For the purpose of the AHRC Creative Communities Community Innovation Practitioner (CIP) Awards 2025/26 the University of Northumbria at Newcastle and UK Research and Innovation – Arts and Humanities Research Council (AHRC) are considered Joint Data Controllers.
University of Northumbria at Newcastle (“we”, “our”, “us”) is registered with the Information Commissioner’s Office as a Data Controller with Registration Number Z7674926.
Joint Data Controllers are organisations that jointly determine the purposes and means by which personal data are processed. These purposes have been identified as:
We are committed to processing personal data in accordance with our obligations under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.
This privacy notice describes how and why we process personal data in relation to applicants for the CIP Awards 2025/26 (“you”, “your”) for the purpose of processing your application for the CIP Awards 2025/26 and explains how you can control the processing of your data or exercise your rights under the GDPR.
We collect your personal data if you submit an application to apply for the Creative Communities CIP Awards 2025/26. We may ask for personal information that we will use to help process your application.
Personal data, or personal information, means any information about an individual from which that person can be identified. To carry out our activities and to manage our relationship with you, we may collect, store, and process the following categories of data about you or members of your research team:
The first principle of the GDPR requires that whenever an organisation processes personal data, it must be processed ‘lawfully, fairly and in a transparent manner’. This requires us to identify a lawful basis under Article 6 GDPR. Our lawful basis for collecting the above categories of personal data are:
Article | Description |
6(1)(b) | Contractual: Processing is necessary for the performance of our contract with you as an applicant for the CIP Awards 2025/26 (or in order to enter into a contract). Without this information we would not be able to process your data to provide the contracted services or provide the support necessary to fulfil that contract. |
6(1)(e) | Public Task: Where “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” We are classed as public authority for the purposes of data protection law with the right to process personal data in order to carry out our public interest task as a university, such as providing higher education services, conducting research and the ancillary operations that help us deliver education and research. We rely on ‘public task’ as the lawful basis of processing where the processing is in relation to the University acting in the capacity of a public authority. |
We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. We limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.
We utilise many different storage solutions and IT systems, some of which are outsourced to third party providers. Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure.
Your personal information will only be disclosed to third parties where we have an
appropriate lawful basis to do so, which may include the following:
relationship with you, such as software service providers providing externally
hosted software solutions.
We do not transfer your personal data to any countries outside of the UK.
We will retain your personal data for as long as it is required to fulfil the purpose for which is it held and then to fulfil any legal requirements.
The final date for this has been identified as September 2027. If this date changes due to the requirements of the CIP Awards 2025/26, we will notify you.
GDPR provides individuals a number of rights in relation to the processing of personal data, each of which may apply to differing degrees’ dependent upon the nature of the processing and the legal basis for it. You have the right to:
In certain circumstances, you may also have the right to:
Northumbria University’s Data Protection officer is Duncan James. To exercise your rights, or if you wish to raise a concern about our processing of your data, please contact the DPO on +44 (0)191 243 7357 or via email at dp.officer@northumbria.ac.uk.
If you are dissatisfied with our processing of your data, or a response to a complaint you have made to us, you have the right to complain to the ICO via Telephone: 0303 123 1113 (local rate) or 01625 545 745, via email: casework@ico.org.uk or for more information see Information Commissioner’s web site.
Brought to you by