• Education home
• About the Department
• Undergraduate study
• Postgraduate study
• Teacher training/PGCE
• Research
  • Centre for Advanced Studies in Language and Education
  • Centre for Research on Education and Social Justice
  • Psychology in Education Research Centre
  • University of York Science Education Group
  • Publications
  • Visiting Researchers
  • Independent Research Fellowships
  • Education Researchers for Open Science (EROS)
  • University research themes
  • PhD Studies in progress
  • Information on GDPR
  • Financial information for participation in research
  • Language-Driven Pedagogy
• Equality and Diversity
• Our staff
• Meet our students
• International students
• Student wellbeing
• For alumni
• News and events
• Intranet
• Contact us

GDPR Information - Privacy Notice

This sheet explains how personal data will be used within a research project at the University of York. For details specific to the project, please see the participant information sheet given to you by the project team.

For this project, the University of York is the Data Controller. We are registered with the Information Commissioner’s Office. Our registration number is Z4855807.  

What information do we have and where do we get your data from?

Please look at the participant information sheet given to you by the person telling you about this project.  If you have any questions, you can ask them to explain.

What is our legal basis for processing your data?

Privacy law (the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018) requires us to have a legal reason to process your personal data. Our reason is we need it to perform a public task^[1].

This is because the University has a public function, which includes carrying out research projects^[2]. We need to use personal data in order to carry out this research project.

Information about your health, ethnicity, sexual identity and other sensitive information is called “special category” data.  We have to have an additional legal reason to use this data, because it is sensitive. Our reason is that it is needed for research purposes^[3]. All research projects at the University follow our research ethics policies.

How do we use your data?

Please look at the participant information sheet given to you by the person telling you about this project.  If you have any questions, you can ask them to explain.

Who do we share your data with?

The participant information sheet tells you any people and organisations your data will be shared with.

As well as this, we use computer software or systems to hold and manage data.  Other companies only provide the software, system or storage. They are not allowed to use your data for their own reasons.

We have agreements in place when we share data. These agreements meet legal requirements to ensure your data is protected.

How do we keep your data secure?

The University is serious about keeping your data secure and protecting your rights to privacy. We don’t ask you for data we don’t need, and only give access to people who need to know. We think about security when planning projects, to make sure they work well. Our IT security team checks regularly to make sure we’re taking the right steps. For more details see our security webpages.

How do we transfer your data safely internationally?

If your data is stored or processed outside the UK, we follow legal requirements to make sure that the same level of privacy rules still apply.

How long will we keep your data?

The University has rules in place for how long research data can be kept when the research project is finished. Please see the participant information sheet given to you by the person telling you about this project for more information.

What rights do you have in relation to your data?

You have rights over your data. The participant information sheet explains how you can stop participating in the study, and what will happen to your data if you do.

If you want to get a copy of your data, or talk to us about any other rights, please contact us using the details below.

Questions or concerns

If you have any questions or concerns about how your data is being processed, please use the contact details provided to you by the person telling you about this project.

If you have further questions, the University’s Data Protection Officer can be contacted at dataprotection@york.ac.uk or by writing to: Data Protection Officer, University of York, Heslington, York, YO10 5DD.

Right to complain

If you are unhappy with how the University has handled your personal data, please contact our Data Protection Officer using the details above, so that we can try to put things right.

If you are unhappy with our response, you have a right to complain to the Information Commissioner’s Office. You can also contact the Information Commissioner’s Office by post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by phone on 0303 123 1113.

________________________________________________________________________________________________________________________________________

^[1]This refers to UK GDPR Article 6 (1) (e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

^[2] Our charter and statutes states: 4.f. To provide instruction in such branches of learning as the University may think fit and to make provision for research and for the advancement and dissemination of knowledge in such manner as the University may determine.

^[3] This refers to UK GDPR Article 9 (2) (j): processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.