Crisis’ research team conducts research to the highest standards of research integrity to ensure it is both beneficial and adds value to our understanding of homelessness. As part of our commitment to research integrity, we follow the General Data Protection Regulation (GDPR).
Crisis promises to respect the confidentiality and sensitivity of the personal information that you provide to us, that we get from other organisations, and that we share with other collaborating organisations (such as other Universities or research partners). We will tell you how we will use your information, how we will keep it safe and who it will be shared with. We commit to keeping your personal information secure and will not use it to contact you for any other purpose unless you have agreed to this.
Crisis are usually the Data Controller for research studies. This means that we will decide how your personal information is created, collected, used, shared, archived and deleted (processed). When we do this we will ensure that we collect only what is necessary for the project and that you have agreed to this. If any other organisation will make decisions about your information, this will be made clear in the participant information sheet provided to you.
Transparency is a key element of GDPR and this Privacy Notice is designed to inform you of:
What do we mean by personal data?
Personal data means any information that can identify you. It can include information such as your name, gender, date of birth, address/postcode or other information such as your opinions or thoughts. It can also include information which makes it possible to identify you, even if your name has been removed (such as quotes or social media postings).
We will only ever collect personal information that is appropriate and necessary for the specific research project being conducted. The specific information that we will collect about you will be listed in the Participant Information Sheet, given to you by the research team or our research partners.
We may process some information about you that is considered to be ‘sensitive’ and this is called ‘special category’ personal data. This includes, but is not limited to, information such as your ethnicity, sexual orientation, gender identity, religious beliefs, details about your health or past criminal convictions. These types of personal information require additional protections, particularly in relation to sharing, which Crisis ensures are in place. Under GDPR we must have special safeguards in place to help protect your rights and freedoms when using your personal information and these are:
privacy, rights as an individual or freedoms are not affected.
Why we process your data?
Crisis research team process your data to help us better understand homelessness. The specifics of the purpose of the research project will be shared with you through any information sheet.
GDPR requires us to be explicit with you about the legal basis upon which we rely in order to process information about you.
In the context of Crisis’ research we will normally use informed consent as the primary legal condition under which we can process your data. You will be informed of this in the participant information sheet provided to you.
For research we may also be able to process your personal information where “Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” (Article 6 of GDPR):
Where we also collect and use sensitive personal information (special category personal data) we only do so where:
“the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes... which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject”. (Article 9 of GDPR).
Who will my data be shared with?
Your personal information will be kept confidential at all times and researchers are asked to de-identify it (anonymise), pseudonymise (remove any information which can identify you such as your name and replace this with a unique code or key) or delete it as soon as possible. However in some cases it may not be possible to de-identify your information as it is necessary in order to achieve the aims of the research. If this is the case you will be informed of this in the Participant Information Sheet.
Your personal information as well as any de-identified information will only be shared with members of the research team in order to conduct the project. This may include external partners if they are part of the research project. If there is a need to share your information with anyone else including anyone outside of the European Economic Area (which includes all countries of the European Union as well as Norway, Iceland and Liechtenstein), you will be told who they are and why this is the case in the Participant Information Sheet.
As Data Controller, we will always remain responsible for keeping your information safe throughout the research.
For some research projects, your de-identified or pseudonymised information will be kept after the project has ended, placed into a data repository/online archive for sharing with other researchers or used in future research. If the researchers would like to do this with your information you will be told in the Participant Information Sheet.
To communicate our research to the public your anonymised data is likely to form part of a research publication or conference presentation or public talk. Where researchers wish to use any information that would identify you, specific consent will be sought
Storing your information
Crisis takes a robust approach to protecting the information it collects and holds for research. We have dedicated storage areas for research data with controlled access. If you are participating in a particularly sensitive project Crisis will put into place additional layers of security.
Your information will not be kept for longer than is necessary and is usually kept in an anonymised format. The length of time for which we keep your data will depend on a number of factors including the importance of the data, the funding requirements and the nature of the study. Details will be given in the information sheet for each project.
Your rights
By law you have rights in relation to the personal information we hold about you. These include the right to:
These rights only apply to your information before it is anonymised as once this happens we can no longer identify your specific information. Sometimes your rights may be limited if it would prevent or delay the research. If this happens you will be informed and have the right to complain about this to the Information Commissioner.
If you have any questions about how your personal information collected through Crisis’ research is used, or wish to exercise any of your rights, please contact Crisis’ research team research@crisis.org.uk. Or you contact our data protection team: data.protection@crisis.org.uk.
If you are not happy with the way your information is being handled, or with the response received from us, you have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (https://ico.org.uk/).