Research Excellence Framework 2021 non-staff privacy statement
For the purpose of the General Data Protection Regulation ('GDPR') and the Data Protection Act 2018, the ‘Data Controller’ for the processing of personal data collected in accordance with the preparations for the University’s submission to the Research Excellence Framework (REF) 2021 is the University of Oxford.
REF2021 is an exercise to assess the quality of UK research and inform the selective distribution of public funds for research by the four UK higher education funding bodies; it comprises assessment of research outputs, impact and environment related to subject areas ('units of assessment' or UOAs).
Your personal data will be used to support the University’s REF2021 submission which as a national research assessment exercise is a task we carry out in the legitimate interests of the collegiate University, and current and former employees.
Types of data we collect about you
You may have provided information for one or more impact case studies or environment statements as part of our submission to the REF 2021. In 2020 we will send information about impact case studies and environment statements to UKRI (see below) for the purpose of the REF2021. The information will not be in coded form and your name - and details such as your job title and organisational affiliation - may be provided in these narrative statements. We refer to this information about you as ‘your data’. You can find further information about what data are being collected on the REF website, at www.ref.ac.uk in particular publication 2019/01, ‘Guidance on submissions’. Annex G of that document sets out the data that we will be required to share with UKRI.
Who has access to your data
The University will share your data with those employees of the University who need to view it as part of their work in preparing the REF2021 submission. This may include staff in Research Services, Departmental and Divisional offices, UOA Coordinators (academic staff responsible for developing the submission in a given unit of assessment as defined in the University’s Code of Practice for REF2021 (“CoP”)), UOA Impact leads, UOA administrative leads, and committees set up for the development of the REF submission as detailed in the CoP.
Sharing with third parties
We will share your data with the following third parties:
- UK Research and Innovation (UKRI): The REF is managed by the REF team, based at Research England (RE), on behalf of the four UK higher education funding bodies. RE is part of UK Research and Innovation (UKRI), and so we will send some of the information we hold about you to UKRI for the purpose of the REF2021. Under this arrangement UKRI has the role of ‘data controller’ for personal data submitted by us to the REF.
UKRI have provided us with the following information about how they will use and process your data:
UKRI may pass your data, or parts of it, to any of the following organisations that need it to inform the selective distribution of public funds for research and to carry out their statutory functions connected with funding higher education:
- Department for the Economy, Northern Ireland (DfE)
- Higher Education Funding Council for Wales (HEFCW)
- Scottish Funding Council (SFC).
UKRI and the organisations listed above will use the information to analyse and monitor the REF2021. This may result in information being released to other users including academic researchers or consultants (commissioned by the funding bodies), to carry out research or analysis, in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Where information not previously published is released to third parties, this will be anonymised where practicable.
UKRI will require that anyone who has access to your data, held in UKRI’s records, paper or electronic, will respect its confidentiality and will only process it in accordance with instructions issued for the purposes specified by UKRI.
Parts of your data will be passed to the REF expert panels and the Equality and Diversity Advisory Panel (whose members are independent of UKRI) for the purpose of conducting a systematic evaluation of submissions, in accordance with predetermined criteria and methods. All panel members are bound by confidentiality arrangements.
The results of the assessment exercise will be published by UKRI, on behalf of the four UK higher education funding bodies, in December 2021.
Those parts of submissions that contain factual data and textual information about research activity will also be published by UKRI, on behalf of the four UK higher education funding bodies, and will be made available online. Published information is likely to include textual information including impact case studies in which you may be referenced. Your name and job title may be included in this textual information. Other personal details will normally be removed.
Under the Data Protection Act 2018 and the GDPR, you have the right to see and receive a copy of any personal information that UKRI holds about you. Further information about the Act and GRPR, and guidance on making a subject access request, can be found in the UKRI privacy notice.
If you have any concerns about your information being used by UKRI for these purposes, please contact: Data Protection Officer, UK Research and Innovation, Polaris House, Swindon, SN2 1FL or email: firstname.lastname@example.org.
- External reviewers: Textual parts of the REF submission (impact case studies and environment templates) may be shared with external reviewers during the process of submission development.
Where we share your data with a third party external reviewers, we will seek to share the minimum amount necessary. This may include the information being transferred to, and stored at, a destination outside the European Economic Area. Such transfers will only take place with appropriate safeguards in place to ensure the confidentiality and security of your personal information. If you require any information about these safeguards, you may contact us (see data protection officer email address below).
Retaining and storing your data
We will retain your data to support the University’s REF2021 submission, including if required for legal, accounting, or reporting requirements. Specifically, we will retain all data used in the development of the REF submission until completion of the REF audit process (January 2022 at the latest), and will retain a copy of the staff, outputs, impact and environment submission for 21 years after submission, in order to facilitate future REF submissions.
You may request access to any of your data, request that our processing is restricted, object to our processing or request that your data be corrected or transferred to another party, subject to certain restrictions.
You may also request that your data be deleted or ask for us to stop using it, and we will comply with your request as soon as possible. Depending on the circumstances, however, we may have legal grounds for continuing to process your data, for example where processing is necessary for the performance of a task carried out in the public interest, or where the data is being further processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in accordance with applicable data protection laws.
If you would like to exercise any of the rights mentioned above or if for any reason you are not happy with the way that we have handled your data, please contact the University’s Information Compliance Team at email@example.com. The same address can be used to contact the University’s Data Protection Officer. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office.