Version 1: Applicable from: 8 October 2021
What are the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018)?
Is the Privacy Notice likely to change?
What is a Data Protection Officer (DPO)?
What is the lawful basis for processing my data?
What data do you hold about me?
Do you collect information about me from other sources?
Why do you need to know about “Stable Contacts”?
Why do you ask questions about my partner and other members of my family?
How will my information be used?
Who receives my personal data?
How do I use my individual information rights?
How long will it take to receive copies of my information if I make a data subject access request?
How do I withdraw from the study?
What happens to my data if I withdraw from the study?
Is my personal data transferred to other countries?
How do you keep my data secure?
How long will you hold my data for?
Which cookies does the study participant site use?
How do I change my cookie permissions?
Data protection means treating information about people fairly and using it properly according to the law. We are committed to handling your data lawfully, fairly and responsibly. We process your data with the GDPR data protection principles in mind:
The DPA 2018 and the UK GDPR are data protection laws in the UK. These laws include principles, rights and obligations which apply when we process your data. The EU GDPR (General Data Protection Regulation (EU) 2016/679) and the DPA 2018 came into force on 25 May 2018. The DPA 2018 replaces the Data Protection Act 1998. The DPA 2018 was changed on 01 January 2021 to reflect that the UK left the EU. The UK GDPR came into effect on 01 January 2021. The UK GDPR is based on the EU GDPR. Further information about the DPA 2018 and UK GDPR is available at: https://www.legislation.gov.uk/ukpga/2018/12/contents.
The UK GDPR and DPA give you rights over your personal data including the ‘right to be informed’. This right means that when you agree to be part of the study, we must provide you with the necessary information about how the information that you give to the study will be used. We do this in the study privacy notice: https://ncds.info/home/privacy/privacy-notice/.
Yes. We review the privacy notice and the FAQs when we do a new survey and update it if we change how we process your data.
A Data Controller decides how and why to collect your data and what to do with the data when it’s collected. The Data Controller is responsible for ensuring that your data is processed lawfully.
UCL is normally the Data Controller of the data that you give to the study. For specific projects, which you agreed to take part in, other organisations may also be Data Controller.
We will tell you who is the Data Controller in the information that we give you before you take part in a project or survey and in the FAQs about specific surveys.
A Data Protection Officer (DPO) is a position set out in the UK GDPR and DPA 2018. The DPO provides advice and monitors how we process your data to ensure that we process your data lawfully.
You can contact the DPO with any concerns that you may have about the way that we process your study data. UCL’s DPO can be contacted at: data-protection@ucl.ac.uk or Data Protection Officer, UCL Gower Street, London WC1E 6BT.
The DPA 2018 and UK GDPR say that we must have a reason as specified in law for processing your personal data.
As Data Controller, UCL decides the lawful basis for using your data.
The (GDPR Article 6(e)), lawful basis for processing your personal data is summarised as ‘public task’. This applies where the processing of personal data:
‘Is necessary in order to perform a task in the public interest, which is laid down by law, or in the exercise of official authority laid down by law’.
The (GDPR Article 9(j)), reason for processing your sensitive or ‘special categories of personal data’ in addition to the ‘public task’ is summarised as: ’archiving purposes in the public interest, scientific or historical research purposes or statistical purposes…’. This applies when:
‘Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject’.
UCL’s ‘statement of tasks in the public interest’ explains more about the reason for using the public task lawful basis: https://www.ucl.ac.uk/legal-services/sites/legal-services/files/ucl_statement_of_tasks_in_the_public_interest_-_august_2018.pdf.
This statement says that public task is the lawful basis for processing your data because UCL is carrying out tasks in its capacity as a public authority when it carries out research. Research for the study is carried out in the public interest with the aim of contributing to public policy.
The data that we hold about you includes:
Information that you share with us during surveys:
Information from the data that you share with us during surveys:
Information about you received from other organisations:
Information received when you use our website (e.g., from cookies or similar technologies).
Yes. With your permission, we link data from the administrative records of government departments and agencies to the records that you and your family members have given to the study as part of our linked data programme. Administrative records are created when you interact with these agencies (e.g., receive a salary or benefits or pay taxes).
We may also link other data to your survey data based on insights from your post code or about the school you attended.
We ask you to give us contact details for your partner (if you have one) and someone who you don’t live with (e.g., a relative, a neighbour, a friend) so that we can get in touch with them if we are unable to contact you directly e.g., if you’ve moved to a new house. We refer to these people as ‘Stable Contacts’ and we only hold the contact details of these other people for that purpose – and this is the only reason we would contact them. You should tell your family members that you have provided us with their personal information, including contact details with us. If they are not happy about this then either you or they can contact us and we will delete this information.
Our surveys often include questions about your partner, parents, children and other people who you may live with. This is important because family circumstances have a huge impact on people’s lives. We ask for some personal information relating to family members including names. This is so that in later surveys we can refer back to them and ask if their circumstances have changed. We will not include any information that could allow your partner or other family members to be identified in the data made available to researchers.
Table 1 summarises the data that we hold about you and how it will be used:
| Table 1: Summary of the data that we hold for the study and how it will be used | |
| Summary of data that we hold about you | Summary of data use |
| Contact details and personal information:
name, sex, date of birth, address, email address, telephone numbers National Insurance Number (if known), NHS Number/ID (if known) and study ID (study-specific pseudonymised |
|
| Survey answers and sensitive data from surveys. | To research the areas that affect your life and your generation. |
| Biological samples (e.g., blood from the Age 44 Biomedical Survey). | To process your samples to produce data and research into health and genetics. |
| DNA from the Age 44 Biomedical Survey blood sample
Genotype Data derived from biological samples / health metrics, e.g.
|
To process your sample to produce data and research into health and genetics. |
| Research data from the study/surveys including: – Genetic data linked to survey results – Pseudonymised data from the data linkage programme (including data received from NHS organisations, government departments, research and statistics organisations and databanks)- Legacy data |
To produce data for research, statistical and archiving purposes with the aim of contributing to public policy and service planning.
To produce pseudonymised research data to share with the research community and wider.
To communicate our research. |
| Publicly available information from social media (where we have your social media handle), internet searches, directories and databases. | To try to get in touch with you where have lost touch. |
| Legacy data (original questionnaires / consent forms) | For archiving purposes – to keep a record of you as a study member. For research purposes. |
| Information from cookies and similar technologies | To understand how you engage with the study site and improve your experience of the site. |
Our service providers such as survey services
Other organisations may receive your data when they provide us with services such as mailing and survey services. NatCen Social Research has been contracted to carry out the Life in Your Early 60ss Survey (with Kantar carrying out some of the fieldwork for them) on our behalf. Kantar conducted the COVID-19 Surveys.
Trusted Research Environments
If you agree, we send your biological samples to accredited laboratories that store and process your samples for genetic research.
Other Data Controllers for research purposes
If you agree, we share your contact details and personal information with government agencies so that we can link data from their records to your study data.
The research community
Many researchers from around the world analyse data from the study under secure arrangements.
Your pseudonymised study data is shared securely with researchers and organisations that we collaborate with for research purposes. Researchers can apply to CLS Data Access Committee (DAC):
Data stores
Pseudonymised survey responses including responses to sensitive survey questions are put together with other research data (e.g. linked data) and securely deposited at data stores. This research data is made available to the research community under secure access arrangements.
Organisations that we communicate our research to
Pseudonymised survey responses may be used in communications about the research and study data. Other people will not be able to identify you through your responses.
In certain circumstances, The DPA 2018 and UK GDPR give you rights over your study data:
You can contact us to make an individual rights request (e.g., to ask for a copy of the survey data that you have given to the study) at any time:
Phone: 0800 035 5761
Email: ncds@ucl.ac.uk
Post: National Child Development Study, Centre for Longitudinal Studies, UCL Social Research Institute, 20 Bedford Way, London WC1H 0AL
We normally respond to a request from you to access your personal information within 1 month. Please note that like many organisations, we have had to change our working arrangements during the COVID-19 pandemic. Please bear in mind that there may be a delay in responding to any postal requests that you make. We thank you for your patience and continued cooperation at this time.
You have the right at any time to withdraw from the study. You can withdraw from the study as a whole, or from just a particular survey, or from having your biological samples processed or from the records linkage programme. If you send us a request to withdraw from the study, we would be grateful if you could specify what your withdraw request covers so that we know what to do with the data that we already hold.
If you want to withdraw from the study, you can contact us at:
Phone: 0800 035 5761
Email: ncds@ucl.ac.uk
Post: National Child Development Study, Centre for Longitudinal Studies, UCL Social Research Institute, 20 Bedford Way, London WC1H 0AL
If you withdraw from the study, information which the study has already collected about you before we received your request, will be kept and continue to be used for research purposes where the law allows us to do this.
Your contact details are only shared outside of the European Economic Area (EEA) where appropriate contractual arrangements are in place. Pseudonymised research data are shared with researchers and research organisations from across the world.
We respect that you have donated your data to the study. We are committed to treating your data confidentially and keeping it secure. The following measures are in place to keep your data secure:
Research ethics committees
All research projects involving personal data are scrutinised and approved by a research ethics committee to ensure that our research is carried out to ethical standards.
Independent registration and standards
As part of UCL, we are:
Governance and accountability
The following people, committee and group ensure that we process your data appropriately:
Information Asset Owner (IAO)
The CLS Managing Director is also Information Asset Owner (IAO) and is accountable to the UCL Senior Information Risk Owner (SIRO) for ensuring risks associated with processing personal data at CLS are properly managed. The IAO is supported by other roles across CLS who help ensure that participant data are processed according to relevant laws and standards.
CLS Data Access Committee (DAC)
Access to CLS research data is controlled by the DAC. Further information about DAC is available here: https://cls.ucl.ac.uk/wp-content/uploads/2017/02/CLS_DAC_Terms_of_Reference.pdf.
CLS IG Steering Group (CLS IG SG)
CLS IG SG, is chaired by CLS’ Managing Director and attended by representatives from across CLS. This group meets regularly to oversee information governance and data protection issues at CLS.
Security measures
The following security measures help keep your data secure:
Policies, procedures and training
All CLS staff are required to follow UCL’s data protection and Information Security Policies.
Risk management
We ensure that any risks to your data are documented, assessed and managed:
The study seeks to understand your life journey and your generation. Therefore, we’ve not set a time limit for how long we will keep all your study data. We plan to keep the data for as long as the study exists, provided the law allows us to. We will review the data that we hold whenever we receive an individual rights request from you. Further information on how long we keep records for is included in the UCL records retention schedule: https://www.ucl.ac.uk/library/about-us/records-office/records-retention.
If you wish to raise a complaint, you can contact us at:
Phone: 0800 035 5761
Email: ncds@ucl.ac.uk
Post: National Child Development Study, Centre for Longitudinal Studies, UCL Social Research Institute, 20 Bedford Way, London WC1H 0AL
If after contacting us, you are still concerned about how your personal data is being processed, you can contact the UCL Data Protection Office at: data-protection@ucl.ac.uk. We hope that we will be able to resolve any complaints that you may have. You have the right to complain to the ICO – the independent regulator which upholds information rights in the UK. Further information about making complaints to the ICO is available at: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.
CLS and our third-party service providers use cookies and similar technologies. When you visit the study page, it sends a cookie to your device. Cookies are small text files of information which are placed on your device when you use our sites. Cookies are used to:
You can also manage your cookie preferences on your device. This is usually done by selecting the options available in the ‘cookies and site permissions’ option in the settings menu.
Find out how to manage cookies on popular browsers:
This document was last updated on: 8 October 2021.
Download these privacy and data protection FAQs as a PDF.
