Security and CCTV

In the course of providing their services, the Oxford University Security Services (OUSS) collect information about yourself (‘personal data’). This data can be provided by the data subject, such as when you report an incident; by your department, such as when requesting vetting services; and in some cases it is collected in the course of delivering the service, such as CCTV images. We (the University of Oxford) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation. 

Expand All

We will use your data for a number of reasons related to safety and security, including but not limited to:

  • Informing you of potential risks in your building or area
  • Providing support in the event of a safety, security and welfare incidents
  • Responding to emergencies and incidents that require us to contact you 
  • Supporting the local police in the course of their duties
  • Vetting
  • University Staff Parking Permit Scheme – for parking enforcement
  • Communication – estates radio system, Security Liaison Officer group, Head Porters Liaison Group
  • Telephone recording - for control room operator(s) and supervisor telephones. For further information see below

Telephone recording

The University Security Services provide a monitoring service for building alarms and an incident response service.  Telephone calls into the control room are recorded to provide an exact record of the conversation and establish: facts of a reported incident; facts in the event of a customer complaint; facts appertaining to the response to a call or incident; to identify training needs and support new and existing officer training programmes; monitor quality control in processes and provide evidence for the prevention and detection of crime and public safety.  Access to the recorded conversations is restricted and subject to Senior Managers authorisation.

We need to process your data for this purpose/these purposes to meet our legitimate interests relating to the governance, management and operation of the University, in this case providing a safe and secure physical environment to all staff, students and visitors.

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose. 

Access to your data within the University will be provided to those who need to view it as part of their work in carrying out the purposes described above. 

We may share your data with companies who provide services to us, such as for vetting and Bike Register. These companies are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.

In the case of CCTV images we may also share your data with the following organisations for the reasons indicated:

  • Thames Valley Police – for the prevention and detection of crime and to support police investigations.
  • British Transport Police, Oxford City Council, Oxford County Council, Oxford Brookes University – as part of co-ordinated efforts to reduce crime in Oxford

Where we share your data with a third party, we will seek to share the minimum amount necessary and only where the University is of the opinion that there is a lawful, justified, and proportionate reason to do so.

The length of time we retain your data depends on the type of data:

  • CCTV images - 30 days at which point it is automatically overwritten, unless the images have been requested by a third party as described above.
  • Vetting information – 93 day auto-delete carried out by the contractor, Horus. 100 days for hard copy information
  • Command & Control incident logs– 3 years at which point incident logs are auto deleted.
  • Command and control - data base that contains details of person(s) with specific responsibility for the building – data is retained for as long as that person holds that responsibility.
  • Parking database – data culled from Estates Services Planon system at the end of the current permit year.
  • Telephone recordings - auto deleted after 30 days
  • Bike register details – culled 30 days
  • Estates radio system, Security Liaison Officers group and Head Porters Liaison Group contact details retained for as long as that person holds that specific responsibility.

Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website

We store and use your data on University premises, in both a manual and electronic form.  

Information on your rights in relation to your personal data are explained here.

If you wish to raise any queries or concerns about our use of your data, please contact us at

For queries about your rights please contact

Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time.

Contact us

If you wish to raise any queries or concerns about our use of your data, please contact us at

For queries about your rights please contact