Research Excellence Framework 2029 NON- STAFF PRIVACY STATEMENT

REF 2029 is an exercise to assess the quality of UK research and inform the selective distribution of public funds for research by the four UK higher education funding bodies; it comprises assessment of three research elements:

  • Contribution to knowledge and understanding
  • Engagement and impact
  • People, culture and environment

and requires provision of data on the quality of research, its impact beyond academia, and the environment in which research is undertaken, in the form of impact case studies, and disciplinary-level and institutional-level narratives.

Data Protection

For the purpose of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018, the ‘Data Controller’ for the processing of personal data collected in accordance with the preparations for the University’s submission to the REF 2029 is the University of Oxford.

Your personal data will be used to support the University’s REF 2029 submission, which as a national research assessment exercise is a task we carry out in the legitimate interests of the collegiate University, and current and former employees.

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.

Types of data we collect about you


You may have provided information for one or more impact case studies or narrative statements as part of our submission to the REF 2029. We will send information about impact case studies and narrative statements to UKRI (see below) for the purpose of the REF 2029 assessment, including in pilot exercises. The information will not be in coded form and your name - and details such as your job title and organisational affiliation - may be provided in these documents. We refer to this information about you as ‘your data’.

You can find further information about what data are being collected on the REF website, at www.ref.ac.uk, and in particular the detailed guidance from the last REF exercise on providing testimonies for impact case studies.

.

Who has access to your data

The University will share your data with those employees of the University who need to view it as part of their work in preparing the REF 2029 submission, including those working to support activities related to impact across the University. This may include:

  • Staff in Research Services, including the Research Evaluation Teams, and Research Information
  • Divisional research teams, in particular the REF Project Managers for each Main Panel, and impact facilitation staff
  • UOA Leads (academic staff responsible for developing the submission in a given unit of assessment), professional services staff in departments and faculties leading the submission to a UOA
  • Groups and committees set up for the development of the REF submission
  • Relevant Heads of Division, Heads of Department or Faculty Board chairs, Heads of Administration and Finance, and others with management responsibility for a Main Panel or UOA submission

Further details on the processing of your data can be obtained from refinfo@admin.ox.ac.uk.


Sharing with third parties

We may share your data in due course with the following third parties:

  • UK Research and Innovation (UKRI): The REF is managed by the REF team, based at Research England (RE), on behalf of the four UK higher education funding bodies. RE is part of UK Research and Innovation (UKRI), and so we may send some of the information we hold about you to UKRI for the purpose of REF 2029, including for pilot exercises. Under this arrangement UKRI has the role of ‘data controller’ for personal data submitted by us to the REF.

The guidance, systems and processes for REF 2029 are currently under development, see www.ref.ac.uk.

We will provide updated information on sharing data with UKRI for assessment in REF 2029 as this becomes available, including confidentiality provisions. These are expected to align with confidentiality provisions for REF 2021, detailed in guidance on the REF 2021 website and included:

    • Confidentiality agreements for panel members and assessors
    • Non-publication of corroborating evidence for impact case studies
    • Submitting HEIs identifying parts of the submission as “not for publication” or requiring redactions
    • Submitting HEIs identifying conflicts of interest in assessing material
    • Additional provisions for classified material.

  • External reviewers: Textual parts of the REF submission (impact case studies and narrative statements) may be shared with external reviewers during the process of submission development.

Where we share your data with a third-party external reviewer, we will seek to share the minimum amount necessary. This may include the information being transferred to, and stored at, a destination outside the European Economic Area. Such transfers will only take place with appropriate safeguards in place to ensure the confidentiality and security of your personal information. If you require any information about these safeguards, you may contact us (see data protection officer email address below).


Retaining and storing your data

We will retain your data to support the University’s REF 2029 submission, including if required for legal, accounting, or reporting requirements. Specifically, we will retain all data used in the development of the REF submission until completion of the REF audit process (expected to be January 2030), and will retain a copy of the submission for 21 years after submission, in order to facilitate future REF submissions.

Security

Your data will be held securely in accordance with the University’s policies and procedures. Further information is available on the University’s Information Security website.

Electronic data may be transferred to, and stored at, a destination outside the United Kingdom (UK), for example, when stored on cloud-based service provider that operates outside the UK such as Microsoft.

Such transfers will only take place if one of the following applies:

· the country receiving the data is considered by the UK to provide an adequate level of data protection;

· the organisation receiving the data is covered by an arrangement recognised by the UK as providing an adequate standard of data protection;

· the transfer is governed by approved contractual clauses.

Your rights

Information on your rights in relation to your personal data are explained here.

Contact

If you wish to raise any queries or concerns about our use of your data, please contact us at refinfo@admin.ox.ac.uk or Research Services, University of Oxford, 5 Worcester Street, Oxford OX1 2BX

Changes to this privacy notice

We reserve the right to update this privacy policy as the requirements for REF 2029 are published, and will seek to inform you of any substantial changes.