Privacy Notice

Welsh Crucible Privacy Notice  

If you have any queries at all regarding Welsh Crucible, please contact welshcrucible@cardiff.ac.uk  

This notice sets out how we deal with the personal data of people who are applying to, who are participants of and alumni of, the Welsh Crucible. 

Data Controller 

Cardiff University is considered as the Data Controller for Welsh Crucible and as such legally responsible for processing your personal data in accordance with data protection legislation.  

Cardiff University collates information about you at application stage and if you are successful on becoming a participant in order to assess your application and organise your place on Welsh Crucible. The University will also use some of the information for analysis and monitoring. 

The University is registered as a Data Controller with the Information Commissioner’s Office (ICO) to process personal data. Reg no Z6549747

Contact Details of the Data Protection Officer  

The University is required to have a data protection officer who can be contacted if you have any queries, concerns or complaints about the way your personal data is processed. Cardiff University’s Data Protection Officer can be contacted at InfoRequest@cardiff.ac.uk    

How will your personal data be collected and used? 

The following lists the information which is currently collected and processed at different stages from application, through to being a successful applicant and once you are Welsh Crucible alumni.  

  1. name  
  2. contact details, address and email address  
  3. the names of the organisation you work for 
  4. photographs (once part of the progamme) 
  5. equality of opportunity monitoring data which will include sensitive categories of data for (e.g. age, gender, ethnicity, religion, sexual orientation, disability, nationality, whether you are married)

Your personal information provided on the application form will be collected in order to process the application, to update you on the progress of your application, and, should the application be successful, to administer your participation in the Welsh Crucible programme.

If you are selected as a successful participant on Welsh Crucible, the following information will be collected; 

  1. whether you require any reasonable adjustments due to disability  
  2. next of kin name and contact information 
  3. special dietary requirements

Legal basis for processing your personal data 

Under data protection legislation there are various legal bases for the processing of your personal data and the main bases are set out below:  

  1. With regards to the information contained in your application form we will process your data as part of our provision of a task in the public interest, that of providing training opportunities for those carrying out research in the public interest and also the promotion and advancement of research in order to contribute to the social, cultural and economic development of Wales.   
  2. During your application you are asked to consider completing an equality of opportunity form which will contain personal data classed as ‘special category’ such as ethnicity, religious beliefs or sexual orientation etc.  This data is collected in order to comply with our legal obligation under the Equality Act 2010. Once your application is received this information is separated from the application form and is kept in an anonymised form used for monitoring purposes only.  
  3. With regards to taking of photographs, we process these under the legal basis of legitimate interest. 

Who has access to the information? 

The information on your application form will be accessed by Welsh Crucible staff in order to process and will be shared with those who assess your application.  The application will be anonymised prior to being sent to the assessment panel for selection and all equality monitoring data will be removed.   

The HEI for which you work will be informed of the outcome of your application.  If your application is unsuccessful, your HEI may contact you to explore how it can provide you with further support and development in this area. 

The University may share your name and relevant personal data with The Higher Education Funding Council Wales (HEFCW). We will provide anonymous statistical details of our participants and alumni on a yearly basis for the annual HEFCW report. 

Any other disclosures that the University makes will be in accordance with Data Protection law and your interests will always be considered. 


Is information transferred outside of the EU? 

Generally, information you provide to us is stored on our secure servers, or on our cloud based systems which are located within the EEA. However, there are times when we do need to store information outside the EEA. If we transfer your information outside the EEA, we will take steps to ensure that appropriate security measures are taken to protect your privacy rights. This could be by imposing contractual obligations on the recipient of your personal information, or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. For example, we would ensure that a supplier based in the USA has signed up to “Privacy Shield”. Technical measures such as encryption will also be considered. 


How long will your information be held? 

A record of your application will be kept for 7 years  and will comprise of your name, HEI, date of application and outcome with reasons?  Your detailed application form will be destroyed 7 years after your application whether successful or not. Anonymised records of the equality monitoring information will be held in order to monitor the diversity profile of applications and those who are successful. 

All data will be stored on secure Cardiff University servers and will be retained for up to 7 years.  


Your rights 

Under data protection legislation you have certain rights which will be associated with the legal basis on which we process your data. For further information please see the following guidance published by the Information Commissioner’s Office.  

Further Information on data protection at Cardiff University can be found at: https://www.cardiff.ac.uk/public-information/policies-and-procedures/data-protection 

We hope to resolve any of your questions, queries or concerns you have. In the first instance, please contact inforequest@cardiff.ac.uk, but if you remain dissatisfied you can contact the Information Commissioner’s Office. The Information Commissioner’s office is responsible for regulating data protection in the UK.