Research Excellence Framework 2021 privacy notice

Introduction

This privacy notice is for those providing Nottingham Trent University (NTU) with evidence of the impact that its research has had (e.g. how the research resulted in a change, had an effect on or benefited culture, the economy, the environment, health, public policy, quality of life or society using qualitative and quantitative evidence). Where we need to use your personal data to obtain impact evidence or the evidence includes your personal data, this privacy notice sets out the ways in which NTU processes that data.

NTU is a Data Controller for personal data as defined by the General Data Protection Regulation 2016/679 (GDPR) (i.e. NTU determines the purposes and the means of processing your personal data). We are registered with the Information Commissioner’s Office (ICO), registration number Z7109967.

NTU understands the importance of ensuring your data privacy rights - this privacy notice is to let you know how we use personal data that you provide to us and which is submitted to the Research Excellence Framework (REF). REF provides accountability for public investment in research, demonstrates its benefits, and provides important reputational yardsticks and benchmarking information about the research performance of UK universities. You can find further information about REF at NTU here.

How and when is personal data collected for REF?

We will collect personal data about you from NTU researchers, and from you directly where you have provided information for one or more impact case studies or environment statements as part of our submission to the REF 2021. In some cases your personal data may come from publicly available sources.

What data is collected and why?

NTU will collect personal data for the purposes of obtaining and providing evidence of impact deriving from research undertaken at NTU which may include: your name, job title, email address, contact details, organisational affiliation and nature of your interaction with NTU. This may include testimonial letters, emails and/or feedback forms following events. REF has published guidance on submissions and sets out what kind of data will be required and collected. You can find this information on their website.

We will use the data to record and assess the effectiveness of our research impact and to inform NTU’s submission to the Research Excellence Framework 2021 (REF2021).

Our legal basis for using your personal data

Under the GDPR, NTU must have a legal justification (“legal basis”) for processing data relating to you – for the purpose of research impact, this is Public Task. This is to enable NTU to carry out its role as a research establishment including assessing the quality and impact of the research it conducts.

Sharing information about you

NTU will collect and use the information that you have provided to us in the following ways:

Within NTU

Your data will be shared with NTU colleagues who need to view it as part of their role in preparing the REF 2021 submission. This includes, but is not limited to, staff working in Research, Professional Services (which includes Human Resources and Finance) and within Research Operations (RO), and will be available to committees which are set up for the development of the REF submission as detailed in our REF Code of Practice.

With the following third parties

Research England (RE) and UK Research and Innovation (UKRI)

Your data will be processed by NTU and may be shared with Research England (RE) who are part of the UKRI. For any information passed to the UKRI as part of the REF submission, the UKRI will act as a Data Controller. Any personal data submitted by NTU to REF 2021will be collected, stored and processed in accordance with the UKRI’s current data protection legislation.

UKRI will require that anyone who has access to your data, held in UKRI’s records, paper or electronic, will respect its confidentiality and will only process it in accordance with instructions issued for the purposes specified by UKRI.

Parts of your data will be passed to the REF expert panels and the Equality and Diversity Advisory Panel (whose members are independent of UKRI) for the purpose of conducting a systematic evaluation of submissions, in accordance with predetermined criteria and methods. All panel members are bound by confidentiality arrangements.

External Reviewers

Textual parts of the REF 2021 submission (for example, impact case studies) may be shared with third party external reviewers during the process of submission development.

Publishing information about your part in our submission

The results of the assessment exercise will be published by UKRI, on behalf of the four UK higher education funding bodies, in April 2022.

Those parts of submissions that contain factual data and textual information about research activity will also be published by UKRI, on behalf of the four UK higher education funding bodies, and will be made available online. Published information is likely to include textual information including impact case studies in which you may be referenced. Your name and job title may be included in this textual information. Other personal details will normally be removed. You can find further information at the above UKRI website.

How long do we keep your personal data?

We will retain all data used in the development of the REF submission until completion of the REF audit process, and will retain a copy of any outputs, impact and environment submission after submission, in order to facilitate future REF submissions.

Data is retained for as long as it is required to perform the above purpose, or for as long as is required by law. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

How do we keep your data secure?

NTU takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability.

Your rights

Under Article 15 of the GDPR individuals have a right of access to data about them which is held by NTU; these rights include:

• to obtain a copy of your personal data
• to rectify inaccuracies, and where appropriate, the right to have incomplete data completed
• to have your personal data erased in limited circumstances (it will not apply where the personal data is needed for the purposes of an overriding public interest)
• to restrict the use of your personal data. This is a limited right which will apply in specific circumstances and for a limited period (e.g. where a complaint has been received, until that complaint has been resolved)
• to object to use of your data by us in limited circumstances including use for any direct marketing, and to require us to stop such marketing.

If you wish to exercise any of these rights, please email our Data Protection Officer.

If you have any questions about REF2021, you can email Research Operations.

If you have any concerns about the conduct of academic research (for example, around the collection of impact evidence) please contact: researchoperations@ntu.ac.uk

UKRI

Under the Data Protection Act (DPA) 2018 and the General Data Protection Regulation (GDPR), you have the right to see and receive a copy of any personal information that UKRI holds about you. Further information about the DPA, GDPR, and guidance on making
a subject access request, can be found on the Research England website.

If you have any concerns about your information being used for these purposes, please contact:

Data Protection Officer
UK Research and Innovation
Polaris House
Swindon, SN2 1FL

Email: dataprotection@ukri.org

Questions or concerns

The NTU Data Protection Officer can be contacted at: DPO@ntu.ac.uk

The Data Controller is NTU, whose address is:

Nottingham Trent University
Shakespeare Street
Nottingham
NG1 4FQ

If you believe that your data is not being processed in accordance with data protection law, you can contact the Information Commissioner’s Office to make a complaint by visiting the ICO website, or calling their telephone helpline on +44 (0)303 123 1113.

This privacy notice

From time to time we may make changes to this Privacy Notice because the way in which we are processing your personal information may need to change. All alterations will be posted on this page and will apply from the time we post them. Where we have a valid email address for you we will periodically email you to inform you of any substantial changes and/or to send you a link to our current privacy statement.

This statement was last updated on December 2020.