Ethical review self-assessment privacy notice

This is a privacy notice for researchers completing the Ethical Review Self-Assessment form.


The Faculties’ Ethics Committees (FEC) are part of the University of Surrey. The University is registered as a data controller with the Information Commissioner’s Office (notification number is Z6346945) and is committed to ensuring that the personal data processed is handled in accordance with data protection legislation. The University has a named Data Protection Officer, Elizabeth Powis, who can be contacted via

What information do we collect?

We collect the following personal data about students completing the online Ethical Review Self-Assessment form for undergraduate and postgraduate taught students:

  • Name
  • Email address
  • Student URN
  • Faculty.

We also ask for the names and email addresses of research supervisors involved in the proposed research to give us a complete record of each project. We only collect the data we need and keep that data up to date.

How do we collect this information?

We receive this information from you when you complete the online form, or when your fellow student on the research project does this on your behalf. The data you provide us with is shared with your supervisor and the relevant faculty ethics committee. You will also receive a copy of the data you submit to us by email.

Why do we collect this information?

We take our responsibilities for handling data very seriously and therefore it is important for you to understand the legal basis that we rely on when we are processing your personal data.

We process your data as part of our task to conduct research in the public interest. Specifically, the information collected in the form is used by us for the purposes of administering the University’s ethics and research governance processes. This includes maintaining a record of research that has been submitted for self-assessment. This record will be used to audit research and to ensure compliance with University’s and external policies, guidelines and regulations. It will be used to obtain information to provide advice to the research team’s own questions.

Who do we share your information with?

We may share your personal data with University committees, other departments within the University and external regulators as part of ensuring that the research is compliant with policies, guidelines and regulations. This could include, but is not always limited to, the University Ethics Committee, the Research Integrity and Governance Committee, legal, insurance, finance and data protection teams.

How long do we keep your information?

We keep your information for 10 years after completion of the project in line with the University’s retention schedules for research project information.

What rights do you have in relation to the way we process your information?

Under data protection law you have certain rights.

You have the right to ask us to confirm that your personal data is being processed and to access (i.e. have a copy of) that data as well as to be provided with supplemental information about the processing.

You can object to our processing your data, and can ask us to erase the data we hold about you, although in certain circumstances we may not be able to do this – for example, where processing is necessary for the performance of a task in the public interest.

If you would like to exercise any of these rights, or have any queries or concerns, please email the Information Compliance team.

You also have the right to complain directly to the Information Commissioner’s Office if you continue to have concerns around how we are processing your data. The Information Commissioner’s Office is an independent body set up to uphold information rights in the UK. They can be contacted through their website, or their helpline on +44 (0)303 123 1113, or in writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
SK9 5AF.