University of Leeds Research Statement
This document explains, in general terms, how and why the University uses data for research, what individual rights are afforded under UK data protection regulations and who to contact with any queries or concerns. Where researchers are collecting data directly from individuals, we always expect a project-specific Participant Information Sheet to be in place.
Why we process personal data
We rely on task in the public interest as our lawful basis for processing personal and special category data for research, archiving and statistical purposes. We receive data directly from research participants and from external organisations including the NHS, government departments and other private and charitable organisations.
How we process personal data
We may share data with other research active institutions, commercial and public organisations and research funders across the world. In keeping with the general principle of “open access” our research data will be made available for re-use where appropriate and required, and our research findings will be published internationally.
How we comply with data protection principles
- We have appropriate lawful bases for processing personal and special category data.
- We use data fairly and transparently, giving individuals the relevant information and opportunity to ask questions before they participate in a research project.
- Where we are using data that has not come directly from an individual, we will consider any potential harm and remove identifiers from the data wherever possible.
- We use Research Ethics Committees, specialised Contracts Managers and technical IT specialists to consider all aspects of a research project.
- We put in place appropriate contractual arrangements when we share data with 3rd parties.
- We only collect the minimum amount of personal data required.
- We take steps to ensure that the personal data we hold is accurate.
- We make our research data non-identifiable as soon as we can.
- We take steps to ensure that data is held securely.
- We keep a record of our processing activities.
In accordance with data protection regulations, and to maximise the societal value of the research we undertake, individuals participating in research do not have the same rights regarding their personal data as they would in other situations. This means that the following rights are limited for individuals who participate, or have participated in, a research project:
- The right to access the data we hold about you.
- The right to rectify the data we hold about you.
- The right to have the data we hold about you erased.
- The right to restrict how we process your data.
- The right to data portability.
- The right to object to us processing the data we hold about you.
Most of the time, the reason we cannot realise these rights is because data has been anonymised.
Retention periods
We will only retain identifiable information for as long as necessary to fulfil the purposes we collected it for and to meet any regulatory requirements; we may then retain and share data in anonymised or pseudonymised formats.
Some of the organisations we get data from specify when it must be deleted, in which case we comply with their requirements.
Additional notices and guidance policies
Individuals who are directly recruited to research projects will be presented with a specific Participant Information Sheet and Informed Consent form.
The University has published separate policies and guidance which may be applicable:
Communication
In the first instance please contact the researcher who your initial contact was with.
You may also contact the Data Protection Officer ([email protected]) for further information (see contact details below).
The University is the Data Controller for your data. Our data controller registration number provided by the Information Commissioner's Office is Z553814X.
Please see the Information Commissioner’s website for further information on the law.
This notice was last updated in June 2026
