Energy Safety Research Institute (ESRI): Using Your Personal Information
Swansea University is the data controller and is committed to protecting the rights of clients and partners in line with the General Data Protection Regulation (GDPR). Swansea University has a Data Protection Officer who can be contacted through email@example.com
This statement explains how the University handles and uses your personal information during your time as a prospective or existing client or partner of Swansea University and after our relationship completes. The University is committed to protecting your information and being transparent about what information it holds. The University has a range of data protection policies and procedures in place, which can be found here: http://www.swansea.ac.uk/the-university/world-class/vicechancellorsoffice/compliance/dataprotection/dataprotectionpolicy/.
What personal information do we collect?
In addition to technical and business information you disclose to us (including projects run through ESRI) to be able to support your enquiry/collaboration/guidance, we collect the following personal information from individuals and organisations who wish to receive support or are a partner with Swansea University:
- Name of organisation lead contact/ technical officers/ employees involved in the support/collaboration/contract;
- Work contact details of personnel involved in the support/collaboration/contract;
- Job role/title of personnel involved in the support/collaboration/contract;
- Contact details for colleagues and assistants to key staff.
- Preferred language of communication of contacts;
- Information about an individual’s engagement with the university such as attendance at events and workshops, collaborative activity and research, consultancy, etc.
- Information gathered for the purposes of Equal Opportunities Monitoring, etc.
- Information relating to the provision of guidance and support.
- Preferences on areas of interest for future communication and methods of contacting you.
Swansea University will collect information about you in the course of its dealings with you as a current or former client/partner. We may also receive information about you from outside the University such as from project partner organisations, such as Innovate UK, or UKRI. Your information will be managed appropriately by Swansea University and in accordance with the processing as outlined within the respective privacy statements. Where this happens, data will be held by ESRI and Swansea University and will be managed in accordance with this privacy statement. Where the same information is held by our project partners and we will be clear how they keep and manage your information by providing their privacy statement.
Why do we collect personal information and how do we use it?
Although it is not possible to state every purpose for which your information will be used, the following are examples of how it is likely to be used while you are a client/partner.
- To evaluate eligibility for University support according to funding compliance requirements and the University’s project approval process;
- To monitor and evaluate engagements at operation management and governance level;
- To report to project funders and government data requests;
- we may collect information on your employees or organisation as part of the process to provide services or guidance to your organisation;
- To statistically analyse the commercial relationships existing across Swansea University on a periodic basis.
- To provide Corporate subscribers offers of services from Swansea University unless they opt out to receive these.
- In connection with the delivery of Research Projects/archiving activity as normally conducted by public organisations and in line with article 89 safeguards.
No direct marketing will be undertaken to you without an appropriate legal basis.
On occasion, you might supply us your sensitive personal information to attend one of our events (e.g. accessibility or dietary needs), such personal information will be used only for this intended purpose and will be disposed of at the earliest opportunity.
We are providing general assistance and guidance rather than formal advice, so to be clear any responsibility arising from the consequences of the decisions you make in relation to your organisation and IP remains with you.
What is our legal basis for processing?
Where processing of personal data is necessary in order to provide you with a product or service, the processing is likely to be necessary for the performance of a contract or in order to take steps at the request of the individual prior to entering into a contract.
Some processing may be necessary for the purposes of the legitimate interests pursued by the University or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Recital 47 of the GDPR acknowledges that processing personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. Such processing will only be carried out when a legitimate interests assessment has been carried out to ensure your personal data is used appropriately and in ways you would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.
We will only process special categories of data, for example, accessibility or dietary needs collected at events, with your explicit consent.
Who receives your personal information?
Your personal information will be stored on our secure electronic systems and databases and will be shared with relevant colleagues within the university to provide you services and guidance. Personal information is protected by the university and will not be disclosed to third parties without consent except when necessary as part of our contractual obligations e.g. to project funders or partners of the project supporting your interaction with us. For Example, Welsh European Funding Office so your information will be shared with those funders as a condition of our grant and our ability to provide you free services and guidance.
Information is made available to persons or organisations requiring access for the reasons outlined above. These include:
- University academic, technical and administrative staff;
- University operation governance and management boards;
- External funders and partners/advisors directly involved with your collaboration with Swansea university;
- The Welsh and UK Government through statistical returns e.g. Welsh European Funding Office, etc.
Any disclosures the University makes will be in accordance with Data Protection Legislation and your interests will be considered.
How your personal information is stored?
Data Protection legislation requires us to keep your information secure. This means that your confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to relevant parts or all of your information will be authorised to do so. Information about you in electronic form will be subject to password and other security restrictions, saved on university secure networks while paper files will be stored in secure areas with controlled access.
The University may from time to time use third party cloud services to process personal data. There may be times where your personal data may reside on servers outside the EU. Where there is processing outside of the EU, Swansea University will ensure then any transfers are secure, lawful and justified in line with the GDPR.
How long will your information be held?
Your personal data may be held for the duration of your engagement with Swansea University and for a reasonable period of time upon its conclusion to comply with regulatory audit and document retention requirements. Information held for research and archiving purposes may be kept for longer and in line with the GDPR Article 89 safeguards.
What are your rights?
You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information (please note however that this is likely to affect our ability to provide support to you in the most effective way, if at all). If you have provided consent to Swansea University to process any of your data, then you also have a right to withdraw that consent. Please visit the Swansea University Data Protection webpages for further information in relation to your rights.
Any requests or objections should be made in writing to the University Data Protection Officer:-
Mrs Bev Buckley
University Compliance Officer (FOI/DP)
If you are unhappy with the way in which your personal information has been processed, you may in the first instance contact the University Data Protection Officer using the contact details above.
If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: -
Information Commissioner’s Office,
Please advise of any changes to your name, address, contact details, etc as soon as practically possible so that we can amend our records accordingly.
You should not use your relationship and collaboration with Swansea University for any press or marketing purposes without the express consent of Swansea University.
Consequences of not providing your information
The consequences of not providing your information when necessary for the performance of a contract or in order to take steps at the request of the individual prior to entering into a contract, would mean that the University will not be able to offer you some and indeed possibly none of its products and services without it.
Consent to Receive Electronic Marketing
As a valued contact of ESRI at Swansea University, we want to be transparent with you that your data is held in our Relationship Database. Your details have been identified either through contact with Swansea University or through our relationship development activities.
Your corporate information is held to enable us to correspond with you, answer your enquiries and to provide guidance and assistance.
In line with legislation we will always give you the opportunity to opt out of future relevant electronic marketing from ESRI.
To opt out from receiving direct marketing correspondence from ESRI please email
For individuals who are non-corporate subscribers (including Sole Traders and Non LLP Partnerships) we offer below clear consent to agree to opt in to receive Electronic Marketing:
Your details will never be shared with another organisation to enable them to market to you.