Skip to main navigationSkip to main content
The University of Southampton
Research

REF Privacy Notice

Why has the University of Southampton asked me to share information on the impact of its research?

Background

The University of Southampton (University) collates impact evidence data to manage, analyse and communicate our submission to the national research assessment exercise, currently known as the Research Excellence Framework (REF) and managed by Research England.

The processing of personal data for the development of REF Impact Case Studies is necessary for the performance of a task carried out in the public interest (Article 6(1)(e) of the GDPR).

As a public research institution our engagement with REF is imperative. The REF exists to:

How would we use the information you provide us?

Impact Case Studies: are short, evidence-based narrative statements which showcase a small number of research projects or programmes that have produced significant and/or far-reaching benefits to society - e.g., research that has influenced policy decisions, contributed to new or improved technologies in use, improved public services, or enhanced cultural understanding etc. 

Impact and Engagement Statement: This is a structured explanatory statement which sets out the wider contribution of a unit of assessment’s (subject area) research and engagement activities to society and the economy beyond academia.

I have confidential information that I do not want to be published

Research England recognises that some evidence used in Impact Case Studies may be of a confidential or sensitive nature. Providing evidence is a necessary component of Impact Case Studies for REF 2029.

However, there are arrangements in place to enable institutions to submit Impact Case Studies that include confidential information, with the agreement of the relevant organisations.

If you think that your data is sensitive or should be kept confidential, and you have not yet discussed this with your academic contact, please contact the Research Information and Systems Team: REF2029@soton.ac.uk.

Privacy notice

1. Lawful, fair and transparent processing

In 2028, the University of Southampton will submit the Impact Case Studies for assessment in REF2029. We may be asked to include any data provided as corroborating evidence. The REF is managed by a team based at Research England (RE), on behalf of the four UK higher education funding bodies. RE is part of UK Research and Innovation (UKRI).

UKRI may pass your data, or parts of it, to any of the following organisations that need it to inform the selective distribution of public funds for research and to carry out their statutory functions connected with funding higher education:

UKRI and the organisations listed above will use the information to analyse and monitor REF. This may result in information being released to other users including academic researchers or consultants (commissioned by the funding bodies), to carry out research or analysis, in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Where information not previously published is released to third parties, this will be anonymised where practicable.

UKRI will require that anyone who has access to your data, held in UKRI’s records, paper or electronic, respect its confidentiality and will only process it in accordance with instructions issued for the purposes specified by UKRI.

2. Specified, explicit and legitimate purposes

Any information you choose to provide to the University of Southampton will be used as corroborating evidence in an impact case study or an impact and engagement narrative statement. This data will first be stored on a University of Southampton secure server only accessible by necessary staff members. Only one copy of the data will be stored and all versions in email form will be deleted once information is filed.

All case studies, unless marked with a redaction option, will be published by Research England in 2029 and made available on a database on the REF website. If you do not wish the information you provide to be made available in this way, please ask for a redaction option (see below) and discuss your requirements with your University of Southampton partner.

The University of Southampton may also use case studies and corroborating evidence to showcase the impact of research through a range of mediums including online and in print, again respecting redaction options.

3. Adequate, relevant, not excessive

When you provide corroborating evidence, your data will be used in the body of an impact case study and appended in case of audit. Impact case studies will not normally be submitted with personal information, except for your job title and/or organisation which may be included.

In all University of Southampton processes to develop the final case study, appropriate levels of data redaction will be respected. If you choose to provide personal and contact information for corroboration purposes this will be stored securely and will only be used in audit circumstances. More information on REF audit processes for 2021 can be found here. This link will be updated when Research England publishes their audit guidance for REF2029.

If any part of your corroborating evidence is sensitive, REF allows for six types of case study submission, each allowing for differing levels of confidentiality. These range from processes which cater for the inclusion of security sensitive information, to redaction of business sensitive material. Full details of these options can be found below. Each option may be specifically adapted for your requirements.

If you feel that the information you are providing is sensitive, needs any kind of redaction, or you would like to discuss further options please contact your University of Southampton partner and/or the REF team REF2029@soton.ac.uk.

4. Accurate

Sharing third party personal data with the University of Southampton.
Please ensure that if you are sharing any third-party personal data (that is, any identifiable information that is not your own) with the University of Southampton, you have the necessary consent to do so. If you do not have consent, you must be able to demonstrate your other GDPR lawful basis for sharing and have informed the individuals concerned. If you cannot meet these requirements, please anonymise the information before sharing it with the University of Southampton

Accessing your personal data through REF

You have several rights.

You can:

For information stored for the purposes of REF please contact the Research Information and Systems team at REF2029@soton.ac.uk.

For other data held by the University please write to:

The Data Protection Officer

Information Governance University of Southampton,

Highfield, Southampton, SO171BJ

Email: data.protection@soton.ac.uk

Freedom of Information and Environmental Information Regulations

5. Retention

UKRI will securely store data relating to impact case studies until six months after the REF2029 results are published (June 2030) then securely dispose of all material.

The University of Southampton will retain the data collected for REF for two REF cycles from the date of submission, when the need for an extension will be considered.

6. Security

We will ensure that information is handled in line with the University's relevant Policies and Procedures for handling information, including requirements set out in our Information Security Policy and Data Protection Policy.

Impact Case Study redaction options

LevelDescriptionInternal ProcessEvidenceREF2029 Review ByPublished?Notes
Security Sensitive Case study based on or containing security sensitive information To be reviewed only by those with appropriate security clearance Only appropriate evidence is to be supplied and stored by those with security clearance only. Only by those with appropriate security clearance Not for publication Needs to be highlighted to the REF team through formal reporting process before submission date (TBC)
Redaction (1) Case study contains commercially sensitive information that cannot be published or reviewed by the whole REF2029 sub-panel To be reviewed only by persons identified as appropriate and marked as sensitive Sensitive evidence to be directly transferred to Secure SharePoint by author and any sensitive documents highlighted to impact leads. May identify specific panel members who should not have access to, or should have access only to the redacted versions Not for publication Author must give clear indication of who should not see the case study as soon as possible to ensure appropriate processes are put into place
Redaction (2) Case study contains commercially sensitive or third party personal data information that cannot be published, but can be reviewed by REF2029 sub-panel members To be reviewed only by persons identified as appropriate and marked as sensitive Sensitive evidence to be directly transferred to Secure SharePoint by author and any sensitive documents highlighted to impact leads. May identify specific panel members who should not have access to, or should have access only to the redacted versions Not for publication Author must give clear indication of who should not see the case study as soon as possible to ensure appropriate processes are put into place
Redaction (3) Case study contains small amounts of sensitive data which cannot be viewed by REF2029 sub-panel members, but the whole case study can be published with redaction

 

Normal review processes take place with reviewers aware of sensitive sections

Evidence may be transferred onto a Secure SharePoint by a Research Administrator. Any sensitive documents should be clearly identified. All sub-panel members can review case study Redacted version published Redacted versions suitable for publication to be submitted by -date TBC
Partially Redacted Case study contains small amounts of sensitive data which can be viewed by REF2029 sub-panel members, but the whole case study can be published with redaction Normal review processes take place with all reviewers aware of sensitive sections Evidence may be transferred onto Secure SharePoint by a Research Administrator. Any sensitive documents should be clearly identified. All sub-panel members can review unredacted case study Redacted version published Redacted versions suitable for publication to be submitted by - date TBC
Standard Case Study Case study contains nocommercially sensitive or potentially inappropriate intellectual property Normal review processes take place All case study information stored securely within our research information systems and SharePoint. All sub-panel members can review unredacted case study Full version published All case studies must be reviewed by governance team for pseudonymisation and GDPR compliance

If you would like to discuss your redaction options in more depth, please send us an email: REF2029@soton.ac.uk.

Privacy Settings