Privacy policy

This Privacy Policy sets out the personal data which we, at the UK Data Service, collect in the course of our interaction with you and the way in which we handle those personal data.

Personal data which we hold as a data processor (i.e. on behalf of a number of different data controllers) is not addressed in this Privacy Policy. If you are a data subject of any of the data collections in our data catalogue you should contact the relevant Data Protection Officer within the organisation named as the depositor in the catalogue record.

The UK Data Service currently uses two tools to analyse usage statistics in order to report performance and usage to its funding bodies.

One of these is Matomo, and it gathers the following information about the device you use to access the UK Data Service website:

  • operating system
  • browser
  • browser language
  • browser plugins
  • first octet of your public IP address.

This information is not stored, but instead is hashed to generate a unique and anonymised ID. Every 24 hours, this hash is rotated, which means that when you revisit the UK Data Service website, you will be given a different ID, and therefore will not be recognised. As this information is not stored other than for 24 hours as a unique and anonymised ID Matomo is used automatically.

The other tool is Google Analytics which we have retained whilst assessing the value of the information collected by Matomo. Google Analytics places a cookie on your computer to assist in collecting statistical information about your use of our site. You are automatically opted out of Google Analytics, but you can opt in by clicking on the ‘Accept Analytics’ button when you first enter our site. If you accept analytics in this way we will use Google Analytics to measure how you use our site so we can improve it based on our understanding of user needs. You can at any time opt out of being tracked by Google Analytics.

If you register to access data within our data catalogue or deposit research data with us we collect the following information:

  • full name
  • contact address
  • email address
  • fax and telephone numbers
  • institution and department
  • academic discipline
  • user status
  • date of registration
  • agreement to any end user or special conditions
  • details of any usage(s) registered
  • details of any data accessed/downloaded
  • any username and ID required for user authentication and validation
  • internal user database unique ID.

Controlled data access

If you apply to use controlled access data collections in addition to the information above we collect your IP address, date of birth, nationality and the details of your highest qualification. If you access these data at the UK Data Archive we also record CCTV for the purposes of information security.

Signing up to or attending one of our events

If you sign up to join one of our events (including workshops and webinars) we collect your full name, email address, country, organisation, job title, role and your accessibility and dietary requirements (when attending a workshop).

Signing up to our newsletter

If you subscribe to our newsletter, we collect your full name and email address.

The personal data that we collect from you, and you provide to us, are used for authentication, statistical purposes, and for the management of the service (including registration and providing you with access to research data collections in our catalogue).

Your personal data is processed as part of our public task.

Where you provide your consent, we will directly communicate to you to market events, training or send our newsletter. Your opt-in is required to receive these communications and you have the right to withdraw your consent at any time. If you wish to change your communication preferences, please update your account settings, and you can unsubscribe from our newsletter.

We only keep your personal data for as long as is necessary. The decision on the length of time which we will retain your personal data for will depend on the following criteria:

  • legal requirements
  • contractual requirements
  • management of the service
  • requirements placed upon us by data controllers.

Anonymised statistical and aggregated information which cannot identify you will be retained for longer periods of time.

We only share your personal data to provide our services or to comply with legislative, regulatory or contractual obligations. We share this information with (i) a data collection depositor in relation to your use of their data collection, if you breach the terms of our End User Licence, or the data collection depositor requires information on how you have used their data collection; (ii) your own institution or organisation where necessary for the administration of the Service; and (iii) where your research funder requires you to deposit data with us so as to confirm whether you have deposited your research data.

Safeguarded data with additional conditions of access

If you access safeguarded data with additional conditions of access, we share this information, where necessary, with the relevant data controller(s), and with your institution.

Special licence data

During the COVID-19 current lockdown period, where data owners have agreed, users can apply to access selected Special Licence data from home.
The UK Data Service is using Qualtrics to collect additional information on the date you last completed an information security awareness training course.

The information provided in the Qualtrics agreement is collected by the UK Data Service and controlled by the University of Essex; however, additional information may be collected by Qualtrics when visiting their website, which they will be the Data Controller for. Data collected by the Qualtrics application is stored and processed in the United States (US) by Qualtrics, as described in their privacy statement.

Controlled data access

If you access controlled data, we share this information, where necessary, with the relevant data controller(s), and with your institution.

Personal data that we hold, is wherever possible stored within the UK. However, in some cases it is held within the EEA. We also use a number of US based services to deliver the UK Data Service operations and this may entail transfers to a third Country for processing and storage in order to deliver our services. In compliance with the UK GDPR additional safeguards are applied to ensure that we can maintain equivalent levels of protection for any data transfers. These are reviewed and assessed regularly in accordance with the ICO’s advice and guidance.

Event and webinar bookings

For event bookings and webinars we use Eventbrite and Zoom, which are services based in the US. This means that any information you provide to them may be stored by them in the US or in other countries which are outside your country of residence. When you book into one of our events or webinars you may also have to agree to their terms and conditions of service, as set out in the Eventbrite Privacy Policy and the Zoom Privacy Policy.

UK Data Service newsletter

For the purpose of sending you the UK Data Service newsletter we use Mailchimp, a service based in the US. This means any information you provide to Mailchimp is stored by them in the US. When you sign-up to the newsletter you will also be agreeing to their terms and conditions of service outlined in the Mailchimp Privacy Policy. If you decide not to agree to Mailchimp’s terms of service, you can find our published newsletters on our website, but this means you will not be notified or receive the Newsletter by email when a new newsletter is released.

We take the protection of your data seriously and the UK Data Archive is ISO/IEC 27001:2013 certified. We protect your personal data via the use of various technical and organisational measures which include, encryption and active directory security groups.

Within your user account area you can change your subscription preferences. However, if you wish to do so you can unsubscribe from the newsletter.

You have the following rights:

  1. To be informed of how and why we process your personal data. We have sought to achieve this through this Privacy Notice;
  2. To have access to your personal data. You can access your personal data through your user account;
  3. To amend or rectify your personal data, which can be done through your user account;
  4. To request deletion of your personal data. Please note, that there may be circumstances where we are legally required or entitled to retain it. For example, in order for us to maintain an audit trail in the event of a personal data breach from controlled access data, we need a record of the users that have downloaded this data and when. If you wish to request deletion of your personal data, please contact our Data Protection Officer (the details to do this can be found in Section 9 below);
  5. To restrict and/or object to the processing of your personal data, in certain circumstances. If you wish to request restriction or objection to the use of your personal data, please contact our Data Protection Officer (the details to do this can be found in Section 9 below); and,
  6. To not have a decision based solely on automated processing. We do not use automated decision making (including profiling) when making a decision.

If you have any further questions about our Privacy Notice, please feel free to contact our Data Protection Officer at:

Data Protection Officer
IT Services
University of Essex
Wivenhoe Park
Colchester
Essex
CO4 3SQ

Email: DPO@essex.ac.uk

If we cannot resolve any data privacy issues, or you are unhappy with our decisions, you have the right to complain to the Information Commissioner’s Office.

This policy was last updated on 30 August 2023.