Centre for Assuring Autonomy: privacy statement

This privacy statement is for any individual or organisation working with staff in the Centre for Assuring Autonomy which is part of the University of York’s Department of Computer Science.

It’s important you know as much as possible about your data and how it is used. Below is information about why and how data is collected, stored and processed. Please also refer to the University’s general privacy notice if you have any questions, concerns or complaints regarding how your data is used.

Recruitment

  • The Programme follows University procedures and data protection guidelines for standard processes including recruitment.

Newsletter

  • If you have requested to join our mailing list we keep details of your name, organisation, job title and email address for the purpose of sending you the requested newsletters. This data is stored on the MailJet system, which we use for sending newsletters. Mailjet is ISO 27001 certified and GDPR compliant.
  • You can unsubscribe using a link in the newsletters or by emailing assuring-autonomy@york.ac.uk.

Online surveys

  • We use systems such as Google Form, QualTrics and SmartSurvey to run questionnaires to support our work. 
  • These are third-party service providers. We use their services to help us gather information from stakeholders.
  • Our surveys ask for information to support our work and are non-mandatory to complete.
  • Your information will be stored within the system used. Our staff follow University of York password guidance for these systems.

Event registration

  • We use Eventbrite to help you to book a place on our workshops and events.
  • Eventbrite is a third party. We use their service to help us to arrange events. They only process data on our behalf under terms and conditions.
  • We ask for information about dietary requirements and access requirements to ensure that all reasonable adjustments can be made to enable you to participate in our events.
  • Your information will be stored in Eventbrite and used to send you emails about the event (joining instructions, etc).
  • We will delete any information held within 6 months of the event.

Demonstrator project applications

  • Application forms and information received from applicants as part of the application process for the AAIP demonstrator project funding is held on a secure drive in accordance with University procedures.
  • Applications are reviewed both internally and externally. You can find out more this review process in the briefing pack issued with the funding call. When information received as part of the application process is transferred by email to an external reviewer it is done so using an encrypted email. Reviewers are asked to delete all files and application information at the end of the review process.
  • Information received in the application process is kept in a secure file until the end of the Programme, and will then be processed in accordance with University archive procedures.

Programme Fellow applications

  • Information received as part of the Programme Fellow application process is held on a secure drive in accordance with University procedures. It is not transferred to any external parties.
  • Information received as part of the application process will be kept until the end of the Programme and will then be processed in accordance with University archive procedures.

Stakeholder Management System

  • To enable us to manage existing and developing collaborations and partnerships we keep a stakeholder management system on secure drive in accordance with University procedures.
  • This holds information such as name, email address, phone number, mailing address, job title, domain/sector, and whether the contact has attended any of our events, workshops etc.
  • In this secure drive we also keep notes of meetings, phone calls etc – this includes information about who was in the meeting and any actions that have come from it.
  • Staff use a Google form to give details of meetings and phone calls to the Communication and Impact Manager to add to the stakeholder management system. This includes information about who was in the meeting and any actions that have come from it.
  • This information is not transferred to any external parties.

Gathering voluntary data from content readers

  • On some of our content, we use a form to gather information about those reading it. This is voluntary information to give and is used to to help us understand the reach of our work.
  • The information gathered is held securely and not used to identify anyone or to make contact for any marketing purposes.