General Data Protection Regulations
The General Data Protection Regulations (GDPR) came into force on 25 May 2018 and set out standards for the collection, use, storage and processing of personal data. This privacy policy notice explains how the Chief Scientist Office complies with the GDPR in relation to personal data we collect when people make applications for our research or Fellowship grants.
CSO: Who we are
The Chief Scientist Office (CSO) is part of the Directorate for the Chief Medical Officer in the Directorate General for Health and Social Care of the Scottish Government. CSO is responsible for managing an overall budget of over £60 million to support and encourage research to improve the health of the people in Scotland and the services provided by the NHS in Scotland.
There are a number of specific areas CSO is responsible for including:
- Supporting research in the NHS through NHS Research Scotland (NRS)
- Funding high quality research projects, in part through Researcher Initiated Grant Schemes.
- Building capacity for research in the NHS through our Fellowships Schemes.
- Ensuring research in the NHS is carried out to high standards, through our management of NRS and policy responsibility for research ethics in Scotland
CSO Privacy Policy: Purpose
This privacy policy provides you with information about how the CSO uses and protects personal information which we receive as part of applications for CSO research and Fellowships funds.
The CSO may change this policy from time to time by updating this document. You may check the latest document content at any time by visiting the privacy policy on the CSO website. The latest version of this policy will be presented by reference or link from relevant application forms and associated guidance material for CSO research grant and fellowship funding.
CSO Privacy Policy: Scope
This policy is effective from 25 May 2018. It is applicable to applicants who supply personal information to the CSO as part of applications for CSO research grant funding or fellowship programmes.
CSO Privacy Policy: Data Controller Responsibilities
Under the GDPR a Data Controller is the natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data. The Scottish Government is the Data Controller for the CSO.
CSO privacy policy: Scottish Government Data Protection Officer
Under the GDPR the Data Protection Officer is responsible for compliance with the Scottish Government’s data protection policy. The Scottish Government Data Protection Officer and can be contacted at: dpa@gov.scot.
CSO Privacy Policy: How We Use Your Information
The CSO is committed to ensuring that your privacy is protected. Any information you provide to CSO will only be used in accordance with this privacy policy.
CSO Privacy Policy: What We Collect
Research Grant Funding
Applications for CSO research grant funding require the following personal information:
The applicant’s and any co-applicant’s title, full name, full work address, work telephone number, work fax number, work e-mail address, hours to be worked per week on the project, organisation, department and position
The names, posts held, institution, telephone number and e-mail address of at least ten referees
A breakdown of directly incurred staff costs (including the name, grade, salary, superannuation and National Insurance costs) for all staff involved in the project
Fellowship Funding
Applications for CSO Fellowships funding require the following personal information:
The applicants title, full name, full work address, work telephone number, work e-mail address, place of work, post held, academic and higher professional qualifications, postgraduate career details, research experience .
The title, full name, full work address, work telephone and work e-mail address of the applicant’s supervisor
For some fellowship schemes we will also ask for the applicant’s salary, superannuation and national insurance costs; and for details of up to six reviewers (including for each reviewer their title, name, current post, institution/department and e-mail address).
Reports from Funded Projects
CSO also requires that Chief Investigators of projects that are awarded funding by CSO also submit interim reports of progress and final reports on completion of projects, including statements of expenditure. These are collected by CSO for the purposes of reviewing progress of grant awards. These reports are held within CSO and may be shared with others in Scottish Government.
CSO Privacy Policy: Why We Collect the Information
Information is collected for the administration, review, assessment and (as appropriate) award and monitoring of CSO research grant funding and CSO Fellowships funding. Where information is collected on gender, age and/or ethnicity in relation to Fellowships funding it is done so only to ensure equality of treatment for all applicants.
CSO Privacy Policy: The Legal Basis for Collecting the Information
CSO collects personal information for the purposes set out above under Article 6(1)(e) of the GDPR:
“Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”
CSO Privacy Policy: What We Do with the Information We Gather (How Personal Information is Processed)
Information provided by applicants when submitting research grant applications or Fellowships applications is shared within CSO and occasionally with others in Scottish Government. Applications are stored on the Scottish Government’s electronic filing system and some information is also held within a database held by CSO. Research grant applications and fellowship applications are also shared in full with members of the CSO research committees or panels that are convened by CSO to review applications, with the members of those committees and panels instructed to treat the information within applications and the applications themselves in confidence. Applications are also shared in full with selected expert peer-reviewers including those identified by the applicants themselves in the application form but also others as decided and identified by CSO. Again, the expert peer-reviewers are instructed to treat the information within the applications and the applications themselves in confidence. Summary details of the applications that are funded are also published by CSO on the CSO website in line with the stated terms and conditions of CSO research grants and Fellowships.
We do not use any personal information from applicants for direct marketing or other mailshots.
We retain your personal information in both electronic and hard copy forms, the transmission of which is handled securely and only to named individuals directly involved in processing applications for CSO funding, some of whom will be outside the CSO and the Scottish Government.
We will not store your personal information for longer than is necessary and your personal data will be securely deleted when no longer needed for the purposes it was collected.
Where we communicate your information to third parties for the purposes of assessing applications for CSO funding as outline above, any such third parties will be expected to handle your information in compliance with this privacy policy.
CSO Privacy Policy: Your Legal Rights
Details of your rights can be found here. A summary of your rights as they relate to the legal basis under which CSO collects personal information is as follows:
You have the right to be informed about how your information will be used – that is one of the purposes of his privacy notice.
You have a right to access personal data we may hold about you. You can make a subject access request (SAR) in writing, via an online form, by email or via official Scottish Government social media channels, along with proof of identification. There is no charge for SARs. We also accept SARs verbally, for example in cases where the requestor is unable to make a written request due to a disability. We can consider requests made on your behalf by a third party where we are provided with evidence of the appropriate consent or power of attorney authority to do so. We will respond to an SAR request as soon as possible, currently within one calendar month.
You have a right to rectification if you believe that personal information we hold about you is inaccurate or incomplete.
You have a right to request restricted processing of your personal information in certain circumstances.
You have a right to object to your personal information being processed in certain circumstances.
You have a right not to be subject to automated decision-making (making a decision solely by automated means without any human involvement); including profiling (automated processing of personal data to evaluate certain things about an individual). CSO does not use automated decision making or profiling.
CSO privacy policy: Lodging a complaint with the Information Commissioner’s Office
You may lodge a complaint with the Information Commissioner’s Office about the way in which the CSO collects and processes your personal information here or by phoning 0303 123 1113.
May 2018
Version 1.0