Privacy policy

This Privacy Policy sets out the personal data which we, at the UK Data Archive, collect in the course of our interaction with you and the way in which we handle those personal data.

If you wish to know how we handle your personal data in regards to our work as part of the UK Data Service, you can view the privacy policy for the Service.

1. What personal data of yours do we collect?

Visiting the UK Data Archive

If you visit the UK Data Archive, we typically collect the following information:

• Full name
• Organisation name

The UK Data Archive is based at the University of Essex, and you can view the privacy policy for visitors to campus.

Prior to visiting the UK Data Archive to use Controlled Data

If you are visiting the UK Data Archive to access controlled data, prior to your visit we will collect:

• Full name
• Contact address
• Email address
• Telephone number
• Your institution and department
• Your academic discipline
• Details of highest qualification
• Your date of birth
• Your nationality

Outside and within the Safe Room the UK Data Archive records CCTV for the purposes of information security.

Submitting enquiries to the UK Data Archive

If you submit enquiries to us, we will hold the information you provide to us for the purposes of investigation and responding to the enquiry.

Website usage

The UK Data Archive uses a tool to analyse usage statistics in order to report performance and usage to its funding bodies. The tool used is Matomo, and it gathers the following information about the device you use to access the UK Data Archive website:

• Operating system
• Browser
• Browser language
• Browser plugins
• First octet of your public IP address

This information is not stored, but instead is hashed to generate a unique and anonymised ID. Every 24 hours, this hash is rotated, which means that when you revisit the UK Data Archive website, you will be given a different ID, and therefore will not be recognised.

Employees

The University of Essex is the employer for employees at the UK Data Archive. You can view the privacy policy for employees.

2. What do we do with your personal data?

The personal data that we collect from you, and you provide to us, are used for authentication, statistical purposes, and for the management of the service.

Your personal data is processed as part of our public task.

3. How long do we keep your personal data?

We only keep your personal data for as long as is necessary. The decision on the length of time for which we will retain your personal data will depend on the following criteria:

• Legal requirements
• Contractual requirements
• Management of the service
• Requirements placed upon us by data controllers

Anonymised statistical and aggregated information which cannot identify you will be retained for longer periods of time.

4. Who do we share your personal data with?

The University of Essex is the data controller for the UK Data Archive. We only share your personal data either to provide our services or to comply with legislative, regulatory or contractual obligations.

We share this information with partners within the UK Data Service (the Universities of Edinburgh, Manchester and Southampton; University College, London, and Jisc) who collectively deliver the ‘UK Data Service’ and act as data processors on behalf of the University of Essex, where necessary.

Controlled data access

If you access controlled data, we share this information, where necessary, with the relevant data controller(s), and with your institution.

5. Is any of your personal data stored outside the UK?

Personal data that we hold, is stored within the UK or within the EU.

6. How is your personal data kept secure?

We take the protection of your data seriously and the UK Data Archive is ISO/IEC 27001:2013 certified. We protect your personal data via the use of various technical and organisational measures which include, encryption and active directory security groups.

7. What rights do you have?

You have the following rights:

1. To be informed of how and why we process your personal data. We have sought to achieve this through this Privacy Notice;
2. To have access to your personal data;
3. To amend or rectify your personal data;
4. To request deletion of your personal data. Please note, that there may be circumstances where we are legally required or entitled to retain it. For example, in order for us to maintain an audit trail in the event of a personal data breach from controlled access data, we need a record of the users that have downloaded this data and when. If you wish to request deletion of your personal data, please contact our Data Protection Officer (the details to do this can be found in Section 8 below);
5. To restrict and/or object to the processing of your personal data, in certain circumstances. If you wish to request restriction or objection to the use of your personal data, please contact our Data Protection Officer (the details to do this can be found in Section 8 below); and,
6. To not have a decision based solely on automated processing. We do not use automated decision making (including profiling) when making a decision.

8. How can I contact your Data Protection Officer?

If you have any further questions about our Privacy Notice, please feel free to contact our Data Protection Officer at:

Data Protection Officer
Digital Innovation and Technology Services
University of Essex
Wivenhoe Park
Colchester
Essex
CO4 3SQ

DPO@essex.ac.uk

9. What can I do if I am unhappy?

If we cannot resolve any data privacy issues, or you are unhappy with our decisions, you have the right to complain to the Information Commissioner’s Office.

10. When was this policy last updated?

This policy was last updated on 13 September 2022.