The Dartington Service Design Lab is an independent research charity dedicated to improving the lives of children and young people. We do this by bringing together those using and delivering services with good quality data and evidence to improve public services and systems for young people. As part of our work we sometimes collect and process personal data for research purposes.
We take the rights and privacy of the people who participate in our research very seriously. This document sets out how we respect and protect your rights at every stage of the research process.
What is personal data?
‘Personal data’ refers to any information relating to a person who can be directly or indirectly identified by the data. Wherever possible we make the data we hold about individuals anonymous, so they can no longer be identified. In some cases, however, we need to be able to identify individuals. This may be to link information together, or to make follow-up contacts if required.
Why do we use personal data?
As a charity with over fifty years’ experience conducting high-quality research, we hold ourselves to high ethical and legal standards. We only hold and process your personal information when it is necessary to achieve our charitable aims: to improve public services and systems for children and young people. We believe that good quality data is essential for designing services and systems that work for children and young people.
We are required to have a lawful basis to collect and use your personal information. There are normally only two reasons why we will use your personal data.
- Consent. You have given us your active consent to do so.
- Legitimate interests. We have carefully considered the benefits of our research in relation to your individual rights.
This is why we refer all of our research proposals to independent research ethics board for their scrutiny. The ethics board makes sure your personal data that we use for research isn’t used in a way that causes you substantial harm or distress.
We will always tell you which legal basis we are using when we collect and process any personal data about you. You should be given some written information before you take part in our research that clearly states the legal basis we are using.
We may, however, keep your personal data indefinitely and we might use your data again for other research. If we do, we will make sure the published results of the research do not identify you.
You can find more detailed information about our lawful grounds in our General Privacy Statement.
What personal information do we use?
We will always tell you what personal data we hold about you. The exact nature of the personal data we use depends on the specific purposes of our research projects. We may collect, store and process personal information such as your name and contact details, including email address, postal address and telephone number.
The EU General Data Protection Regulation (GDPR) recognises certain categories of personal information as sensitive, and therefore requiring more protection. These kinds of ‘special category data’ are often important and necessary for our research and may include:
- Physiological data such as heart rate.
When do we collect personal data about you?
We’ll always tell you when we collect personal data about you. We may hold information relating to you from a number of sources, and will collect personal information about you:
- When you give it to us directly
For example, personal information that you share with us when participating in research questionnaires and interviews.
- When we obtain it indirectly
Your personal information may be shared with us by our partners, or we may access personal information by linking some of your personal information we hold with other collections of data.
- When it is publicly available
Your personal data may be available to us from external, publicly available sources.
Do we share your personal information?
We will not sell, rent or lease your personal information to others.
However, we often work in collaboration with other organisations during our research. Before we share any information we sign a legal document called a Data Sharing Agreement (DSA) with our partners. This ensures our partners keep the same high standards as our own.
We may disclose your personal information to selected third parties such as our partners, sub-grantees or sub-contractors. The third party in question will have to use any personal data they receive according to our instructions outlined in the DSA.
We’ll always tell you when we share your personal information with others.
We take technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We store all the personal information you provide on secure servers. When we do share your personal information, we require the same high standards of our partners. Our staff, associates or contractors who may use your personal data for research are trained and must follow a code of conduct set out in the DSA.
We’ll always tell you what personal information we’re collecting and why. In most cases, we will use consent or legitimate interests as our legal basis for processing your personal data for research. In both cases, you have several rights in relation to the personal data that we hold about you. You can find details of your rights in our General Privacy Statement or from the Information Commissioner’s Office.
If you have any concerns about your personal data that we hold, please contact our Data Protection Officer at firstname.lastname@example.org or at the address below. We will respond within 30 days.
Data Protection Officer
Dartington Service Design Lab
Higher Mills, Buckfast Abbey
General Privacy Statement: https://dartington.org.uk/General-Privacy-Policy/
Information Commissioner’s Office: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Sign up to find out more