Use the links below to quickly navigate to the information you are looking for:
- About this Notice
- Collecting and using your personal data for research
- Your rights under Data Protection when participating in research projects
- Processing of your personal data
- Sharing of your personal data
- Keeping your personal data secure
- Retention of your personal data
- Data subject rights
- Who to contact and complaints
- Changes to this Privacy Notice
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.
The University of Warwick is committed to undertaking research to the highest standards of integrity, and this includes compliance with the relevant data protection legislation: the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA).
The GDPR governs the way in which organisations use personal data, defined as: any information about an individual from which that person can be identified. It does not include anonymous data where the identifying information has been removed.
Under the GDPR there are “special categories” of more sensitive personal data which require a higher level of protection.
This privacy notice explains how the University of Warwick will process and use personal data collected from you as part of a research project and your rights under data protection.
As a University we use personally-identifiable information to conduct research as part of the core activities set out in our Charter and Statutes.
The legal basis under which we will process your personal data for research is called ‘task in the public interest’ (Article 6 of the GDPR). In the cases of ‘special category data’, in addition to Article 6, the legal basis is for ‘archiving purposes, scientific or historical research purposes or statistical purposes in the public interest’ (Article 9 of the GDPR).
The University will use your information only for the purposes of research and we will not use your information or contact you for any purpose other than research unless you have agreed to this. Should you choose to take part in a University of Warwick research project, you should receive project specific information, in the form of a Participant Information Leaflet. You should also be provided with Consent Forms, and it is important that you read this information carefully so that you understand how and why the University wishes to collect and use your personal data.
As a publicly-funded organisation, we have to ensure that it is in the public interest when we use personally-identifiable information from people who have agreed to take part in research. This means that when you agree to take part in a research study, we will use your data in the ways needed to conduct and analyse the research study. Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw your participation from the study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.
If it is considered necessary to refuse to comply with any of your data protection rights in order to protect the integrity and validity of the research, you will be informed of the decision within one month and you also have the right to complain about our decision to the Information Commissioner.
With regards to the processing of your data, in most cases the University of Warwick will be classified as the ‘Data Controller’. This means that we will be responsible for deciding how your personal information is collected, used, shared, archived and deleted (processed).
The type of personal information collected and used will depend on the particular research objectives of the project you are taking part in, and this should be clearly outlined in the Participant Information Leaflet that you should receive before you participate in the project.
The Participant Information Leaflet will also detail if your data may be used for future research, including impact activities following review and approval by an independent Research Ethics Committee, subject to your consent at the outset of this research project.
Research data will often be anonymised as quickly as possible after data collection. It will not normally be possible to withdraw your data after this point.
In addition, data which is collected anonymously cannot be withdrawn once you have given permission for it to be used.
The privacy of your personal data is extremely important to The University of Warwick (UoW). As such, we expect our researchers to operate to the highest standards of data protection and to keep your personal information safe and secure. We will not disclose the information unless there is a justified reason for the purposes of achieving the research outcomes.
The Participant Information Leaflet should outline whom your personal data may be shared with. This could include the research project team and collaborators from external organisation who are also working on the research project.
Most personal information used in research will be de-identified before sharing more widely or publishing the research outcomes. If it is not possible to de-identify your information, we may ask for your consent to share or otherwise make your personal information available to others. If this is the case, it will be specified in the study specific Participant Information Leaflet.
The University may sometimes use products or services provided by third parties who carry out a task on our behalf, such as Files.Warwick, which is used for sharing research data for collaboration. In such circumstances, the University, as the Data Controller, remains responsible for your personal information and will ensure that appropriate contractual terms and safeguards are in place.
The UoW keeps your personal data secure at all times using both physical and technical measures.
The security of your data is of great importance to the University of Warwick and we therefore have robust procedures in place to protect your data.
Together with security standards and technical measures that ensure your information is stored safely and securely, we also have in place policies and procedures that tell our staff and students how to collect and use your information safely and provide training which ensures our staff and students understand the importance of data protection and how to protect your data.
All research projects involving personal data are scrutinised and approved by a research ethics committee. In addition, the University will carry out data protection impact assessments on high risk projects, and when working with external collaborators, we will put in place appropriate contracts to protect your information. Should the proposed research project include collaborators outside of Europe, we will ensure that they have adequate data protection laws or are part of privacy and security schemes such as the privacy shield in the US.
Where UoW engages a third party to process personal data it will do so on the basis of a written contract which conforms to the security requirement of the GDPR and DPA 2018.
UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
UoW also ensures that we have appropriate processes in place to test the effectiveness of our security measures.
The GDPR and DPA 2018 requires that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances).
The University expects that its researchers will not keep your information for longer than is necessary for the purposes of the research and will be anonymised or pseudonymised, by removing identifying information and replacing this with an artificial identifier or code, where possible. The duration of time we will store your data is dependent on a number of factors, such as the requirements of the research funder or the nature of the research. Further details about how long personal information obtained for research is kept can be found in our University Records Retention Schedule.
You will usually be provided with information about how long your personal information will be kept within the aforementioned Participant Information Leaflet.
Under the GDPR and DPA 2018 you have a number of important rights free of charge.
You have the right to:
- Be informed of how we collect and use your personal data;
- Access your personal data;
- Require us to correct any mistakes in the data we hold on you;
- Require the erasure of personal data concerning you in certain situations;
- Restrict our processing of your personal data in certain circumstances;
- Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- Object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
To exercise any of these rights please find out more here. If a subject access request is made and the request for access is clearly unfounded or excessive, the University reserves the right to refuse to comply with the request in these circumstances.
We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you raise about our use of your personal data on the contact details below:
The DPO can be contacted via e-mail at DPO at warwick dot ac dot uk
Or write to:
The Data Protection Officer
Information and Data Compliance Team
University of Warwick
Kirby Corner Road
The GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].
This privacy notice was published on 10th August 2018 and may be amended from time to time. The next review will take place before May 2019.