Data Protection Information for RBI

RBI provides services to support the research and enterprise activity of University through: grant applications to external funders, liaison with business partners and funders and ensuring we meet the legislative requirements associated with research and enterprise activity.  This means providing support to approximately 380 research active academics.  We liaise with external academic collaborators and their Research/Enterprise Offices at other institutions across the UK and internationally; we also liaise with research funders (for example, the Research Councils (UKRI), Welsh European Funding Office (WEFO), charitable research funders, Government Departments and international funders) and UK and international business partners.

How we collect information

Data processed by RBI comes from the following sources:

  • Directly from academics via email, e.g. details of a grant being applied for which will include applicant details such as name of Principal and Co-Investigators, contact details, time commitment, salary scale and spinal point and CV
  • Bookings onto events organised by RBI (eg training courses) through email communication to drbi@aber.ac.uk
  • Information through the on-line ethics checklist
  • Data entered into PURE by individual academic staff relating to research publications and activities, and senior management teams in relation to output assessment.
  • Data entered into reports produced from PURE, or produced separately by senior management teams in departments, in relation to output assessment.
  • HR data report produced from ABW to identify new research active members of staff in the University
  • Application forms to access internal funding streams managed by RBI, (eg Sir David Hughes Parry Award, University Research Fund, Conference Fund, Gooding Fund, RD Roberts Bequest which are emailed to the appropriate RBI staff member or to drbi@aber.ac.uk.
  • Internal Expressions of Interest forms created to collate information about a particular grant call or an Invention and emailed to the appropriate RBI staff member or to drbi@aber.ac.uk
  • Third party contacts obtained from: networking events, trade shows, exhibitions, conferences, external organisations e.g. WG Innovation Advisors and Horizon 2020 Unit, KTN, Konfer, IN-PART, academic collaborators etc.
  • Student application forms for Postgraduate studies (PhDs and MPhils/MRes), which includes Equal opportunities forms
  • KESS Project proposal forms with academic main and co-supervisor’s details along with company details and company equal opportunities forms
  • Payslips and contracts of employment from Human resources for match funded academics in the event of audits

The information we collect

The information we collect and process for grant application purposes (internal and external funds), contracts and ethical review purposes will usually include:

  • Name of investigator
  • Contact details including Department, work phone number and email address
  • Identity of Line Manager / Director of Research
  • Description of research experience
  • Qualifications
  • Number of years since PhD award
  • Numbers of hours to be worked on a grant
  • Salary scale and spinal point
  • Proposed research activity, including travel plans
  • In addition for events: Dietary and DDA requirements.

In addition to the above data, Information collated for recording Intellectual Property and consultancy  will also include:

  • AU staff / inventor name, home address and postcode, which are required for patent assignment and IP registration purposes.
  • Description of the invention, technological application and commercialization route.

The information we collect and process from Third Parties for business development purposes include:

  • Third party organisation’s name and address, Industry Sector, Industry type (e.g. SME, Research Organisation, NGO, HE, Charity, Public, Private etc.)
  • Contact Person(s) name, e-mail, telephone and role in the organisation.
  • Intellectual property documentation includes Third Party Inventor name, home address and postcode, which are required for patent assignment and IP registration purposes.

The information we collect and process in relation to research monitoring and preparation for REF submission include:

  • Name
  • Staff ID
  • AU username
  • Department
  • Date of Birth
  • Gender
  • Contract information, including grade
  • Quality assessment estimates for research outputs
  • Contact details for external parties (name, e-mail, telephone and role) for corroborating impact claims.

The information we collect and process in relation to the KESS2 operation include:

Student’s details:

  • Name
  • Address
  • Bank details
  • National insurance number
  • Date of birth
  • Email address and phone numbers
  • Employment status at registration, education details & career experience,
  • Equal opportunities information e.g gender, disabilities, work limiting health conditions, Welsh language ability, ethnicity, migrant details

 Company details:

  • Name of company supervisor
  • Company address
  • Company turnover details
  • Equal opportunities information for company supervisor (see above for details)

Academic details:

  • Name
  • Wages details
  • Employment contractual details

How we use the information

  • Data collected for grant applications (internal and external) will be reviewed and commented on by members of staff in RBI (Research Development Officers/European Development Officers and as appropriate also the Research Ethics and Integrity Officer, Research Impact Officers, Open Access and Research Data Officer) and information shared with colleagues in Research Finance (Finance Department) and fed back to the Principal Investigator and possibly Director of Research and/or Head of Department/Institute Director.
  • Grant application data will be held on the University email system and also stored on the RBI shared drive which is only accessible to RBI staff.
  • Data collated for internal competitions will be shared with a review panel which will be either Research Committee Executive or a panel of senior academics (usually chaired by PVC-R) specifically compiled for the purpose (eg NERC Demand Management Panel).
  • Data collated for ethical review will be reviewed by the appropriate AU Research Ethics Panel or will be submitted to an external panel, such as NHS Research Ethics
  • Data from HR on new research active members of staff is used so that the appropriate Research Development Officer can make contact and ask for a meeting to outline the nature of services available from RBI
  • Data from Third Parties will be stored on the AU Customer Relationship Management (CRM) databases Aberconnections and INTEUM (both login/password protected and accessible by RBI staff)
  • Data from Third Parties who have subscribed to receive the quarterly E-Bulletin are stored on the RBI shared drive which is only accessible to RBI staff.
  • Data collected for Intellectual Property documentation (internal and external) will be reviewed and commented on by members of staff in RBI (Business Development team). The information will also be shared with external third parties such as AU Patent Attorneys, AU Legal Advisors and Consultants for e.g. Market Research.  These external parties are all contracted to provide services to AU.
  • Details of inventors on granted patents will be recorded and made public by the UK and International Patent Offices.
  • All personal data collated as part of research monitoring/ REF preparation, bar grade information, is stored within the AU current research information system, PURE. This system is stored on internal servers and is only accessible to AU staff. Personal details are only accessible to the specific individual, database administrators, and senior management staff given the requisite permissions.
  • Name, department and AU usernames are presented along with output assessment data within research monitoring reports and are sent via e-mail by senior management teams in departments, to a limited access RBI mailbox. This is then stored on the RBI shared drive which is only accessible to RBI staff. These reports form the basis of discussion on REF readiness with senior management teams in departments within research monitoring meetings chaired by the Director of Research Excellence and Impact, with members of the REF & Research Monitoring Team in attendance.
  • Contact details for external parties for corroborating impact claims are held within PURE and are only accessible to the specific individual who created the impact record, database administrators, and senior management staff given the requisite permissions.
  • All KESS2 paper information are stored in files within lockable cabinets within the RBI office which are only accessible to KESS2 staff members
  • All KESS2 electronic data are inputted onto workbooks and databases stored on the RBI shared drive, accessible only to RBI staff

Secondary analysis of data

  • Data on grant application activity and meetings with new research active members of staff is recorded on an internal database on the AU RBI shared drive for the purpose of monitoring RDO/EDO support given to academics. This helps determine the level and nature of support required by Department and allows annual reporting of RDO/EDO activity.
  • Names, AU log-ins and grade data is received via HR, password protected, and is stored on the RBI shared drive (which is only accessible to RBI staff) for a limited time. This information is combined with other contract information, and gender, to enable equality impact assessments on REF-submission likelihood. The resultant reports, providing high level statistics only, are again stored on the RBI shared drive.
  • Research activity reports are created for Executive staff on request, utilizing research activity details from PURE including grant activity. These reports are shared via e-mail with the Research PVC and are stored on the RBI shared drive, which is only accessible to RBI staff.

How long is it kept for?

  • Grant application data is kept indefinitely.
  • Granted patents – for the lifetime of the patent (20 years) as this is a legal requirement.
  • All KESS2 data is stored in line with the Funding regulations document retention period
  • Research Monitoring/ REF preparation data
  • Personal details for staff are stored within PURE indefinitely. As of May 2018, it is unclear what information the REF submission will require, even for past staff.
  • Contact details for external parties corroborating impact claims are stored within PURE indefinitely. As of May 2018, it is unclear what information the REF submission will require and when.
  • Research output quality assessment reports are stored until the relevant REF exercise results are released (currently Dec 2021).

Sharing

  • Details about a research active member of AU staff (name, contact details, salary, hours to be committed to a grant, CV) will be shared with external partners (eg another University or collaborating partner) as appropriate in order for them to be included as a Co-Investigator on a project led by another Institution. Generally, this information is shared via email.
  • Research grant applications are submitted to external funders either directly by the Principal Investigator or through one of the external funding portals (in which case the final submission is made by a Research Finance Officer, Finance Department).
  • Occasionally RBI may be required to make an application on behalf of a Principal Investigator or the University and this may be through email or an online form.
  • Data collected for Intellectual Property documentation will also be shared with external third parties such as AU Patent Attorneys, AU Legal Advisors and other Consultants for e.g. Market Research. In every case, these external parties are all contracted to provide services to AU.
  • Details of inventors on granted patents will be recorded and made public by the UK and International Patent Offices.
  • Data collected for the purposes of REF submission are shared electronically via PURE to the REF submission system.
  • Equality Impact Assessments conducted prior to REF submission are shared with the REF Team as requested.
  • Author names and AU log-ins are shared through PURE via various APIs to query publication databases to identify publicly available staff research. Such searches are established by individual staff members personally.
  • In the event of a request from a regulatory approval body (e.g. Health Research Authority) or where an ethical breach has occurred, RBI may be required to share study details and files to the approving body.
  • KESS2 data are shared with the funding body if requested for audits, this includes WEFO (Welsh European Funding Office) and sometimes EFAT (European Funding Audit Team) to evidence eligibility e.g Students eligibility to receive the Funding.
  • KESS2 students contacts details can be shared with external evaluators in order for them to contact the students to assist them with mid-term and final evaluations of the KESS2 operation

Legal basis for collecting this data

  • For grant application (internal and external) and research ethics purposes, the legal purpose is the legitimate interests of the data controller and performance of a contract.
  • Data collected for Intellectual Property documentation is required: for performance of a contract; compliance with a legal obligation; and processing for performance of a public task.
  • For REF preparation and submission, the legal purpose is the legitimate interests of the data controller and performance of a contract.
  • Data for KESS2 is required as part of the terms of the Funding regulations (performance of a contract).

Rights and choices & Contact details

For more information about Rights and Choices see: https://www.aber.ac.uk/en/about-us/corporate-information/information-governance/data-protection/data-subject-rights/

E-Bulletin – data subjects will have the option to unsubscribe at any time from e-mails.

 

Contact details

You can email us on drbi@aber.ac.uk or contact the University’s Data Protection Officer on infocompliance@aber.ac.uk