GDPR Compliance Statement (For Adults)
The HAPPEN Network Wales is committed to protecting your privacy and complies with the principles of the relevant data protection regulations. This includes the EU General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018. We are committed to ensuring that your data is handled properly and any information we hold is stored securely and used in a lawful and ethical way.
This privacy policy explains:
- What data we collect;
- On what grounds we hold your personal data;
- How it would be used;
- How long we hold it, and;
- Where it would be stored.
This Privacy Statement relates to the collection, handling and storage of data we obtain from schools and parents who give data to HAPPEN Wales.
This Statement does not relate to the anonymised data utilised in HAPPEN projects and that held within the SAIL Databank. For more information on how SAIL accesses, stores and manages de-identified data for research visit https://saildatabank.com/saildata/data-privacy-security/
1.0 HAPPEN and our data contacts
HAPPEN is a research project based within Swansea University. HAPPEN is governed by all Swansea University policies and procedures. Swansea University is the Data Controller and is committed to protecting the rights of individuals. The data held by HAPPEN is processed under the legal basis of public task where we collect data from participants who have given their explicit consent to participate in the survey and parents/guardians have had been informed via a Parent Information Sheet and can withdraw their child.
What information does HAPPEN hold and how will it be used?
2.1 Schools:
The name and address of schools including the email address and contact number is processed under performance of contract in order for us to contact schools as members of the network.
In addition we may contact schools to inform them of network events. This information is processed under legitimate interest to enable internal communications on matters relating to HAPPEN.
2.2 Consent from children to participate in the survey:
The data collected in relation to consent to participate in the survey including data in relation to opt-out will be held under legitimate interests to ensure that HAPPEN uses data only from those children who have consented to participate in the survey.
The following personal information will be held:
- Name
- Address
These data are held in order to evidence that all children taking part in HAPPEN do so with their consent.
2.2 Parents who contact us:
The contact details of parents who contact us is processed under legitimate interest. In order to contact parents if they ask us to, the following personal information of parents will be held:
- Name of child
- Name of parent
- Contact details
2.2 Self reported data from children:
The data held include self reported health data such as diet, physical activity and well-being questions. The lawful basis under which we will process personal data for research is called ‘task in the public interest’ (Article 6 of the GDPR). In the cases of ‘special category data’, in addition to Article 6, the lawful basis is for ‘archiving purposes, scientific or historical research purposes or statistical purposes in the public interest’ (Article 9 of the GDPR).
Personal data is collected using MS forms which is subject to GDPR. The data is held in an pseudoanonymised form and anonymised data is not subject to GDPR.
3.0 Who receives your information and how long will it be held for
Data provided to HAPPEN is not passed on to any third party. Your data will be used solely to comply with our information governance requirements and for the purpose of evidencing a consent process for survey participation or contact as members of the network. The self reported health and well-being data is used to give reports to schools and local government. These reports only give anonymised and aggregated data and no individual is included in reports. The identifiable information given in the HAPPEN survey (name, postcode) are held for 12 months and then are deleted. If your child withdraws consent or membership before this date, all the data will be destroyed.
4.0 Our security and your data
We are committed to keeping your data secure. Any data you provide to us will be held only on secure servers owned and administered by Swansea University which are subject to suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.
4.1 Accessing and updating your data
You can change your mind at any time about how we contact you, how we process your data, or ask us to stop contacting you please get in touch with: happen-wales@Swansea.ac.uk
We will be proactive in keeping our records up to date and will aim to action all changes to communication preferences within 7 working days.
5.0 Consequences of not providing the data when based on statutory or contractual requirement
HAPPEN will not be able to engage with schools where the required data is not provided as members of the network.
6.0 Your data and your rights
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 strengthen and add to individuals’ rights and HAPPEN is committed to supporting these rights.
You have a right to access your personal information, to rectify, to erase, to restrict and to port your personal information. Please visit the for further information in relation to your rights.
Swansea University has a Data Protection Officer who can be contacted through dataprotection@swansea.ac.uk
Any requests or objections should be made in writing to the University Data Protection Officer:
University Compliance Officer (FOI/DP),
Vice Chancellor’s Office
Swansea University
Singleton Park
Swansea
SA2 8PP
Email: dataprotection@swansea.ac.uk
7.0 How to make a complaint
If you are unhappy with the way in which your personal information has been processed you may in the first instance contact the University Data Protection Officer using the contact details above.
If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: –
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
www.ico.org.uk
Additional information
If you would like to know more about our data processing, or have any queries regarding the content of this notice then please contact us on happen-wales@Swansea.ac.uk we will be happy to provide you with any further information that you require.
.
This notice was last updated on 12/10/2020