ÐÔÊӽ紫ý

ÐÔÊӽ紫ý - Privacy Statement

Who we are

This Privacy Statement explains how the University’s Research and Knowledge Exchange Development Unit (RKEDU) collects, stores, manages and protects your data. It outlines the types of data that we hold and how we use them to provide services to our industry and SME partners. We aim to be clear when we collect your personal information, and not do anything you would not reasonably expect.

ÐÔÊӽ紫ý (ÐÔÊӽ紫ý) is a Data Controller in terms of the Data Protection Act 2018 (DPA) and the General Data Protection Regulations. The University is registered with the Information Commissioner’s Office. Our Registration Number Z6013920. Ìý

Ìý

We are a public authority under the Freedom of Information Act 2000 and a Scottish public authority under the Freedom of Information (Scotland) Act 2002. Personal Information that we collect and hold about you is used by us for our statutory and/or public functions. Where we collect or share data it is on the basis of the exercise of official authority vested in us as a public authority, and on the basis of public interest.

Processing of your personal information is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the Data Controller (See GDPR Article 6(1)(e)) and for statistical and research purposes (See GDPR Article 89). Processing of Special Categories of data is necessary for statistical and research purposes in accordance with Article 89(1) based on the duties in the Equality Act 2010 (See GDPR Article 9(2)(j)).

We process personal information to enable us to provide: research, knowledge exchange, enterprise and innovation services to business and industry including the third sector; advertising and promoting the university and the services we offer; publishing the university magazine and alumni relations; managing our accounts and records and providing commercial activities to our clients.

ÐÔÊӽ紫ý needs to process and retain certain personal information relating to you, because you are a client of the University. All of your personal information will be treated in accordance with the terms of the General Data Protection Regulation, which comes into effect on 25 May 2018. This means that confidentiality will be respected and that appropriate security measures will be taken to prevent unauthorised disclosure.

How we collect your data

The personal data ÐÔÊӽ紫ý holds about you is obtained from a variety of sources, including but not limited to:

  • Information you have provided in your enquiry or application for external funding (including applications made directly to the University, via a third party such as Interface or the Business Gateway , via a partner institution);

  • Information you provide us with when scoping out your initial requirements and during the course of your engagement or project with ÐÔÊӽ紫ý;

  • Information related to the impact, results or outcome of your engagement with ÐÔÊӽ紫ý;

  • Funding organisations such as the Scottish Government or Scottish Enterprise.

Why we collect and use your personal information

This privacy statement explains how we collect and use personal information about you.. These include, but are not limited to:

  • Furthering the University’s mission to support innovation led economic growth.
  • Administering and providing research and innovation.
  • Maintaining and managing research and innovation processes, including outcomes and funders reports.
  • Monitoring the impact of academic research beyond the University.
  • Processing financial transactions including fees and invoicing.
  • Providing advice and support to you, including research ethics, research integrity and intellectual property.
  • To protect your vital interests e.g. in an emergency situation.
  • Verifying your identity where this is required.
  • Contacting you by post, email or telephone..
  • Providing you with information about research and innovation services. .
  • Research including monitoring quality and performance.
  • Seeking feedback on University services and facilities.
  • Statistical and archive purposes.

Type of data we collect

  • Your responses to surveys which we ask you to complete for research purposes.
  • Any other information you post, email or otherwise send to us
  • Tracking information on impact, SME engagements, start-ups and spin-outs. ThisÌýinformation will include; contact details, contract details if applicable, trading start dates; employee numbers and details; capital raised; revenue; incubator detail; awards, competitions and wider impact.

Access to your personal information

The University will manage your information securely and will restrict access to only those who need to use it in the course of their duties. The University will put in place technical and organisational measures necessary to ensure the security of your information.

The University will only disclose your information to third parties where we:

  • Have a legal basis to do so under the General Data Protection Regulation; or

  • Are required to under a statutory or regulatory obligation; orÌý

  • Have your consent.

Sharing your personal data

To fulfil our statutory or legal obligations your data may be provided, without your explicit consent, to organisations or agents acting on their behalf including but not limited to:

  • Government funders where external funding is secured to meet the requirements of public UK and European funding.

  • The Scottish Funding Council (SFC) and Scottish Government.

  • UKRI, including agents managing the Research Excellence Framework (REF)

  • Relevant authorities dealing with emergency situations at the University.

Personal information processed by consent

Where the processing of personal information falls outwith the scope of your contract with the University (i.e. the information that the University is required to process to manage and administer your time at University) then we will require another legal reason to process your data. This may require us to ask for your consent for processing. Consent will be sought when it is required.

ÐÔÊӽ紫ý respects the privacy of every individual who visits our websites or responds to our interactive advertisements. The Privacy Statement on our website outlines the information we collects via its various web pages and how we use that information. The Statement also instructs you on what to do if you do not want your personal information collected or shared when you visit ÐÔÊӽ紫ý's website or respond to our advertisements: ÐÔÊӽ紫ý Privacy StatementÌý

Retention of your personal information

The University will retain your personal data only as long as necessary for its purposes as described. Please note, however, that even after termination of your engagement with the University, ÐÔÊӽ紫ý may still need to retain your personal data to satisfy its obligations to keep certain records for particular periods under applicable law. Such retention is documented in the University Records Retention Schedule, held by the Data Protection Officer.

Your rights relating to your personal information

You have the right to:

Access your information

Find out what personal data we process about you and obtain a copy of the data, free of charge within one month of your request. We may make a charge for additional copies of the same information.

Correcting your information

We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your information

You have the right to ask us to delete personal information about you where:

  • You consider that we no longer require the information for the purposes for which it was obtained.

  • We are using that information with your consent and you have withdrawn your consent – see withdrawing consent to using your information below.

  • You have validly objected to our use of your personal information – see Objecting to how we may use your information below.

  • Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information

  • You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest or pursuant to the legitimate interests of us or a third party then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.

Restricting how we may use your information

  • In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Ìý

Portability

If we process personal information that you provide to us on the basis of consent or because it is necessary for the performance of a contract to which you are party, and in either case that processing is carried out by automated means, then you have the right to have that personal information transmitted to you in a machine readable format. Where technically feasible, you also have the right to have that personal information transmitted directly to another controller.

Automated processing

If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you

Please contact us in any of the ways set out in the contact information and further advice section below if you wish to exercise any of these rights.

Changes to our privacy statement

We keep this privacy statement under regular review and will place any updates on this website. We will publish any changes we make to this data protection policy on our website at the following link:

ÐÔÊӽ紫ý Regulations, Policies and Procedures

orÌý

ÐÔÊӽ紫ý Data Protection

Paper copies of the privacy statement may also be obtained by request from the Data Protection Officer. This privacy statement was last updated on 11 May 2018.

Contact details and further advice

If you have any queries about the processing of your personal data as described above, please contact the University’s Data Protection Officer. You can do this by email: Data Protection Officer Email Ìý; telephone: 0131 474 0000 or post:

  • Data Protection Officer
  • ÐÔÊӽ紫ý
  • ÐÔÊӽ紫ý Drive
  • Musselburgh
  • EH21 6UU

Complaints

We seek to resolve directly all complaints about how we handle personal information. If you have any issues about this statement or the way the University has handled your personal information, please contact the University Data Protection Officer in the first instance.

If you are dissatisfied with the response from the University, you have the right to lodge a complaint with the Information Commissioner’s Office:

  • Information Commissioner’s Office
  • Wycliffe House,
  • Water Lane,
  • Wilmslow,
  • Cheshire, SK9 5AF

Email ICO Email AddressÌý

Telephone: 0303 123 1113