Privacy policy

For the land-owner and field-survey privacy policy (if registered with RPW in 2021 or 2022)
For the survey privacy policy if not registered with RPW in 2021 or 2022
The Newsletter privacy policy

Privacy policy 

The General Data Protection Regulation (GDPR) is a Europe-wide law that is part of the wider package of reform to data protection that includes the Data Protection Act (DPA) 2018. The GDPR and DPA 2018 set out requirements for how organisations will need to process personal data from 25 May 2018. 

The ERAMMP website is maintained and hosted by the UK Centre for Ecology & Hydrology (UKCEH). This privacy notice tells you what to expect when your personal information is collected. It will be revised as required and you are encouraged to revisit the privacy notice regularly to read the latest version. This version is dated 1st December 2019. 

Please read the following carefully to understand our views and practices regarding your personal data and how we will process it. By visiting www.ceh.ac.uk and affliated websites you are accepting and consenting to the practices described in this policy.

Who we are

The name and contact details of our organisation

UK Centre for Ecology & Hydrology 
Maclean Building, Benson Lane 
Crowmarsh Gifford 
Wallingford 
Oxfordshire 
OX10 8BB 

T: +44 (0)1491 838800 

F: +44 (0)1491 692424 

We are a not-for-profit company limited by guarantee with charitable status. We serve as a strategic delivery partner for the Natural Environment Research Council (NERC), part of UK Research and Innovation.

The name and contact details of our data protection representative: 

The UKCEH Data Protection Officer is Quentin Tucker. 

Personal data 

Why and how we process personal data 

This section of the privacy notice provides information on: the purpose of the data processing; the lawful basis for the processing; further information where the lawful basis is legitimate interests for the processing; the categories of personal data obtained (if the personal data is not obtained from the individual it relates to). 

Visitors to our website and to affiliated and hosted websites: The relevant section of our privacy notice will depend on the purpose of your visit to our website. 

The legal conditions we rely on to process personal information 

The law on data protection sets out the reasons we may collect and process your personal data. We rely on the following legal conditions to process your personal data: 

Contract: where it is necessary for the performance of an agreement, contract or licence to which you are a party or for processes related to entering into an agreement, contract or licence; 

Legitimate interests: in specific situations, we require your data to undertake our legitimate business interests of running our business as a membership organisation, and professional body, and which does not materially impact your rights, freedom or interests. 

Legal compliance: if the law requires us to, we may need to collect and process your data. 

Consent: in specific situations, we can collect and process your data with your permission. 

There are specific notices for: 

• Contributors to NERC / UKCEH science research in the public interest 
• Contributors to NERC / UKCEH science research: funded through competitively won income 
• Users of our Products, Services, Websites and General enquiries 
• Job applicants 

The details of transfers of personal data to any third countries or international organisations 

Unless otherwise indicated, your information is processed in the UK and European Economic Area (EEA). 

In those instances where your information is being processed outside of the UK or EEA, we work with our partners to ensure your personal data is processed in line with the data protection requirements of GDPR and the DPA 2018. The UKCEH website is hosted by Pantheon in the USA and covered by the EU - US Privacy Shield.

The retention periods for personal data 

Personal data retention is guided by the UKCEH retention schedule. Science Research project records may be kept for 10 and 20 years after the project is completed or in exceptional circumstances will be retained permanently. 

The rights available to individuals in respect of the processing 

The GDPR / DPA 2018 provides the following rights for individuals: 

1. The right to be informed 
2. The right of access 
3. The right to rectification 
4. The right to erasure 
5. The right to restrict processing 
6. The right to data portability 
7. The right to object 
8. Rights in relation to automated decision-making and profiling 

For further details on individual rights, please visit the ICO guide to GDPR.

The lawful basis for UKCEH processing personal data can affect which rights are available to individuals. For example some rights will not apply. 

An individual always has the right to object to processing for the purposes of direct marketing, whatever lawful basis applies. The remaining rights are not always absolute, and there are other rights which may be affected in other ways. If UKCEH is relying on legitimate interests more detail will be provided in the privacy notice to comply with the right to be informed. Further details on how the lawful basis for processing your data affect the rights available to you are outlined below: 

Contract

If we are processing your data on the basis of contract, your right to object and your right not to be subject to a decision based solely on automated processing will not apply. However, you will have a right to data portability. 

Legal obligation 

If your data is being processed on the basis of legal obligation, you have no right to erasure, right to data portability, or right to object. 

Public task 

Your rights to erasure and data portability do not apply if your data is processed on the basis of public task. However, you do have a right to object. 

Legitimate interest

Where UKCEH is relying on legitimate interests, the right to data portability does not apply. 

The right to withdraw consent (if applicable) 

Where your personal data is processed using consent as the lawful basis, you have the right to withdraw consent at any time. You will be informed about the ways you can withdraw your consent. 

The right to lodge a complaint with a supervisory authority 

Initially please raise your concern with UKCEH: please contact the team who process your data. Any continuing concerns you may have can be raised with the UKCEH Data Protection Officer: Quentin Tucker 

If UKCEH has not resolved your information rights concern you can raise the matter with the Information Commissioner’s Office via live chat or by phoning 0303 123 1113. 

Provision of privacy information 

There are a variety of ways in which UKCEH provides privacy information, including: 

Providing individuals with privacy information at the time we collect their personal data from them. 

If we obtain personal data from a source other than the individual it relates to, we provide them with privacy information: 

• within a reasonable of period of obtaining the personal data and no later than one month; 
• if we plan to communicate with the individual, we will do this at the latest when the first communication takes place; 
• if we plan to disclose the data to someone else, we will do this at the latest, when the data is disclosed. 

How UKCEH provides privacy information 

We aim to provide the information in a way that is: 

• Concise
• Transparent
• Intelligible
• Easily accessible
• Uses clear and plain language

Changes to the information 

We regularly review and, where necessary, update our privacy information. If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.

Register of processing activities 

UKCEH undertake an information audit to find out what personal data we hold and what we do with it. 

UKCEH put ourselves in the position of the people we’re collecting information about. 

UKCEH will carry out user testing to evaluate how effective our privacy information is.

Delivering privacy information 

When providing our privacy information to individuals, we use a combination of appropriate techniques.

Affiliated and hosted websites 

Where this privacy notice applies to hosted / affiliated websites, the site will provide a link to this privacy notice, along with any additional privacy information that is applicable.    

Users of our website and affiliated websites 

We use different methods to collect data from and about you on our UKCEH-hosted websites. Your information is used to deliver services you have requested and to contact you, including but not restricted to, software downloads, data licensing requests, publication orders, registration on training courses, subscription to our newsletter and general enquiries, as well as to improve the website experience for our users. 

Read more about using our Products, Services, Websites and General Enquiries

Automated technologies or interactions 

When you use our websites (including but not restricted to, the UKCEH website and our affiliated websites) we may collect the following information about you: 

• the IP address used to connect your computer to the Internet 
• your time zone setting 
• your Internet provider 
• your name, address, email address, telephone number, organisation, where you have specifically provided this information on a web submission form. 

We may also collect the following information about your visit: 

• the full Uniform Resource Locators etc. 
• the pages you viewed, including our products and software pages; 
• page response times; 
• length of visits to certain pages; 
• page interaction information (such as clicks, downloads, web form submissions) 

We will use this information to provide the best possible service to our web users. It allows us to administer our site, including our efforts to keep it safe and secure, and to carry out internal operations including troubleshooting, data analysis, testing, and statistical research. This means we can improve our websites to ensure that content is presented in the most effective manner for you. 

Cookies 

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our cookies policy. 

Third party services 

Some parts of UKCEH may use third party services including Twitter, Facebook, Microsoft O365, Outlook as a method to allow you to share content. UKCEH uses Mailchimp for distributing some of its newsletters. See more details of our third party usage. The ERAMMP project does not use MailChimp and has a separate newsletter privacy notice accessible here. 

Links 

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy notices and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.