Skip to content
Contact us Researcher login

Privacy policy

This policy explains how we're protecting your privacy and complying with legislation.

Who we are

Our vision at Research Data Scotland (RDS) is to promote and advance health and social wellbeing in Scotland by enabling access to public sector data about people, places and businesses.

We are also committed to protecting the privacy of individuals whose personal information we hold and to meeting our data protection obligations under the General Data Protection Regulation and UK Data Protection Act 2018. This Privacy Notice shall explain how those commitments are met in practice. 

Why we may process your data

In some cases, we need to process data to ensure that we are complying with our legal obligations in so far as it is authorised by UK law or a collective agreement pursuant to UK law providing for appropriate safeguards for the fundamental rights and the interests of the data subject. We may also need to process your data to confirm your identity if you are a researcher or a prospective member of RDS staff pending a successful application outcome.

RDS may also process pseudonymised research datasets which have been shared by other third parties, in the process of provisioning data for research, where data will be stored the National Safe Haven. RDS may also process data on behalf of other data controllers in the event where we are acting as a processor.

If you are a researcher who is applying to access data held in the National Safe Haven, we will use the information that you have given us to process data as part of the assessment process for granting access. For example, we need to confirm that the request to access data is legal and in compliance with the objectives of public benefit. In the event that your research request requires further authoritative sign-off, we will be processing your data in the action of sharing your application and details to the Public Benefit and Privacy Panels. Where you have successfully accessed the Nation Safe Haven for research purposes, RDS will publish details (researcher name and organisation affiliation) as part of our values around being open and transparent as an organisation.

Our lawful basis for processing your data explained

Research data/Researcher data

Under the UK General Data Protection Regulation (UK GDPR (General Data Protection Regulation) article 6(f)), the lawful basis which we rely on for processing this information is that we have a legitimate interest. For more information, please visit the Information Commissioner’s Office website.

Processor activities

In the event that RDS works as a processor on behalf of another public body (e.g., Scottish Government bodies), we will process under the lawful basis of that controller (e.g., public task).

Applicants and Staff

RDS will process data in association with staff members for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This data will also be processed for the purpose of compliance with a legal obligation to which the controller is subject.

The type of personal information we collect

The data that we currently collect and process varies and is dependent upon the purpose of your interaction:

Researchers

We collect a range of information about researchers and research bodies during initial enquiries regarding data access. This may include:

  • Personal identifiers, contacts, and characteristics (for example, name and contact details) relating to researchers and research establishments wishing to access data sets for research purposes.

    • ‘Personal information’ means any information which relates to or identifies you as an individual. This includes any information provided to us by or on behalf of you via current (or potential) research establishments, current or future public bodies, reference agencies or former employers.

  • Your name, address and contact details, including email address and telephone number;

  • Details of your research qualifications, skills, and experience;

  • Information about your present and previous research activities;

  • Your training, and particularly training associated with research activities;

  • information about your entitlement to carry out research on behalf of a research establishment or public body;

  • In processing your application for research, your justification for performing the research and

  • Whether you have a disability for which RDS needs to make reasonable adjustments during the process of providing access to research data.

How do we collect the data?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • Data may be collected from on-line data access application tools

  • Data may be obtained from identity documents, or collected through other forms of assessment and certification

  • We also receive personal information indirectly, from the following sources in the following scenarios:

  • Data may be collected from references supplied by former research bodies.

  • We will seek information from third parties only once you have been made and will inform you that we are doing so.

  • RDS also retains information about the organisations that provide research data to RDS and processes data that it receives from data controllers of research data sets.

Public

RDS collects a range of personal data and information during the process of evaluating applications and freedom of information requests (FOISA). This may include:

  • Your name,

  • Address and

  • Contact details

    • Email address

    • Telephone number

How do we collect the data?

  • Data may be collected through the submission of enquiries:

    • General enquiries

    • Feedback or complaints,

    • Freedom of information requests, or

    • Scottish Imaging Data Enquiry

Applicants

RDS collects a range of personal data and information during the process of evaluating applications. This may include:

  • Your name, address and contact details, including email address and telephone number;

  • Your current job role

How do we collect the data?

  • Data which may be contained in application materials:

    • Forms;

    • CVs (Curriculum Vitae);

    • References provided alongside CVs

    • Your current job role

If you are unsuccessful in the application process, we will retain your details for 6 months

Staff

In the event that you are employed by RDS, we will process the following personal data:

  • Your name, address and contact details, including email address and telephone number;

  • Date of birth

  • Emergency contact information

  • Gender

  • Special Category Information where applicable

  • Whether you have a disability for which RDS needs to make reasonable adjustments during the process of employment.

  • Financial information

How your data may be shared

Researchers

In the process of facilitating data access, we may share this information internally or with partner organisations such as the Electronic Data Research and Innovation Service, Edinburgh Parallel Computing Centre (EPCC), Scottish Government and data controllers such as Public Health Scotland for the purposes of the managing access to research data.

We will not share your data with third parties unless your application for access to research data requires us to validate your details. We will then share your data with these third parties as part of the researcher screening process. We will always ask for your consent before processing this type of data as part of our researcher screening.

If your application for access to research data is unsuccessful, RDS may keep your personal data on file in case there are requests from you that are to be considered in the future. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.

Staff

If you are employed by RDS, we may share your data for the following purposes:

  • Your data may be shared to carry out third party security checks before employment.

  • We will share your personal data, including financial information with third party pension companies such as Nest.

  • Your data will be shared with the Royal Bank of Scotland to allow you access to their online mentoring platform for training purposes.

  • Your data will be shared with Bright HR and subset applications for the purpose of carrying out HR tasks and functions:

    • This may also include sharing your data with Bright HR’s application known as Blip for the purposes of time management and clocking in/out.

  • We will share personal data with HMRC for the purpose of financial management, payment information and statutory return.

  • In the event that we are required to carry out a reasonable task to comply with legal requirements set by other government or security bodies.

  • We will share both personal data and special category data in order to comply with emergency services in the event of an emergency situation.

Partners of Research Data Scotland

RDS (Research Data Scotland) also retains information about the organisations that provide research data to RDS, and organisations that process data received from data controllers of research data sets. Sources of research data include Scottish Government, National Records of Scotland, Public Health Scotland, Education Scotland as well as other public bodies.

How we store your personal information

At RDS, it is our priority that your information is securely stored. The data that we collect from you will be stored inside the UK or the European Economic Area (EEA).

To operationally store data collected via differing processes, RDS uses a number of Microsoft platforms. These different systems include:

  • Microsoft 365

  • Microsoft SharePoint

  • OneDrive

  • Microsoft Teams

  • Microsoft Forms

We keep your type of personal information for up to 6 years after the last application for access to data has been completed or your project has been completed and closed, whichever is the later and whether it has been successful or not. We will then dispose your information by deleting/and or destroying your data.

Your rights

The law gives you a number of rights to control what personal information is used by us and how it is used by us.

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at dataprotection@researchdata.scotor write to our Data Protection Officer at the following address if you wish to make a request:

Research Data Scotland
Bayes Centre
47 Potterrow
Edinburgh
EH8 9BT

Download a copy of our privacy policy.

Feedback and complaints

If you have any concerns about our use of your personal information, you can make a complaint to us at dataprotection@researchdata.scot

You can also complain to the ICO (Information Commissioner s Office) if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Our contact details

Name: Kate McBay, DPO (Data Protection Officer) dataprotection@researchdata.scot

Address:
Bayes Centre
47 Potterrow
Edinburgh
EH8 9BT

Phone Number: 07855958246

Back to the top