Research grant applications and awards process privacy notice
Research Services is part of the University of Leicester’s Research and Enterprise Division. The University of Leicester is the Data Controller for your information.
This privacy notice explains how we use your personal information as part of the research grants applications and awards process and your rights regarding that information. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
What information are we collecting?
The University collects and stores a range of information about you as part of the research grant application and award management process, whether the University is the lead or co-applicant with another lead institution. This includes:
- Your name, address and contact details, including email address and telephone number;
- Details of your qualifications, skills, experience and employment history;
- Information about your current level of remuneration, including benefit entitlements;
- Payroll posting information, including breakdown to basic pay, national insurance and pension costs
The University may collect this information in a variety of ways. For example, data might be contained in the grant application form, CVs or resumes, or collected through SAP Grants Management, HR and Finance systems.
Data will be stored in a range of different places, including on your research application, in RED assets systems (such as X Drive), on University grants management systems (including our costings system), and on other IT systems (including email).
Why are you collecting my data?
The University needs to process data to take steps to submit grant funding applications to the funder and/or enter into grant funding agreement with the funder, and/or sharing information with another institution leading on a funding application. In some cases, the University needs to process data to be used for University Strategic decisions to improve the research environment.
The University requires processing personal data during the research grants process and for keeping records of the process.
Processing data from funding applications and awards allows the University to manage the research grants process. Processing your personal data shall be to:
- Capture your data as part of the application suite of documents forming part of the research funding application.
- Use, review and approve costings in relation to your research project which may include your personal data;
- Manage and submit the research grant application,
- Share data with Funder when submitting the application, which may contain your Salary information and your curriculum vitae
- Where another institution is the lead applicant, share the personal data with lead institution which will be submitting the research grant application to the Funder.
- Store a copy of the research grant application containing your personal data on the X Drive and other assets.
- To provide audit evidence to the funder of both contracts of employment and employment costs relating to the grant activity
Who has access to this data?
Your information will be used by member of the Research Services and other members of Research and Enterprise Division for the purposes of the research funding process.
Information about the research project which may contain some of your personal information e.g. name, department, may be shared with heads of colleges, departments.
The University will share your data with third party institution where you are collaborating with a researcher employed by that institution. If an external funding body is directly funding the employment, then payroll data and CVs may be shared with this funder.
What is the legal basis for processing the data?
The lawful basis to process personal data in the context of the research funding application and award process is for the performance of a public task GDPR Art 6 (e). The basis for this is the University Royal Charter in S (13) (b).
In the unlikely situation where the personal data to be processed as part of the grant application award or contract process involves special category data (such as ethnic origin; politics; religion; genetics; biometrics; health; sex life; or sexual orientation) we will seek consent to process this information in order to comply with GDPR Art 9 Paragraph 2 (a).
How does the University protect my data?
The University takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by University employees in the proper performance of their duties.
For how long does the University keep my data?
Data will be kept as required by the funder regulations. If the application is unsuccessful, personal data will be removed on a yearly basis.
How long will you process my data for?
For the purposes of externally funded projects, your data may be retained for a period of 6 years beyond the end date of the project for grant audit purposes.
As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request;
- Require the University to change incorrect or incomplete data;
- Require the University to stop or restrict processing your data, for example where the data is no longer necessary or legally required for the purposes of processing
If you would like to exercise any of these rights, please contact the Information Assurance Services Manager, Information Assurance Services, University of Leicester. IAS are the University first port of call for the exercise of rights under GDPR Arts 15-22.
What if I do not provide data?
We will only process data that you provide to us as part of the submission of the research grant funding process and/or entering into grant awards with the funder, and/or sharing information with another institution leading on a funding application.
Automated decision making
Research grants and applications and awards processes are not based on automated decision-making.
How do I complain to the Information Commissioner’s Office?
The Information Commissioner can be contacted on:
- Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF
- 0303 123 1113
- ICO website