We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Durham University

Research and Innovation Services

Privacy Notice

Privacy Notice

Under data protection legislation, the University has a duty to ensure that we provide individuals with information about how we process personal data. One way in which this is done is by providing a Privacy Notice. If you are collecting any form of personal data (including gathering a name / signature on a consent form), you will need to include a Privacy Notice as part of your consent documentation. This can be a separate document, or it can be included as part of your information sheet.

A privacy notice will normally have two parts: The University's generic privacy notice, and a tailored section containing information specific to your project. It is important that participants have access to the generic privacy notice, as it contains additional information that the University is legally obliged to provide. You must not make any changes to the text of this part of the privacy notice, but if appropriate for your participants you can include a web link to the generic privacy notice rather tha providing the full text in your documentation.

The privacy information for your project will cover considerations such as:

  • What data are you collecting? Consider all types of personal data, including photographs, audio or video recordings. Consider whether you are collecting any special category data or criminal offence data.
  • The lawful basis that you are using for processing the data.
  • How will you store the data? Consider arrangements for maintaining privacy and confidentiality (e.g. anonymising data where necessary), and ensuring that data is held securely.
  • How will you process the data? What will happen to the data over the course of the study, how will it be used and for what purposes?
  • If the individual wishes to withdraw from the study, what will happen to their data?
  • Will the data be shared with any other individuals or organisations?
  • How long will you keep identifiable data?
  • If an individual has concerns about the use of their data, who should they contact?

For more guidance on compliance with data protection requirements, see Data Protection: Guidance for Employees