Notice

Privacy notice related to academic research data received by GO-Science

Published 27 November 2025

This notice sets out how we will process your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).

This Privacy Notice covers the use of personal data associated with academic research. This is used by the Government Office for Science to provide advice on science and technology to Government and the Prime Minister.

We use bibliometric data, to produce insights for government relevant to technology policy and national security. Bibliometric data refers to information gathered from the publishing of academic research in the public domain, with data on research, authors and institutions

This supports part of our core mission: to provide advice into the heart of government and evidence-based insights to support development of policy and strategy in areas such as science and technology for strategic advantage, national resilience and emergency preparedness.

The Department for Science, Innovation and Technology (DSIT) is the Data Controller for the use of personal data covered by this privacy notice.

1. Your data

There are three aspects to the dataset, Publications, Authors and Institutions. This is a relational dataset, so they are all linked.

Publications contains data on academic publications, with information relating to the name of the article, its abstract, the year of publication, citation and reference information, the authors involved and their respective research institutions (employers) at the time of publishing.

Authors contains information relating to academics including names, previous institutions they have published work through and previous publications.

Institutions data includes the details of institutions such as their name and address.

Your personal data were obtained by us from third party data providers. This data is collected by Ourresearch for inclusion in OpenAlex by combining public repositories such as Crossref and Arxiv. There is no unique commercial agreement with Ourresearch, all data (including personal data) is accessible via their service.

2. Purpose

The purpose(s) for which we are processing your personal data is:

• To provide other government teams with information to inform activities aimed at providing advice to higher education research institutions on research security.
• To provide HMG with insights on international science and technology trends, patterns of scientific collaboration, and comparative country strengths.
• To identify the most influential researchers we should engage with.
• To better understand national security risks in and from areas of research.

We use bibliometric data, to produce insights for government relevant to technology policy and national security. Bibliometric data refers to information gathered from the publishing of academic research in the public domain, with data on research, authors and institutions

3. Legal basis of processing

The legal basis for processing your personal data under Article 6 of the UK GDPR is:

1(e)Public task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, for the Government Office for Science to provide scientific advice to government and for DSIT to exercise the function to provide higher education research institutions with advice and support on trusted collaborations, research advice and research collaboration security and better understand national security risks in research. 

4. Recipients

Your personal data will be shared by us with other government agencies in an anonymous, aggregated form.

We will share your personal data with third parties where: 

• required or allowed by law 

• it is in the public interest to do so, including in relation to national security considerations 

As part of our IT infrastructure, your personal data will be stored in the UK on systems provided by our data processors - Microsoft and Amazon Web Services. This does not mean we actively share your personal data with these entities; rather, they are technical service providers who host infrastructure supporting our IT systems

There are no third party processors involved in the handling of the personal data.

5. Retention

Your personal data will be kept by us for no longer than necessary to carry out our advice functions

We have agreed a 3-year data cycle, we will review the data stored within our system after 3 years and evaluate whether there is continued need for this data to meet our core purpose. If this is no longer necessary, then the data will be deleted.

In some circumstances we will anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.

6. International transfers

Your personal data will be processed in the United Kingdom (UK) and in the European Economic Area (EEA). 

Some of our servers are based in the EEA, in particular Sweden. This is where Microsoft data centres are based for certain products, such as Azure AI Foundry. This is in keeping with government data guidelines.

Where your personal data is processed in the EEA, the following safeguards are in place: 

• UK Adequacy Regulations

Data held by Amazon and Microsoft services is hosted for DSIT in the UK. These services are Exchange (e.g. emails), Microsoft Teams, SharePoint, OneDrive together with data in the Data Management System (DMS) environment hosted by Azure. 

7. Your rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.

You have the right to object to the processing of your personal data.

To exercise your rights please contact the Data Protection Officer using the contact details below.

8. Contact details

The data controller for your personal data is the Department for Science. Innovation and Technology (DSIT). You can contact the DSIT Data Protection Officer at:

DSIT Data Protection Officer
Department for Science, Innovation and Technology
22-26 Whitehall
London
SW1A 2EG

Email: dataprotection@dsit.gov.uk

If you are unhappy with the way we have handled your personal data, please write to the department’s Data Protection Officer in the first instance using the contact details above.

9. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an UK independent regulator.  The Information Commissioner can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

https://ico.org.uk/make-a-complaint/

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Updates to this notice

If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. The ‘last updated’ date at the bottom of this page will also change.

If these changes affect how your personal data is processed, we will take reasonable steps to let you know.