AHRC Creative Communities CIP Awards 2025-26 Privacy Notice

  1. Introduction and Data Controller  

For the purpose of the AHRC Creative Communities Community Innovation Practitioner (CIP) Awards 2025/26 the University of Northumbria at Newcastle and UK Research and Innovation – Arts and Humanities Research Council (AHRC) are considered Joint Data Controllers. 

University of Northumbria at Newcastle (“we”, “our”, “us”) is registered with the Information Commissioner’s Office as a Data Controller with Registration Number Z7674926.  

Joint Data Controllers are organisations that jointly determine the purposes and means by which personal data are processed. These purposes have been identified as: 

  • To facilitate the administration of the AHRC Creative Communities CIP Awards 2025/26 as a joint programme, including the assessment and selection of applicants, and the delivery of funding for successful applicants. 
  • To have a record of activity proposed/agreed to be undertaken by successful applicants so that proper support may be given in the delivery of funding awards.  
  • Wider analysis of application data to identify appetite and scope for further funding activity, including development of possible future programming. 

We are committed to processing personal data in accordance with our obligations under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.  

This privacy notice describes how and why we process personal data in relation to applicants for the CIP Awards 2025/26 (“you”, “your”) for the purpose of processing your application for the CIP Awards 2025/26 and explains how you can control the processing of your data or exercise your rights under the GDPR.  

  1. Why Do We Process Your Personal Data? 

We collect your personal data if you submit an application to apply for the Creative Communities CIP Awards 2025/26. We may ask for personal information that we will use to help process your application.  

  1. Categories of Personal Data We Process 

Personal data, or personal information, means any information about an individual from which that person can be identified. To carry out our activities and to manage our relationship with you, we may collect, store, and process the following categories of data about you or members of your research team: 

  • Your name, address, and other contact details 
  • The name, address, and other contact details of members of your research team 
  • Details of your research interests and areas of study 
  • Employment details, including job title/occupation, employer, and location 
  1. The Lawful Basis for Processing Your Data 

The first principle of the GDPR requires that whenever an organisation processes personal data, it must be processed ‘lawfully, fairly and in a transparent manner’. This requires us to identify a lawful basis under Article 6 GDPR. Our lawful basis for collecting the above categories of personal data are:   

Article Description 
6(1)(b) Contractual: Processing is necessary for the performance of our contract with you as an applicant for the CIP Awards 2025/26 (or in order to enter into a contract). Without this information we would not be able to process your data to provide the contracted services or provide the support necessary to fulfil that contract. 
6(1)(e) Public Task: Where “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”  We are classed as public authority for the purposes of data protection law with the right to process personal data in order to carry out our public interest task as a university, such as providing higher education services, conducting research and the ancillary operations that help us deliver education and research. We rely on ‘public task’ as the lawful basis of processing where the processing is in relation to the University acting in the capacity of a public authority. 
  1. How Do We Keep Your Personal Data Secure?   

We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. We limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.  

  1. Sharing Your Personal Data with Third Parties  

We utilise many different storage solutions and IT systems, some of which are outsourced to third party providers. Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure. 

Your personal information will only be disclosed to third parties where we have an 

appropriate lawful basis to do so, which may include the following: 

  • With third parties who securely process data on our behalf in order to facilitate our 

relationship with you, such as software service providers providing externally 

hosted software solutions. 

  • Third parties will also include those involved in reviewing, administering, and making a final funding decision for the CIP Awards 2025/26 applications, including a panel of expert reviewers, as well as the wider UK Research and Innovation (UKRI) team beyond Arts and Humanities Research Council 
  1. Transfers to Countries Outside of the UK 

We do not transfer your personal data to any countries outside of the UK. 

  1. How Long Will Your Personal Data Be Held?  

We will retain your personal data for as long as it is required to fulfil the purpose for which is it held and then to fulfil any legal requirements.  

The final date for this has been identified as September 2027. If this date changes due to the requirements of the CIP Awards 2025/26, we will notify you. 

  1. What Are Your Rights Under GDPR  

GDPR provides individuals a number of rights in relation to the processing of personal data, each of which may apply to differing degrees’ dependent upon the nature of the processing and the legal basis for it. You have the right to:  

  • Request that we stop sending you direct marketing communications 

In certain circumstances, you may also have the right to:   

  1. Data Protection Officer (DPO) Contact Details  

Northumbria University’s Data Protection officer is Duncan James. To exercise your rights, or if you wish to raise a concern about our processing of your data, please contact the DPO on +44 (0)191 243 7357 or via email at dp.officer@northumbria.ac.uk

  1. Lodging a Complaint with the Information Commissioners Office (ICO)  

If you are dissatisfied with our processing of your data, or a response to a complaint you have made to us, you have the right to complain to the ICO via Telephone: 0303 123 1113 (local rate) or 01625 545 745, via email: casework@ico.org.uk or for more information see Information Commissioner’s web site.  

Brought to you by