Data Protection General Statement

Insight Centre for Data Analytics hereinafter referred as “Insight”.  “Insight four Co-Host Universities” and or reference to “four Co-Host Universities” refers to University of Galway, University College Cork (UCC), Dublin City University (DCU) and University College Dublin(UCD).

This statement relates to Insight privacy practices in connection with Insight websites. Insight or its four Co-Host Universities are not responsible for the content or privacy practices of other websites. External links to other websites are not always clearly identifiable as such. Within the Insight domain you can sometimes find website links which take you to different websites, over which Insight or its four Co-Host Universities has no editorial responsibility or control. While Insight and its four Co-Host Universities encourages compliance with this web privacy statement at such sites.  Please consult the privacy statements of individual sites or contact the persons responsible for those sites, in order to understand the policies and practices under which they operate.

Communications

Emails sent to Insight are recorded.  The sender’s email remains visible to all staff tasked with dealing with its contents.  Insight uses Google G Suite a set of cloud based productivity and collaboration tools.  Insight uses Google G Suite for a range of business services as well as for email.  G Suite is administered by four admin super users with one based at each of the four Co-Host Universities.

 

All post received by Insight is forwarded to the relevant staff tasked with dealing with the post contents.  In some cases, post contents may be scanned this may be for example for record purposes or for dealing with the task or responding to a communication.  Where hard copy versions are no longer required they are securely destroyed when they are no longer necessary.  A master copy of all communications is retained in accordance with prescribed record keeping retention periods, for example legal documents or financial records are kept longer than other records.

 

Where you have a meeting with Insight staff personnel or researchers manual or electronic minutes are recorded.

 

Insight receives personal data through its social media channels and or online interactions through for example LinkedIn, Twitter or Facebook as well as event management and ticketing websites e.g. Eventbrite.  Insight operates social media and event management/ticketing on these platforms in support of its functions and to promote Insight activities.  Your messages or posts are logged and stored on the social media platforms and or event management/ticketing websites when you interact with them.

Where Insight uses online collaboration and video conferencing platforms for the purposes of collaborations and for meetings.  Manual or electronic minutes are recorded by Insight.

 

To manage your settings please see the following websites:

linkedin.com

twitter.com

facebook.com

eventbrite.com

We may contact you because you have an ongoing or recent relationship with Insight. This can be through an invitation to Insight hosted events or where we provide you with information relating to our activities.   We may also contact you where your details have been provided to Insight Business Development by you directly or indirectly by a co-worker of yours (where you have been identified by them as a suitable contact for your company) or where you have provided your details to Insight or to one of our four Co-host Universities or to one of our researchers or staff for the purposes of identifying potential business opportunities, synergies, research or working with us.   Where you receive communications from us directly or through our CRM system you will have an opportunity to opt-out or unsubscribe from further communications.  You can of course exercise your right to opt-out at any time by contacting us at the addresses identified below.

Where we contact you for marketing purposes the following conditions will be met:

  1. The product or service being marketed is an Insight product or service;
  2. The product or service that Insight is marketing is if a kind similar to that which Insight sold to you at the time Insight obtained your contact details;
  3. At the time Insight collected your details, Insight gave you the opportunity to object, in an easy manner and without charge, to their use for marketing purposes;
  4. Each time Insight sends a marketing message, Insight gives you the right to object, in an easy manner and without charge, to their use for marketing purposes;
  5. The sale of the product or service occurred not more than twelve months prior to the sending of the electronic marketing communication or, where applicable, the contact details were not used for the sending of an electronic marketing communication in that twelve-month period.

 

Please Note: where you fail to unsubscribe using free means provided to you by Insight, then you may be deemed to have remained “opted-in” to the receipt of such electronic mail for a twelve-month period from the date of issue to you of the most recent marketing electronic mail.

 

Research Publications and Outputs

Research by definition publishes its outcomes. Where a research publication contains personal data, all the personal data is anonymised and aggregated.

 

Data is Published by the researchers where the research was carried out.  Publications are stored in the University Library where the research was carried out. Typically, the data is anonymised or deleted and this is assigned a future date in the data retention schedule to be completed.  Also detailed in the data retention schedule are the person(s) responsible for anonymising or deleting the data.   This is carried out in accordance with the University policies and procedures and is subsequently validated by the Principle Investigator for the research project to ensure it is done.

 

Where personal data is kept, it is kept at the University where the research was carried out.  There may be instances where research is conducted at more than one University.  In such cases the data resides at the University of the Principle Investigator for the research.  This will be clearly stated with all documentation provided to you at the time of collection.

 

Where data it is kept in raw form, we will only publish the pseudonymised data in aggregated form.  The research publication will not contain identifiable information about you.  We keep the raw data typically for validation of the research results.  These are kept for a period of time to facilitate validation and this is worked out on a case by case basis depending on the research.  Thereafter the personal data including the source data is deleted or anonymised.

 

There are instances where your personal data is shared as part of the research Insight carries out.  Should these processing instances occur they are governed by the legal contracts and agreements associated with the research project(s) you have contributed to.  In these instances, your consent or other appropriate legal basis is used to process the data.

 

OPEN & FAIR Data

There is a move in Europe to make research outputs “Open Science” available to all if publicly funded.  Publications may be published in accordance with Open science principles or in accordance with FAIR data principles.  Where a project publishes its outputs under FAIR or Open science it is anonymised and aggregated, or the data is pseudonymised because the raw data is stored for the retention period.  When the retention period is ended the data is anonymised and no longer re-identifiable i.e. the raw data is anonymised or deleted.

 

For more information on Open Science or FAIR principles see the following websites:

http://ec.europa.eu/programmes/horizon2020/en/h2020-section/open-science-open-access

FAIR Principles

Research Projects

Insight collects a range of personal data across many active research projects.  We collect data from many sources.

The Types of data points (pieces of data) vary immensely depending upon the project and what its purpose is.  Data collected ranges from data you provide this may be typical provided data such as contact details.  However, it could also include any biological samples you provide to us for research purposes.  Personal data can be provided for example via a wearable device.  But we also use other methods to obtain personal data these may include observed, inferred or derived data which when put together with other pieces of data whether personal or not renders it personal data.  This is the case because we can in some instances be able to make very accurate predictions around behaviours and find patterns in behaviours to help us to make such predictions and these predictions may be made about your personal data.  We may also use automated processing to make decisions about you.  Where we do this we typically have a “human in the loop” so that any decisions are made after a human has checked for anomalies.

 

Some research projects use large data sets typically these are taken from datasets made publicly available and freely available on the internet.  These may also be provided to us by our research partners or industry partners.  Where datasets which include personal data have been provided to us by research or industry partners, there is an appropriate legal mechanism in place to govern the data transfer and to oblige the controller or processor to comply with GDPR.

 

Insight has a vast range of research projects across multiple domains, many of which collect or process personal data, health data, special category personal data or sensitive data.  This privacy policy does not list each and every project and every piece of personal data collected across the full range of research projects.  If you have any questions around a project that you are a participant in, please contact the relevant DPO as listed below.

 

Research Projects which collect personal data

Please consult the consent forms and associated documentation as provided to you when you participated in the project for a more accurate understanding of the exact types of personal data we collect about you.  If you have misplaced this information and documentation, please contact us and we will happily provide you with a copy.

 

You may of course withdraw consent at any time.  For information on data subject rights please see the Data Protection Commission website:

http://gdprandyou.ie/wp-content/uploads/2018/03/Rights-of-Individuals-under-the-General-Data-Protection-Regulation.pdf

 

You must be aware that your rights are not absolute in all cases. For information on limiting data subject rights please see the Data Protection Commission website:

https://www.dataprotection.ie/docs/EN/19-06-2018-Limiting-Data-Subject-Rights-and-the-Application-of-Article-23-of-the-GDPR/m/1746.htm

 

Financial Data

We will collect and process your personal data where it relates to any information you have volunteered and or provided to us for the purposes of issuing or discharging financial accounts, where you choose to provide this information to us (for example via email or a feedback form on our website).

 

Biological Data

We will collect and process your personal data where it relates to any information you have volunteered and or provided to us for the purposes of biological samples.

 

Re-Use of Data

It is becoming far more frequent for a research contract to stipulate that the research data cannot be re-used.  However, in any cases where we intend on re-using data from a research project and where contractually we are free to do so, we will only do so where we have prior informed you.  Typically, when you are receiving the consent forms and associate documentation.  In instances where at the outset of the research project it was not foreseen that re-use might be possible.  We will contact you to seek your consent before we re-use any of your personal data.  In all cases where you consent to re-use of your data the data is never presented in publications or research outputs or to any third parties in identifiable form.  In all cases such re-used data is anonymised and aggregated before re-use.

 

Images

We publish photographs of Insight activities.  Where we capture images of adults we ask for your consent and provide you with the purpose we will use the image for.  This is typically for promotion of our activities and in presentations etc.

 

When we are capturing an image of children we will seek parental consent before the image is taken.

 

Generally, opt-out is facilitated by the decidedly low tech solution of persons physically standing out of the field of focus of the image capture.  However, if you decide to opt-out afterwards, we can facilitate this by blurring out or obscuring your image. You can of course opt-out at any time by indicating this at the time of capture to an Insight researcher, or by contacting the relevant DPO as listed below.

 

It is important to understand we do not ever re-use images taken for publicity or as part of Insight activities as data for use in research projects.

 

Research Staff, Operations Staff & Alumni

Personal data relating to research staff, and operations staff and alumni of the Insight centre for data analytics is published on the Insight website.

 

Personal Data and Your Rights

You have a number of rights under personal data protection legislation.

 

Your rights are as follows:
  • Right to have your details used in line with Data Protection Regulations.
  • Right to information about your personal details.
  • Right to access your personal details.
  • Right to know if your personal details are being held.
  • Right to change or remove your details.
  • Right to prevent use of your personal details.
  • Right to remove your details from a direct marketing list.
  • Right to object.
  • Right to freedom from automated decision making.
  • Right to refuse direct marketing calls or mail.

You may also raise a complaint, concern or query with the Data Protection Commissioner.  For more on raising a complaint, concern or query with the Data Protection commissioner please see:  https://www.dataprotection.ie/docs/Making-a-Complaint-to-the-Data-Protection-Commissioner/r/1716.htm

For more information on Data Subjects Rights see the Data Protection Commission website: https://www.dataprotection.ie/docs/A-guide-to-your-rights-Plain-English-Version/r/858.htm

gdprandyou.ie also has information on data subject rights please see: http://gdprandyou.ie/wp-content/uploads/2018/03/Rights-of-Individuals-under-the-General-Data-Protection-Regulation.pdf

 

There are circumstances where you may not be able to exercise all your rights this depends upon the nature of the processing and the legal basis relied upon.  For information on limiting data subject rights please see the Data Protection Commission website: https://www.dataprotection.ie/docs/EN/19-06-2018-Limiting-Data-Subject-Rights-and-the-Application-of-Article-23-of-the-GDPR/m/1746.htm

We would appreciate it if you have a query or concern that you raise it with us first.  For further information, please refer to the guides below as provided by the Insight four Co-Host Universities.

 

University of Galway

https://www.universityofgalway.ie/data-protection/  |https://www.universityofgalway.ie/itsecurity/gdpr/

Privacy Statement: https://www.universityofgalway.ie/footer-links/privacy.html 
Data Protection Policy: https://www.universityofgalway.ie/data-protection/staffandstudentresources/policiesandprocedures/
Data Access Request: https://www.universityofgalway.ie/data-protection/staffandstudentresources/policiesandprocedures/

 

UCC

https://www.ucc.ie/en/ocla/comp/data/   |   https://www.ucc.ie/en/gdpr/

Privacy Statement:  https://www.ucc.ie/en/it-policies/policies/privacy/

Data Protection Policy:  https://www.ucc.ie/en/ocla/comp/data/dataprotection/

Data Subject Rights Procedure: https://www.ucc.ie/en/media/support/ocla/compliance/gdpr/DataSubjectRightsProcedure-5Oct2018.pdf

Data Access Request Form:   https://www.ucc.ie/en/media/support/ocla/compliance/gdpr/DataAccessRequestForm-5Oct2018.pdf

 

DCU

https://www.dcu.ie/ocoo/data-protection.shtml#overlay-context=ocoo/committee-structures.shtml

Privacy Statement:  https://www.dcu.ie/info/regulations/privacy.shtml

Data Protection Policy:  https://www.dcu.ie/sites/default/files/info/25_-_data_privacy_policy_v3.1.pdf

Data Access Request:  https://www.dcu.ie/sites/default/files/ocoo/c3.2_-_sar_-_application_form_-_v2.0.pdf  https://www.dcu.ie/sites/default/files/ocoo/c3.1_-_guide_to_sar_-_public_-_v2.0.pdf

 

UCD

http://www.ucd.ie/dataprotection/index.html   |  http://www.ucd.ie/gdpr/

Privacy Statement:  http://www.ucd.ie/privacy/

Data Protection Policy:  http://www.ucd.ie/dataprotection/policy.htm

Data Access Request:  http://www.ucd.ie/dataprotection/request.htm

 

Contact Us

For further information on personal data matters, please contact the Insight Four Co-Host Universities Data Protection Officers, details provided below:

 

University of Galway

Peter Feeney

The Data Protection Officer,

University of Galway, Room A129,

The Quadrangle,

University of Galway,

University Road,

Galway

Email: dataprotection@nuigalway.ie

Tel: (091) 492150

 

UCC

Catriona O’Sullivan

Information Compliance Manager

University College Cork

4 Carrigside

College Road

Cork

Tel: +353 (0)21 4903949

Email: foi@ucc.ie

 

UCD

Data Protection Officer

Roebuck Castle

University College Dublin

Belfield

Dublin 4

Tel: 01 7168786

Email: dataprotection@ucd.ie

 

DCU

Martin Ward

Data Protection Officer

Data Protection Unit

Office of the Chief Operations Officer

Room A201A Albert College

DCU Glasnevin Campus

Collins Avenue Extension

Dublin 9

D09 V209

Tel: 7005118 / 7008257

Email: data.protection@dcu.ie

 

This statement explains the Data Protection Notice that Insight and its four Co-Host Universities have adopted for its website(s). However, in legal terms it shall not be construed as a contractual undertaking. Insight and its four Co-Host Universities reserves the right to review and amend this Data Protection Notice at any time without notification.

 

Last Updated: 05 June 2020

Version 1.0_2020