Privacy policy

Privacy Policy for UKCEH and this website

The General Data Protection Regulation (GDPR) is a Europe-wide law that is part of the wider package of reform to data protection that includes the UK Data Protection Act (DPA) 2018. The GDPR and DPA 2018 set out requirements for how organisations will need to process personal data from 25 May 2018.

This website is operated by the UK Centre for Ecology & Hydrology (UKCEH). This privacy notice tells you what to expect when your personal information is collected. It will be revised as required and you are encouraged to revisit the privacy notice regularly to read the latest version. This version is dated 1st December 2019.

Please read the following carefully to understand our views and practices regarding your personal data and how we will process it. By visiting www.UKCEH.ac.uk and affiliated websites you are accepting and consenting to the practices described in this policy.

Who we are

1. The name and contact details of our organisation:

UK Centre for Ecology & Hydrology
Maclean Building, Benson Lane
Crowmarsh Gifford
Wallingford
Oxfordshire
OX10 8BB

T: +44 (0)1491 838800
F: +44 (0)1491 692424

We are a not-for-profit company limited by guarantee with charitable status. We serve as a strategic delivery partner for the Natural Environment Research Council, part of UK Research and Innovation.

2. THE NAME AND CONTACT DETAILS OF OUR DATA PROTECTION REPRESENTATIVE:

The UKCEH Data Protection Officer is Quentin Tucker.

Personal data

3. WHY AND HOW WE PROCESS PERSONAL DATA

This section of the privacy notice provides information on: the purpose of the data processing; the lawful basis for the processing; further information where the lawful basis is legitimate interests for the processing; the categories of personal data obtained (if the personal data is not obtained from the individual it relates to).

VISITORS TO OUR WEBSITE AND TO AFFILIATED AND HOSTED WEBSITES

The relevant section of our privacy notice will depend on the purpose of your visit to our website. 

THE LEGAL CONDITIONS WE RELY ON TO PROCESS PERSONAL INFORMATION

The law on data protection sets out the reasons we may collect and process your personal data. We rely on the following legal conditions to process your personal data:

4. THE DETAILS OF TRANSFERS OF PERSONAL DATA TO ANY THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

Unless otherwise indicated, your information is processed in the UK and European Economic Area (EEA).

In those instances where your information is being processed outside of the UK or EEA, we work with our partners to ensure your personal data is processed in line with the data protection requirements of GDPR and the DPA 2018. The UKCEH website is hosted by Pantheon in the USA and covered by the EU – US Privacy Shield. Some of our newsletters are hosted by Mailchimp, which is also certified by the EU-US Privacy Shield.

5. THE RETENTION PERIODS FOR PERSONAL DATA

Personal data retention is guided by the UKCEH retention schedule. Science Research project records may be kept for 10 and 20 years after the project is completed or in exceptional circumstances will be retained permanently.

6. THE RIGHTS AVAILABLE TO INDIVIDUALS IN RESPECT OF THE PROCESSING

The GDPR / DPA 2018 provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision-making and profiling

For further details on individual rights, please visit the ICO guide to GDPR.

The lawful basis for UKCEH processing personal data can affect which rights are available to individuals. For example some rights will not apply.

 

Table showing when individual rights don't apply under the General Data Protection Regulation

Table: the “X” entries indicate where individual rights do not apply

 

An individual always has the right to object to processing for the purposes of direct marketing, whatever lawful basis applies. The remaining rights are not always absolute, and there are other rights which may be affected in other ways. If UKCEH is relying on legitimate interests more detail will be provided in the privacy notice to comply with the right to be informed. Further details on how the lawful basis for processing your data affect the rights available to you are outlined below:

CONTRACT:

If we are processing your data on the basis of contract, your right to object and your right not to be subject to a decision based solely on automated processing will not apply. However, you will have a right to data portability.

LEGAL OBLIGATION:

If your data is being processed on the basis of legal obligation, you have no right to erasure, right to data portability, or right to object.

PUBLIC TASK:

Your rights to erasure and data portability do not apply if your data is processed on the basis of public task. However, you do have a right to object.

LEGITIMATE INTEREST:

Where UKCEH is relying on legitimate interests, the right to data portability does not apply.

7. THE RIGHT TO WITHDRAW CONSENT (IF APPLICABLE)

Where your personal data is processed using consent as the lawful basis, you have the right to withdraw consent at any time. You will be informed about the ways you can withdraw your consent.

8. THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Initially please raise your concern with UKCEH: please contact the team who process your data. Any continuing concerns you may have can be raised with the UKCEH Data Protection Officer: Quentin Tucker

If UKCEH has not resolved your information rights concern you can raise the matter with the Information Commissioner’s Office via live chat or by phoning 0303 123 1113.

9. PROVISION OF PRIVACY INFORMATION

There are a variety of ways in which UKCEH provides privacy information, including:

  • Providing individuals with privacy information at the time we collect their personal data from them.
  • If we obtain personal data from a source other than the individual it relates to, we provide them with privacy information:
  • within a reasonable of period of obtaining the personal data and no later than one month;
  • if we plan to communicate with the individual, we will do this at the latest when the first communication takes place;
  • if we plan to disclose the data to someone else, we will do this at the latest, when the data is disclosed.

10. HOW UKCEH PROVIDES PRIVACY INFORMATION

We aim to provide the information in a way that is:

  • Concise;
  • Transparent;
  • Intelligible;
  • Easily accessible; and
  • Uses clear and plain language.

11. CHANGES TO THE INFORMATION

  • We regularly review and, where necessary, update our privacy information.
  • If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.

12. REGISTER OF PROCESSING ACTIVITIES

  • UKCEH undertake an information audit to find out what personal data we hold and what we do with it.
  • UKCEH put ourselves in the position of the people we’re collecting information about.
  • UKCEH will carry out user testing to evaluate how effective our privacy information is.

13. DELIVERING PRIVACY INFORMATION

When providing our privacy information to individuals, we use a combination of appropriate techniques.

14. Affiliated and hosted websites

Where this privacy notice applies to hosted / affiliated websites, the site will provide a link to this privacy notice, along with any additional privacy information that is applicable.

15. Users of our website and affiliated websites

We use different methods to collect data from and about you on our UKCEH-hosted websites. Your information is used to deliver services you have requested and to contact you, including but not restricted to, software downloads, data licensing requests, publication orders, registration on training courses, subscription to our newsletter and general enquiries, as well as to improve the website experience for our users.

Automated technologies or interactions

When you use our websites (including but not restricted to, the UKCEH website and our affiliated websites) we may collect the following information about you:

  • the IP address used to connect your computer to the Internet
  • your time zone setting
  • your Internet provider
  • your name, address, email address, telephone number, organisation, where you have specifically provided this information on a web submission form.

We may also collect the following information about your visit:

  • the full Uniform Resource Locators etc.
  • the pages you viewed, including our products and software pages;
  • page response times;
  • length of visits to certain pages;
  • page interaction information (such as clicks, downloads, web form submissions)

We will use this information to provide the best possible service to our web users. It allows us to administer our site, including our efforts to keep it safe and secure, and to carry out internal operations including troubleshooting, data analysis, testing, and statistical research. This means we can improve our websites to ensure that content is presented in the most effective manner for you.

16. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our cookies policy.

17. Third party services

Some parts of UKCEH may use third party services including Twitter, Facebook, Microsoft O365, Outlook as a method to allow you to share content. UKCEH uses Mailchimp for distributing some of its newsletters. See more details of our third party usage.

18. Links

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy notices and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.