Research Collaboration Advice Team (RCAT): privacy notice
Published 13 April 2022
© Crown copyright 2022
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/research-collaboration-advice-team-rcat-privacy-notice/research-collaboration-advice-team-rcat-privacy-notice
The Department for Science, Innovation and Technology (DSIT) is committed to protecting the privacy and security of your personal data. This notice describes how we collect and use your personal data in accordance with data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA) 2018.
DSIT is the data controller. This means that we are responsible for deciding how we hold and use your personal data. We are required under data protection legislation to notify you of the information contained in this privacy notice.
This notice explains your rights, and the reasons we are using your information.
About the Research Collaboration Advice Team (RCAT)
The RCAT offers researchers advice on how to protect their work from hostile activity, ensuring international collaboration is done safely and securely. We promote government advice on security-related topics, such as export controls, cyber security and protection of intellectual property. We work with the higher education institutions and across government to better understand risks faced by the research sector.
Your data
We will process the following personal data:
- names, professional details and contact details of our points of contact within higher education and research institutions
- names, professional details and contact details of staff and researchers within higher education, research institutions and their current and potential research collaboration partners
Purpose
The purpose for which we are processing your personal data is to provide higher education research institutions with advice and support on trusted research advice and research collaboration security, and to better understand national security risks in research.
Legal basis of processing
The legal basis for processing your personal data is:
- public task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case it is for DSIT to exercise the function to provide higher education research institutions with advice and support on trusted research advice and research collaboration security, and better understand national security risks in research.
Recipients
We will share your personal data with third parties where:
- required or allowed by law
- it is in the public interest to do so, including in relation to national security considerations
- you authorise us to do so
- it is necessary for the performance of our functions as a government department, including in relation to sharing information with other UK government departments and agencies
We will also share your personal data with the police and other law enforcement agencies where it is necessary to do so for the prevention, investigation, detection or prosecution of criminal offences, and other regulatory authorities when it is necessary for the purposes of their regulatory functions.
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors Microsoft and Amazon Web Services.
Data security
We have put in place measures to protect the security of your information.
We have agreements in place with any data processors, independent or joint data controllers.
We treat the security of your data very seriously. We have strict security standards, and all our staff and other people who process personal data on our behalf get regular training about how to keep information safe.
Where possible the personal data is minimised, aggregated, or anonymised.
We have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect about you.
In addition, we limit access to your personal information to those persons who have a business or legal need.
We have put in place procedures to deal with any suspected data security breach and will notify you and the regulator of a suspected breach where we are legally required to do so.
All organisations we work with are required to agree to move, process and destroy data securely, that is, in line with the principles set out in the HM Government Security policy framework, issued by the Cabinet Office, when handling, transferring, storing, accessing or destroying information.
Retention
Personal data is retained in accordance with the DSIT retention and disposal policy. We aim to retain your personal information for only as long as it is necessary for us to do so for the purposes for which we are using it and in line with our retention and disposal policy.
In some circumstances we will anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you. Your personal data will be kept by us for up to 10 years.
Your rights
You have the right to:
- request information about how your personal data are processed, and to request a copy of that personal data
- request that any inaccuracies in your personal data are rectified without delay
- request that any incomplete personal data are completed, including by means of a supplementary statement
- request that your personal data are erased if there is no longer a justification for them to be processed
- in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
- object to the processing of your personal data where it is processed for direct marketing purposes
- object to the processing of your personal data
International transfers
Your personal data will be processed in the UK.
Your personal data will not be processed in the European Economic Area (EEA), or by an international organisation.
As your personal data is stored on our IT infrastructure and shared with our data processors Microsoft and Amazon Web Services, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision, the use of Standard Contractual Clauses or a UK International Data Transfer Agreement.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent UK regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office
Email icocasework@ico.org.uk
Contact form https://ico.org.uk/glo...
Telephone 0303 123 1113
Textphone 01625 545 860
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Contact details
The data controller for your personal data is the Department for Science, Innovation and Technology (DSIT). You can contact the DSIT Data Protection Officer at:
DSIT Data Protection Officer
Department for Science, Innovation and Technology
22-26 Whitehall
London
SW1A 2EG
Updates to this notice
If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. The ‘last updated’ date at the bottom of this page will also change.
If these changes affect how your personal data is processed, we will take reasonable steps to let you know
Last updated: August 2023