Research Excellence Framework 2029 STAFF PRIVACY STATEMENT
The University of Oxford intends making a single submission to Research Excellence Framework 2029 (or REF 2029) on behalf of the collegiate University, and therefore this data notice applies to current and former employees of the departmental University, and current and former employees of colleges and permanent private halls.
REF 2029 is an exercise to assess the quality of UK research and inform the selective distribution of public funds for research by the four UK higher education funding bodies; it comprises assessment of three research elements:
- Contribution to knowledge and understanding
- Engagement and impact
- People, culture and environment
and requires provision of data to calculate the volume of eligible staff with significant responsibility for research, together with outputs and their metadata, impact case studies, and disciplinary-level and institutional-level narratives which include data and indicators relating to staff.
Data Protection
For the purpose of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018, the ‘Data Controller’ for the processing of personal data collected in accordance with the preparations for the University’s submission to the REF 2029 is the University of Oxford.
Your personal data will be used to support the University’s REF 2029 submission, which as a national research assessment exercise is a task we carry out in the legitimate interests of the collegiate University, and current and former employees.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Types of data we collect about you
We will collect and use the following categories of data for the REF 2029 submission and in preparations for this submission:
- Data held about you by the University of Oxford as your employer. For employees, or former employees of the departmental University, we will use the following data which we have collected during your employment or work with us:
- Name and title
- Personal identifiers including ORCID, SSO, HESA ID and employee number, email address
- Contract of employment, appointment ID, duration (start and end dates) and Full time equivalent (FTE), including any variation in FTE over time, job title, grade and contractual classification
- Periods of unpaid leave or sabbatical
- Subject area and affiliations with the department and research group, REF-specific disciplinary areas (“units of assessment” or UOAs).
- Details of activities and achievements related to research and research impact, including but not limited to: research publications, including detail of author contributions; research student supervision record; research funding awards and applications; academic title; engagement and impact-generating activities.
- equality and diversity data.
Data provided to the University of Oxford by colleges or permanent private halls (PPHs) as your employer. For current and former employees of the colleges and PPHs, we will use the following data which we receive from your employer:
-
- Name and title
- Personal identifiers including ORCID and SSO, email address
- Contract of employment, duration (start and end dates) and Full time equivalent (FTE), including any variation in FTE over time
- Periods of unpaid leave or sabbatical
- Job title and University grade or national spine point
- Teaching, line management and pastoral care responsibilities
- Subject area and affiliations with the departmental University through research or teaching, REF-specific disciplinary areas (“units of assessment” or UOAs).
- Details of activities and achievements, including but not limited to: research publications, including detail of author contributions; research student supervision record; research funding awards and applications; academic title; engagement and impact-generating activities.
- equality and diversity data.
In accordance with REF requirements, data on current and former employees of the colleges and PPHs will be processed to categorise person-level and contract-level data as required by the HESA staff return, and compared to the University’s HESA staff return.
Who has access to your data
The University will share your data with those employees of the University who need to view it as part of their work in preparing the REF 2029 submission, including those working to support activities related to people, culture and environment across the University. This may include:
- Staff in Research Services, including the Research Evaluation Teams, Research Information Team and Research Practice Team
- Divisional research teams, in particular the REF Project Managers for each Main Panel
- UOA Leads (academic staff responsible for developing the submission in a given UOA, a REF-specific disciplinary area), professional services staff in departments and faculties leading the submission to a UOA
- Groups and committees set up for the development of the REF submission
- Relevant Heads of Division, Heads of Department or Faculty Board chairs, Heads of Administration and Finance, and others with management responsibility for a Main Panel or UOA submission
- HR Systems Team and the Equality and Diversity Unit, Human Resources
- The University’s Researcher Hub
- The Bodleian Library’s Open Scholarship Support Team
- Conference of Colleges Secretariat
Your details may be used to set up a profile for you in the University’s research information system, Symplectic Elements, and to manage your profile, including the identification of outputs for submission. Your contact details may be used to provide information on support for researchers and research practice, including the open access requirements for REF 2029.
Equality and diversity data will be used in pseudonymised form to provide analysis on the REF processes in the form of Equality Impact Assessments (EIAs), and in anonymised form as indicator data within narrative submissions on diversity at University and subject-level. Special category data about you will only be processed where you have volunteered it and will be subject to suitable safeguards.
Further details on the processing of your data can be obtained from refinfo@admin.ox.ac.uk. Details of staff working on REF may be found on the Research Support REF pages. Details of how University’s REF submission is developed will be available in the University’s REF 2029 Code of Practice in due course; the University’s REF 2021 Code of Practice is available to staff on the Research Support REF pages (SSO login required).
Sharing with third parties
We may share your data in due course with the following third parties:
- UK Research and Innovation (UKRI): The REF is managed by the REF team, based at Research England (RE), on behalf of the four UK higher education funding bodies. RE is part of UK Research and Innovation (UKRI), and so we may send some of the information we hold about you to UKRI for the purpose of REF 2029, including for pilot exercises. Under this arrangement UKRI has the role of ‘data controller’ for personal data submitted by us to the REF.
The guidance, systems and processes for REF 2029 are currently under development, see www.ref.ac.uk.
We will provide updated information on sharing with third parties for REF 2029 as this becomes available. Information on data processing in the last exercise, REF 2021, is available online here.
- Higher Education Statistics Agency (HESA): For employees of the University of Oxford, some your data relating to the REF submission will be passed to HESA as part of the HESA staff return.
For more information, see the University’s staff privacy policy and HESA staff data collection notice.
- External reviewers: Textual parts of the REF submission (outputs and their metadata, impact case studies and narrative statements) may be shared with external reviewers during the process of submission development.
Where we share your data with a third-party external reviewers, we will seek to share the minimum amount necessary. This may include the information being transferred to, and stored at, a destination outside the European Economic Area. Such transfers will only take place with appropriate safeguards in place to ensure the confidentiality and security of your personal information. If you require any information about these safeguards, you may contact us (see data protection officer email address below).
Retaining and storing your data
We will retain your data to support the University’s REF 2029 submission, including if required for legal, accounting, or reporting requirements. Specifically, we will retain all data used in the development of the REF submission until completion of the REF audit process (expected to be January 2030), and will retain a copy of the submission for 21 years after submission, in order to facilitate future REF submissions.
Security
Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website.
Electronic data may be transferred to, and stored at, a destination outside the United Kingdom (UK), for example, when stored on cloud-based service provider that operates outside the UK such as Microsoft.
Such transfers will only take place if one of the following applies:
- the country receiving the data is considered by the UK to provide an adequate level of data protection;
- the organisation receiving the data is covered by an arrangement recognised by the UK as providing an adequate standard of data protection;
- the transfer is governed by approved contractual clauses.
Your rights
Information on your rights in relation to your personal data are explained here.
Contact
If you wish to raise any queries or concerns about our use of your data, please contact us at refinfo@admin.ox.ac.uk or Research Services, University of Oxford, 5 Worcester Street, Oxford OX1 2BX
Changes to this privacy notice
We reserve the right to update this privacy policy, in particular as the requirements for REF 2029 are published, and will seek to inform you of any substantial changes via University communications. We may also notify you in other ways from time to time about the processing of your personal data.