Privacy Notice

Privacy Notice for Participants in Sheffield Institute of Education Knowledge Exchange Activities

Ruling Passions Project

Introduction

Research in Sheffield Hallam University is governed by policies and procedures and all research undergoes ethical scrutiny to ensure that it is conducted in such a way as to protect your interests and is of a high standard. For more information, please see Sheffield Hallam University’s (SHU) Ethics and Integrity site

This document outlines the responsibilities of SHU in handling the collection of personal data within our Knowledge Exchange (KE) projects. Knowledge exchange brings together academic staff, practitioners, partners and other stakeholders to share ideas, evidence and expertise. Our knowledge exchange work focuses on supporting those involved in education through activities such as professional development, curriculum design and consultancy.

Data protection legislation governs the way that organisations use personal data.  Personal data is information relating to an identifiable living individual who can be identified directly or indirectly from that information. Transparency is a key element of data protection legislation and this Privacy Notice is designed to inform participants in our knowledge exchange work about:

  • how and why SHU will use personal data collected in this work
  • what participants’ rights are in relation to the use of their personal data, and
  • how to contact us to exercise those rights

Participants’ Rights

Data protection legislation gives participants the following rights in relation to their personal data:

  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erase.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision making and profiling.

For more information about these rights please see:

Sheffield Hallam University data subject rights

Information Commissioner’s Office: Participants’ rights

Participants can contact SHU at any time to:

  • withdraw from the work and have their individual data deleted (prior to data being anonymised)
  • request copies of their own personal data held by SHU (a subject access request)
  • exercise other rights (e.g. to have inaccurate data rectified, to restrict or object to processing)
  • ask how data is used by SHU
  • report a data security breach (e.g. if there are concerns that personal data has been lost or disclosed inappropriately)
  • complain about how SHU have used personal data.

Details of who to contact are provided below.

Why are we processing participants’ personal data?

Under data protection legislation there must be a lawful basis for processing personal data.  In this case, the lawful basis for processing participants’ personal data is in order to meet our public tasks (learning and teaching, research and knowledge transfer). This includes using your personal data to ensure we are able to carry out our Knowledge Exchange work.

We will always tell you about the information we wish to collect from you and how we will use it. Some Knowledge Exchange projects will include the collection of personal data for research or  evaluation purposes. In these circumstances the project will be subject to separate consent and ethical approval procedures, and full details will be given to you in a research project information sheet.

Which personal data will we collect and use?

The information we collect and use will vary depending on the particular project you are involved in. We will only collect information which is essential for the purpose of the activity. Contact details will only be held for the purposes of this project, and your permission will be gained if we would like to use these for future mailings. We will also seek your explicit consent if we would like to attribute something you have said, or your identifiable photograph, in a publication.

Retention

After the Knowledge Exchange project is complete, we may retain participants’ personal data for research and knowledge exchange purposes, including presentations at professional or academic conferences, and publications in professional or academic journals. Your information will not be kept for longer than is necessary. The length of time for which we keep your data will depend on a number of factors including the importance of the data, any funding requirements, the nature of the project, and the requirements of the publisher (if applicable). If you would like specific information on this contact the Project Leader (see below).  SHU will remain as a data controller for the personal data used for this study during this period. 

Who will we share your data with?

The privacy of participants’ personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. 

Your data may be shared with:

  • Project staff, including administrators
  • Collaborators at other organisations authorised to work on the project, who will be subject to appropriate data sharing agreements

Our work may be audited and access to the data may be required by auditors.  SHU puts in place safeguards to ensure that audits are conducted in a secure and confidential manner. SHU NEVER sells personal data to third parties.

Security

SHU takes a robust approach to protecting the information it holds and has an organisation wide Cyber Essentials certificate and follows the NCSC “10 Steps to Cyber Security” framework to structure security planning and operations. Through information strategy, policy and process the University is aligning to the ISO27001 standard. Alongside this the University is introducing an ISO20000 aligned Service Management strategy for IT services, elements of which support development of information security. Please find more information here.

Further Information and Support

If there are any concerns about the way personal data is processed in this project, please raise these with either your contact(s) from the project team Chris Bailey or with the SHU Data Protection Officer: DPO@shu.ac.uk 0114 225 3361.

If you have an ongoing concern, you can contact the Information Commissioner’s Office, the body responsible for enforcing data protection legislation in the UK, using information provided at the ICO website: Make a Complaint.