Data Controller

Cardiff University is the Data Controller and is committed to respecting and protecting your personal data in accordance with your expectations and Data Protection legislation. The University has a Data Protection Officer who can be contacted at Further information about data protection, including your rights and details about how to contact the Information Commissioner’s Office should you wish to complain, can be found at the following:

Lawful Basis for Processing

Under data protection law we have to specify the legal basis that we are relying on to process your personal data. In providing your personal data for this research we will process it on the basis that doing so is necessary for our public task for scientific and historical research purposes in accordance with the necessary safeguards, and is in the public interest. The University is a public research institution established by royal charter to advance knowledge and education through its teaching and research activities. Our charter can be found on the Cardiff University website.

Period of Data Storage

Your data will be kept for 10 years in accordance with guidelines from the Medical Research Council.

Your Rights

You have a number of rights under data protection law and can find out more about these on our website. Note that your rights to access, change or move your personal data are limited, as we need to manage your personal information in specific ways in order for the research to be reliable and accurate. If you wish to withdraw at any time please contact us. If you withdraw from the study, we will discuss whether we can use the data collected or whether you would prefer for your details to be removed from the study. To safeguard your rights, we will use the minimum personally identifiable information possible.