Privacy notice
Website Privacy Notice
Who we are
The James Hutton Institute including Biomathematics and Statistics Scotland (“BioSS”) (“Hutton”, “us” or “we”) is the Data Controller over any personal data we process about you for the purposes set out in this Privacy Notice.
This privacy notice outlines what personal data Hutton collects and processes about you in various situations and how we use your personal data. In short, such situations may be when you interact with this website www.hutton.ac.uk and its sub-domains (the “websites”); when you participate in a research project; when you attend one of our events; when you visit our sites; when we market to you and any other interaction you have with us and during which we process your personal data.
Hutton is committed to protecting the privacy and security of your personal data. We are required under the UK General Data Protection Regulation (UK GDPR) to notify you of the information contained in this privacy notice.
If you have any concerns about Hutton’s processing of your personal data or you have a general enquiry in relation to data protection please contact our Data Protection Officer at DPO@hutton.ac.uk.
What is personal data?
Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Category of Data: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
When we use the term ‘personal data’ we mean both personal data and special category of data.
Data Protection principles
Hutton is committed to protecting your personal data and adhere to the principles of the UK GDPR when processing your personal data. This states that the personal data which we hold about you must be:
a) Used lawfully, fairly and in a transparent way.
b) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
c) Relevant to the purposes we have told you about and limited only to those purposes.
d) Accurate and kept up to date.
e) Kept only as long as necessary for the purposes we have told you about.
f) Kept securely.
Our processing
Personal Data is collected in several different ways dependent on your interaction with Hutton. The table below sets out what personal data we process about you, where we get it from, why we use it, our legal basis and who we share it with. Please note that your personal data will be held in the UK on our own servers. We will not share your personal data with any other organisation or third parties without seeking your prior consent. Exceptions to this are:
- where we are required to share your personal data in accordance with law e.g. such as to assist with investigations carried out by the police, other authorities or any regulatory requirement to which Hutton is subject;
- where we are undergoing a corporate restructure;
- where we use third parties to undertake certain services on our behalf and in doing so, they require to process personal data in order to do this. If so, we will ensure that adequate arrangements are in place to protect your personal data. These third parties may include: our lawyers, auditors, accountants, payroll provider, cloud storage suppliers, CRM suppliers, marketing platforms, IT infrastructure suppliers, online survey platforms; transcribing and data scanning services;
- with our wholly owned subsidiary James Hutton Limited where this is necessary on the basis that we share certain operational services e.g. marketing team, or we may collaborate on certain research projects; or
- if stated in this table.
Is my personal data safe?
Hutton works hard to protect your personal data and have adopted appropriate technical and organisational measures to keep it safe from unauthorised disclosure, alteration or destruction.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to Hutton via the internet; any transmission is at your own risk.
How can I stop Hutton using my personal data for marketing purposes if I no longer wish to receive communications from Hutton?
If you no longer wish to receive communication from Hutton via e.g. our monthly newsletter and would like your personal data removed from our database please e-mail our Communications Department on info@hutton.ac.uk or telephone 0344 928 5428.
How long will Hutton retain my personal data?
Hutton will keep your personal data for no longer than is necessary for the purpose we obtained it for or until such time that you withdraw your consent and exercised your right to request that Hutton stops processing your personal data (if relevant).
Does Hutton make any automated decisions about me or profile my personal data?
Hutton does not make automated decisions about you and also does not profile your personal data.
Will Hutton transfer my personal data outside the UK?
From time to time, Hutton may transfer limited personal data outside the UK.
Where this does occur, Hutton will inform you of this and we will put in place appropriate safeguards and any necessary supplementary measures required under Data Protection law to protect your personal data. For instance, Hutton ensures that appropriate agreements with regard to data sharing are in place with contracted service providers and international partner institutions outside the UK.
What are my rights in relation to the personal data Hutton holds about me?
We have summarised your rights below. Please contact our Data Protection Officer at DPO@hutton.ac.uk to exercise these.
- You have the right to be provided with clear and concise information about what we do with your personal data.
- You have the right to access personal data held by us about you.
- You can seek to restrict our processing of your personal data, ask us to rectify any personal data we hold about you or object to us processing your personal data for the purposes stated above.
- In certain circumstances you have the right to ask us to provide you with your personal data in a structured, commonly used and machine-readable format to allow you (or us on your behalf) to transmit this information to another party. More information can be found at https://ico.org.uk
- In certain circumstances you have the right to ask us to erase the personal data we hold about you. We will consider any such requests in line with UK GDPR. Please note this is not absolute right and there may be circumstances where we choose not to delete all of the personal data we hold about you. More information about your right of erasure can be found at https://ico.org.uk
- If we are relying on your consent, you can withdraw your consent at any time, at which point we shall stop processing your personal data in that way. Please note this does not affect the legality of our processing up to the date of your withdrawal of consent.
- You also have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think that we have infringed your rights. You can find more information about reporting a matter to the ICO at the following link: https://ico.org.uk/
Third Party Links
Hutton’s website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy notices and that we do not accept any responsibility or liability for these notices or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these notices before you submit any personal data to these websites or use these services.
Changes to Privacy Notice
We reserve the right to amend this privacy notice. However, any changes we may make to our privacy notice in the future will be communicated to you in some manner.
Contact
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to: DPO@hutton.ac.uk
Last updated: April 2024