Privacy policy

The following relates to how we handle data within ‘CoSy’ at Oxford as well as personal data submitted to us by email in support of the administration of training courses.  

Systems used to manage and support training  

At Oxford, the administration and delivery of training courses are managed through Accessplanit and a range of integrated systems. These platforms are essential for the effective organisation and monitoring of courses. 

Issuing Certificates and Digital Badges 

Certificates and digital badges are provided to participants via platforms such as Accredible (currently in a pilot phase). This allows for secure and verifiable recognition of course completion and achievements. 

Collecting Feedback 

Feedback on courses is gathered through tools including Coursecheck and Microsoft Forms. This feedback allows training teams to evaluate and improve their courses. 

Promoting Courses and Managing Payments 

Email marketing tools are employed to inform and engage potential delegates about upcoming courses. Additionally, dedicated payment systems are used to securely collect course fees from participants. 

Reporting and Data Monitoring 

For monitoring and analysis, reporting services such as the Self-Service Training Data Reports are utilised 

Together, these systems operate under the CoSy framework, enhancing course delivery, supporting delegate engagement, and maintaining high standards of quality assurance throughout the University. 

We handle your data with care 

This policy relates to personal data, as defined by the General Data Protection Regulation (GDPR), held for administration of University of Oxford training courses. 

When we collect your data 

We collect information about you (‘personal data’) when you: 

  • Login to the course booking system to search, book and pay for a course 
  • Provide course feedback via Accessplanit, MS Forms, or Coursecheck 
  • Subscribe/unsubscribe to a mailing list 
  • Book or join a course waiting list 
  • Attend a course, workshop or event (e.g. course attendance registers)  

Types of data we collect about you 

  • Name 
  • Address (non-University delegates) 
  • Email address 
  • Mobile phone number 
  • Dietary or accessibility requirements 
  • Status (e.g. member of university/external) 
  • Role at University (e.g. staff/student) 
  • Affiliation at University (department/college) 
  • Invoicing information 
  • Course information 

We may also automatically collect technical and usage data as described in the original policy. 

How we use data 

Your data is used for: 

  • Course and event administration 
  • Requirements gathering 
  • Analysis and evaluation 
  • Communication 
  • Payment for courses 
  • Management information 
  • Statistics and reporting 
  • Issuing certificates and virtual badges (via Accessplanit or Accredible) 
  • Feedback may be collected using Accessplanit’s built-in survey tool, Microsoft Forms, or Coursecheck. If submitted, feedback may be analysed internally or using AI tools (e.g. ChatGPT). Anonymised feedback may be published with your consent. 

Who has access to your data? 

Access is provided to University staff who need it for their work. This includes: 

  • CoSy administrators across departments 
  • Trainers and managers 
  • Departmental contacts for courses organised on their behalf 
  • Project roles with a legitimate requirement 
  • Heads of department, HR managers, and administrators via the Self-Service Training Data Reports Service  

Third-party service providers 

We also share data with third-party service providers, including: 

  • Accessplanit (booking system) 
  • Feedback and survey platforms such as Coursecheck and Microsoft Forms 
  • Digital credential solutions like Accredible 
  • Email marketing tools 

Third-party systems may additionally be utilised for the collection of card payments. 

All providers are subject to the University's data and financial protection assessments, financial regulations, and contractual safeguards. 

Marketing 

We only send marketing communications where you have opted in. You can manage your preferences during course booking or by contacting training.management@it.ox.ac.uk

Security, Storage, and Retention 

Your data is stored securely in accordance with University policies. Transfers outside the EEA are governed by appropriate safeguards. 

Feedback data is retained only as long as necessary for reporting and quality improvement. A retention schedule is being developed to support regular data clean-up. 

Your Rights 

You have rights to access, correct, or request deletion of your data. Contact training.management@it.ox.ac.uk for queries or to exercise your rights.