You are here

Data Protection Notice

General Statement

Insight Centre for Data Analytics hereinafter referred as “Insight”.  “Insight four Co-Host Universities” and or reference to “four Co-Host Universities” refers to National University of Ireland Galway (NUIG), University College Cork (UCC), Dublin City University (DCU) and University College Dublin(UCD).
 
This statement relates to Insight privacy practices in connection with Insight websites. Insight or its four Co-Host Universities are not responsible for the content or privacy practices of other websites. External links to other websites are not always clearly identifiable as such. Within the Insight domain you can sometimes find website links which take you to different websites, over which Insight or its four Co-Host Universities has no editorial responsibility or control. While Insight and its four Co-Host Universities encourages compliance with this web privacy statement at such sites.  Please consult the privacy statements of individual sites or contact the persons responsible for those sites, in order to understand the policies and practices under which they operate.
 

Research Publications and Outputs

Research by definition publishes its outcomes. Where a research publication contains personal data, all the personal data is anonymised and aggregated.  
 
Data is Published by the researchers where the research was carried out.  Publications are stored in the University Library where the research was carried out. Typically, the data is anonymised or deleted and this is assigned a future date in the data retention schedule to be completed.  Also detailed in the data retention schedule are the person(s) responsible for anonymising or deleting the data.   This is carried out in accordance with the University policies and procedures and is subsequently validated by the Principle Investigator for the research project to ensure it is done. 
 
Where personal data is kept, it is kept at the University where the research was carried out.  There may be instances where research is conducted at more than one University.  In such cases the data resides at the University of the Principle Investigator for the research.  This will be clearly stated with all documentation provided to you at the time of collection. 
 
Where data it is kept in raw form, we will only publish the pseudonymised data in aggregated form.  The research publication will not contain identifiable information about you.  We keep the raw data typically for validation of the research results.  These are kept for a period of time to facilitate validation and this is worked out on a case by case basis depending on the research.  Thereafter the personal data including the source data is deleted or anonymised.
 
There are instances where your personal data is shared as part of the research Insight carries out.  Should these processing instances occur they are governed by the legal contracts and agreements associated with the research project(s) you have contributed to.  In these instances, your consent or other appropriate legal basis is used to process the data. 
 

OPEN & FAIR Data

There is a move in Europe to make research outputs “Open Science” available to all if publicly funded.  Publications may be published in accordance with Open science principles or in accordance with FAIR data principles.  Where a project publishes its outputs under FAIR or Open science it is anonymised and aggregated, or the data is pseudonymised because the raw data is stored for the retention period.  When the retention period is ended the data is anonymised and no longer re-identifiable i.e. the raw data is anonymised or deleted.
 
For more information on Open Science or FAIR principles see the following websites: 
http://ec.europa.eu/programmes/horizon2020/en/h2020-section/open-science-open-access
https://www.go-fair.org/fair-principles/
 

Research Projects

Insight collects a range of personal data across many active research projects.  We collect data from many sources. 
 
The Types of data points (pieces of data) vary immensely depending upon the project and what its purpose is.  Data collected ranges from data you provide this may be typical provided data such as contact details.  However, it could also include any biological samples you provide to us for research purposes.  Personal data can be provided for example via a wearable device.  But we also use other methods to obtain personal data these may include observed, inferred or derived data which when put together with other pieces of data whether personal or not renders it personal data.  This is the case because we can in some instances be able to make very accurate predictions around behaviours and find patterns in behaviours to help us to make such predictions and these predictions may be made about your personal data.  We may also use automated processing to make decisions about you.  Where we do this we typically have a “human in the loop” so that any decisions are made after a human has checked for anomalies.  
 
Some research projects use large data sets typically these are taken from datasets made publicly available and freely available on the internet.  These may also be provided to us by our research partners or industry partners.  Where datasets which include personal data have been provided to us by research or industry partners, there is an appropriate legal mechanism in place to govern the data transfer and to oblige the controller or processor to comply with GDPR.
 
Insight has a vast range of research projects across multiple domains, many of which collect or process personal data, health data, special category personal data or sensitive data.  This privacy policy does not list each and every project and every piece of personal data collected across the full range of research projects.  If you have any questions around a project that you are a participant in, please contact the relevant DPO as listed below.
 

Research Projects which collect personal data

 
Please consult the consent forms and associated documentation as provided to you when you participated in the project for a more accurate understanding of the exact types of personal data we collect about you.  If you have misplaced this information and documentation, please contact us and we will happily provide you with a copy.
 
You may of course withdraw consent at any time.  For information on data subject rights please see the Data Protection Commission website: 
http://gdprandyou.ie/wp-content/uploads/2018/03/Rights-of-Individuals-under-the-General-Data-Protection-Regulation.pdf 
 
You must be aware that your rights are not absolute in all cases. For information on limiting data subject rights please see the Data Protection Commission website: 
https://www.dataprotection.ie/docs/EN/19-06-2018-Limiting-Data-Subject-Rights-and-the-Application-of-Article-23-of-the-GDPR/m/1746.htm 
 

Financial Data

We will collect and process your personal data where it relates to any information you have volunteered and or provided to us for the purposes of issuing or discharging financial accounts, where you choose to provide this information to us (for example via email or a feedback form on our website).
 

Biological Data

We will collect and process your personal data where it relates to any information you have volunteered and or provided to us for the purposes of biological samples.  
 

Re-Use of Data

It is becoming far more frequent for a research contract to stipulate that the research data cannot be re-used.  However, in any cases where we intend on re-using data from a research project and where contractually we are free to do so, we will only do so where we have prior informed you.  Typically, when you are receiving the consent forms and associate documentation.  In instances where at the outset of the research project it was not foreseen that re-use might be possible.  We will contact you to seek your consent before we re-use any of your personal data.  In all cases where you consent to re-use of your data the data is never presented in publications or research outputs or to any third parties in identifiable form.  In all cases such re-used data is anonymised and aggregated before re-use.
 

Images

We publish photographs of Insight activities.  Where we capture images of adults we ask for your consent and provide you with the purpose we will use the image for.  This is typically for promotion of our activities and in presentations etc.  
 
When we are capturing an image of children we will seek parental consent before the image is taken.   
 
Generally, opt-out is facilitated by the decidedly low tech solution of persons physically standing out of the field of focus of the image capture.  However, if you decide to opt-out afterwards, we can facilitate this by blurring out or obscuring your image. You can of course opt-out at any time by indicating this at the time of capture to an Insight researcher, or by contacting the relevant DPO as listed below.  
 
It is important to understand we do not ever re-use images taken for publicity or as part of Insight activities as data for use in research projects.  
 

Research Staff, Operations Staff & Alumni

Personal data relating to research staff, and operations staff and alumni of the Insight centre for data analytics is published on the Insight website.  
 

Personal Data and Your Rights

You have a number of rights under personal data protection legislation. 
 
Your rights are as follows:
 
Right to have your details used in line with Data Protection Regulations.
Right to information about your personal details.
Right to access your personal details.
Right to know if your personal details are being held.
Right to change or remove your details.
Right to prevent use of your personal details.
Right to remove your details from a direct marketing list.
Right to object.
Right to freedom from automated decision making.
Right to refuse direct marketing calls or mail.
 
You may also raise a complaint, concern or query with the Data Protection Commissioner.  For more on raising a complaint, concern or query with the Data Protection commissioner please see:  https://www.dataprotection.ie/docs/Making-a-Complaint-to-the-Data-Protection-Commissioner/r/1716.htm 
 
For more information on Data Subjects Rights see the Data Protection Commission website: https://www.dataprotection.ie/docs/A-guide-to-your-rights-Plain-English-Version/r/858.htm 
 
gdprandyou.ie also has information on data subject rights please see: http://gdprandyou.ie/wp-content/uploads/2018/03/Rights-of-Individuals-under-the-General-Data-Protection-Regulation.pdf 
 
There are circumstances where you may not be able to exercise all your rights this depends upon the nature of the processing and the legal basis relied upon.  For information on limiting data subject rights please see the Data Protection Commission website: https://www.dataprotection.ie/docs/EN/19-06-2018-Limiting-Data-Subject-Rights-and-the-Application-of-Article-23-of-the-GDPR/m/1746.htm
We would appreciate it if you have a query or concern that you raise it with us first.  For further information, please refer to the guides below as provided by the Insight four Co-Host Universities.  
 
NUIG 
https://www.nuigalway.ie/data-protection/  |   http://www.nuigalway.ie/itsecurity/gdpr/ 
Privacy Statement:  https://www.nuigalway.ie/footer-links/privacy.html
Data Protection Policy:  https://www.nuigalway.ie/data-protection/policies/ 
Data Access Request:  https://www.nuigalway.ie/data-protection/accessandrectificationrequests/ 
 
UCC 
https://www.ucc.ie/en/ocla/comp/data/   |   https://www.ucc.ie/en/gdpr/
Privacy Statement:  https://www.ucc.ie/en/it-policies/policies/privacy/
Data Protection Policy:  https://www.ucc.ie/en/ocla/comp/data/dataprotection/ 
Data Subject Rights Procedure: https://www.ucc.ie/en/media/support/ocla/compliance/gdpr/DataSubjectRightsProcedure-5Oct2018.pdf
Data Access Request Form:   https://www.ucc.ie/en/media/support/ocla/compliance/gdpr/DataAccessRequestForm-5Oct2018.pdf
 
DCU 
https://www.dcu.ie/ocoo/data-protection.shtml#overlay-context=ocoo/committee-structures.shtml 
Privacy Statement:  https://www.dcu.ie/info/regulations/privacy.shtml
Data Protection Policy:  https://www.dcu.ie/sites/default/files/info/25_-_data_privacy_policy_v3.1.pdf 
Data Access Request:  https://www.dcu.ie/sites/default/files/ocoo/c3.2_-_sar_-_application_form_-_v2.0.pdf  https://www.dcu.ie/sites/default/files/ocoo/c3.1_-_guide_to_sar_-_public_-_v2.0.pdf
 
UCD 
http://www.ucd.ie/dataprotection/index.html   |  http://www.ucd.ie/gdpr/
Privacy Statement:  http://www.ucd.ie/privacy/
Data Protection Policy:  http://www.ucd.ie/dataprotection/policy.htm 
Data Access Request:  http://www.ucd.ie/dataprotection/request.htm
 

Contact Us

For further information on personal data matters, please contact the Insight Four Co-Host Universities Data Protection Officers, details provided below: 
 
NUIG
Peter Feeney
The Data Protection Officer, 
NUI Galway, Room A129, 
The Quadrangle, 
NUI Galway, 
University Road, 
Galway 
Email: dataprotection@nuigalway.ie 
Tel: (091) 492150
 
UCC
Catriona O'Sullivan
Information Compliance Manager
University College Cork
4 Carrigside
College Road
Cork
Tel: +353 (0)21 4903949
Email: foi@ucc.ie
 
UCD 
Lisa Wallace 
Data Protection Officer
Roebuck Castle
University College Dublin
Belfield
Dublin 4
Tel: 01 7168786
Email: dataprotection@ucd.ie
 
DCU 
Martin Ward  
Data Protection Officer
Data Protection Unit
Office of the Chief Operations Officer
Room A201A Albert College
DCU Glasnevin Campus
Collins Avenue Extension
Dublin 9
D09 V209
Tel: 7005118 / 7008257
Email: data.protection@dcu.ie
 
This statement explains the Data Protection Notice that Insight and its four Co-Host Universities have adopted for its website(s). However, in legal terms it shall not be construed as a contractual undertaking. Insight and its four Co-Host Universities reserves the right to review and amend this Data Protection Notice at any time without notification.
 
Last Updated: Monday, 03 December 2018
Version 2.0_2018