Privacy Notice for research participants

Privacy Notice for research participants

Introduction

The UK General Data Protection (UK GDPR) and Data Protection Act 2018 (and, where applicable, the EU GDPR) govern the way that organisations use personal data  Personal data is information relating to an identifiable living individual.

Download our Privacy Notice for Research Participants (PDF, 280.1KB)

Transparency is a key element of the GDPR and this Privacy Notice is designed to inform you:

  • how and why the University uses your personal data for research,
  • what your rights are under GDPR, and,
  • how to contact us if you have questions or concerns about the use of your personal data.

We keep our privacy notice under regular review.  Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email or post.

Please check back frequently to see any updates or changes to our privacy policy.

Why are we processing your personal data?

The University undertakes research as part of its function for the community under its legal status.  Data Protection laws allow us to use personal data for research with appropriate safeguards in place under the legal basis of public tasks that are in the public interest.

View information about the University's legal status, constitution and public tasks.

We will always tell you about the information we wish to collect from you and how we will use it. We will seek your consent for the collection and use of your data in specific research projects.  For children, young people and other vulnerable groups the research ethics committee will agree an appropriate consent procedure to ensure participant rights are protected.  Full details will be given to you in an information sheet.

Research in the University is governed by policies and procedures and all research undergoes ethical scrutiny to ensure that it is conducted in such a way as to protect your interests and is of a high standard. For more information please see here.

Where the University processes sensitive personal data/special categories of personal data, we do so because the processing is necessary for scientific or historical research purposes (Article 9 (j)) of the GDPR.

Collecting and Using Personal Data

All research projects are different and the information we collect will vary. However, researchers will only collect information that is essential for the purpose of the research. Research data is normally anonymised as quickly as possible after data collection so that individuals cannot be recognised and your privacy is protected. You will not be able to withdraw your data after this point. Some data e.g. survey data is frequently collected anonymously so cannot be withdrawn once you have given permission for it to be used. Where you may be identifiable in a research publication (e.g. an attributable quote or a photograph), we will seek your explicit consent.

Who do we share your data with?

To communicate our research to the public and the academic community your anonymised data is likely to form part of a research publication or conference presentation or public talk. Where researchers wish to use any information that would identify you, specific consent will be sought.

The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. The University NEVER sells personal data to third parties.

Your data may be shared with:

  • Immediate project team who are authorised to work on the project and access the information.  This may include staff at Sheffield Hallam University or collaborators at other organisations authorised to work on the project.  This will be clearly identified in your information sheet.
  • Where a student is undertaking the research the data will be shared with their supervisors
  • Our research may be audited and access to the data may be required.  The University puts in place safeguards to ensure that audits are conducted in a secure and confidential manner.
  • In the case of complaints about a research project the Head of Research Ethics may require access to the data as part of our Research Misconduct Procedure.

Storage and Security

The University takes a robust approach to protecting the information it holds with dedicated storage areas for research data with controlled access. If you are participating in a particularly sensitive project the University puts into place additional layers of security.   

Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of University information are aware of their obligations and responsibilities for the data they have access to. By default, people are only granted access to the information they require to perform their duties. Training is provided to new staff joining the University and existing staff have training and expert advice available if needed.

Retention

Your information will not be kept for longer than is necessary and is usually kept in an anonymised format.  The length of time for which we keep your data will depend on a number of factors including the importance of the data, the funding requirements, the nature of the study, and the requirements of the publisher.  Details will be given in the information sheet for each project.

After anonymisation your data may be stored in the University research data archive where it may be accessed by other researchers with permission from the University.

Your Rights Under Data Protection

One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data.

The GDPR gives you the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erase 
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Please note that many of these rights do not apply when the data is being used for research purposes, but we will always try to respond to concerns or queries that you may have.  For more information about these rights please see here.

Contact Us

You should contact the Data Protection Officer DPO@shu.ac.uk if:

  • you have a query about how your data is used by the University
  • you would like to report a data security breach (e.g. if you think your personal data has been lost or disclosed inappropriately)
  • you would like to complain about how the University has used your personal data

You should contact the Head of Research Ethics (Dr Mayur Ranchordas) ethicssupport@shu.ac.uk if:

  • you have concerns with how the research was undertaken or how you were treated

Our postal address is: Sheffield Hallam University, Howard Street, Sheffield S1 1WB
Our telephone number is: 0114 225 5555

Further Information and Support

Please see more information about how the University uses personal data here.

The Information Commissioner is the regulator for GDPR and you have the right to raise concerns with the Commissioner.  The Information Commissioner's Office (ICO) has a website with information and guidance for members of the public:
https://ico.org.uk/for-the-public/

The Information Commissioner's Office operates a telephone helpline, live chat facility and email enquiry service.  You can also report concerns online.  For more information please see the Contact Us page of their website:
https://ico.org.uk/global/contact-us/