Privacy notice
Jisc is committed to protecting your privacy. This policy explains how we use, store and share the information we collect about you.
We are the controller of the personal data processed for the purposes set out below and we are responsible for looking after it. You can exercise your rights in respect of that information and the procedures that we have in place to safeguard your privacy. This policy supplements any other fair processing or privacy notice that may be provided to you from time to time.
There are also some circumstances where Jisc are operating a service provided to you by someone else (for example your university or college). In these circumstances, you should submit any queries or exercise any of your rights directly with them and we’ll keep your personal data for as long as the provider needs us to.
Some Jisc services have their own privacy notices with further information about how they use your personal data. Links to these notices can be found at the end of this privacy notice.
Company details
We are Jisc, a not-for-profit company limited by guarantee, registered in England.
- Company number: 05747339
- Charity number in England and Wales 1149740, charity number in Scotland SC053607
- ICO registration number: Z9546606
- Registered office: 4 Portwall Lane, Bristol, BS1 6NB
Jisc is the designated data body (DDB) for higher education in England.
What personal data will we collect about you?
Personal data means any information that relates to an identified or identifiable individual and Jisc processes a variety of personal data about its data subjects. This includes contact information and information you provide us directly, but also information about your education or employment. We have grouped together the kinds of personal data that we may collect below. Additional information about the types of data we collect may be provided to you in other service specific privacy notices.
More detail on the personal data we collect
- Identity and contact data: includes first name, last name, email address, address, and telephone numbers. We may collect this information from you when you contact us or when you request services from us.
- Organisation and Affiliations: includes information such as your job title and information about your institution or relationships with funders or publishers. We may collect this information from you when you contact us or when you request services from us, or from publicly available sources.
- Technical and usage data: includes information we obtain from your device or browser (such as IP address, your login data, version and device identifiers, time zone setting and location, browser plug-in types and versions and operating system) as well as how you use our website and services
- Information that we need if you join a research project or receive our services: includes additional information relating to your use of the services or role in the project. We collect this when you use the service or take part in the project
- Information collected when you contact us: includes information in emails and other communications with us, or call recordings when you phone us. This may include the different types of content (eg, photographs, articles, comments) you send to us when contacting us, or through social media accounts with third parties, or any other information that you want to share with us
- Job application information: If you apply for a job with us, we will also collect your application data, which includes your contact information (including name, postal address, email address and phone number), job history, curriculum vitae, contact details of your referees and any other personal information you choose to submit along with your application when applying for a job at Jisc
- Identity and contact data: includes first name, last name, email address, address, and telephone numbers. We may collect this information from you when you contact us or when you request services from us.
- Organisation and Affiliations: includes information such as your job title and information about your institution or relationships with funders or publishers. We may collect this information from you when you contact us or when you request services from us, or from publicly available sources.
- Technical and usage data: includes information we obtain from your device or browser (such as IP address, your login data, version and device identifiers, time zone setting and location, browser plug-in types and versions and operating system) as well as how you use our website and services
- Information that we need if you join a research project or receive our services: includes additional information relating to your use of the services or role in the project. We collect this when you use the service or take part in the project
- Information collected when you contact us: includes information in emails and other communications with us, or call recordings when you phone us. This may include the different types of content (eg, photographs, articles, comments) you send to us when contacting us, or through social media accounts with third parties, or any other information that you want to share with us
- Job application information: If you apply for a job with us, we will also collect your application data, which includes your contact information (including name, postal address, email address and phone number), job history, curriculum vitae, contact details of your referees and any other personal information you choose to submit along with your application when applying for a job at Jisc
How do we use your personal data?
Jisc will process your personal data for a variety of purposes, relying on different lawful bases. These will include providing you with the service you requested, communicating with you, undertaking research and undertaking our statutory obligations.
We will always ensure that our processing activities are fair and proportionate.
More detail on why we process your personal data
The following information sets out why we process your personal data and also our lawful basis for processing your personal data. We may rely on more than one lawful basis for processing your personal data depending on the context of the processing activity.
Performance of a contract
- To provide you with a service that you have requested, including creation of a user account where necessary. This may include contacting you about the service for contract management purposes
- To contact you about products, services or events which may be of interest to you or your organisation
- To respond to your requests for information, complaints or feedback.
- To deliver events and training
- To consider your application for a job
Legitimate interests
- To monitor usage and identify problems or ways to improve our service.
- To run a research (including market research) project, study, survey, working group, workshop or user group that you are participating in
- To collect, analyse, share and publish data relating to higher education. Some of this data is personal data about students, graduates, and staff of higher education providers
- To contact you about products, services or events which may be of interest to you or your organisation. This may include processing your personal data to understand what may be of interest to you, or to provide you with marketing materials
- To respond to your requests for information, complaints or feedback
- To record meetings, events and workshops through video, audio or transcription (including in-person and virtual)
- To undertake internal analysis, planning and reporting
- To maintain the security of our systems, services and physical premises
- To provide evidence where this is required to exercise or defend legal claims
- To consider your application for a job
Legal obligation
- To comply with laws and to respond to and comply with requests from the government, regulators and other third parties with legal authority
- To investigate, detect and prevent fraud or crime and carry out related risk assessments
- To consider your application for a job
- Monitoring for service improvement involving the use of cookies or similar technologies on our website(s) and application(s) (more detail is available in our cookie policy)
Consent
- To publicly publish case studies, blogs and podcasts
- To include you in competitions and prize draws
- To record meetings, events and workshops through video, audio or transcription (including in-person and virtual)
- To share your information with other delegates when you attend a workshop
In certain circumstances, we will process your personal data based on our legitimate interests. We have decided this by carrying out a balancing exercise to make sure our legitimate interest does not override your privacy rights as an individual. We document the balancing exercises that we carry out when relying upon this lawful basis for processing your personal data.
The following information sets out why we process your personal data and also our lawful basis for processing your personal data. We may rely on more than one lawful basis for processing your personal data depending on the context of the processing activity.
Performance of a contract
- To provide you with a service that you have requested, including creation of a user account where necessary. This may include contacting you about the service for contract management purposes
- To contact you about products, services or events which may be of interest to you or your organisation
- To respond to your requests for information, complaints or feedback.
- To deliver events and training
- To consider your application for a job
Legitimate interests
- To monitor usage and identify problems or ways to improve our service.
- To run a research (including market research) project, study, survey, working group, workshop or user group that you are participating in
- To collect, analyse, share and publish data relating to higher education. Some of this data is personal data about students, graduates, and staff of higher education providers
- To contact you about products, services or events which may be of interest to you or your organisation. This may include processing your personal data to understand what may be of interest to you, or to provide you with marketing materials
- To respond to your requests for information, complaints or feedback
- To record meetings, events and workshops through video, audio or transcription (including in-person and virtual)
- To undertake internal analysis, planning and reporting
- To maintain the security of our systems, services and physical premises
- To provide evidence where this is required to exercise or defend legal claims
- To consider your application for a job
Legal obligation
- To comply with laws and to respond to and comply with requests from the government, regulators and other third parties with legal authority
- To investigate, detect and prevent fraud or crime and carry out related risk assessments
- To consider your application for a job
- Monitoring for service improvement involving the use of cookies or similar technologies on our website(s) and application(s) (more detail is available in our cookie policy)
Consent
- To publicly publish case studies, blogs and podcasts
- To include you in competitions and prize draws
- To record meetings, events and workshops through video, audio or transcription (including in-person and virtual)
- To share your information with other delegates when you attend a workshop
In certain circumstances, we will process your personal data based on our legitimate interests. We have decided this by carrying out a balancing exercise to make sure our legitimate interest does not override your privacy rights as an individual. We document the balancing exercises that we carry out when relying upon this lawful basis for processing your personal data.
Security
We have in place appropriate policies, rules, and technical and organisational measures to protect your personal data from unauthorised or unlawful processing, and against accidental loss, destruction or damage. We also have procedures in place to deal with any data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.
Even though we take these steps to keep your personal data secure, you should be aware that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the internet. If you have a username or password to access any services that we provide to you, you are responsible for protecting your username and password and must not share it with, or disclose it, to anyone.
If you want you to learn more about how to protect your data and your devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org.
Sharing your personal data
To ensure your information is protected we use carefully selected third parties to provide services on our behalf who are contractually prohibited to use your information for anything other the services requests by Jisc.
We will only disclose your personal data to:
- Companies within our group
- A third party who has purchased or merged with our organisation, in which case personal data held by us about you will be transferred to that third party to carry on our business
- Our professional advisors (including without limitation, tax, legal or other corporate advisors who provide professional services to us)
- Other third party suppliers, business partners and sub-contractors for business administration, support, processing, services, or IT purposes
- Analytics or search engines that enable us to optimise and improve your website experience
- Third parties that you approve (including without limitation, social media sites and third party payment providers)
- Our regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters
- HMRC or other tax bodies or agencies to comply with our legal and regulatory obligations
International transfers of your personal data
We may transfer your personal data to countries outside the United Kingdom in order to provide our services. The laws in these countries may not offer the same level of protection for personal data as in the United Kingdom.
If we transfer personal data to countries outside of the United Kingdom, we will do so in a lawful way and may rely on:
- An adequacy decision from the Secretary of State, which says that the recipient country provides an adequate level of protection of personal data
- Appropriate safeguards to protect the personal data (for example, the approved standard contractual clauses or international data transfer agreement)
- A lawful exception to the rules relating to overseas data transfers (for example, the transfer is necessary to perform a contract with you, which is in your interests)
Please contact dataprotection@jisc.ac.uk to obtain a copy of these safeguards or if you have any questions about how your personal data is used.
How long will we keep your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your personal data. Please see below for more information about your right to erasure.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes.
Your rights
You have certain rights in relation to your personal data, such as the right to access and the right erasure. Please be aware that these rights do not apply in all circumstances, but we will always look to fulfil your request where possible.
More details about your rights
Informed
A right to be informed about the personal data we hold about you.
Access
A right to access the personal data we hold about you.
Rectifications
A right to require us to rectify any inaccurate personal data we hold about you.
Erasure
A right to ask us to delete the personal data we hold about you. This right will only apply where (for example):We no longer need to use the personal data to achieve the purpose we collected it for. Where you withdraw your consent if we are using your personal data based on your consent. Where you object to the way we process your data (see the right to object described below)
Restrict Processing
In certain circumstances, a right to restrict our processing of the personal data we hold about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us. Where you would have the right to ask us to delete the personal data but would prefer that our processing is restricted instead. Where we no longer need to use the personal data to achieve the purpose we collected it for, but you need the data for the purposes of establishing, exercising or defending legal claims
Data Portability
In certain circumstances, a right to receive the personal data you have given us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
Objection
A right to object to our processing of the personal data we hold about you where our lawful basis is for the purpose of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process the personal data which override your rights or which are for the establishment, exercise or defence of legal claims.
Automated Decision-Making and Profiling
A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affects you. For the avoidance of doubt, Jisc does not undertake automated decision-making of this kind.
Withdraw Consent
A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with brochures and newsletters).
Informed
A right to be informed about the personal data we hold about you.
Access
A right to access the personal data we hold about you.
Rectifications
A right to require us to rectify any inaccurate personal data we hold about you.
Erasure
A right to ask us to delete the personal data we hold about you. This right will only apply where (for example):We no longer need to use the personal data to achieve the purpose we collected it for. Where you withdraw your consent if we are using your personal data based on your consent. Where you object to the way we process your data (see the right to object described below)
Restrict Processing
In certain circumstances, a right to restrict our processing of the personal data we hold about you. This right will only apply where, for example, you dispute the accuracy of the personal data held by us. Where you would have the right to ask us to delete the personal data but would prefer that our processing is restricted instead. Where we no longer need to use the personal data to achieve the purpose we collected it for, but you need the data for the purposes of establishing, exercising or defending legal claims
Data Portability
In certain circumstances, a right to receive the personal data you have given us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
Objection
A right to object to our processing of the personal data we hold about you where our lawful basis is for the purpose of our legitimate interests, unless we are able to demonstrate, on balance, legitimate grounds for continuing to process the personal data which override your rights or which are for the establishment, exercise or defence of legal claims.
Automated Decision-Making and Profiling
A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affects you. For the avoidance of doubt, Jisc does not undertake automated decision-making of this kind.
Withdraw Consent
A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with brochures and newsletters).
If you would like to contact us with any queries or comments, request further information or exercise any of your available rights set out above, please email us at: dataprotection@jisc.ac.uk. If you would like this notice in another format please contact us using the details above.
You also have the right to complain. We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your personal data. If we are not able to resolve the issue to your satisfaction, you can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) and they can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Email: icocasework@ico.org.uk
Changes to this policy
Any changes to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Please note: this policy does not cover third party websites that we may link to from our website and we are not responsible for the privacy policies and practices (including use of cookies) of such third parties. We recommend that you check the policy of each website you visit and contact the owner or operator of such website if you have concerns or questions.
Last updated: 11 April 2024
Contacting us
Email dataprotection@jisc.ac.uk to contact our data protection officer.
Please contact us at this email address if you have any questions, comments or concerns about this policy or how we handle your personal data, or if such information changes at any time.
Privacy notices for Jisc services
Building digital capability
This privacy notice is part of Jisc’s overarching privacy notice and provides further details that are either unique to this service or contains additional information about the service that you may find useful.
Building digital capability is a service organised and managed by Jisc that helps individuals and organisations to enable and motivate digital practices, including the use of discovery tool to self-assess digital capability. Further information about this service can be found on the building digital capability website.
Your data will be processed in accordance with the Jisc privacy notice by Jisc as a data controller, however this privacy notice provides supplementary information about the personal data processing that will be used as part of this service.
What personal data will we collect about you?
- Email address
- Name
- Education and skills
- Organisation
- Student/staff status
How do we use your personal data?
In addition to the purposes provided in the main Jisc privacy notice, we will also process personal data for the following purposes.
- To provide credentialling to users, as part of the service offering – namely digital badges
- To allow the organisational lead to view organisation level data reports, add organisational level resources and be subscribed to the building digital capability service mailing list
- To allow Jisc to improve the service in line with customer expectation
This processing is carried out in our legitimate interests.
Sharing your personal data
As part of these services Jisc will may need to disclose your personal data to the following recipients:
- Overt - So they can provide secure log-in services. Our contract prohibits them from using the information for anything else
- Potential.ly - So that users can access, and are shown, the correct content within the tool and to provide anonymised and aggregated data visualisations at institutional level
- Credly - If you are eligible and wish to obtain a digital badge, your name and email address will be shared with Credly who produce them; our contract prohibits them from using the information for anything else. To receive your badge, your personal data will be transferred outside the European Economic Area to Credly in the U.S, however rights are protected under EU Standard Contractual Clauses. View Credly’s Privacy policy.
This privacy notice is part of Jisc’s overarching privacy notice and provides further details that are either unique to this service or contains additional information about the service that you may find useful.
Building digital capability is a service organised and managed by Jisc that helps individuals and organisations to enable and motivate digital practices, including the use of discovery tool to self-assess digital capability. Further information about this service can be found on the building digital capability website.
Your data will be processed in accordance with the Jisc privacy notice by Jisc as a data controller, however this privacy notice provides supplementary information about the personal data processing that will be used as part of this service.
What personal data will we collect about you?
- Email address
- Name
- Education and skills
- Organisation
- Student/staff status
How do we use your personal data?
In addition to the purposes provided in the main Jisc privacy notice, we will also process personal data for the following purposes.
- To provide credentialling to users, as part of the service offering – namely digital badges
- To allow the organisational lead to view organisation level data reports, add organisational level resources and be subscribed to the building digital capability service mailing list
- To allow Jisc to improve the service in line with customer expectation
This processing is carried out in our legitimate interests.
Sharing your personal data
As part of these services Jisc will may need to disclose your personal data to the following recipients:
- Overt - So they can provide secure log-in services. Our contract prohibits them from using the information for anything else
- Potential.ly - So that users can access, and are shown, the correct content within the tool and to provide anonymised and aggregated data visualisations at institutional level
- Credly - If you are eligible and wish to obtain a digital badge, your name and email address will be shared with Credly who produce them; our contract prohibits them from using the information for anything else. To receive your badge, your personal data will be transferred outside the European Economic Area to Credly in the U.S, however rights are protected under EU Standard Contractual Clauses. View Credly’s Privacy policy.
UK ORCiD
This privacy notice is part of Jisc’s overarching privacy notice and provides further details that are either unique to this service or contains additional information about the service that you may find useful.
ORCiD is an open, non-profit, community-based initiative to provide researcher identifier solutions that enable a wide range of improvements to the scholarly communications ecosystem. The ORCiD service is being offered to UK universities through a national consortium arrangement. Benefits include reduced membership costs and UK-based technical and community support for implementation. Jisc supports the ORCiD network by providing technical support and access to community resources. Further information about this service can be found on the UK ORCID support website.
Your data will be processed in accordance with the Jisc privacy notice by Jisc as a data controller, however this privacy notice provides supplementary information about the personal data processing that will be used as part of this service.
What personal data will we collect about you?
- Email address
- First name
- Last name
- Affiliations/organisations
- Job title
- Telephone number
How do we use your personal data?
In addition to the purposes provided in the main Jisc privacy notice, we will also process personal data for the following purposes:
- To facilitate your submission of guides and documents for Jisc UK ORCiD support service community resources
- If you would prefer to be de-identified from your guides and documents, please contact us informing us of your wish
- To facilitate UK ORCiD membership for your organisation and to receive support from Jisc and ORCiD
- To facilitate you submitting a reply to a blog post on the Jisc UK ORCiD support service website. As part of the service, we’ll include your name and comment that you add to your reply in a publicly viewable listing. If you would prefer to be de-identified from your reply, please contact us informing us of your wish
- To allow you to download the spreadsheet on the community resources page on the Jisc UK ORCiD support service website. We’ll keep the information until we are told that you are no longer performing the role of the main, technical or support desk ORCiD contact. If you would prefer to be de-identified from the list, please contact us informing us of your wish
This privacy notice is part of Jisc’s overarching privacy notice and provides further details that are either unique to this service or contains additional information about the service that you may find useful.
ORCiD is an open, non-profit, community-based initiative to provide researcher identifier solutions that enable a wide range of improvements to the scholarly communications ecosystem. The ORCiD service is being offered to UK universities through a national consortium arrangement. Benefits include reduced membership costs and UK-based technical and community support for implementation. Jisc supports the ORCiD network by providing technical support and access to community resources. Further information about this service can be found on the UK ORCID support website.
Your data will be processed in accordance with the Jisc privacy notice by Jisc as a data controller, however this privacy notice provides supplementary information about the personal data processing that will be used as part of this service.
What personal data will we collect about you?
- Email address
- First name
- Last name
- Affiliations/organisations
- Job title
- Telephone number
How do we use your personal data?
In addition to the purposes provided in the main Jisc privacy notice, we will also process personal data for the following purposes:
- To facilitate your submission of guides and documents for Jisc UK ORCiD support service community resources
- If you would prefer to be de-identified from your guides and documents, please contact us informing us of your wish
- To facilitate UK ORCiD membership for your organisation and to receive support from Jisc and ORCiD
- To facilitate you submitting a reply to a blog post on the Jisc UK ORCiD support service website. As part of the service, we’ll include your name and comment that you add to your reply in a publicly viewable listing. If you would prefer to be de-identified from your reply, please contact us informing us of your wish
- To allow you to download the spreadsheet on the community resources page on the Jisc UK ORCiD support service website. We’ll keep the information until we are told that you are no longer performing the role of the main, technical or support desk ORCiD contact. If you would prefer to be de-identified from the list, please contact us informing us of your wish
Research privacy policy
Jisc is committed to protecting your privacy. This research privacy notice explains how we use, store and share the data we collect about you when we run a research project, study, survey, working group, workshop or user group that you are participating in.
Jisc may organise and manage research collaboratively with partners who act as independent data controllers. Information about partners and their privacy notices will be provided when you sign up for the research project. You should ensure that you have read and understood any partner privacy notices before agreeing to take part.
What personal data will we collect about you?
Personal data means any information that relates to an identified or identifiable individual. The personal data collected will vary according to the research project you are participating in. Where personal data is mandatory or optional we will show this within the sign-up form or within the research project itself.
For the purposes of providing research, Jisc may process the following personal data:
- First name
- Last name
- Personal pronouns
- Role
- Area of specialism or interest
- Organisation
- Qualifications
- Email address
- Phone number
- Country of residence
- Sector
- Photographic or video images
- IP Address (when you visit our websites)
- Special requirements (such as health and medical should you attend in person)
In some research projects we may ask you for special category data such as your ethnicity, disability, or your sexual life. We will only process this data with your explicit consent, and you can choose not to provide this data.
As part of our research projects, we may wish to publish your personal data in the form of your image or quotations that are attributed to you. We will only do this when you have given us your consent to include this data in our research project outputs and this is entirely at your discretion.
How do we use your personal data?
The data you provide is primarily needed to facilitate you taking part in the research project. The following table sets out why we process your personal data and our lawful basis for processing your personal data. We may rely on more than one lawful basis for processing your personal data depending on the context of the processing project.
Read the full research privacy notice (docx).
Jisc is committed to protecting your privacy. This research privacy notice explains how we use, store and share the data we collect about you when we run a research project, study, survey, working group, workshop or user group that you are participating in.
Jisc may organise and manage research collaboratively with partners who act as independent data controllers. Information about partners and their privacy notices will be provided when you sign up for the research project. You should ensure that you have read and understood any partner privacy notices before agreeing to take part.
What personal data will we collect about you?
Personal data means any information that relates to an identified or identifiable individual. The personal data collected will vary according to the research project you are participating in. Where personal data is mandatory or optional we will show this within the sign-up form or within the research project itself.
For the purposes of providing research, Jisc may process the following personal data:
- First name
- Last name
- Personal pronouns
- Role
- Area of specialism or interest
- Organisation
- Qualifications
- Email address
- Phone number
- Country of residence
- Sector
- Photographic or video images
- IP Address (when you visit our websites)
- Special requirements (such as health and medical should you attend in person)
In some research projects we may ask you for special category data such as your ethnicity, disability, or your sexual life. We will only process this data with your explicit consent, and you can choose not to provide this data.
As part of our research projects, we may wish to publish your personal data in the form of your image or quotations that are attributed to you. We will only do this when you have given us your consent to include this data in our research project outputs and this is entirely at your discretion.
How do we use your personal data?
The data you provide is primarily needed to facilitate you taking part in the research project. The following table sets out why we process your personal data and our lawful basis for processing your personal data. We may rely on more than one lawful basis for processing your personal data depending on the context of the processing project.
Read the full research privacy notice (docx).