University of Southampton Privacy Notice

National Centre for Research Methods

Introduction

The National Centre for Research Methods (‘NCRM’) is a centre funded by the Economic and Social Research Council (ESRC). The University of Southampton administers the portfolio of projects that form NCRM. The University of Southampton oversees all our data management, data protection and privacy rules and processes.

We value your privacy and we recognise the need to process your Data appropriately.

‘Data' refers to the personal data that we hold about you from which, either on its own or in combination with other data, you can be identified. A list of what data we collect is set out below.

Processing means doing anything with your Data, such as collecting, recording or holding the Data as well as disclosing, destroying or using the Data in any way.

We process your Data in compliance with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

We keep this Privacy Notice under regular review and it may be amended from time to time. You can obtain a current version at https://www.ncrm.ac.uk/about/privacy.php


1. What we are processing

We may collect and process the following Data about you:

(a) Biographical information such as name, title, birth date, age and gender
(b) Your contact details including address, email address and phone number
(c) Information about your time at the National Centre for Research Methods
(d) Online identifiers
(e) Your professional activities
(f) Current interests and preferences
(g) Attendance at events and any special requirements
(h) Records of all contact we have with you
(i) Photographs
(j) Expressions of opinion about you or indications as to our intentions about you


2. Where we get it from

We will obtain your Data directly from you and potentially also from information publically available online e.g. information about your publications from your public profile.


3. Legal basis for processing

We will usually only process your Data where either we have your consent, or where we need to process it to comply with our legal obligations. However, it may also be necessary for us to process your Data for the protection of your vital interests, or to achieve our legitimate interests or the legitimate interests of others in circumstances where we are confident that your privacy rights will not be outweighed.

Where you have given your consent to us processing your Data, you have a right to withdraw that consent at any time by emailing us at: dataprotection@ncrm.ac.uk

You may also request the deletion or removal of your Data in certain circumstances by emailing us at: dataprotection@ncrm.ac.uk


4. Why we are processing it

Your Data is processed by us primarily to enable you to:

(a) Subscribe to NCRM-related email marketing communications, such as online newsletters;
(b) Complete applications for entry to NCRM training, events and bursaries, including online courses.
It also enables us to:
(a) Keep a record of any correspondence you send to us;
(b) Create direct marketing communications about NCRM activities and events tailored to your preferences;
(c) Register you for NCRM training and events, including online courses.

You can ask us not to process your Data for any direct-marketing purposes or in circumstances where is likely to cause unwarranted substantial damage or distress to you or anyone else by contacting us at: dataprotection@ncrm.ac.uk


5. Cookies

We collect Data from visitors to our website relating to their demographics by using Google Analytics and cookies set by Google. This Data is used in an aggregated form to help improve the site and our marketing efforts. Further information and instructions for opting out of Google Analytics tracking are available at:

https://tools.google.com/dlpage/gaoptout/

The Elfsight Twitter widget on the home page will set a cookie to count views and to set the cache time.

We store a cookie to remember the preference that you choose on the cookie bar. This cookie is retained if you choose to reject cookies. The Elfsight twitter widget cookie will also be retained.


6. Processing for limited purposes

We will only process your Data for the specific purpose or purposes that we tell you about, or if specifically permitted under legislation, and will only process your Data to the extent necessary for achieving that specific purpose or purposes.


7. Accuarate Data

We will keep the Data we store about you accurate and up to date. Data that is inaccurate or out of date will be destroyed. Please let us know if your details change or if you feel that the Data we hold about you is inaccurate or incomplete at:

dataprotection@ncrm.ac.uk


8. Holding Data

We may create and hold your Data both electronically and on paper. We will only hold your Data as long as is necessary for the purpose or purposes that we have collected or are legitimately further processing it for.


9. Data security

Our staff have a legal duty to keep Data about you confidential. There are strict codes of conduct in place to keep your Data safe. Staff abide by the Data Protection Act 2018 and the University Data Protection Policy available at:

https://www.southampton.ac.uk/legalservices/what-we-do/data-protection-and-foi.page

We endeavour to ensure that suitable organisational and technical measures are in place to prevent the unlawful or unauthorised processing of your Data and against the accidental loss of or damage to your Data. This includes:

(a) Storing Data on an appropriately secure system.
(b) Training all our staff in their data protection responsibilities.
(c) Working with reputable companies for data processing services who are data protection compliant and who enter into appropriate data sharing agreements.
(d) Ensuring that appropriate protection is in place when we work with trusted organisations based outside the European Economic Area (EEA).


10. Sharing your data

We will not share your Data to a third party without your consent unless we are satisfied that the third party is legally entitled to

We may have to disclose your Data if required to do so by law in order to comply with a legal obligation, to protect our rights, interests or property and those of others, act in urgent circumstances to protect the personal safety of our staff, students and the public, or to protect us against any legal liability.


11. How do I access my data?

If you would like to access your Data please make a request in writing to:

The Data Protection Officer
Legal Services
University of Southampton, Highfield
Southampton, SO17 1BJ
Email: data.protection@soton.ac.uk

In certain circumstances you can request your Data for reuse for your own purposes across different services by emailing us at: dataprotection@ncrm.ac.uk


12. Unwanted communications

We may, from time to time, contact you by email, post and telephone. If at any stage you are concerned about the content of these communications e.g. unwanted marketing information, or wish to change how we communicate with you, you can unsubscribe or update your contact details at https://www.ncrm.ac.uk/news/subscribe/index.php or by emailing us at: dataprotection@ncrm.ac.uk.


13. Further information

We also have additional policies and guidelines concerning particular activities. If you would like further information, please see our Publication Scheme at:

https://www.southampton.ac.uk/about/governance/regulations-policies-guidelines.page#publication_scheme.

If you are unhappy with the way that we have handled your data you can contact us at: dataprotection@ncrm.ac.uk or contact the Information Commissioner’s Office. See their website at: https://ico.org.uk/.

The University of Southampton is the Data Controller and our registration number with the Information Commissioner’s Office is Z6801020.


Updated March 2022, Version 1.1