Understanding the experience of postgraduate researchers (PGRs) using the Vitae Researcher Development Framework (RDF) privacy notice

Privacy Notice

1.  Introduction

The Careers Research and Advisory Centre (CRAC) Ltd is the non-profit organisation that manages the Vitae programme.  Vitae is the global leader in supporting the professional development of researchers, experienced in working with institutions as they strive for research excellence, innovation and impact.

You can find more information about CRAC and the work that we do on our website: www.crac.org.uk.

CRAC is committed to protecting the personal information of all its contacts and being clear about what information we hold about them and how we use it. This privacy notice tells you what to expect when CRAC collects personal information.

CRAC is registered as a data controller with the Information Commissioner’s Office (ICO). Our registration number is Z1030346.  You can check our registered details on the ICO’s website: https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/

2.  Data Controller and Data Protection Officer

CRAC is the Data Controller of any personal information collected within scope of this privacy notice. Our location and contact details are below:

The Careers Research and Advisory Centre (CRAC) Limited
22 Signet Court
Tel: 01223 460277
Email: dataprotection@crac.org.uk

Our Data Protection Officer (DPO) is the first point of contact for people whose information is processed. Contact details for our DPO are as follows:

David Nightingale

IT Manager
The Careers Research and Advisory Centre (CRAC) Limited
22 Signet Court

Email: david.nightingale@crac.org.uk

Tel: 01223 460277

 2How we use your personal information

We can only use your personal information where we have legitimate reasons for doing so and have told you what those reasons are.

To achieve the above aims, the specific uses that will be made of your personal information are listed below:

The information we are collecting will enable us to understand the experiences and perceptions of postgraduate researchers using the Vitae RDF. We will collect information in two ways:

  1. We will use a screening survey to check the eligibility of potential interviewees by collecting information about how long they have been RDF users. To ensure that the research is inclusive of different types of PGRs, we will also collect information on what type of university or research institution potential interviewees are representing, their academic discipline, their nationality, and whether English is their first language.
  2. In the interview itself, we will collect information about how interviewees first encountered the Vitae RDF, how they use it, what support they get in using it, and what they think of the structure and language of the RDF. We will produce case studies using anonymised data from the interviews.

3.  Legal basis for using your personal information

Under data protection legislation, we require a legal basis to be able to process personal information for the purposes set out above.

In this case, the legal basis is:


Data Subject consent is provided by survey respondents and by interviewees.

You will be asked to provide consent by selecting the ‘I agree’ box in answer to the question: ‘I give my permission for Vitae to process my data for the purposes outlined in the privacy notice.’ There will be a link to this Privacy Notice next to this box.

At the beginning of the interview, you will be asked to give your verbal consent for the interview to be recorded, transcribed, stored and analysed in accordance with the privacy notice, and for anonymised questions to be used in case studies to be published by Vitae. We will ask you if you have read this Privacy Notice when we get consent and share a link to the Privacy Notice if required. Your consent will be recorded in the audio recording of the interview and in the interview transcript.

Withdrawal of consent:

You can withdraw consent at any time during the interview or at any other time by emailing dataprotection@crac.org.uk.

4.      What personal information we will collect

This is a list of the personal information we will collect from the survey and the interview:

Screener survey/questionnaire:

  • name
  • email address
  • type of university or research institution you are representing
  • your academic discipline
  • your PhD status (part-time/full-time) 
  • your nationality
  • whether English is your first language


  • how you first encountered the Vitae RDF
  • how you use it
  • what support you get in using it
  • what you think of the structure and language of the RDF

6. Personal information we obtain from another source

Other than the personal information collected from you directly, we will not obtain personal information from other sources.

7. Who we give your personal information to

We will not routinely pass your information to any other organisation except where required to do so as part of our functions or by law.

Your interview recording will be transcribed by a third-party transcription service.

8. Where your personal information will be stored

Your personal information will be stored securely within the European Economic Area and will not be transferred outside that territory without you being informed about the transfer, the purpose of the disclosure, and the existence or absence of an adequacy decision by the European Commission relating to the protection of personal information in that country.

9. How do we protect your personal information

CRAC has a number of security measures in place to protect your personal information, listed below:

  • All staff are required to undertake training in data protection and information security on joining CRAC and then on an annual basis
  • Formal information security policies that must be read and understood by all staff
  • Personal information is only available to those members of staff who require access as part of their role.
  • CRAC implements information security controls based on recommendations from the UK National Cyber Security Centre, the International Organisation for Standardisation, the Payments Security Standards Council and the UK Information Commissioner’s Office. We regularly review the risks to our systems and mitigating security controls.
  • CRAC has current Cyber Essentials certification.

10. Your rights over your personal information

Once your personal information has been collected, you have certain rights in relation to that personal information that may be exercised. You have the right to:

  • Ask for a copy of your personal information
  • Correct inaccurate personal information held about you
  • Ask for your personal information to be deleted (within 30 days)
  • Restrict processing of your personal information
  • Ask for a copy of their information in a format that allows easy transfer (“data portability”)
  • Object to automated decision making or profiling (if these take place)

11. How long we will hold your personal information

We are only able to retain a copy of your personal information as long as it is still needed for the purpose(s) for which it was collected.

Your personal data will be retained for one year after completion of the project, which is scheduled to be 30 September 2021

13.  Complaints about the use of your personal information

If you are unhappy with the way in which your personal information has been handled by CRAC, you may contact us at: dataprotection@crac.org.uk or via our Data Protection Officer (details in section 2) and we will try to resolve your issue informally.

If we are not able to resolve the issue to your satisfaction, you can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) and they can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Tel: 0303 123 1113

Email: casework@ico.org.uk

14. Changes to this privacy notice

This Privacy Notice will be published on the Vitae website and a link to the Privacy Notice will be placed at the points where consent is requested. We keep our privacy notices under regular review, please visit the website to view the latest version.

This privacy notice was last updated on 14/04/2020.