The Integrated Data Service (IDS) is managed by the Office for National Statistics (ONS). The ONS will be referred to as "we" from now on.
The information that follows is for people that interact with the IDS directly, including accredited researchers, people that take part in research or access our newsletter.
How we collect your personal data
We collect your data when you:
- volunteer to take part in user research
- sign up to our newsletter
- supply us with feedback on our service or one of our products
- come to us with a query about our service or one of our products
- sign up to one of our inter-departmental training courses
- apply for individual or project accreditation through the Research Accreditation Service (RAS)
- access the IDS for security purposes
The purposes for which personal data are processed
Your personal data, such as your name, email address, organisation and job title, will be used to process applications for accreditation under the research strand of the Digital Economy Act (DEA) 2017.
As a government organisation, it is important we are open and transparent about who has access to the data we provide. We publish a list of all accredited researchers, peer reviewers and processors who have been accredited under the DEA, on the UK Statistics Authority (UKSA) website.
If you have made a query about one of our products
We use your data, such as your name and email address, to contact you to help us build and improve our products. If you contact us with a query, we may also store your data to aid our response to your request and any similar requests in the future.
If you are on one of our contact lists
We use your data, such as your name, email address and organisation, to communicate with you about:
- the progress of the IDS
- an event or meeting (for example conferences)
- a group (working groups or user research)
- a specific training course you have signed up to
We use Cloudflare to deliver services to ensure the protection of data. When you access the IDS through Cloudflare, audit logs will be created that record your:
- user ID
- IP address
- device ID
We use audit logs to investigate security incidents, identify unauthorised access and other unauthorised activity.
These logs are held overseas in the United States and stored for no more than 180 days.
We rely on standard contractual clauses as an appropriate safeguard to ensure the security of the data transferred.
The legal basis for the processing
As a government organisation, we have statutory functions to promote and assist statistical research, and to accredit researchers and peer reviewers. The lawful basis we rely on to process your personal data is “Processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller.”
The recipients of personal data
At ONS we treat the data we hold with respect, keeping it secure and confidential.
The personal data the applicant provides will be shared with the relevant accredited processors, data owners and other researchers as necessary to allow us to process your application and facilitate your access to data.
We share anonymised data with research data owners, so they can monitor the use of their data.
This will generally be limited to organisation sector and project theme.
In the event of a suspected breach of the terms of access, your personal data may also be disclosed to other persons or organisations involved in any investigation or sanction, including other accredited processors.
The period for which personal data will be stored
Data protection law requires that personal data be kept for no longer than is necessary to fulfil the purposes for which it was originally collected.
We will hold personal data about accredited researchers for the period of accreditation (usually five years), and for a period after accreditation, to enable us to manage the service.
Your personal data will only be held for so long as it is required by us to carry out our role as a statistical authority.
ONS database owners are encouraged to regularly review their business need and proactively remove the personal data of users who are inactive. You can request removal from a database at any point in time simply by contacting the owner (for example the mailing list sender). Where appropriate, personal data will be anonymised as soon as practically possible.
Where we store queries for future reference, accompanying personal information will be stored for a maximum of two years. After this period, or when the query is no longer needed, it will be deleted, or the contents anonymised.
The identity and contact details of the data controller
The data controller is the person or organisation who decides which personal data shall be processed, and for what purpose.
The UK Statistics Authority (UKSA) is the data controller who makes those decisions.
In practice the work is mostly performed by the ONS, the executive office of the UKSA.
You can contact ONS either by telephone, email, or post:
0845 601 3034
Office for National Statistics, Government Buildings, Cardiff Road, Newport, South Wales, NP10 8XG
The contact details of our Data Protection Officer
Our Data Protection Officer is the person charged with providing UKSA and ONS with advice and guidance on the ways we can best protect the information we collect and use. They are involved in all the major decisions we make in relation to personal data.
If you have any queries or concerns regarding your data, or wish to exercise any of your rights, then contact:
0845 601 3034
Data Protection Officer, Office for National Statistics, 2 Marsham Street, London SW1P 4DF
Data subject rights
As a data subject (someone whose personal data we hold) you have rights available to you under data protection law.
If you wish to exercise any of these rights then contact our data protection officer, but please be aware that some exemptions apply if the data is being held for statistical purposes only. Compliance requirements are set out in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
You have the right to:
- request access to the information from any controller that holds your personal data
- amend any wrong or inaccurate information they hold about you
- object to your personal data being processed
You have the right, in some circumstances, to request any controller to:
- erase any personal data they may hold about you
- stop processing your personal data
- pass any information they hold about you to another controller
The Information Commissioner's Office
The Information Commissioner’s Office is the independent body tasked with regulating data protection within the UK.
They can provide you with additional information regarding data protection and your rights. They also deal with any complaints you may have regarding our use of your data.
You can contact them by phone or email:
0303 123 1113
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF