This privacy notice is for registered network members of the Community Network for African Vector-Borne Plant Viruses (CONNECTED). It sets out the ways in which your data is gathered, used, stored and shared. It also sets out how long we keep your data and what rights you have in relation to your data under the General Data Protection Regulation (GDPR).
Where do we get your data from?
If you choose to register as a member of CONNECTED, you will be asked to provide certain personal data at the time of registration.
What data do we have?
The personal data we ask you to provide are: name; gender; university or organisation; position; country; email address; Early Career Researcher status if applicable; ORCID ID if applicable; affiliation (type of organisation); expected contribution to the network; and expertise. We will also maintain records of any network activities, such as conferences or training events, that you choose to take part in and any network funding you are allocated.
What is our legal basis for processing your data?
CONNECTED is funded by a BBSRC grant award to the University of Bristol. The University of Bristol and BBSRC, which is part of UK Research and Innovation (UKRI), an independent organisation which brings together the UK’s seven research councils including BBSRC, will jointly act as Controllers of the personal data you provide. We will process the data you provide to fulfil our contract with you, to provide you with access to the benefits of membership of the network. We will also process your data where it is necessary for the performance of a task carried out in the public interest and for our legitimate interests to fulfil the terms of the BBSRC grant code BB/R005397/1.
We may collect the following information:
- Name and job title
- Contact information including email address
- Demographic information such as postcode, preferences and interests
- Other information relevant to customer surveys and/or offers
How do we use your data?
Your data will be processed for the following purposes:
1. To create a searchable database of registered members which is stored on the network website’s secure UK-based web server in a manner which makes it accessible to website visitors, some of whom may live outside of the European Economic Area (EEA). You will be able to search other member’s profiles with a view to exchanging research ideas.
2. To allow the CONNECTED network managers to keep you up to date by email with relevant network activities and funding opportunities and maintain a record of your involvement with the network. This will include occasional emails containing details of network activities and opportunities where this is considered relevant to your interests.
3. To provide BBSRC with a record of registered CONNECTED network members, as a required output of grant BB/R005397/1. BBSRC may use the information provided on the BBSRC[DH1] Extranet for research related activities, including but not limited to, statistical analysis in relation to evaluation of the BBSRC, study of trends and policy and strategy studies. Retained statistical data will be anonymised. BBSRC will not have access to your email address and will not contact you directly.
Who do we share your data with?
Your personal data is provided via and stored on the CONNECTED website which is developed, supported, maintained and hosted by Castlegate IT, York, UK. Castlegate IT acts as a Data Processor on behalf of the University of Bristol in accordance with a Data Processing Agreement and Website Hosting Agreement. The personal data you provide to the University of Bristol when you register as a member of CONNECTED (with the exception of your email address) will be subsequently uploaded to an area of the secure BBSRC extranet which is only accessible by authorised representatives of the CONNECTED Network and BBSRC.
How do we keep your data secure?
The University of Bristol takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data.
How do we transfer your data safely internationally?
In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers, the University will comply with our obligations under Data Protection Law and ensure an adequate level of protection for all transferred data.
How long will we keep your data?
The University will retain your data in line with legal requirements or where there is a business need. Your data will only be processed only during the period of time that the grant is active (3 July 2017 – 2 July 2020). After 2 July 2020, records required for audit purposes will be retained by the University of Bristol for a period of 10 years in accordance with the BBSRC Statement on Safeguarding Good Scientific Practice and any records of personal data which are no longer required will be deleted within one calendar month.
What rights do you have in relation to your data?
Under GDPR, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You can make changes to the personal data in your membership profile at any time by logging in to your account on our website. If at any point you believe the personal data we process is incorrect you can request to see this information and have it corrected or deleted. You can terminate your membership of the network at any time.
Questions or concerns
If you have any questions about this privacy notice or concerns about how your data is being processed, please contact the CONNECTED Network Managers Dr Diane Hird or Dr Nina Ockendon-Powell, Community Network for African Vector-borne Plant Viruses, Life Sciences, University of Bristol, 24 Tyndall Avenue, Bristol, BS8 1TQ, UK. Email: firstname.lastname@example.org
Right to complain
If you are unhappy with the way in which the University of Bristol has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office.