UK Data Service Privacy Statement

This Privacy Statement sets out the personal data which we, at the UK Data Service, collect in the course of our interaction with you and the way in which we handle those personal data.

Personal data which we hold as a data processor (i.e. on behalf of a number of different data controllers) is not addressed in this Privacy Statement. If you are a data subject of any of the data collections in our data catalogue you should contact the relevant Data Protection Officer within the organisation named as the depositor in the catalogue record.

The UK Data Service uses Matomo to analyse website usage in order to report performance and usage to its funding bodies and publicly. This tool gathers the following information about the device you use to access the UK Data Service website:

  • operating system
  • browser
  • browser language
  • browser plugins
  • first octet of your public IP address.

This information is not stored, but instead is hashed to generate a unique and anonymised ID. Every 24 hours, this hash is rotated, which means that when you revisit the UK Data Service website, you will be allocated a different ID, and therefore will not be recognised. As this information is not stored other than for 24 hours as a unique and anonymised ID Matomo is used automatically.

Your personal data is in most cases processed as part of our public task. The UK Data Service, in relying on this basis, does so as its core purpose is to support high quality social and economic research, teaching and learning through assuring long term access to quality economic and social data, supporting and promoting their use, value and impact.

In some cases, we will use another reason, please see the Table below which seeks to break this down clearly, and section 4 for further details.

Data collected Processing basis
Accessing data within our data catalogue or depositing research data with the UK Data Service Public Task
Controlled data access (including access via the SafePod Network and SafePoints) and safe room access Contract
Submitting enquiries to the UK Data Service Public Task
Signing up or attending one of our events Public Task
Feedback on our services from an event Consent
Signing up to our newsletter Consent
UK Data Service online pop-up survey Consent

Registering to access or deposit research data

If you register to access data within our data catalogue or deposit research data with us we collect the following information:

  • full name
  • contact address
  • email address
  • fax and telephone numbers
  • institution and department
  • academic discipline
  • user status
  • date of registration
  • agreement to any end user or special conditions
  • details of any usage(s) registered
  • details of any data accessed/downloaded
  • any username and ID required for user authentication and validation
  • internal user database unique ID
  • ORCID.

Controlled data access and Safe Room access

If you apply to use controlled access data collections, in addition to the information above we collect your IP address, date of birth, nationality and the details of your highest qualification. If you access these data at the UK Data Archive Safe Room or via the SafePod Network (including SafePoints) we also record CCTV for the purposes of information security. In some cases Behaviour Recognition Software may be used to ascertain whether a user’s behaviour is inconsistent with data access conditions.

Safeguarded data subject to the Special Licence User Agreement

Where data owners have agreed, users can apply to access selected Special Licence data from home. The UK Data Service uses Qualtrics to collect additional information on the date you last completed an information security awareness training course.

The information provided in the Qualtrics agreement is collected by the UK Data Service and controlled by the University of Essex; however, additional information may be collected by Qualtrics when visiting their website, for which they will be the Data Controller. Data collected by the Qualtrics application is stored and processed in the United States (US) by Qualtrics. The Qualtrics Privacy Statement can be viewed online.

Submitting enquiries to the UK Data Service

If you submit enquiries to us, we will hold the information you provide for the purposes of investigation and responding to the enquiry. This will usually include your name, email address, and other contact details, but may also include the information listed in the ‘Registering to access or deposit research data’ section above.

Signing up to or attending one of our events

If you sign up to join one of our events (including workshops and webinars) we collect your full name, email address, country, organisation, job title, role, sector, discipline, and your accessibility and dietary requirements (when attending an in person event).

We will also ask for your consent to contact you to obtain feedback on our event.

Signing up to our newsletter

If you subscribe to our newsletter, we collect your full name and email address.

UK Data Service online pop-up survey

If you complete our online pop-up survey and consent to providing your email address we use and store this to:

  • manage issues that you raise
  • respond to your comment
  • contact you if you win an Amazon voucher.

The personal data that we collect from you, and you provide to us, are used for authentication, statistical purposes, and for the management of the service (including registration, providing you with access to research data collections in our catalogue, and investigating and responding to enquiries you submit).

Where you provide your consent, we will directly communicate to you to market events, training or send our newsletter. Your opt-in is required to receive these communications and you have the right to withdraw your consent at any time. If you wish to change your communication preferences, please update your user account area settings, and you can unsubscribe from our newsletter.

The University of Essex is the data controller for the UK Data Service and has agreements with other partners who act as data processors. We only share your personal data either to provide our services or to comply with legislative, regulatory or contractual obligations.

We share this information with:

  1. Partners within the UK Data Service (the Universities of Edinburgh and Manchester; University College, London, and Jisc) who collectively deliver the ‘UK Data Service’ and act as data processors on behalf of the University of Essex;
  2. A data collection depositor in relation to your use of their data collection so that they can contact you directly,
    a. if you breach the terms of our End User Licence, or
    b. the data collection depositor requires information on how you have used their data collection;
  3. Your own institution or organisation where necessary for the administration of the Service;
  4. With your research funder where they require you to deposit data with us in order to confirm to them whether you have deposited your research data;
  5. Third parties who may assist us in investigating or responding to enquiries you submit. We will normally seek your consent for this; and,
  6. The UK Statistics Authority as part of the UK Data Service’s duties under the Digital Economy Act 2017.

We only keep your personal data for as long as is necessary. The decision on the length of time for which we will retain your personal data will depend on the following criteria:

  • legal requirements
  • contractual requirements
  • management of the service
  • browser plugins
  • requirements placed upon us by data controllers.

Anonymised statistical and aggregated information which cannot identify you will be retained for longer periods of time.

Personal data that we hold, is, wherever possible, stored within the UK. However, in some cases it is held within the EEA. We also use a number of US based services to deliver the UK Data Service operations and this may entail transfers to a third Country for processing and storage in order to deliver our services. In compliance with the UK GDPR we seek to ensure equivalent levels of protection for any data transfers. These are reviewed and assessed regularly in accordance with the ICO’s advice and guidance.

Event bookings

For event bookings we use Eventbrite and Zoom, which are services based in the US. This means that any information you provide them may be stored by them in countries outside your country of residence. When you book into one of our events or webinars through Eventbrite or attend using Zoom you may also have to agree to their terms and conditions of service, as set out in the Eventbrite Privacy Policy and the Zoom Privacy Policy.

UK Data Service newsletter

For the purpose of sending you the UK Data Service newsletter we use Email Blaster. Any of your data held by them is stored on servers within the UK. When you sign-up to the newsletter you will also be agreeing to their terms and conditions of service outlined in the Email Blaster Privacy Statement. If you decide not to agree to Email Blaster’s, you can find our published newsletters on our website, but this means you will not be notified or receive the newsletter by email when a new newsletter is released.

We take the protection of your data seriously and the UK Data Archive is ISO/IEC 27001:2013 certified. We protect your personal data via the use of various technical and organisational measures which include, encryption and active directory security groups.

Within your user account area you can change your subscription preferences. However, if you wish to unsubscribe from our newsletter, you can do so.

You have the following rights:

  1. To be informed of how and why we process your personal data. We have sought to achieve this through this Privacy Notice;
  2. To have access to your personal data. You can access your personal data through your user account area;
  3. To amend or rectify your personal data, which can be done through your user account area;
  4. To request deletion of your personal data. Please note, that there may be circumstances where we are legally required or entitled to retain it. For example, in order for us to maintain an audit trail in the event of a personal data breach from controlled access data, we need a record of the users that have downloaded this data and when. If you wish to request deletion of your personal data, please contact our Data Protection Officer (the details to do this can be found in Section 11 below);
  5. To restrict and/or object to the processing of your personal data, in certain circumstances. If you wish to request restriction or objection to the use of your personal data, please contact our Data Protection Officer (the details to do this can be found in Section 11 below); and,
  6. To not have a decision based solely on automated processing. We do not use automated decision making (including profiling) when making a decision.

If you have any further questions about our Privacy Statement, please feel free to contact our Data Protection Officer at:

Data Protection Officer
Office of the Vice-Chancellor
University of Essex
Wivenhoe Park
Colchester
Essex
CO4 3SQ

dataprotectionofficer@essex.ac.uk

This Statement was last updated on 29 October 2024. This is version 01.02 of our new Statement.