CSIC Privacy Notice
Construction Scotland Innovation Centre is administered and hosted by Edinburgh Napier University meaning that we are the same legal entity.
Edinburgh Napier University is therefore the Data Controller and both the University and Construction Scotland Innovation Centre are committed to preserving your privacy.
1. Information about you
How we collect your personal data:
We may collect your personal data in the following ways:
- From you directly, e.g. when we meet in a business context, you make an enquiry, contact us, etc. (face to face, attendance at our events, email, mail or telephone);
- From data that you provide online via our online forms (such as your name, contact details, e-mail address etc.), we specify the purpose and future use of this information within the form itself. An example would be an application for project funding;
- From your interaction with and use of our online services including, but not limited to, Construction Scotland Innovation Centre website, Twitter, LinkedIn, Instagram, Facebook, YouTube.
We may collect the following information:
- Name and job title;
- Organisation or academic institution you are associated with;
- Contact information such as an email address or telephone number;
- Demographic information such as address, postcode, preferences and interests;
- Your interaction with us including frequency and timing of visits to CSIC website;
- Photographs or videos captured at events, organised by Construction Scotland Innovation Centre;
- Financial details when payments are required (e.g. payment for event exhibition stands or tickets);
- Dietary and access requirements if you are attending an event or meeting in person.
Purposes - we use your information to:
- Enable us to provide and improve the services you have requested;
- Respond to any contact or queries;
- Ensure that content from the website is presented in the most effective manner for you and for your devices;
- Analyse the information we collect so that we can administer, support, improve and develop the website and our services;
- Satisfy internal record keeping;
- Contact you from time to time for research purposes in relation to our services, projects or work themes. Provide you with information or services that you request from us or which we feel may interest you, unless you have indicated otherwise; and
- Notify you about changes to our service.
- We may contact you from time to time via email to request your feedback on events and/or services you receive from us, or to send out surveys related to Construction Scotland Innovation Centre services.
- We will process information about you to administer your event attendance, and after the event, to send you information such as photos/video of the event, presentations or follow up events by email.
- Mailing Lists: You can subscribe on our website to receive further information from us including news and events updates via our newsletter
- In relation to eLearning modules, we may process your information through a third party to provide you with learning certificates, scoring information, or other certifications relating to eLearning modules and may use this information for evaluations
Special Category Personal Data (Article 9)
We may also collect and process special category data. This may be collected from information that you provide by filling in forms or for a service we are providing you. We collect this information to understand accessibility for event purposes and for equality and diversity monitoring in relation to our programme recruitment campaigns.
We may collect the following information:
- racial or ethnic origin
- Health; including disability as defined by the Equality Act 2010
Purpose - we collect your information to:
- Inform us for event planning to understand accessibility and or any special requirements for attending our events
- to hold and process equality and diversity monitoring for recruitment campaigns
2. Legal Grounds for Processing
We will only collect, use and otherwise process your personal data when we have legal grounds for doing so. The common grounds will be:
Article 6(1)(e) – Processing is necessary for the performance of the University’s official authority as vested in the Data Controller by Scottish Statutory Instruments 1993 No.557 (S.76) as amended, that is, the provision of education, research, etc
Article 6(1)(b) – Necessary in order to take steps at the request of the data subject (prior to entering into a contract or, in this case, making an application to the University), including corresponding with you about your application and keeping you informed of further information related to your to the university.
Article 6(1)(c) – The University is required to comply with legislation and statutory obligations e.g. Student funding bodies and other government bodies and agencies.
Article 9(2)(g) – for reasons of substantial public interest as allowed under the Data Protection Act 2018 Schedule 1 Part 2 e.g. equality of opportunity or treatment, etc.
We may also occasionally rely on Article 6(1)(f) - Legitimate Interest, where the activity is not related to Article 6(1)(e) – Official Authority or alternatively, Article 6(1)(a) - Consent. Where we do so we will specifically tell you, for example:
You can withdraw your consent at any point by clicking on the ‘click here to unsubscribe’ link provided in our emails or by contacting us directly at firstname.lastname@example.org
3. Cookie Notice
Adjusting your browser’s cookie settings
Adjusting your browsers cookies is dependent on the Internet browser being used. The Help feature on most browsers will tell you how to prevent your browser from accepting new cookies. Alternatively, you should check with the vendor whose browser you are using for specific details on how to do this.
Our Cookie banner and consent service is provided by Cookiebot.
4. Sharing tools
5. Links to Third Party Websites
As we want your experience of our website to be as informative and useful as possible, we provide a number of links to websites operated by third parties.
Please be aware that we do not have any control over third party websites and that such third party websites may send their own cookies to users, or otherwise collect data or solicit personal information.
6. Retention of your information
We will retain your personal data for as long as we reasonably require in light of the purpose(s) for which we are holding it and all relevant legal, commercial and operational considerations.
As a Scottish Innovation Centre, we may have to comply with statutory retention periods as required by our funders, including the Scottish Funding Council, Scottish Enterprise and Highlands and Islands Enterprise
Personal data is stored on our servers and will remain within the UK/EEA.
7. Disclosure of your information
CS-IC undertakes to process your information securely and will restrict access to employees, professional advisers, authorised agents and contractors, as necessary. We will only disclose your data to other external third parties where we are permitted to do so by Data Protection legislation or required to do so under another statutory or legal obligation e.g.
- necessary to enforce our rights, including under our website Terms and Conditions of use
- as a Scottish Innovation Centre, we have statutory reporting duties to the Scottish Funding Council, Scottish Government Scottish Enterprise and/or Highlands and Islands Enterprise. CSIC uses external suppliers to provide software systems and processing services to enable us to fulfil our functions and purposes.
- CSIC engage with third-party suppliers to provide services including IT suppliers, contractors for learning and training or specific pieces of work, amongst others. These suppliers may process personal information on our behalf as ‘processors’ and are subject to written contractual conditions to only process that personal information that information under our instructions.
- We may also share your information with third parties from time to time if that sharing is required in relation to the service, we are providing to you. A number of these services are based outside the UK, mainly the EU and the United States.
8. Your rights under data protection laws
All individuals have a number of rights under data protection laws. However, they do not apply in all circumstances.
If you wish to exercise any of them, please email us (details provided below) and we will explain at that time if they are applicable or not.
We will inform you in writing following receipt of your written request and if necessary, seek additional information from you about your request, including proof of identity.
- The right to request access to your personal information, be informed about the processing of your personal information and receive a copy of the personal information we hold about you. We are obliged to respond to any such request within one month of receiving a request, subject to limited exceptions.
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
- The right to object to processing of your personal information.
- The right to restrict processing of your personal information.
- The right to have your personal information erased (the “right to be forgotten”).
- The right to move, copy or transfer your personal information (“data portability”).
- The right to withdraw your consent to processing (if consent is relied upon by us to process the personal data).
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. We currently do not have any systems which perform automated decisions on individuals.
- At all times, you have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted online or through the website. Any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
Your personal information may also be stored on third party, cloud based solutions. Where this is the case, CSIC will ensure that the third party complies with GDPR when processing your data. Core systems are only accessible by CSIC staff and a small number of contractors for service practitioners.
Security measures in place at CSIC include:
- Physical security measures; Strong passwords; Managed permissions; Two factor authentication; Anti-malware software; Data loss prevention software; Secure Email Gateway; Software patch management; Appropriate data backup arrangements.
11. Contact Details
Please help us keep our records updated by informing us of any changes to your e-mail address and other contact details.
Data Protection Officer
Unit 3B, Hamilton International Technology Park, 3 Watt Place