4. Where the data we hold comes from
We will collect data directly from you when you agree to take part in research.
We may receive data from other universities, or through other partnerships and affiliations with recognised research organisations.
Some of the data we process are provided to us on behalf of third-party data controllers including the Department for Education, Ministry of Justice or other organisations. In some we will only be the processor of those data and in other circumstances the other party may also be a controller of that data.
5. Who we share your data with
The Participant Information Leaflet should outline whom your personal data may be shared with. This could include the research project team and collaborators from external organisations who are also working on the research project. We will not disclose the information unless there is a justified reason for the purposes of achieving the research outcomes.
Most personal information used in research will be de-identified before sharing more widely or publishing the research outcomes. If it is not possible to de-identify your information, we may ask for your consent to share or otherwise rely on another legal basis to share your information. If this is the case, this will be clearly specified in the study specific Participant Information Leaflet.
6. Where we keep your data and how long we keep it for
Our researchers will not keep your information for longer than is necessary for the purposes of the research. Personal data will be anonymised or pseudonymised, by removing identifying information and replacing this with an artificial identifier or code, where possible. The duration of time for which we will store your data is dependent on a number of factors, such as the requirements of the research funder or the nature of the research. You will be provided with information about how long your personal information will be kept within the Participant Information Leaflet.
We have retention schedules that set out how long we keep information of all types, including personal data of staff.
If we have to transfer any of your personal data outside the European Economic Area (EEA), we ensure the receiving country or organisation is deemed to have adequate data protection provision. Where a country or organisation does not have adequate protections we will put safeguards in place. Details of these safeguards can be provided to you upon request.
7. Changes to this Privacy Notice
This privacy notice was published on 15 March 2022. We may change this privacy notice from time to time.