Effective Date: 31 March, 2025
This Policy outlines how the Physical Sciences Data Infrastructure (PSDI) collects, uses, protects, and shares personal data in compliance with relevant legal and ethical standards including the UK General Data Protection Regulation (UK GDPR).
Overview
The Physical Sciences Data Infrastructure (hereinafter referred to as “PSDI,” “us,” “we,” “our”) is a collaborative programme led by UK Science and Technology Facilities Council (STFC) Scientific Computing and University of Southampton, who act as joint data controllers. We provide a platform that supports research and education in the Physical Sciences community by connecting and enhancing the datasets, tools, and resources they use. We are committed to protecting user privacy while delivering its services.
Personal Data We Collect and Process
PSDI aims to minimise the personal data it collects and to ensure that user privacy is safeguarded. It may need to use personal data for the
- Granting Access to Licenced Resources
PSDI acts as a broker for common access for the UK’s academic community to licensed third-party resources for the purposes of research and teaching. Hence, it needs to verify the user’s eligibility (e.g. academic affiliation) to access licensed third-party resources.
- Collecting Metrics and improving services
PSDI needs to collect metrics on usage of services, e.g. usage from institutions and subject domains. These metrics are used to report on status of the service to funders (EPSRC) in order to assess the value of the service and to guide future development of PSDI.
We might use cookies and analytical tools to collect information about a visit. Users can choose to reject cookies; however, some cookies are required for session management. More information about cookies is available in our [cookie policy].
- Maintaining Contact with Research Communities
PSDI needs to maintain contact with our user communities, both to inform them on the status and development of our services, information on events and training, and to consult with users on future priorities for the development of PSDI. We may collect and retain user’s contact information to enable these communications. User can opt out from any marketing and engagement communication.
- Providing Services to Specific User Communities
PSDI seeks to provide services to the user communities, including provision of training courses and materials, and access to personalised functionalities within the PSDI system, e.g. data repositories for depositing data.
To support these purposes, the personal data we may collect includes:
- Authentication-Related Data:
- For users authenticated by their institution: Pseudonymous identifiers and status-related attributes (e.g., affiliation or user type such as student or staff) provided by their institution.
- For users authenticated individually: A username (email address) and password managed directly by PSDI, or other appropriate identifiers supplied during user registration.
- Contact Information:
- First and last name of the user, institution, an email address, whether provided by a UKAMF member’s institution or directly by the user, to enable communication such as service updates and system notifications.
- User setting Data:
- Optional settings for personalized functionality, such as saved searches, user preferences, favourites for which stored preferences may be associated with an identifier.
- IP Address:
- Collected for operational reporting, system optimization, and compliance purposes (e.g., verifying eligibility for region-specific licensed resources).
- Optional Information
- Users can also choose to disclose additional information to support our user metrics analysis, this could include, for example, the user’s ORCID, research interests, how did they found out about PSDI
Principles for Data Use
PSDI adheres to the following principles for handling personal data:
- Data Minimization: Only the personal data necessary for access, functionality, and compliance with licensing and enabling service functionality is collected routinely. Where enhanced features involve more detailed information about the user’s usage of the services, data may be collected with explicit user consent.
- Purpose Limitation: Personal data is collected solely for service delivery, maintenance, and improvement. It will not be used for unrelated purposes without explicit user consent.
Data Sharing
PSDI shares personal data only under the following specific and controlled circumstances:
- Within the PSDI Consortium: Data may be shared between partner institutions involved in service delivery and operational management. Any such sharing will be defined through collaboration agreements.
- With Service Providers: PSDI uses third-party service providers (e.g., cloud hosting and database management) to support service provision. Any such sharing will comply with contractual obligations to protect user data.
- With Data Licensors: In instances where users seek access to licensed data, PSDI may share minimal information (e.g., pseudonyms or IP addresses) to confirm eligibility in compliance with license agreements.
- Publicly Aggregated Metrics: Generalized, anonymized usage metrics may be shared for reporting and evaluation purposes or to enhance the infrastructure’s performance. Personal or identifiable data is never included in public-facing reports.
We do not share users’ information with third party suppliers for marketing or advertising outside of the scope of the PSDI provision.
Data Retention
PSDI retains personal data only for as long as necessary:
- Authentication and operational data are retained during active use of the service.
- Optional personalization data (e.g., saved searches) is kept as long as the user wishes to maintain their account or interaction with the service.
- When a user ceases to interact with PSDI, personal data is deleted or anonymized within , unless otherwise required by legal or contractual obligations.
User Rights
Regardless of the user’s affiliation, PSDI ensures the following rights under applicable data protection laws:
- Access: Users can request access to the personal data that PSDI holds about them.
- Correction: Users can request the correction of inaccuracies in their personal data. PSDI will aim to implement any corrections within a reasonable time period.
- Erasure: Users can request the deletion of their data. Subject to any legal or contractual constraints, PSDI will aim to implement the deletion within a reasonable time period.
For assistance with these rights, please contact PSDI’s Data Protection Officer (DPO) using the contact details provided below.
Security Measures
To protect user data, PSDI employs robust security practices, including:
- Role-based access controls, ensuring only authorized personnel can access user data.
- Regular security audits and adherence to best practices in incident management.
Changes to this Privacy Policy
PSDI reserves the right to update this privacy policy to reflect changes in services, governance, or legal requirements. Notification of significant updates will be communicated to users via appropriate channels.
Contact Information
For questions regarding this Privacy Policy, data rights, or general privacy concerns, please contact the PSDI Data Protection Officer:
- Email: [email protected]