The data in most cases will be provided directly by the data subjects. However, in some cases the data will come from publicly available sources.

We collect personal data for the purposes of providing evidence of impact deriving from research conducted at the University of York. Data may include:

Name, organisation, job title, email address and contact details, the nature of the individual’s interaction with the University of York and the evidence to corroborate the impact of the research. The latter may include testimonial letters, emails and/or feedback forms after events.

This information will be processed within the University and may be shared with Research England, the body conducting REF 2021. Research England will process personal data submitted by Universities in accordance with current data protection legislation (see model REF data collection statements and paragraphs 98-99 in Guidance on Submission) The University of York will not share your information externally for any other purposes without your consent unless exceptional circumstances apply.

In due course, Research England will be publishing all impact case studies submitted in REF 2021 online in the public domain. Therefore, if the case study for which you have provided evidence is submitted to REF 2021 by the University of York, the published narrative may include details of the corroborating evidence, subject to redaction of elements of the submitted case studies as required. For further information, see model REF data collection statements.

The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data, see our information on IT security. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability.

In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers, the University will comply with our obligations under Data Protection Law and ensure an adequate level of protection for all transferred data.

The University will retain your data in line with legal requirements or where there is a business need. Retention timeframes will be determined in line with the University’s Records Retention Schedule.

Under the UK General Data Protection Regulation, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent; see your individual rights.

If you have any questions about this privacy notice or concerns about how your data is being processed, please contact the University’s Data Protection Officer at dataprotection@york.ac.uk.

If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the ICO, see information on reporting a concern to the ICO.