- Data controller and contact details
For data collected under this privacy notice, the University of Edinburgh (the “University”) is the Data Controller (as that term is defined in the EU General Data Protection Regulation (Regulation (EU) 2016/679 (the “GDPR”)), registered with the Information Commissioner’s Office, Registration Number Z6426984.
- How we use your data
The information you provide will be used the University to contact you via email about the EPAD Platform. For more information on the accountability and responsibilities of the University, its staff and its students to comply fully with the provisions of the GDPR and the Data Protection Act 2018 (“the DPA”), please refer to https://www.ed.ac.uk/records-management/policy/data-protection, which will apply to the University’s use of your data.
- Legal Basis
We are using information about you as set out in this privacy notice because you have given us your consent to do so. You have the right to withdraw this consent at any time by sending an email to firstname.lastname@example.org
- Data Sharing
Information about you will be shared with the University of Edinburgh EPAD team and the SYNAPSE team who manage the EPAD website only. In addition to the primary purposes, we are also legally obliged to share certain data with other public bodies such as HMRC and will do so where the law requires this; we will also generally comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and proportionate. Your data will be hosted on the EPAD website, maintained by CMAST BVBA. Further details regarding this are available on the website at ep-ad.org/legal-documents/privacy-policy.
We will hold the personal data you provided us for the duration of the EPAD study, unless you withdraw your consent (please see section 3 above for details on how to do this).
- Transfers outside the European Economic Area
The University will only transfer your personal data to countries outside the EEA when satisfied that both the party which handles the data and the country it is processing it in provide adequate safeguards for personal privacy. Details of such transfers and safeguards are on our website at https://www.ed.ac.uk/records-management/policy/data-protection.
- Your rights
You have the right to request access to, copies of and rectification or (in some cases) erasure of personal data held by the University and can request that we restrict processing or object to processing as well as (in some cases) the right to data portability (i.e. the right to ask us to put your data into a format that it can be transferred easily to a different organisation). If you wish to make use of any of these rights, please email the University’s data protection officer at email@example.com.
- Complaints and contact details
If you are unhappy with the way we have processed your personal data you have the right to complain to the Information Commissioner’s Office (ICO), but we ask that you raise the issue with our Data Protection Officer first. If you have further questions please contact the University’s Data Protection Officer, who can be contacted at:
Governance and Strategic Planning
University of Edinburgh