GDPR Compliance Statement

The HAPPEN Network Wales is committed to protecting your privacy and complies with the principles of the relevant data protection regulations. This includes the EU General Data Protection Regulations (GDPR) and the UK Data Protection Act. We are committed to ensuring that your data is handled properly and any information we hold is stored securely and used in a lawful and ethical way.

This privacy policy explains:

  • What data we collect;
  • On what grounds we hold your personal data;
  • How it would be used;
  • How long we hold it, and;
  • Where it would be stored.

This Privacy Statement relates to the collection, handling and storage of data we obtain from schools and parents who give data to HAPPEN Wales.

This Statement does not relate to the anonymised data utilised in HAPPEN projects and that held within the SAIL Databank. For more information on how SAIL accesses, stores and manages de-identified data for research visit https://saildatabank.com/saildata/data-privacy-security/

1.0 HAPPEN and our data contacts

HAPPEN is a research project based within Swansea University. HAPPEN is governed by all Swansea University policies and procedures.  Swansea University is the Data Controller and is committed to protecting the rights of individuals. The data held by HAPPEN is processed under the legal basis of public task where we collect data from participants who have given their permission and parents/guardians have had been informed and can withdraw their child.

2.0 What information does HAPPEN hold and how will it be used

2.1 Schools:

The name and address of schools including the email address and contact number is processed under performance of contract in order for us to contact schools as members of the network.

In addition, we may contact schools to inform them of network events. This information is processed under legitimate interest to enable internal communications on matters relating to HAPPEN.

2.2  Permission from children:

This data is processed as permission which can be withdrawn at any time.  The following personal information will be held:

  • Name
  • Address

These data are held in order to ensure and evidence base that all children taking part in HAPPEN do so with their permission.

2.2 Parents who contact us:

The contact details of parents who contact us is processed under legitimate interest. In order to contact parents if they ask us to,  the following personal information of parents will be held:

  • Name of child
  • Name of parent
  • Contact details

2.2  Self reported data from children:

The data held include self reported health data such as diet, physical activity and well-being questions. This data is collected under public task with specific, recorded permission from the child. It is collected using MS Forms which is subject to GDPR. The data is held in an anonymised form and anonymised data is not subject to GDPR.

To protect the welfare of children, open-ended responses are read to screen for any safeguarding concerns. Any concern responses relating to harm are reported back to the school. This data processing is done under Article 6(d) and Article 9(c).

3.0 Who receives your information and how long will it be held for

Data provided to HAPPEN is not passed on to any third party. Your data will be used solely to comply with our information governance requirements and for the purpose of evidencing a permission process or contact as members of the network. The self reported health and well-being data and is used to give reports to schools and local government. These reports only give anonymised and aggregated data and no individual is included in reports. If your child wants to withdraw or membership the data will be destroyed.

 4.0 Our security and your data

We are committed to keeping your data secure. Any data you provide to us will be held only on secure servers owned and administered by Swansea University which are subject to suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.

 4.1 Accessing and updating your data

You can change your mind at any time about how we contact you, how we process your data, or ask us to stop contacting you please get in touch with:  happen-wales@Swansea.ac.uk

We will be proactive in keeping our records up to date and will aim to action all changes to communication preferences within 7 working days.

5.0 Your data and your rights

The General Data Protection Regulation (GDPR) and new Data Protection Act strengthen and add to individuals’ rights and HAPPEN is committed to supporting these rights.

You have a right to access your personal information, to rectify, to erase, to restrict and to port your personal information. Please visit the Swansea University Data Protection webpages for further information in relation to your rights.

Swansea University has a Data Protection Officer who can be contacted through dataprotection@swansea.ac.uk

Any requests or objections should be made in writing to the University Data Protection Officer:

University Compliance Officer (FOI/DP), Vice Chancellor’s Office, Swansea University, Singleton Park, Swansea, SA2 8PP

Email: dataprotection@swansea.ac.uk

Additional information

If you would like to know more about our data processing, or have any queries regarding the content of this notice then please contact us on happen-wales@Swansea.ac.uk we will be happy to provide you with any further information that you require.