UK Data Service Privacy Statement
This Privacy Statement sets out the personal data which we, at the UK Data Service, collect in the course of our interactions with you and the way in which we handle those personal data.
Personal data which we hold as a data processor (i.e. on behalf of several different data controllers) is not addressed in this Privacy Statement. If you are a data subject of any of the data collections in our data catalogue you should contact the relevant Data Protection Officer within the organisation named as the depositor in the catalogue record. Data we receive under the Digital Economy Act is held by us and made available to researchers only within the UK.
The UK Data Service uses Matomo to analyse website usage in order to report performance and usage to our funding bodies and publicly. This tool gathers the following information about the device you use to access the UK Data Service website:
- operating system
- browser
- browser language
- browser plugins
- first octet of your public IP address.
This information is not stored for more than 24 hours, but instead is hashed to generate a unique and anonymised ID. Every 24 hours, this hash is rotated, which means that when you revisit the UK Data Service website, you will be allocated a different ID and therefore will not be recognised.
| Data collected | Processing basis |
|---|---|
| Accessing data within our data catalogue or depositing research data with the UK Data Service. | Public Task |
| Controlled data access (including access via the SafePod Network and SafePoints) and Safe Room access. | Contract |
| Submitting enquiries to the UK Data Service. | Public Task |
| Signing up to or attending one of our events. | Public Task |
| Signing up to or attending training or learning. | Public Task |
| Feedback on our services from an event. | Consent |
| Signing up to our newsletter. | Consent |
| UK Data Service online pop-up survey. | Consent |
| Agreeing to provide feedback on our services and your experience of them [for Special Category Data]. | Consent under Article 6(1)(a) UK GDPR, [Consent under Article 9(2)(a) UK GDPR] |
| Agreeing to provide feedback on our services and your experience of them. | Consent |
| Data in the course of audio or video recording [for Special Category Data]. | Public Task or Consent under Articles 6(1)(a) and 6(1)(e) UK GDPR, [Consent under Article 9(2)(a) UK GDPR] |
| Where CCTV is used for monitoring purposes when accessing controlled data (including access via the SafePod Network and SafePoints, and Safe Room access). | Contract under Article 6(1)(b) UK GDPR |
| When ascertaining your dietary requirements. | Consent under Article 6(1)(a) UK GDPR, and under Article 9(2)(a) UK GDPR |
Registering to access or deposit research data
If you register to access data within our data catalogue or deposit research data with us we collect the following information:
- full name
- contact address
- email address
- fax and telephone numbers
- institution and department
- academic discipline
- user status
- date of registration
- agreement to any end user or special conditions
- details of any usage(s) registered
- details of any data accessed/downloaded
- any username and ID required for user authentication and validation
- internal user database unique ID
- ORCID (Open Researcher and Contributor ID).
Controlled data access and Safe Room access
If you apply to use controlled access data collections in addition to the information above, we collect your IP address, date of birth, nationality and the details of your highest qualification. If you access these data at the UK Data Archive Safe Room or via the SafePod Network (including SafePoints) we also record CCTV for the purposes of information security.
The University of St Andrews acts as the data processor on behalf of the UK Data service when processing personal information within the SafePod Network. This records researchers at their desk, the date and the time. The camera records the location, and all CCTV footage is stored in the camera. No other information is collected, and the CCTV footage is reviewed for the UK Data Service by a member of staff at the University of St Andrews. All recordings are deleted automatically after 30 days unless transferred to the UK Data Service, when recordings may be held for a period necessary to resolve any researcher licence compliance issues. The system used by the SafePod Network is managed by Cisco Meraki who do not have access to any personal information. Cisco Meraki privacy information is available online.
Safeguarded data subject to the Special Licence User Agreement
Where data owners have agreed, users can apply to access selected Special Licence data from home. The UK Data Service uses Qualtrics to collect additional information on the date you last completed an information security awareness training course.
The information provided in the Qualtrics agreement is collected by the UK Data Service and controlled by the University of Essex; however, additional information may be collected by Qualtrics when visiting their website, for which they will be the Data Controller. Data collected by the Qualtrics application is stored and processed in the United States (US) by Qualtrics. The Qualtrics Privacy Statement can be viewed online.
Submitting enquiries to the UK Data Service
If you submit enquiries to us, we will hold the information you provide for the purposes of investigation and responding to the enquiry. This will usually include your name, email address, and other contact details, but may also include the information listed in the ‘Registering to access or deposit research data’ section above.
Signing up to or attending one of our events
If you sign up to join one of our events (including workshops and webinars) we will collect your full name, email address, country, organisation, job title, role, sector, discipline, and your accessibility and dietary requirements (when attending an in-person event).
We will also ask for your consent to contact you to obtain feedback on our event.
Signing up to or attending training or learning
If you sign up to or attend (including online and Moodle) training or learning organised by us we will collect your full name, contact address, email address, telephone numbers, institution and department, academic discipline, research funder details and any username and ID required for user authentication and validation.
We may also ask for your feedback on the training and learning, and our other services.
Signing up to our newsletter
If you subscribe to our newsletter, we collect your full name and email address.
UK Data Service online pop-up survey
If you complete our online pop-up survey and consent to providing your email address, we use and store this to:
- manage any issues that you raise
- respond to your comments
- contact you if you win an Amazon voucher.
Providing feedback on our services
If you have consented to be contacted about our services, we may collect various information from you to enable us to effectively assess your experience.
The personal data that we collect from you, and you provide to us, are used for authentication, statistical purposes, for the management of the service (including registration, providing you with access to research data collections in our catalogue, investigating and responding to enquiries you submit), and to provide the services for which you have signed up.
Where you provide your consent, we will directly communicate to you to market events, training or send our newsletter. Your opt-in is required to receive these communications and you have the right to withdraw your consent at any time. If you wish to change your communication preferences, please update your user account area settings. However, if you wish to unsubscribe from our newsletter, you can do so, by using the unsubscribe link at the end of the newsletter you receive.
We may carry out surveys to gather feedback from you about your experience of various aspects of our services. Before we do so we will obtain your consent, which you may withdraw at any time either by contacting us directly or using any unsubscribe link in our communications.
The University of Essex is the data controller for the UK Data Service and has agreements with other partners who act as data processors. We only share your personal data either to provide our services or to comply with legislative, regulatory or contractual obligations.
We share this information with:
- Partners within the UK Data Service (the Universities of Edinburgh and Manchester, University College, London, and Jisc) who collectively deliver the ‘UK Data Service’ and act as data processors on behalf of the University of Essex.
- A data collection depositor in relation to your use of their data collection so that they can contact you directly:
- if you breach the terms of our End User Licence, or
- if the data collection depositor requires information on how you have used their data collection.
- Your own institution or organisation where necessary for the administration of the Service.
- With your research funder where they require you to deposit data with us in order to confirm to them whether you have deposited your research data.
- Third parties who may assist us in investigating or responding to enquiries you submit. We will normally seek your consent for this.
- Third parties who will act as data processors to facilitate our contact with you.
- Third parties who will act as data processors to facilitate or provide our services.
- The UK Statistics Authority as part of the UK Data Service’s duties under the Digital Economy Act 2017.
We only keep your personal data for as long as is necessary. The decision on the length of time for which we will retain your personal data will depend on the following criteria:
- legal requirements
- contractual requirements
- management of the service
- provision of services to you
- requirements placed upon us by data controllers.
Anonymised statistical and aggregated information which cannot identify you will be retained for longer periods of time.
Personal data that we hold, is, wherever possible, stored within the UK. However, in some cases it is held within the EEA. We also use a number of US based services to deliver the UK Data Service operations and this may entail transfers to a third country for processing and storage in order to deliver our services. In compliance with the UK GDPR we seek to ensure equivalent levels of protection for any such data transfers. These are reviewed and assessed regularly in accordance with the ICO’s advice and guidance.
Event bookings and training or learning
For event bookings we use Eventbrite and Zoom, which are services based in the US. This means that any information you provide to them may be stored by them in countries outside your country of residence. When you book onto one of our events or webinars through Eventbrite or attend using Zoom you may also have to agree to their terms and conditions of service, as set out in the Eventbrite Privacy Policy and the Zoom Privacy Policy.
For training and learning we may use third parties to provide or facilitate these services. Where this is the case, you will be directed to their privacy policy.
UK Data Service newsletter
To send you the UK Data Service newsletter we use Email Blaster, a cloud-based email marketing platform. Any of your data held by them is stored on servers within the UK. When you sign-up to the newsletter you will also be agreeing to their terms and conditions of service outlined in the Email Blaster Privacy Statement. If you decide not to agree to Email Blaster’s terms and conditions, you can find our published newsletters on our website, but this means you will not be notified or receive the newsletter by email when a new newsletter is released.
We take the protection of your data seriously and the UK Data Archive is ISO/IEC 27001:2022 certified. We protect your personal data via the use of various technical and organisational measures which include encryption and active directory security groups.
Within your user account area you can change your subscription preferences. However, if you wish to unsubscribe from our newsletter or stop being contacted for feedback on our services, you can do so by using the unsubscribe link at the end of the newsletter or other communication you receive.
You have the following rights:
- To be informed of how and why we process your personal data. We have sought to achieve this through this Privacy Statement.
- To have access to your personal data. You can access your personal data through your user account area or through direct contact via our helpdesk form.
- To amend or rectify your personal data. This can be done through your user account area, or via our helpdesk form to change your email.
- To request deletion of your personal data. Please note, that there may be circumstances where we are legally required or entitled to retain it. For example, in order for us to maintain an audit trail in the event of a personal data breach from controlled access data, we need to retain a record of the users that have downloaded this data and when. If you wish to request deletion of your personal data, please contact our Data Protection Officer (the details to do this can be found in section 12 below).
- To restrict and/or object to the processing of your personal data, in certain circumstances. If you wish to request restriction or object to the use of your personal data, please contact our Data Protection Officer (the details to do this can be found in section 12 below).
- To not have a decision based solely on automated processing. We do not use automated decision making (including profiling) when making a decision.
If you have any further questions about our Privacy Statement, please feel free to contact our Data Protection Officer at:
Data Protection Officer
Office of the Vice-Chancellor
University of Essex
Wivenhoe Park
Colchester
Essex
CO4 3SQ
This Statement was last updated on 11 February 2026. This is version 04.00 of our Statement.