Vitae RDF pulse survey - Privacy Notice
Privacy Notice
1. Introduction
The Careers Research and Advisory Centre (CRAC) Ltd is the non-profit organisation that manages the Vitae programme. Vitae is the global leader in supporting the professional development of researchers, experienced in working with institutions as they strive for research excellence, innovation and impact.
You can find more information about CRAC and the work that we do on our website: www.crac.org.uk.
CRAC is committed to protecting the personal information of all its contacts and being clear about what information we hold about them and how we use it. This privacy notice tells you what to expect when CRAC collects personal information.
CRAC is registered as a data controller with the Information Commissioner’s Office (ICO). Our registration number is Z1030346. You can check our registered details on the ICO’s website: https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/
2. Data Controller and Data Protection Officer
CRAC is the Data Controller of any personal information collected within scope of this privacy notice. Our location and contact details are below:
The Careers Research and Advisory Centre (CRAC) Limited
22 Signet Court
Cambridge
CB5 8LA
Tel: 01223 460277
Email: data.protection@crac.org.uk
Our Data Protection Officer (DPO) is the first point of contact for people whose information is processed. Contact details for our DPO are as follows:
The Data Protection Officer
The Careers Research and Advisory Centre (CRAC) Limited
22 Signet Court
Cambridge
CB5 8LA
Email: data.protection@crac.org.uk
Tel: 01223 460277
2. How we use your personal information
We can only use your personal information where we have legitimate reasons for doing so and have told you what those reasons are. To achieve the above aim, the specific uses that will be made of your personal information are listed below:
The information we are collecting will enable us to understand how organisations are using the Vitae Researcher Development Framework at this time (June 2023). The information will feed in to work currently underway to evolve the Vitae Researcher Development Framework, including a workshop at the Vitae International Researcher Development Conference in September 2023. We will use excerpts from the survey, as well as identified trends from statistical analysis, in reporting on the survey outcomes.
3. Legal basis for using your personal information
Under data protection legislation, we require a legal basis to be able to process personal information for the purposes set out above.
In this case, the legal basis is:
Consent:
Data Subject consent is provided by survey respondents.
You will be asked to provide consent by selecting the ‘I agree’ box in answer to the question: ‘I give my permission for Vitae to process my data for the purposes outlined in the privacy notice.’ There will be a link to this Privacy Notice next to this box.
Withdrawal of consent:
You can withdraw consent at any time during the interview or at any other time by emailing data.protection@crac.org.uk.
4. What personal information we will collect
This is a list of the personal information we will collect from the survey:
- Institution/organisation name
- Name
- Email address
5. Personal information we obtain from another source
Other than the personal information collected from you directly, we will not obtain personal information from other sources.
6. Who we give your personal information to
We will not routinely pass your information to any other organisation except where required to do so as part of our functions or by law.
7. Where your personal information will be stored
Your personal information will be stored securely within the European Economic Area and will not be transferred outside that territory without you being informed about the transfer, the purpose of the disclosure, and the existence or absence of an adequacy decision by the European Commission relating to the protection of personal information in that country.
8. How do we protect your personal information
CRAC has a number of security measures in place to protect your personal information, listed below:
- All staff are required to undertake training in data protection and information security on joining CRAC and then on an annual basis.
- Formal information security policies that must be read and understood by all staff.
- Personal information is only available to those members of staff who require access as part of their role.
- CRAC implements information security controls based on recommendations from the UK National Cyber Security Centre, the International Organisation for Standardisation, the Payments Security Standards Council and the UK Information Commissioner’s Office. We regularly review the risks to our systems and mitigating security controls.
- CRAC has current Cyber Essentials certification.
- CRAC has ISO 27001 certification
9. Your rights over your personal information
Once your personal information has been collected, you have certain rights in relation to that personal information that may be exercised. You have the right to:
- Ask for a copy of your personal information
- Correct inaccurate personal information held about you
- Ask for your personal information to be deleted (within 30 days)
- Restrict processing of your personal information
- Ask for a copy of their information in a format that allows easy transfer (“data portability”)
- Object to automated decision making or profiling (if these take place)
10. How long we will hold your personal information
We are only able to retain a copy of your personal information as long as it is still needed for the purpose(s) for which it was collected.
Any personal data will be retained for one year after completion of the project, which is scheduled to be 30 September 2024.
11. Complaints about the use of your personal information
If you are unhappy with the way in which your personal information has been handled by CRAC, you may contact us at: dataprotection@crac.org.uk or via our Data Protection Officer (details in section 2) and we will try to resolve your issue informally.
If we are not able to resolve the issue to your satisfaction, you can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) and they can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Email: casework@ico.org.uk
12. Changes to this privacy notice
This Privacy Notice will be published on the Vitae website and a link to the Privacy Notice will be placed at the points where consent is requested. We keep our privacy notices under regular review, please visit the website to view the latest version.
This policy was last updated 12/06/2023