Privacy Policy

Introduction

At IRUS-UK, we take the responsibility of looking after personal data in our possession seriously. This policy explains what we do with individuals' personal data, particularly with reference to the General Data Protection Regulation (GDPR). In this context:

Who are we?

We are IRUS-UK - a service managed by Jisc and Cranfield University, which generates COUNTER-conformant statistics for participating institutional repositories.

What personal data we collect, where we get it from, what we do with it and why

The following information is needed for us to manage your participation in the IRUS service. We'll use it, as described in our standard privacy notice at https://www.jisc.ac.uk/website/privacy-notice, to provide the service you've requested, as well as to identify problems or ways to make the service better.

The personal data we collect and use can be divided into two key types:

Primary contacts

We collect your name and email address solely to contact you as a participant in the IRUS-UK service; the information is needed for us to manage your participation in IRUS-UK.

In this context we are the data controller.

As part of the service, we will add the IRUS-UK primary contact name to our IRUS-UK Jiscmail list which is used to communicate any issues or updates. The JiscMail service policies are available here https://www.jiscmail.ac.uk/policyandsecurity/index.html.

Retention Period

We'll keep the information until we are told that you are no longer a representative for your institution.

IP addresses

IRUS-UK receives IP addresses relating to usage events transmitted to us by participating repositories via the Tracker Protocol http://irus.mimas.ac.uk/documents/TrackerProtocol-V3-2017-03-22.pdf. This identifying data is necessary to create proxies for user sessions for the initial processing of raw usage data in order to identify and discount robot and rogue usage, as required under the COUNTER Code of Practice.

In this context we are the data processor acting on behalf of the data controllers - the participating institutions.

The lawful basis under which we use IP addresses is legitimate interest, that is, without the IP address information we would not be able to provide you with credible, high-quality statistics.

Retention Period

The COUNTER Code of Practice requires usage statistics to be available for a minimum of 2 years. To support this requirement we retain data for a 2-year period and then destroy it. We only retain data after the completion of initial processing into COUNTER-conformant statistics, in order to:

Keeping personal data secure

We take appropriate security measures to protect personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.

Contact Us

You can contact us regarding your rights under GPDR, or anything else in this privacy notice:

See also: the Jisc standard privacy notice

Jisc logo Evidence Base logo Cranfield logo Give feedback