Research Scotland Privacy Statement

Who we are

Research Scotland is a private sector research organisation based in East Renfrewshire. We undertake research for public and third sector bodies, across a range of social policy fields. Most of our work is qualitative research – involving in-depth interviews and discussions. We take privacy very seriously, as we are often speaking with people about sensitive and personal topics. We follow clear research ethics, and adhere to data protection and GDPR requirements. We never share personal data with others.

Types of data we collect 

Each research project that we do is different. Across the range of research projects we are involved in, we collect data such as:

  • Contact details. We collect phone numbers and email addresses for people receiving public and third sector services. This is passed to us from our clients, only where participants have clearly consented for their details to be passed to us. We never receive this information if clients have not given their consent to take part in research.

  • Survey information. We ask equalities monitoring questions in some of our surveys, covering topics such as age, disability, ethnic origin and religion. We make sure that participants have clearly consented to take part, and explain that equalities monitoring questions are voluntary.   

  • Cookies. At times, we collect cookies through surveys. This is to help people to complete the survey over time, and come back to it as and when they like. We always tell people when we are doing this, and why.   

  • Mailing lists. We don’t hold a mailing list across all of our work. But sometimes we need to keep a list of people who are interested in hearing about the findings of a specific bit of work, or have said they would like to be invited to an event. When we do this, we issue the email ourselves. We don’t share the information with anyone else. We make sure people are aware why they are providing their contact details, how they will be used, and how to remove their details from the list.

We delete all of this data as soon as it is no longer needed. As standard, this is a period of three months after the completion of our research project. We agree this time period, or an alternative, with our clients. We never share personal data with anyone beyond Research Scotland.  

Our approach to data:

We are serious about protecting personal data, and ensuring that people are able to access and amend any data we hold about them. Recently we have taken a number of steps to ensure that we comply with new GDPR regulations: 

• We have appointed a Data Protection Officer and related support service, which assists us to review our practice and inform our future approaches to data.

• All core staff have received training in GDPR and the impact it may have on our research processes. All staff were already very aware of existing data protection legislation, as well as research ethics around consent.

• We have undertaken an audit of all of the personal data we hold, and deleted the information no longer required.  

• We have worked with our IT lead to assess data security, and ensured that devices are encrypted and data is encrypted both at rest and in transit. We don’t offer guests access to our WiFi system. We don’t use analytics tools on our website, so don’t collect information on visitors to the site.  

• We have reviewed where our information is stored, and only use services which host data within the EU. Data on our client directory is all held in the UK. We do not use any services which transfer data out of the EU.

Access to your personal information: 

You have the right to see what information we hold about you, and amend or delete this. Email requests to our lead for data protection: 

Katy MacMillan

Director

Research Scotland

katy.macmillan@researchscotland.org