Privacy notice relating to user research conducted by DESNZ
Published 15 May 2024
DESNZ conducts user research to understand the needs of users, and to test and improve services both internally and externally for the public. The user research team is part of a central function, Integrated Corporate Services (ICS).
This notice sets out how we will process your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
This privacy notice gives you general information on how we process your personal data. For more details about a specific piece of research, you can refer to the consent form provided when you’re invited to take part in the research. This will also include contact details for the researcher and their team in case you have any further questions or should you wish to withdraw your consent.
Your data
The personal data we collect from you may include your:
- name
- age
- gender
- email address
- phone number
- geographical information
The special category data we collect from you may include:
- personal data revealing racial or ethnic origin
- disabilities, such as details of any condition that can affect your ability to use a computer
We may collect additional information, based on the specific topic being researched. Please refer to the consent form when you’re invited to take part in the research.
During the research session
In most cases, we’ll collect personal data during the research session. This could be in the form of:
- audio recordings
- video recordings
- screen recordings
- written notes
- photos
Purpose
The purpose(s) for which we are processing your personal data is:
- to conduct user research in the public interest to support the improvement or development of internal and external services aligned with the priorities of DESNZ
- to contact you regarding your participation in user research
- to ensure that the sample of participants is representative of the user groups we are researching
The purpose(s) for which we are processing your special category data is:
- to ensure that the sample of participants is representative of the user groups we are researching
Legal basis of processing
The legal basis for processing your personal data under Article 6 of the UK GDPR is:
1(a). consent: you consent to the processing of your personal data for one or more specific purposes. Should you change your mind, you can withdraw consent at any time by contacting the user researcher leading on the project. Details can be found on the consent form for the research.
The legal basis for processing your special category data under Article 9 of the UK GDPR is:
2(a). because you have provided your explicit consent to the processing of your data for one or more specified purposes
Recipients
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors Microsoft and Amazon Web Services.
Your personal data will only be used by colleagues who require access to it, this may include contractors from third party organisations hired to conduct user research on behalf of DESNZ.
Use of Calendly
We collect your personal data via Calendly to schedule calls and meetings for user research purposes. When you input data into Calendly, this enable us to:
- schedule appointments quickly and efficiently
- contact you regarding your response or related matters
We collect and process the following personal data via Calendly:
- your name
- your email address
Please refer to Calendly’s Privacy Notice for more detail on the information collected through the platform and how they manage it.
Retention
We will only retain your personal data for as long as:
- it is needed for the purposes of the project
With your consent, we will retain your personal data to contact you to take part in future research for similar projects. Your consent to this will be collected at the end of the research session.
Your personal data will be kept by us for a maximum duration of three years from date the data was collected.
If you do not wish to be contacted for future research, you can let the researcher know at the end of the session or use the email on the consent form and we will remove your personal data from our contact list with immediate effect.
International transfers
Your personal data shared directly with DESNZ will be processed in the UK.
Your personal data shared via Calendly will be processed in the United States and will be safeguarded by the UK Extension to the EU-US Data Privacy Framework.
Your rights
You have the right to:
- request information about how your personal data are processed, and to request a copy of that personal data
- request that any inaccuracies in your personal data are rectified without delay
- request that any incomplete personal data are completed, including by means of a supplementary statement
- request that your personal data are erased if there is no longer a justification for them to be processed
- in certain circumstances (for example, where accuracy is contested) request that the processing of your personal data is restricted
- withdraw consent to the processing of your personal data at any time
To exercise your rights please contact the Data Protection Officer using the contact details below.
Contact Details
The data controller for your personal data is the Department for Energy Security and Net Zero (DESNZ).
Contact the DESNZ DPO:
DESNZ Data Protection Officer
Department for Energy Security and Net Zero
3-8 Whitehall Place
London
SW1A 2EG
If you are unhappy with the way we have handled your personal data, please write to the department’s Data Protection Officer in the first instance using the contact details above.
Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an UK independent regulator.
Contact the Information Commissioner's Office (ICO):
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
Updates to this notice
If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. The ‘last updated’ date at the bottom of this page will also change.
If these changes affect how your personal data is processed, we will take reasonable steps to let you know.