IT Services logo|University of Oxford brandmark

ACIT Privacy Policy for Training Courses and Events

This policy relates to personal data, as defined by the Data Protection Act 1998, held for the administration of ACIT training courses and events.

Policy statement

ACIT collects and stores data for the purposes of course, event administration, summary personal development records and portfolios, and requirements gathering exercises. It is the policy of ACIT to ensure that data is stored securely and checked for authenticity and accuracy as the opportunity arises. Data may be stored on a long-term basis so that appropriate summary data can be provided to departments/colleges/services on request and to assist management decisions in ACIT/IT Services.

How is data collected?

The ACIT course booking systems hold records of each personal booking on a course/event run or organised by the ACIT. These systems include a database whose data originates from web forms, and is entered by course participants, trainers and administrators.

ACIT uses an SMS system to communicate information about course bookings. This is an optional service to which course participants can choose to opt-in.

ACIT uses the University Online Store to collect payment for courses/events and resources.

ACIT uses online feedback tools to collect feedback about its courses and events. Feedback questionnaires are sent to course participants via email. Participants can choose not to answer feedback questionnaires. Feedback is usually anonymised.

ACIT uses various online survey tools to support requirements gathering initiatives.

ACIT uses mailing lists to communicate information about forthcoming courses and events. This is an optional service to which any University member can choose to opt in.

From time to time ACIT may make video, audio, and still image recordings for educational and promotional use. These may be used as a record of an event or for publicity purposes. If participants do not want to be included in photographs or video recordings they can make their wishes known at the time.

What is done with and to the data?

The ACIT course booking systems

The information is used to enable efficient course administration including lists, managing attendance and waiting lists, confirming places and sending course reminders, and briefing of course tutors. Registration data is supplemented with attendance data after a course has taken place.

Paper attendance lists are produced for participants to check in on arrival at a course. In such cases some data is disclosed to other course participants.

Information in relation to a person's booking and attendance will, from time to time, be shared with other people within the University who we believe have a legitimate need to know, including heads, HR managers — information about bookings/attendance for particular courses will also be shared with the tutor and or course provider- either external or internal — for that course.

The data is also processed so as to provide ACIT performance indicators and management information (decisions about funding and repetition of courses, etc).

Data will be used to enable the production of attendance certificates for university members who complete courses and to confirm achievement of qualification where appropriate. These details will only be released to another institution / provider when requested by the individual concerned. Staff receiving or transferring sensitive data beyond the University of Oxford are mindful of the need to maintain confidentiality and the requirements of the Data Protection Act.


This system is used to send out course reminders and for ad-hoc communication relating to course administration only.

Online Store

Data is used to track and manage payments for courses/events and resources. Please see the policy on the online store website

Online course feedback tools

Anonymised feedback from questionnaires is reviewed by teachers and the managers of the courses and events. It is used to monitor the teaching and administration of the programmes.

Summarised data is used for reports for internal distribution at the university.

Quotes collected from participant feedback may be used, suitably anonymised, in promotional material.

Online surveys for data gathering

Online survey tools are often used to gather feedback and ideas for improving existing services. Before any distribution of the information it will be made anonymous unless agreed explicitly with the respondent. Generally the survey is aggregated to provide anonymous statistics to service owners.

Mailing lists

Such email lists will not be made available to non-IT Services staff.

Photographs and Video Recordings

From time to time ACIT may make video, audio, and still image recordings for educational and promotional use. If at a later date a participant sees a picture of themselves used in our publicity with which they are not happy, they can contact us and we will make best efforts to withdraw the image.

How is the information stored?

Information is stored on paper and computer.

Sensitive data - both on paper and computer - is stored, received and transferred in a confidential manner.

How long are the data stored for?

Appropriate data are stored for as long as is necessary in order to satisfy the above needs. Paper records used for course registers are kept for five years and then destroyed. When an individual leaves the university, personal data is disassociated from the course database and personal data is deleted. It is the responsibility of course participants to ensure that they have records of their course attendance before they leave the University as it is not possible to supply these retrospectively.

The feedback from courses and events (much of it anonymous) is retained for a maximum of 5 years for periodic review (or equivalent) purposes.

Who has access to the data?

The ACIT booking systems are available to appropriate staff in IT Services who enter, retrieve and process information for course administration and summary purposes. Access to databases is restricted by password protection. Departments/colleges/services which request reports will have access to the summary, but not the unprocessed, data. Summary data may include categories of staff/student, course titles and dates.

Where a course has been organised on behalf of a department the names of participants, attendance reports and anonymised feedback will be passed to the department.

ACIT sometimes partners with other training providers within the University such as the Bodleian Libraries or external to the University such as the British Computing Services, Apple etc. Appropriate data will be shared with these providers.

Access to survey data is restricted by password depending on the nature of the survey. In general only IT Services staff can get access to survey data and other members of the University must request information. Such requests are reviewed on a case by case basis in accordance with this policy.

How are the data checked for accuracy?

Inaccuracies in data will be resolved as they arise.

If it becomes apparent that inaccurate information is held, this data can be corrected by emailing:

Can a course or conference participant request to see the data stored on him/her?

Participants may ask to receive a copy of the data stored on him/her. Applications should be made to

For ITLP courses current university members can check their own records by logging into My Account.