protect personal data, including role‑based access, secure storage, encryption in transit (TLS 1.2 or higher) and at rest (AES256), audit logging, and staff training, with privacy‑by‑design embedded in projects. 

Google Workspace and HEAT both use encryption in transit (for example TLS 1.2 or higher) and at rest, strict role‑based access, logging of system use, and documented incident‑response procedures; access is limited to people who need it to do their job, and all staff receive data protection training.

Changes to this notice

This notice will be updated to reflect programme status, partners, recipients, transfer mechanisms, and retention schedules, and a summary of material changes will be provided.

Last update: December 2025

Contacts and complaints

Questions or requests can be sent to info@studyhigher.ac.uk,

Complaints please direct to  info.sec@brookes.ac.uk, or BrookesDPO@brookes.ac.uk, and concerns not addressed may be raised with the UK Information Commissioner’s Office.

 

Further information about transparency and rights is available from the UK regulator’s resources for individuals and organisations.

Annex A: roles and recipients

  • OfS: National funder and report recipient; receives summary and record‑level data as an independent controller for its statutory monitoring and regulation of access and participation.
  • HEAT: Secure database and analysis service used to record activities and support evaluation; acts as a processor on behalf of Oxford Brookes/Study Higher under an Article 28 data processing agreement; data are hosted in UK data centres. HEAT’s privacy notice can be found here: www.heat.ac.uk/privacy-notice/
  • HESA, NPD (DfE), UCAS: National dataset controllers; data sharing is controller‑to‑controller so they can carry out statutory and research functions under their own privacy notices and legal powers, supported by data sharing agreements. HESA’s privacy notice can be found here: www.hesa.ac.uk/about/website/privacy
  • SEER (Applied Inspiration), Ipsos: External evaluators; act as processors to carry out analysis and reporting on our instructions under contract, including confidentiality, security and (where relevant) international transfer safeguards.
  • Study Higher delivery partners: Provide outreach activities and local monitoring; role (joint controller or processor) is determined in each agreement, with appropriate Article 26 and/or Article 28 arrangements in place.

Annex B: international transfers detail 

  • Google Drive: Google services are regionally set to the UK and EEA.
  • HEAT: data is stored in secure UK data centres with no transfers outside the United Kingdom.

Annex C: profiling statement

Profiling is used only for research and statistical purposes to evaluate outcomes, is not used to make decisions about individuals, and is carried out with Article 89 safeguards such as data minimisation, pseudonymisation where feasible, and avoiding any processing that would cause substantial damage or distress. Individuals may object to processing based on our public task; objections will be considered on a case‑by‑case basis, balancing our statutory and research needs with individual rights, and choosing not to provide equality data or to object will not affect eligibility to take part in activities.

This analysis looks at patterns for groups, not at individual students, and it is never used to make decisions about whether someone can take part, get a place or receive support.