The UK Data Service uses a tool to analyse usage statistics in order to report performance and usage to its funding bodies. The tool used is Matomo, and it gathers the following information about the device you use to access the UK Data Service website:
- Operating system
- Browser language
- Browser plugins
- First octet of your public IP address
This information is not stored, but instead is hashed to generate a unique and anonymised ID. Every 24 hours, this hash is rotated, which means that when you revisit the UK Data Service website, you will be given a different ID, and therefore will not be recognised.
If you register to access data within our data catalogue or deposit research data with us we collect the following information:
- full name
- contact address
- email address
- fax and telephone numbers
- institution and department
- academic discipline
- user status
- date of registration
- agreement to any end user or special conditions
- details of any usage(s) registered
- details of any data accessed/downloaded
- any username and ID required for user authentication and validation
- internal user database unique ID
Controlled data access
If you apply to use controlled access data collections in addition to the information above we collect your IP address, date of birth, nationality and the details of your highest qualification. If you access these data at the UK Data Archive we also record CCTV for the purposes of information security.
Signing up to or attending one of our events
If you sign up to join one of our events (including workshops and webinars) we collect your full name, email address, country, organisation, job title, role and your accessibility and dietary requirements (when attending a workshop).
Signing up to our Biannual Newsletter
If you subscribe to our Biannual Newsletter, we collect your full name and email address.
The personal data that we collect from you, and you provide to us, are used for authentication, statistical purposes, and for the management of the service (including registration and providing you with access to research data collections in our catalogue).
Your personal data is processed as part of our public task.
Where you provide your consent, we will directly communicate to you to market events, training or send our Newsletter. Your opt-in is required to receive these communications and you have the right to withdraw your consent at any time. If you wish to change your communication preferences, please update your account settings, and you can unsubscribe from our Newsletter.
We only keep your personal data for as long as is necessary. The decision on the length of time which we will retain your personal data for will depend on the following criteria:
- legal requirements
- contractual requirements
- management of the service
- requirements placed upon us by data controllers
Anonymised statistical and aggregated information which cannot identify you will be retained for longer periods of time.
We only share your personal data to provide our services or to comply with legislative, regulatory or contractual obligations. We share this information with (i) a data collection depositor in relation to your use of their data collection, if you breach the terms of our End User Licence, or the data collection depositor requires information on how you have used their data collection; (ii) your own institution or organisation where necessary for the administration of the Service; and (iii) where your research funder requires you to deposit data with us so as to confirm whether you have deposited your research data.
Safeguarded data with additional conditions of access
If you access safeguarded data with additional conditions of access, we share this information, where necessary, with the relevant data controller(s), and with your institution.
Special licence data
During the COVID-19 current lockdown period, where data owners have agreed, users can apply to access selected Special Licence data from home.
The UK Data Service is using Qualtrics to collect additional information on the date you last completed an information security awareness training course.
The information provided in the Qualtrics agreement is collected by the UK Data Service and controlled by the University of Essex; however, additional information may be collected by Qualtrics when visiting their website, which they will be the Data Controller for. Data collected by the Qualtrics application is stored and processed in the United States (US) by Qualtrics, as described in their privacy statement.
Controlled data access
If you access controlled data, we share this information, where necessary, with the relevant data controller(s), and with your institution.
Personal data that we hold, is wherever possible stored within the UK. However, in some cases it is held within the EEA. We also use a number of US based services to deliver the UK Data Service operations and this may entail transfers to a third Country for processing and storage in order to deliver our services. In compliance with the UK GDPR additional safeguards are applied to ensure that we can maintain equivalent levels of protection for any data transfers. These are reviewed and assessed regularly in accordance with the ICO’s advice and guidance.
Event and Webinar bookings
UK Data Service Biannual Newsletter
We take the protection of your data seriously and the UK Data Archive is ISO/IEC 27001:2013 certified. We protect your personal data via the use of various technical and organisational measures which include, encryption and active directory security groups.
You have the following rights:
- To be informed of how and why we process your personal data. We have sought to achieve this through this Privacy Notice;
- To have access to your personal data. You can access your personal data through your user account;
- To amend or rectify your personal data, which can be done through your user account;
- To request deletion of your personal data. Please note, that there may be circumstances where we are legally required or entitled to retain it. For example, in order for us to maintain an audit trail in the event of a personal data breach from controlled access data, we need a record of the users that have downloaded this data and when. If you wish to request deletion of your personal data, please contact our Data Protection Officer (the details to do this can be found in Section 9 below);
- To restrict and/or object to the processing of your personal data, in certain circumstances. If you wish to request restriction or objection to the use of your personal data, please contact our Data Protection Officer (the details to do this can be found in Section 9 below); and,
- To not have a decision based solely on automated processing. We do not use automated decision making (including profiling) when making a decision.
If you have any further questions about our Privacy Notice, please feel free to contact our Data Protection Officer at:
Data Protection Officer
University of Essex
If we cannot resolve any data privacy issues, or you are unhappy with our decisions, you have the right to complain to the Information Commissioner’s Office.
This policy was last updated on 16 April 2021.