Skip to main content

General Privacy Notice and Copyright Statement

General Privacy Notice 

Like all universities, 3PԼ collects and uses data about people which is called personal data. The use of this data is governed by data protection laws. In the UK these laws are the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018.

This page provides a general overview of how 3PԼ complies with the legislation, your rights about how your data is managed and how you can contact us if you have questions. You can find more detailed information about our approach to data protection and other information laws by visiting our dedicated pages. 

3PԼ is the Data Controller of your personal data. This means we make decisions about what data we collect from you and how we use it in line with the law.  

What data we collect about you and how we use the data depends on your relationship with us e.g., whether you are an applicant, a student or former student, a research participant, or a member of staff. We have dedicated privacy notices for each of these areas. Please visit the relevant web pages of each section of our website to access the corresponding privacy notice which provides detailed information on how we use your data for that area. You can also contact the data protection team on the details below to get a copy of any privacy notice.

General Information

The following information provides an overview of key points that all individuals who provide personal data to us need to know.

How to contact us about data protection queries

If you have questions relating to data protection at the university you can contact our data protection team on data-protection@brunel.ac.uk. The data protection team is led by our Head of Privacy who is also the Data Protection Officer. 

Our Lawful Basis

When we process your personal data, we need to have a lawful basis to do so. A lawful basis is a reason in law that permits us to use your data for a specific purpose. The lawful basis we use depends on what we are doing with your data (our purpose for having it).  We have summarised our key lawful basis and our purpose for having your data below. 

Lawful Basis


Public Task

1) Any activity related to awarding a degree including:

- Managing the student record

- Administering processes that affect progression and retention

- Examinations & assessments

2) Activities involved in participating in scientific research

3) The reporting of data to regulatory or statutory bodies including the Office for Students, HESA, NSS, etc.

4) The use of data for public health purposes including the monitoring of Covid-19 cases

5) The provision of occupational health and medical services 


1) Any activity related to:

- Applying to study or work with us  

- A contract of employment

- A contract to study including accepting our terms and conditions

- Payment of fees

- Assessing performance  

- Providing you with services such as student support, access to accommodation or employee benefits

Legal Obligation

1) Any activity that is required by a law including:

- The collection and use of data to ensure we comply with the Equality Act 2010.

- The collection and use of data that is required to ensure compliance with Health & Safety legislation.

- The collection and use of data to ensure compliance with financial, taxation and pensions legislation.

- The collection and use of data to ensure compliance with immigration legislation and terms of our UKVI licencing conditions. 

Legitimate Interest

Activities that have minimal impact on you however are important for us to ensure that we can operate effectively including:

1)    Recording our lectures.

2)    Administering our events and open days.

3)    Filming and photography at our events and open days.

4)    Managing our alumni service.

5)    Operating a secure computer and IT network.

6)    Promoting our university to the outside world and seeking donations.



We will only seek your consent to process personal data in limited circumstances where you have a genuine choice, and you can say no without detriment. If we rely on consent, we will explain clearly what you are consenting to and how you can manage that consent.  You can withdraw that consent at any time. Examples of when we will seek your consent:

1)    When we want to send direct marketing to your personal email address, and we haven’t heard from you before.

2)    When you want us to discuss your queries with someone else such as a relative or guardian

3)    When you want us to share your details with a 3rd party so they can contact you.


Securing your Data

In order to protect your data, we ensure that there are appropriate technical and organisational controls in place on all of our systems and continuously review these controls to ensure they are effective. Examples of our controls include:

Technical measures such as role based access contorls, encryption, password protection, antivirus and antimalware mechanisms and intrusion detection systems.

Organisational measures including robust policies, documented processes, staff training, and managing access to data.

Location of your Data

Wherever possible, we will store personal data within the UK or in a data centre located within the European Union or European Economic Area. In some cases, we may use suppliers who run their operations outside the European Economic Area (EEA). Although they may not be subject to same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. The steps we take will depend on the type of data and the location of the supplier however, some of our measures include a robust due diligenceprocess, technical measures to protect your data and contractual measures that require our suppliers to treat your data securely and in a way that maintains confidentiality.  

Disclosing your Data

Some of our legal and regulatory obligations require us to disclose data about you to third parties. Each disclosure request will be considered carefully, and we will only disclose the minimum amount of personal data required to meet our obligations. The following organisations will receive information about you if a valid request is received or if we are legally required to provide it.

  • The police and law enforcement agencies for the prevention and detection of crime
  • Regulatory bodies including the Office for Students, the General Medical Council and the Disclosure & Barring Service.
  • Statistical agencies including HESA.
  • Examination and Assessment Boards.
  • Student Finance England.
  • The Home Office and UK Visas and Immigration.
  • The Department of Work and Pensions.
  • The Health & Safety Executive.
  • Trade Unions including the UCU, UNISON, UNITE and the GMB.  
  • Pensions Providers.
  • Occupational Health Providers.
  • Public Heath England.

Records Retention

How long we keep your data depends on what we have collected it for and whether there is a law that sets a minimum legal retention period. We have a dedicated retention schedule that sets out how long we keep personal data. You can obtain a copy of our retention schedule by emailing recordsmanagement@brunel.ac.uk.

For applicants who decide not to study with us, we will keep your enquiry details on file one year after your specified year of entry expires.

You can update, cleanse or delete your own data via our , to ensure we have accurate contact details for you. If and when you apply to 3PԼ, your enquiry details will be overwritten by your application details.


To understand who is applying to our courses we will segment the information we hold about student applicants based on demographics and interests. Such data will be de-identified and used for statistical and analytical purposes only.  Analysis of this helps us understand our enquiries and ensure we tailor our courses to meet the latest needs and expectations of learners who want to study with us.

When you use our website, we will seek your consent to place analytics cookies on your computer. These cookies will give us information about the parts of the website you visit and how you interact with our pages. If you do not want us to place analytics cookies on your computer, please select “Use Necessary Cookies only” when prompted by the cookie banner at the bottom of a webpage. For more information about how we use cookies, please read our cookies policy. 

Direct Marketing

When we send prospective applicants, or alumni electronic direct marketing, we must comply with the legislation called the Privacy & Electronic Communications Regulations 2003. This law sets rules that we have to follow to make sure that our electronic marketing is fair and respects peoples’ privacy.  It is always the choice of the individual as to whether they want to receive information about studying at 3PԼ, our events and the ways people can get involved. We will always ask if you want to hear from us with these communications. If you do not want us to use your personal information in these ways, please indicate your preferences on the form on which we collect your data. You can also opt out of our marketing communications at any time by clicking the ‘unsubscribe’ link at the end of any of our marketing emails. You can also change any of your contact preferences at any time or you can opt-out of your data being utilised via the enquiry platform after you . Finally, you can withdraw your consent to receive direct marketing by emailing data-protection@brunel.ac.uk.

We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes when you enquire to study at 3PԼ. However, once you apply to study at 3PԼ, we will contact you about your application and about life at 3PԼ. This is not considered direct marketing and we need to send you this information as part of a contract between us.  

Your Rights

In the UK everyone has rights about how their personal data is managed. The rights are:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

You can make an information rights request at any time by contacting our data protection team via email: data-protection@brunel.ac.uk

or by post: Data Protection Officer, 3PԼ, Kingston Lane, Uxbridge, UB8 3PH.

There is no charge to submit a rights request, but we may ask you to verify your identity. We may also communicate with you to determine the scope of your request. 

In most cases we have one calendar month to respond to your request when we have verified your identity. Where a request is complex, we are permitted to extend that deadline by a further two months, but we will write to you and let you know ahead of the deadline if we need to do this.

 Raising a Concern

If you are not satisfied with how we are processing your personal data, you should email data-protection@brunel.ac.uk in the first instance. If you are not satisfied with our response, you have the right to make a complaint to the Information Commissioners Office. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website available at: 

Cookies and Log Files

The University maintains a log of web server activity to make sure we manage our site effectively, to investigate broken links and to provide statistics. These files contain your personal data including information such as your computer's IP address, what files you have requested and which browser you are using. They do not identify your email address or any other personal data about you.

We may also use 'cookies' to monitor use of our website in order to see which pages you have visited and how long you have spent on them. Cookies are text files that identify your computer to the University's server. You have the option of setting your browser's preferences to refuse cookies, but this may limit the services you can access through our web pages.

See detailed information about cookies on the 3PԼ website.

External Links

Please note that the University has no control over, or responsibility for, the privacy policies of third-party websites which may be accessed from 3PԼ's own website. Once you have left our website, 3PԼ's privacy policy no longer applies.

Copyright Statement 

The copyright and intellectual property rights of all material held on the 3PԼ website belong to the University and its staff or students or have been licensed to the University.

With the exception of the logo and trademarks, the University allows the copying of material from its website solely for personal use or for reference under the  but the reproduction, publication, distribution or broadcast of material for any commercial purpose is strictly forbidden without prior permission from the University. No content may be altered or adapted in any way and permission must be obtained for its inclusion in any papers or other publications. If you wish to apply for copyright clearance to reproduce content, please contact the Copyright and Digital Resources Officer.

The reproduction, adaptation or manipulation of the University logo, crest or any trademarks is not allowed without prior consent. Permission must be obtained from the University for the use of its logo on any documents, papers or reports, other than for official 3PԼ business. If you wish to use the logo for any reasonable purpose, please contact Print Room for permission and instructions on how to download a high-resolution version.

You may link to the University home page without permission and other educational establishments may link to specific pages and documents on the University website without prior consent. A link to the University from a third-party web page does not imply any endorsement from the University of that web site and no endorsement is implied by any links from 3PԼ's web pages to third party sites.