Research Grants and Contracts Process Privacy Notice
The University of Kent is the Data Controller for your information.
The Data Protection Officer can be contacted at firstname.lastname@example.org.
This privacy notice explains how we use your personal information as part of the research grant applications, research contracts and awards process and your rights regarding that information. We are committed to being transparent about how we collect and use that data and to meeting our data.
What information are we collecting?
The University collects and stores a range of information about you as part of the research grant application and award management process, whether the University is the lead or co-applicant with another lead institution. This includes:
- Your name, address and contact details, including email address and telephone number
- Details of your qualifications, skills, experience and employment history
- Information about your current level of remuneration, including benefit entitlements
- Payroll posting information, including breakdown to basic pay, national insurance and pension costs
The University may collect this information in a variety of ways. For example, data might be contained in the grant application form, CVs or resumes, or collected through Research Management, HR and Finance systems.
Data will be stored in a range of different places, including on your research application, in Research Services assets systems , on University grants management systems (including our costings system), and on other IT systems (including email).
Why are you collecting my data?
The University needs to process data to submit grant funding applications to the Funder and/or enter into grant funding agreements with the Funder, and/or share information with another institution leading on a funding application. In some cases, the University needs to process data to be used for University Strategic decisions to improve the research environment.
The University needs to process personal data during the research grants process and keep records of the process.
Processing data from funding applications and awards allows the University to manage the research grants process. In processing your personal data we shall:
- Capture your data as part of the application suite of documents forming part of the research funding application
- Use, review and approve costings in relation to your research project which may include your personal data
- Manage and submit the research grant application
- Share data with the Funder when submitting the application, which may contain your salary information and your curriculum vitae
- Where another institution is the lead applicant, share the personal data with the lead institution who will be submitting the research grant application to the Funder
- Store a copy of the research grant application containing your personal data on the departmental shared drives and other assets
- To provide audit evidence to the Funder of both contracts of employment and employment costs relating to the grant activity
Who has access to this data?
Your information will be used by members of Research Services for the purposes of the research funding process.
Information about the research project which may contain some of your personal information e.g. name, department, may be shared with heads of departments.
The University will share your data with third party institutions where you are collaborating with a researcher employed by that institution. If an external funding body is directly funding the employment, then payroll data and CVs may be shared with this Funder.
What is the legal basis for processing the data?
The lawful basis to process personal data in the context of the research funding application and award process is for the performance of a public task GDPR Art 6 (e). The basis for this is the University’s Royal Charter in article 3.
In the unlikely situation that special category data (such as ethnic origin; politics; religion; genetics; biometrics; health; sex life; or sexual orientation) needs to be processed as part of the grant application award or contract process involves we will seek consent in order to comply with GDPR Art 9 Paragraph 2 (a).
How does the University protect my data?
The University takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by University employees in the proper performance of their duties.
For how long does the University keep my data?
Data will be kept as required by the Funder regulations. If the application is unsuccessful, personal data will be removed on an annual basis.
How long will you process my data for?
For the purposes of externally funded projects, your data may be retained for a period of 7 years beyond the end date of the project for grant audit purposes.
As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request
- Require the University to change incorrect or incomplete data
- Require the University to stop or restrict processing your data, for example where the data is no longer necessary or legally required for the purposes of processing
Information Compliance are the University first port of call for the exercise of rights under GDPR Arts 15-22.
Automated decision making
Research grants and applications and awards processes are not based on automated decision-making.
How do I complain to the Information Commissioner’s Office?
The Information Commissioner can be contacted on:
- Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF
- Tel: 0303 123 1113
- Email contact can be made by accessing www.ico.org.uk