How we use your data
This Privacy Notice outlines how CADDA collects, uses and manages the personal information of individuals in accordance with data protection law.
The University of Kent, the lead partner of CADDA, is registered as a ‘Data Controller’ under registration number Z6847902. View the full entry on the register.
How we collect your personal information
Your personal data is obtained:
- directly from you, in person, through online or paper forms, email or by telephone or video call
- from our project partners at The University of Manchester and University College London
Categories of information we collect
Personal data we collect about you in connection with and for the purposes of the delivery of the CADDA project are:
- your name, business address
- telephone number
- email address
- Job title
- Research interests/expertise
- Web address (where applicable)
- Whether a CADDA community of Practice member
- Whether a CADDA LinkedIn follower
- Whether awarded a CADDA grant (and associated info)
- Login details (CADDA website)
- Engagement details (including type e.g. email, call, date, length of time spent), referrals (to other businesses)
- Event attendance
- Business support offered and time spent/date
- Other outcomes (e.g. publications)
- Online identifiers
- Your opinions when you answer surveys we send you
We will also capture the following non-personal data which may become personal data when combined with other information such as a personal identifier:
- Business type/category
- Products in development
- Project name and progress
- Strategic themes or categories (e.g. Women’s health, in vitro etc).
We will not be collecting special category data about you in connection with the CADDA project.
How we use your personal information
We will use your information in the following ways:
- To deliver the services of the CADDA project, including:
- enabling knowledge exchange, fostering collaboration, and providing networking opportunities through a range of events and communication channels, including social media and newsletters;
- developing a thriving diagnostic community of practice (COP), bringing together elements of diagnostics development and application across disciplines, using a signup form to register you as a member and provide you with newsletters (from which you can unsubscribe at any time);
- providing competitive grant funding to support collaboration and research between industry and academia, and offering access to expertise, resources, and equipment to accelerate diagnostics innovation. We will use your personal data to track and monitor your application progress, as well as the progress of successful awardees’ projects, and to provide support where relevant;
- providing business support, together with mathematical and simulation modelling, to help industry partners accelerate innovative diagnostics development. We will use your data to track the support and engagement we provide;
- undertaking exemplar diagnostics knowledge transfer and development projects, using your data to track project progress and support the development of case studies on diagnostics development, translation to SMEs, commercialisation, and application;
- monitoring and capturing progress against project targets, including engagement, business support, grant funding awarded, events delivered, and other service-related activities. This information is reported annually to our funder (Research England);
- retaining and evaluating information about your website visits, newsletter interactions, and navigation patterns for analytics purposes, to improve the relevance and usability of our content.
- As we have a statutory basis to process your personal data, if we do not receive this data, we may not be able to provide the services outlined above.
Our lawful basis for processing your data
We rely on the following lawful basis as allowed by the UK GDPR for processing your personal data as this is necessary for:
- the performance of a task carried out in the public interest or in the exercise of official authority –Article 6(1)(e)
In addition, other lawful bases also apply for processing your personal data to enable specific activities. These are:
- Our contract with you – Article 6(1)(b) where CADDA agrees a CKTV Grant funding agreement with you, where you log into our website, and where you sign up to our events
You have given your consent for one or more specific purposes- Article 6(1)(a) where you opt into our Community of Practice and our newsletter/mailing list, answer our surveys as a member of our community of practice or accept cookies on our website
Our substantial public interest reason(s) is/are:
- statutory purposes
Who your information will be shared with
We use third party organisations (known as data processors) who carry out services on the University and CADDA’s behalf under contract. We will ensure that only the minimum amount of relevant personal data necessary for the purpose is transferred. We will ensure that contractual agreements exist to ensure compliance with data protection regulations and that data is used solely under our instruction. In these circumstances personal data shall be deleted after the contract has terminated.
- Microsoft (the University uses Microsoft 365 as its main IT platform).
- Eventbrite (CADDA uses Eventbrite to enable registrations to our events)
- Mailchimp (CADDA uses Mailchimp to send out our newsletter to members of our Community of Practice)
- ZoHo (CADDA uses ZoHo to track project progress and issue communications to members)
We have a data sharing agreement with our project partners at the University of Manchester and University College London
For more information please see:
The University of Manchester: Data protection | The University of Manchester
University College London: Privacy | Legal Services – UCL – University College London
Sometimes it is necessary for your personal information to be shared:
- with competent authorities (such as the police, NCA) or action fraud for law enforcement purposes (for on substantial public interest reasons – Article 9(2)(g) – for preventing or detecting unlawful acts, safeguarding or fraud purposes.
- with our professional advisors where it is necessary for the establishment, exercise or defence of legal claims – Article 9(2)(f).
Occasionally the University may, if appropriate, legitimate and necessary, rely on relevant exemptions to UK GDPR provisions as are allowed under the Data Protection Act 2018 (in relation to crime and taxation, management forecasts, negotiations, confidential references and exam scripts and exam marks).
Transfer of your information outside of the UK
When it is necessary for us to transfer your personal information across national boundaries to a third party data processor, such as one of our service providers, we will ensure this safeguards your personal information by requiring such transfers are made in compliance with all relevant data protection laws.
- Personal data processed within our Microsoft 365 tenancy is hosted within the EU although Microsoft may transfer limited data to sub-processors based elsewhere (including the United States).
- Personal data processed by Mailchimp on behalf of CADDA is hosted on United States servers, transferred to the United States under the UK-US Data Privacy Framework and in accordance with UK GDPR in compliance with the E.U.-U.S. Data Privacy Framework including the UK extension although Mailchimp may transfer limited data to sub-processors based elsewhere
- Personal data processed by Zoho on behalf of CADDA is hosted in an EU data centre in the Netherlands, transferred to the EU in accordance with UK GDPR
- Personal data processed by Eventbrite on behalf of CADDA is hosted on United States servers, transferred to the United States under the UK-US Data Privacy Framework and in accordance with UK GDPR in compliance with the E.U.-U.S. Data Privacy Framework including the UK extension although Eventbrite may transfer limited data to sub-processors based elsewhere
- Other countries data is transferred to: The United States
The transfer is authorised by:
- adequacy regulations made by the Secretary of State found here: https://www.gov.uk/government/publications/uk-approach-to-international-data-transfers/international-data-transfers-building-trust-delivering-growth-and-firing-up-innovation#uk-adequacy
- safeguards prescribed by the UK GDPR, a copy of which can be obtained here: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA
- The UK-US data bridge, details of which can be seen here: UK-US data bridge: factsheet for UK organisations – GOV.UK
Details of how Mailchimp handles and stores data can be found on their website here: Mailchimp Data Security and Privacy | Mailchimp
Details of how Zoho handles and stores data can be found on their website here: Zoho – UK Privacy Policy
Details of how Eventbrite handles and stores data can be found on their website here: Eventbrite Privacy Policy | Eventbrite Help Centre
How long your personal data will be kept
- Personal data will be kept by CADDA for a period of 10 years post project end, as required by the terms and conditions of our funders, Research England.
Security
We will ensure that security measures are in place to prevent the accidental loss, unauthorised use or access to your data. Access is given to staff on a ‘need to know’ basis. Our staff are required to keep your data safe and complete data protection training.
We have procedures in place to deal with any data security incidents and will notify you and the ICO in the event of a data breach where we are required to do so.
Your rights
Please be aware of the following rights which can be accessed free of charge by contacting dataprotection@kent.ac.uk:
- know how we are using your personal information and why (right to information)
- access the personal data held by us (subject access request)
- ask for correction of any mistakes (rectification)
- to object to direct marketing
- to complain to the ICO
In some circumstances you also have the right to:
- object to how we are using your information
- ask us to delete information about you (the right to be forgotten)
- have your information transferred electronically
- object to automated decisions which significantly affect you
- restrict us from using your information.
For further guidance regarding your rights please see the ICO website.
Your rights- if you have given consent or explicit consent for a specific use of your personal data
You can withdraw your consent at any time.
You can do this by contacting us by email at cadda@kent.ac.uk. To unsubscribe from our newsletter, you can also click the unsubscribe link at the bottom of the newsletter sent to your email address.
This does not affect the lawfulness of the processing based on consent before its withdrawal.
Your right to complain to the Information Commissioner
You have the right to lodge a complaint with the Information Commissioner’s Office.
Their helpline telephone number is: 0303 123 1113.
Contacts
If you have any questions or concerns about the way the University and/or CADDA has used your data, or wish to exercise any of your rights, please consult University of Kent website or contact CADDA at cadda@kent.ac.uk.
The University’s Data Protection Officer can be contacted at: dataprotection@kent.ac.uk
Document review date
This privacy notice will be reviewed at least annually.
| Version | Author | Description of Change | Date | Next Review date |
|---|---|---|---|---|
| 0.1 | May 2027 |