Skip to main content Skip to navigation

Research Privacy Notice

Use the links below to quickly navigate to the information you are looking for:

About this Notice

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.

The University of Warwick is committed to undertaking research to the highest standards of integrity, and this includes compliance with the relevant data protection legislation: the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 (DPA).

The UK GDPR governs the way in which organisations use personal data, defined as: any information that relates to an identified or identifiable individual. Under the UK GDPR there are “special categories” of more sensitive personal data which require a higher level of protection.

This privacy notice explains how the University of Warwick will process and use personal data collected from you as part of a research project and your rights under data protection.

Collecting and using your personal data for research

As a University we use personal data to conduct research as part of the core activities set out in our Charter and Statutes.

The legal basis under which we will process your personal data for research is called ‘task in the public interest’ (Article 6 of the UK GDPR). In the cases of ‘special category data’, in addition to Article 6, the legal basis is for ‘archiving purposes, scientific or historical research purposes or statistical purposes in the public interest’ (Article 9 of the UK GDPR). We may also process your personal data with your consent or (where it concerns special category data) your explicit consent.

Special category data is that revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation

The University will use your information only for the purposes of research and we will not use your information or contact you for any purpose other than research unless you have agreed to this. Should you choose to take part in a University of Warwick research project, you should receive project specific information, in the form of a Participant Information Leaflet. You should also be provided with Consent Forms, and it is important that you read this information carefully so that you understand how and why the University wishes to collect and use your personal data.

Some of the data the University processes is provided to us on behalf of third party data controllers including the Department for Education or other organisations. In some circumstances the University will only be the processor of that data and in other circumstances it may also be a controller of that data

Research data will often be anonymised as quickly as possible after data collection. It will not normally be possible to withdraw your data after this point. In addition, data which is collected anonymously cannot be withdrawn once you have given permission for it to be used.

Processing your personal data

With regards to the processing of your data, in most cases the University of Warwick will be classified as the ‘Data Controller’. This means that we will be responsible for deciding how your personal information is collected, used, shared, archived and deleted (processed).

The type of personal information collected and used will depend on the particular research objectives of the project you are taking part in, and this should be clearly outlined in the Participant Information Leaflet that you should receive before you participate in the project.

The Participant Information Leaflet will also detail if your data may be used for future research, including impact activities following review and approval by an independent Research Ethics Committee, subject to your consent at the outset of this research project.

Sharing of your personal data

The privacy of your personal data is extremely important to The University of Warwick (UoW). As such, we expect our researchers to operate to the highest standards of data protection and to keep your personal information safe and secure. We will not disclose the information unless there is a justified reason for the purposes of achieving the research outcomes.

The Participant Information Leaflet should outline whom your personal data may be shared with. This could include the research project team and collaborators from external organisation who are also working on the research project.

Most personal information used in research will be de-identified before sharing more widely or publishing the research outcomes. If it is not possible to de-identify your information, we may ask for your consent to share or otherwise make your personal information available to others. If this is the case, it will be specified in the study specific Participant Information Leaflet.

The University may sometimes use products or services provided by third parties who carry out a task on our behalf, such as Files.Warwick, which is used for sharing research data for collaboration. In such circumstances, the University, as the Data Controller, remains responsible for your personal information and will ensure that appropriate contractual terms and safeguards are in place.

Keeping your personal data secure

The UoW keeps your personal data secure at all times using both physical and technical measures.

The security of your data is of great importance to the University of Warwick and we therefore have robust procedures in place to protect your data.

Together with security standards and technical measures that ensure your information is stored safely and securely, we also have in place policies and procedures that tell our staff and students how to collect and use your information safely and provide training which ensures our staff and students understand the importance of data protection and how to protect your data.

All research projects involving personal data are scrutinised and approved by a research ethics committee. In addition, the University will carry out data protection impact assessments on high risk projects, and when working with external collaborators, we will put in place appropriate contracts to protect your information. Should the proposed research project include collaborators outside of the UK or we need to transfer your data outside then we will let you know if the receiving country or organisation is deemed to have adequate data protection provision. Where a country or organisation does not have adequate protections we will put safeguards in place. Details of these safeguards can be provided to you upon request to Legal and Compliance Services.

Where UoW engages a third party to process personal data it will do so on the basis of a written contract which conforms to the security requirement of the UK GDPR

UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.

UoW also ensures that we have appropriate processes in place to test the effectiveness of our security measures.

Retention of your personal data

The UK GDPR and DPA 2018 requires that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances).

The University expects that its researchers will not keep your information for longer than is necessary for the purposes of the research and will be anonymised or pseudonymised, by removing identifying information and replacing this with an artificial identifier or code, where possible. The duration of time we will store your data is dependent on a number of factors, such as the requirements of the research funder or the nature of the research. Further details about how long personal information obtained for research is kept can be found in our University Records Retention Schedule.

You will usually be provided with information about how long your personal information will be kept within the aforementioned Participant Information Leaflet.

Data subject rights

Under the UK GDPR and DPA 2018 you have a number of important rights free of charge.

You have the right to:

  • Be informed of how we collect and use your personal data
  • Access your personal data
  • Require us to correct any mistakes in the data we hold on you
  • Require the erasure of personal data concerning you in certain situations
  • Restrict our processing of your personal data in certain circumstances
  • Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • Object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and
  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

To exercise any of these rights please contact infocompliance@warwick.ac.uk If a request is made and the request is manifestly unfounded or excessive, the University reserves the right to refuse to comply with the request in these circumstances.

Who to contact and complaints

We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you may raise about our use of your personal data on the contact details below:

The DPO can be contacted via email at infocompliance@warwick.ac.uk 

Or write to:

The Data Protection Officer

University of Warwick
University House
Kirby Corner Road
CV4 8UW

The UK GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].

Changes to this Privacy Notice

This privacy notice was published on 10th August 2018 and last revised on 03 February 2023.