Privacy Policy
Ethics@Bath Privacy Notice
Read the Ethics@Bath privacy notice to understand how the ethics review system holds and uses your personal data.
Ethics@Bath is the new online system for creating and
reviewing all research projects carried out at the University. The software is
developed by a company called Infonetica and is used by universities and other
types of institutions worldwide. The software has been customised to support
the specific needs of the University of Bath.
This Privacy Policy applies solely to the Ethics@Bath system
(the “System”).
The software and web services are provided by Infonetica Ltd
(“nfonetica”).
Reference to "we" are to Ethics@Bath and/or
Infonetica.
By accessing the System, the user consents to the
collection, use and transfer of the information that you provide in accordance
with terms of this Privacy Policy and the System's Terms and Conditions.
Ethics@Bath and Infonetica are committed to safeguarding the
privacy of our System visitors and this policy sets out the basis on which any
personal information we collect from you, or that you provide to us, will be
processed by us. Please read the following carefully to understand our views
and practices regarding your personal data and how we will treat it.
For the purposes of the Data Protection Act 2018 (the “Act”), the data controller is Mr David Jolly (Senior Legal Adviser), dataprotection-queries@lists.bath.ac.uk, the University of Bath, Department of Policy, Planning & Compliance, University of Bath, Claverton Down, Bath, BA2 7AY, United Kingdom.
What information is stored on Ethics@Bath?
To allow processing of ethics reviews, the following
categories of personal data are extracted from the University’s central
management systems, iTrent and SAMIS, and stored in Ethics@Bath:
- staff name, title, job title, e-mail address, department, unique ID;
- student name, title, e-mail address, category, course, year of study, department, unique ID;
In addition, we may collect and process the following data from you:
- Your operating system, browser, IP address (a number assigned to your computer to identify it on the network);
- The pages you browse;
- The referring page that led you to the current page;
- Your software and aspects of its configuration.
Additional data supplied by applicants when making ethics
applications for the purposes for ethics review will include:
- details about external collaborators which may include names and organisation names;
- for projects involving animal research, the following data may be collected: personal licence number for Personal licence holders; Project licence holder name, organisation, licence number;
Furthermore, if you contact us, we may keep a record of that
correspondence.
This information is available to the System’s administrators
and is used for audit purposes.
No sensitive personal data or special category data is stored on Ethics@Bath.
Why does the University store personal data on Ethics@Bath?
It is necessary to store and process personal data in Ethics@Bath to enable the ethics review process for the purposes of: (a) operation and management of the system; (b), to generate the data required for performance of the ethics review including making an application to an appropriate review body ; and (c) where the University has a legitimate interest in using the data for other institutional purposes, including (not an extensive list) the preparation of reports to demonstrate compliance with the Concordat to Support Research Integrity, Prevent Duty, carry out investigations into research misconduct, develop training and improve the system.
Who has access to the personal data on Ethics@Bath?
Applicants developing ethics forms for review can see the personal data (name, academic and job title, department, course and year of study, and email) of other staff and students to add them as co-investigators or supervisors on their forms. Name and email address can be looked up when sharing the form and seeking and carrying out reviews. This is a primary purpose of the system.
Access to information in system is controlled via system roles and on need-to-know basis. All information provided via the system on ethics application forms will only be available to those reviewers who are associated with the Committee responsible for reviewing the corresponding type of research. For projects which are appropriate for Departmental level review, only the people directly linked to the ethics review process (2nd reviewer, DREO, or the departmental review panel members) will be able to see your application. The Research Governance and Compliance team will have access to all information in the system so that they can support the ethics review process. System administrators will access the system to provide technical and user support.
No third-party organisations other than Infonetica have access to the personal data in Ethics@Bath.
Ethics@Bath contains links to other websites. Ethics@Bath and Infonetica are not responsible for the privacy policies or practices of third-party websites.
How does the University protect the personal data on Ethics@Bath?
The University is the Data Controller for Ethics@Bath and Infonetica is the Data Processor. Infonetica is a Private Limited Company registered in the United Kingdom.
Infonetica’s own Data Processor Privacy Policy can be found on their website.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. We will store all of your personal data on Infoentica’s secure servers.
Data transmission over the internet is inherently insecure, and although we will do our best to protect your personal data, neither Ethics@Bath nor Infonetica can guarantee the security of the data you transmit to the System and any transmission is at your own risk. Once we have received your information, we will use appropriate security procedures and features aimed at preventing unauthorised access, unlawful processing, accidental loss, destruction or damage.
Access to the system is controlled via University’s Single Sign On. You are responsible for keeping your password and user details confidential. We will not ask you for your password except when you login to the System or when you request us to provide you with technical assistance with the System.
How long is personal data stored on Ethics@Bath?
All data will be stored in line with the University of Bath’s Research Data Policy and the University’s Records Retention Schedule.
Amending these Terms and Conditions and/or the System's Privacy Policy
From time to time, Ethics@Bath may at its sole discretion amend this System's Privacy Policy. Your continued use of the System constitutes your acceptance of and agreement to any changed Terms and Conditions and/or System's Privacy Policy. Ethics@Bath will ensure that details of any such changes are posted on the System in a timely manner.
Contact details
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to: dataprotection-queries@lists.bath.ac.uk