Privacy Policy

Introduction

This Privacy Notice has been developed for DATA SCIENCE applicants and stakeholders as a guide to (1) understanding how the project, through its management processes and procedures, collects, manages and shares the personal data obtained in the course of the programme and the related activities and (2) to ensure DATA SCIENCE applicants feel confident about the privacy and security of Personal Data and to meet DATA SCIENCE’s obligation under the Data Protection Acts 1988 to 2018 and the General Data Protection Regulation (GDPR; the “Legislation”, which came into effect on 25^th May 2018). Those obligations, set out below, apply to DATA SCIENCE fellowship applicants and all those involved in the remote peer review and interview phases of the programme. Under the Legislation, Personal Data is information that identifies you as an individual or is capable of doing so (“Personal Data”). This Notice extends to all Personal Data whether stored in electronic or paper format.

Note: This is a summary and may be used as a reference source only. Further information on GDPR and the associated regulations and rights related to personal information can be found on the Data Protection Commission website: https://www.dataprotection.ie/

Data Protection Principles

The processing of Personal Data (including DATA SCIENCE centre) must comply with six core principles of good practice. These provide that Personal Data must be

Obtained and processed fairly, lawfully and in a transparent manner;
Collected only for one or more specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
Kept only to the extent that same is adequate, relevant and limited for what is necessary in relation to the purposes for which they are processed;
Kept accurate and up-to-date;
Retained no longer than is necessary for the purpose for which the data is processed; and
Processed in a manner that is safe and secure

DATA SCIENCE is committed to these responsibilities and will ensure compliance with the above principles.

How your data will be protected and managed in the CRT programme

Personal data may be defined as any information which relates to a living individual who is identifiable either from the data itself or from the data in conjunction with other information held by the DATA SCIENCE programme or its partners, including the EU Commission.

Such data (dependent on the content/context) may include one or more factors related to a person’s physical, mental, economic, cultural or social identity. Data is information that can be processed either electronically or in paper formats. In accordance with new EU GDPR regulations, the DATA SCIENCE programme will comply with guidelines and obligations set forth under these new rules. The GDPR enables greater control over one’s personal information, including a right to object to processing this information in the course of research programme-related activities.

DATA SCIENCE shall employ reasonable and appropriate administrative, technical, personnel, procedural and physical measures to safeguard staff information against loss, theft and unauthorised access, uses or modifications. All personal information stored is either password protected or is locked away in cabinets. Only a limited number of authorised personnel have access to this information.

The following principles apply:

Confidentiality – only people who are authorised to use the data can access it
Integrity – that the Personal Data is accurate and suitable for the purpose for which it is processed
Availability – that authorised users should be able to access the data if they need it for authorised purposes

Information collected

In carrying out the work and obligations of the DATA SCIENCE research programme, the following types of information may be required to handle include:

Awards received & professional membership information
Contract of employment and commencement details
Data relating to publications, invitations and other University’s communications
Dependant data
Driving licences
Email addresses & domestic living addresses
Financial information (including but not limited to purchases orders, invoices, financial spreadsheets, expenditure reports, salary/stipend details)
Gender
Health and Safety issues
Hosting or secondment agreements
Identification data – name, address, phone number, date of birth, gender and relevant national identification number
Images
Interview and selection notes
Names
Nationality
Newsletter contributions and social media interactions for publicity purposes to general audiences
Passports
Phone numbers
Prior work experiences and qualifications (such that might be normally associated with a CV)
Project meeting attendance record and registration (using Eventbrite or similar platform)
Proposal submission information such as CVs, funding history, academic and non-academic collaborations, education and employment history, industry-placement reviews, project reviews and research proposals, both successful and unsuccessful
References
Research group affiliations
Research related outputs and information provided on the EU commission portal or SESAME (SFI) portal in the case of DATA SCIENCE reporting
Various ongoing records that are generated in the course of the DATA SCIENCE programme (such as data relating to leave, training, performance reviews etc.)
Visa and work permit details

How the information is used & the legal basis

As part of DATA SCIENCE, we may use and share your data where:

Explicitly give consent to do so by email or verbal means. You may withdraw this consent at any time
The use of personal data is:
.. necessary for the DATA SCIENCE Program Manager or Coordinator to carry the contractual obligations set forth in the EU Commission Terms and Conditions or those set forth in the DATA SCIENCE Grant Agreement, and/or employment contracts
.. necessary to comply with a legal obligation, including government, regulatory or law enforcement bodies. This includes information requested in relation to police clearance to facilitate education and pubic engagement activities

Parties with access to personal data

In the course of the DATA SCIENCE research programme, data may be shared in the following manner with:

Applicant’s authorized representatives, including supervisors and project leaders
Industry partners for the purpose of identifying suitable training and research opportunities and for logistical purposes of conducting project meetings
Institutional Representatives of HR, Finance, Research Office, Technology Transfer, and DATA SCIENCE Operations team members for the purpose of reporting and validating information received from applicants or third parties regarding the research programme and/or related activities
Funding bodies such as Science Foundation Ireland, the European Commission and other international bodies or individuals by whom funding proposals are reviewed or evaluated

How long Personal Data is retained

In accordance with the European Commission’s terms and conditions (Article 18.1, Award: 847577), DATA SCIENCE will hold all technical and administrative data for the duration of a given funding award plus 4 years.

Implications of not providing data or consenting to its collection

If you do not provide authorization to collect or share your personal data when engaging with DATA SCIENCE processes and procedures, the applicant may not be able to:

be informed of DATA SCIENCE activities, meetings, funding opportunities, networking events, training sessions, internships or job opportunities within the DATA SCIENCE community
have their proposal assessed for the purposes of obtaining a DATA SCIENCE fellowship
include contributions to the research programme in reports to third parties, including SFI and the EU commission

Applicant rights, including the right to object to data usage

From 25^th May 2018, several enhanced rights came into effect:

To find out if information is used and request a copy of information
Your right to request access to Personal Data held and to have any incorrect Personal Data rectified
To object to particular use of your information for DATA SCIENCE programme legitimate purposes
To withdraw consent at any time where processing is based on consent
Your right to the restriction of processing concerning you or to object to processing
Your right to have Personal Data erased (where appropriate)

Vindication of your rights shall not affect any rights which we may have under the Legislation. If you want to exercise any right, you can do so by making your specific request in writing to the University of Limerick’s Data Protection Officer, Office of the Corporate Secretary, University of Limerick, Limerick. Your request will be processed within 30 days of receipt. If the information held about you is inaccurate, you are requested to advise the University promptly so that the necessary amendments can be made and same can be confirmed as being made within 30 days of receipt of your request. Staff also have the right to lodge a complaint with the Office of the Data Protection Commissioner.

Sharing information for processing outside of the European Economic Area (EEA)

In some cases, the data collected as part of the DATA SCIENCE programme may be transferred to industry, academic and other stakeholders located outside of the EEA, including to a jurisdiction where the level of protection afforded to personal data is not as high as that in the European Union. In such cases, the data transferred or processed may include official email addresses, social media details, researcher profile/history, CVs and other related proposal submission documents. In the event that DATA SCIENCE would be required to transfer data outside the EEA, before doing so, steps would be taken to ensure that there is adequate protection as required by the Legislation.

[wordpress_gdpr_privacy_policy_accept]