Privacy - UK Data Service

Privacy - UK Data Service
This site uses necessary cookies
Some of these cookies are essential. Strictly necessary cookies enable core functionality, without which, the website cannot function properly. For more detailed information please see our
Cookie Policy
Website stats
We use Matomo Analytics to understand how our website is used and to improve your experience. This tool gathers limited information about the device you use to access the UK Data Service website. To learn more, please see our
Skip to content
UK Data Service Privacy Statement
This Privacy Statement sets out the personal data which we, at the UK Data Service, collect in the course of our interactions with you and the way in which we handle those personal data.
Personal data which we hold as a data processor (i.e. on behalf of several different data controllers) is not addressed in this Privacy Statement. If you are a data subject of any of the data collections in our data catalogue you should contact the relevant Data Protection Officer within the organisation named as the depositor in the catalogue record. Data we receive under the Digital Economy Act is held by us and made available to researchers only within the UK.
The UK Data Service uses Matomo to analyse website usage in order to report performance and usage to our funding bodies and publicly. This tool gathers the following information about the device you use to access the UK Data Service website:
operating system
browser
browser language
browser plugins
first octet of your public IP address.
This information is not stored for more than 24 hours, but instead is hashed to generate a unique and anonymised ID. Every 24 hours, this hash is rotated, which means that when you revisit the UK Data Service website, you will be allocated a different ID and therefore will not be recognised.
Data collected
Processing basis
Accessing data within our data catalogue or depositing research data with the UK Data Service.
Public Task
Controlled data access (including access via the SafePod Network and SafePoints) and Safe Room access.
Contract
Submitting enquiries to the UK Data Service.
Public Task
Signing up to or attending one of our events.
Public Task
Signing up to or attending training or learning.
Public Task
Feedback on our services from an event.
Consent
Signing up to our newsletter.
Consent
UK Data Service online pop-up survey.
Consent
Agreeing to provide feedback on our services and your experience of them [for Special Category Data].
Consent under Article 6(1)(a) UK GDPR, [Consent under Article 9(2)(a) UK GDPR]
Agreeing to provide feedback on our services and your experience of them.
Consent
Data in the course of audio or video recording [for Special Category Data].
Public Task or Consent under Articles 6(1)(a) and 6(1)(e) UK GDPR, [Consent under Article 9(2)(a) UK GDPR]
Where CCTV is used for monitoring purposes when accessing controlled data (including access via the SafePod Network and SafePoints, and Safe Room access).
Contract under Article 6(1)(b) UK GDPR
When ascertaining your dietary requirements.
Consent under Article 6(1)(a) UK GDPR, and under Article 9(2)(a) UK GDPR
Registering to access or deposit research data
If you register to access data within our data catalogue or deposit research data with us we collect the following information:
full name
contact address
email address
fax and telephone numbers
institution and department
academic discipline
user status
date of registration
agreement to any end user or special conditions
details of any usage(s) registered
details of any data accessed/downloaded
any username and ID required for user authentication and validation
internal user database unique ID
ORCID (Open Researcher and Contributor ID).
Controlled data access and Safe Room access
If you apply to use controlled access data collections in addition to the information above, we collect your IP address, date of birth, nationality and the details of your highest qualification. If you access these data at the UK Data Archive Safe Room or via the SafePod Network (including SafePoints) we also record CCTV for the purposes of information security.
The University of St Andrews acts as the data processor on behalf of the UK Data service when processing personal information within the SafePod Network. This records researchers at their desk, the date and the time. The camera records the location, and all CCTV footage is stored in the camera. No other information is collected, and the CCTV footage is reviewed for the UK Data Service by a member of staff at the University of St Andrews. All recordings are deleted automatically after 30 days unless transferred to the UK Data Service, when recordings may be held for a period necessary to resolve any researcher licence compliance issues. The system used by the SafePod Network is managed by Cisco Meraki who do not have access to any personal information.
Cisco Meraki privacy information
is available online.
Safeguarded data subject to the Special Licence User Agreement
Where data owners have agreed, users can apply to access selected Special Licence data from home. The UK Data Service uses Qualtrics to collect additional information on the date you last completed an information security awareness training course.
The information provided in the Qualtrics agreement is collected by the UK Data Service and controlled by the University of Essex; however, additional information may be collected by Qualtrics when visiting their website, for which they will be the Data Controller. Data collected by the Qualtrics application is stored and processed in the United States (US) by Qualtrics. The
Qualtrics Privacy Statement
can be viewed online.
Submitting enquiries to the UK Data Service
If you submit enquiries to us, we will hold the information you provide for the purposes of investigation and responding to the enquiry. This will usually include your name, email address, and other contact details, but may also include the information listed in the ‘Registering to access or deposit research data’ section above.
Signing up to or attending one of our events
If you sign up to join one of our events (including workshops and webinars) we will collect your full name, email address, country, organisation, job title, role, sector, discipline, and your accessibility and dietary requirements (when attending an in-person event).
We will also ask for your consent to contact you to obtain feedback on our event.
Signing up to or attending training or learning
If you sign up to or attend (including online and Moodle) training or learning organised by us we will collect your full name, contact address, email address, telephone numbers, institution and department, academic discipline, research funder details and any username and ID required for user authentication and validation.
We may also ask for your feedback on the training and learning, and our other services.
Signing up to our newsletter
If you subscribe to our newsletter, we collect your full name and email address.
UK Data Service online pop-up survey
If you complete our online pop-up survey and consent to providing your email address, we use and store this to:
manage any issues that you raise
respond to your comments
contact you if you win an Amazon voucher.
Providing feedback on our services
If you have consented to be contacted about our services, we may collect various information from you to enable us to effectively assess your experience.
The personal data that we collect from you, and you provide to us, are used for authentication, statistical purposes, for the management of the service (including registration, providing you with access to research data collections in our catalogue, investigating and responding to enquiries you submit), and to provide the services for which you have signed up.
Where you provide your
consent,
we will
directly communicate
to you to
market events
training
or send our
. Your
opt-in
is required to receive these communications and you have the right to withdraw your consent at any time. If you wish to change your communication preferences, please update your
user account area
settings. However, if you wish to unsubscribe from our newsletter, you can do so, by using the unsubscribe link at the end of the newsletter you receive.
We may carry out
surveys
to gather feedback from you about your experience of various aspects of our services. Before we do so we will obtain your consent, which you may withdraw at any time either by contacting us directly or using any unsubscribe link in our communications.
The University of Essex is the data controller for the UK Data Service and has agreements with other partners who act as data processors. We only share your personal data either to provide our services or to comply with legislative, regulatory or contractual obligations.
We share this information with:
Partners within the UK Data Service (the Universities of Edinburgh and Manchester, University College, London, and Jisc) who collectively deliver the ‘UK Data Service’ and act as data processors on behalf of the University of Essex.
A data collection depositor in relation to your use of their data collection so that they can contact you directly:
if you breach the terms of our End User Licence, or
if the data collection depositor requires information on how you have used their data collection.
Your own institution or organisation where necessary for the administration of the Service.
With your research funder where they require you to deposit data with us in order to confirm to them whether you have deposited your research data.
Third parties who may assist us in investigating or responding to enquiries you submit. We will normally seek your consent for this.
Third parties who will act as data processors to facilitate our contact with you.
Third parties who will act as data processors to facilitate or provide our services.
The UK Statistics Authority as part of the UK Data Service’s duties under the Digital Economy Act 2017.
We only keep your personal data for as long as is necessary. The decision on the length of time for which we will retain your personal data will depend on the following criteria:
legal requirements
contractual requirements
management of the service
provision of services to you
requirements placed upon us by data controllers.
Anonymised statistical and aggregated information which cannot identify you will be retained for longer periods of time.
Personal data that we hold, is, wherever possible, stored within the UK. However, in some cases it is held within the EEA. We also use a number of US based services to deliver the UK Data Service operations and this may entail transfers to a third country for processing and storage in order to deliver our services. In compliance with the UK GDPR we seek to ensure equivalent levels of protection for any such data transfers. These are reviewed and assessed regularly in accordance with the ICO’s advice and guidance.
Event bookings and training or learning
For event bookings we use Eventbrite and Zoom, which are services based in the US. This means that any information you provide to them may be stored by them in countries outside your country of residence. When you book onto one of our events or webinars through Eventbrite or attend using Zoom you may also have to agree to their terms and conditions of service, as set out in the Eventbrite Privacy Policy and the Zoom Privacy Policy.
For training and learning we may use third parties to provide or facilitate these services. Where this is the case, you will be directed to their privacy policy.
UK Data Service newsletter
To send you the UK Data Service newsletter we use Email Blaster, a cloud-based email marketing platform. Any of your data held by them is stored on servers within the UK. When you sign-up to the newsletter you will also be agreeing to their terms and conditions of service outlined in the
Email Blaster Privacy Statement
. If you decide not to agree to Email Blaster’s terms and conditions, you can find our published newsletters
on our website
, but this means you will not be notified or receive the newsletter by email when a new newsletter is released.
We take the protection of your data seriously and the UK Data Archive is ISO/IEC 27001:2022 certified. We protect your personal data via the use of various technical and organisational measures which include encryption and active directory security groups.
Within your
user account area
you can change your subscription preferences. However, if you wish to unsubscribe from our newsletter or stop being contacted for feedback on our services, you can do so by using the unsubscribe link at the end of the newsletter or other communication you receive.
You have the following rights:
To be informed of
how
and
why
we
process
your personal data. We have sought to achieve this through this Privacy Statement.
To have
access
to your personal data. You can access your personal data through your
user account area
or through direct contact via our
helpdesk form
To
amend
or
rectify
your personal data. This can be done through your
user account area
, or via our
helpdesk form
to change your email.
To request
deletion
of your personal data. Please note, that there may be circumstances where we are legally
required
or
entitled
to retain it. For example, in order for us to maintain an audit trail in the event of a personal data breach from controlled access data, we need to retain a record of the users that have downloaded this data and when. If you wish to request deletion of your personal data, please contact our Data Protection Officer (the details to do this can be found in
section 12
below).
To
restrict
and/or
object
to the processing of your personal data, in certain circumstances. If you wish to request restriction or object to the use of your personal data, please contact our Data Protection Officer (the details to do this can be found in
section 12
below).
To not have a decision based solely on
automated processing
. We
do not
use automated decision making (including profiling) when making a decision.
If you have any further questions about our Privacy Statement, please feel free to contact our Data Protection Officer at:
Data Protection Officer
Office of the Vice-Chancellor
University of Essex
Wivenhoe Park
Colchester
Essex
CO4 3SQ
dataprotectionofficer@essex.ac.uk
This Statement was last updated on 11 February 2026. This is version 04.00 of our Statement.