Research Services Privacy Policy

The University may hold data relating to you from a number of sources. The majority of data we hold on individuals or businesses is that which you provide to work/collaborate with us, attend an event or engage with us in any other way.

Our records may include:

• Contact details – for example your address, email address and telephone number (we update these whenever you tell us they have changed)
• Engagement details – for example the type of engagement you have had with us, your attendance at events, your personal contact with us, projects that you have undertaken with us, and your relationships with other University of Exeter colleagues, directorates, alumni or supporters
• Personal details – for example disability and dietary preferences for event management purposes, career history in applications
• Your preferences – to help us engage you in the ways most relevant to you. We may also augment data you provide with data which is publicly available

We are required to ensure that data we hold about you is as accurate as possible, therefore we may update your details based on reliable publicly available sources.

For example we may update your address, telephone number or business details. We use a wide variety of sources either directly or via internet search engines, some on a subscription basis, to augment, update and validate the data we hold.

These include:

• National Change of Address File
• 192 Business
• LinkedIn
• Twitter
• iWave
• Reliable News and Press reports
• Companies House and other business-related resources including company websites
• The Charity Commission and other websites relating to charitable trusts and foundations
• Lexis Diligence for due diligence purposes.

We will retain your data for the duration of your relationship with the University plus 6 years, unless it needs to be kept for a longer period for a legal purpose or until you ask us to do otherwise.

The University primarily uses your data to manage your projects with us and to communicate opportunities, products and services available through Research Services.

These can include:

• Making you aware of the products and services available
• Opportunities for collaboration
• Sending you e-newsletters
• Inviting you to events
• Asking you to support the University by giving your time, experience or financial support
• These activities may include an element of direct marketing
• Where relevant, the data may also be made available to other departments across the University
• Where applicable under research, data held for research reasons may be shared with other Universities and further information is detailed in the Research Privacy Notice
• We may use analysis to help us identify your likely support for particular projects.

All of these activities are undertaken to ensure that we are working in a collaborative manner and to allow us to ensure collaborative and partnership working in support of the University’s aims and objectives.

We are required to conduct due diligence checks before seeking or accepting applications to work with Associates/Consultants which includes reviewing publicly available data about an individual’s personal conduct including any criminal convictions.

Communications may be sent to you by post, telephone, email, text or other electronic means (for example through social media) depending on the communication preferences you have shared with us.

Data may be shared with internal teams at the University of Exeter for the opportunity of collaboration or promotion of benefits and services.

Data may also be disclosed to partner organisations such as our University networks, GW4 or SETsquared, to enable you to take advantage of invitation-only opportunities, events or activities available across the wider region.

The University does NOT sell data to third parties or allow third parties to sell on data where data is shared with them.

Your data is held securely on secured network drives and the University’s internal Customer Relationship Management (CRM) databases.

The secured network drives and databases are accessible to a limited number of University staff.

All staff who access the secured network drives and databases have completed the University’s data protection training.

The University ensures that appropriate data sharing agreements are in place prior to sharing your personal data with any partners.

The University may contact you by post unless you request otherwise, and by telephone, text, email or other electronic means as you have previously consented. If you no longer want to receive communications by post, telephone, text, email or other electronic means, please contact the Innovation, Impact and Business Team at 01392 723456 or business@exeter.ac.uk

When contacting us please provide your name, company name, address, email address and telephone number. Please also specify if you wish to unsubscribe from all communications or from specific communication types or channels. If you ask us to delete your data, we will remove your data from the appropriate Customer Relationship Management database.

The legal basis for processing your personal data for the purposes as described above is that it is necessary for the pursuit of a functions of a public nature, compliance of a legal obligation, contractual necessity or that consent has been provided by the data subject in order for them to access opportunities provided by the University, which aim to help you and your organisation to develop and thrive in accordance with the objectives of a global 100 University.

This Privacy Notice will be kept under review. Any changes will be updated on our website and communicated to you as appropriate. This Privacy Notice was last updated in April 2018.

You have the right to:

• Ask us to see, correct or delete the data we hold about you
• Object to specific data uses, as described above
• Object to receiving communications and direct marketing
• Ask for the transfer of your data electronically to a third party

The University’s Data Protection Officer is responsible for monitoring compliance with relevant legislation in relation to personal data and can be contacted at dataprotection@exeter.ac.uk, you can also contact the DPO if you have any queries or concerns about the University’s processing of your personal data. You have the right to lodge a complaint with the Information Commissioner’s Office.