SPECTRUM Privacy Statement

Updated November 2021


The Shaping public health polices to reduce inequalities and harm Consortium (known as SPECTRUM) is committed to respecting your privacy and protecting your personal data. Please read this Privacy Statement carefully. It describes why and how we collect and use personal data and provides information about your rights.

Who we are

SPECTRUM is a multi-university, multi-agency research consortium focused on the commercial determinants of health and health inequalities funded by the UK Prevention Research Partnership. It includes the Universities of Bath, Bristol, Cardiff, Edinburgh, Nottingham, Sheffield, Stirling, King's College London, London School of Hygiene and Tropical Medicine, University College London and the Australian National University. It also includes the main public health agencies (Office for Health Improvement and Disparities, NHS Health Scotland and Public Health Wales) in Great Britain.  Additionally, partners include The Retail Data Partnership and the Alcohol Health Alliance, Smokefree Action Coalition, Obesity Health Alliance, NCD Alliance and the Poverty Alliance.

For data collected under this Privacy Statement, the University of Edinburgh is the Data Controller. Under UK GDPR, ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where data collected is related to our Knowledge Exchange Workshops, The University of Edinburgh is joint Data Controller with The University of Stirling.

You can contact the University of Edinburgh Data Protection Officer at dpo@ed.ac.uk.

Our data protection policy is on our website at https://www.ed.ac.uk/data-protection/data-protection-policy

The University of Edinburgh’s website privacy policy is located at https://www.ed.ac.uk/about/website/privacy  

Data we collect about you and how we use it

We will use your data in a fair and transparent way, and not in any way that is unduly detrimental, unexpected or misleading to you. We will only collect the data that we require for the purposes listed below.

Who do we collect data from?

When do we collect it?

What data do we collect?

How do we use it?

External stakeholders and interested members of the public


When registering to attend, or agreeing to speak at a SPECTRUM event


Contact details including name, email address, job title, work organisation, and dietary or accessibility requirements


To facilitate attendance or participation in SPECTRUM events, including the Annual Meeting, seminars, webinars, training events and educational workshops. If you are a speaker/facilitator, we will also use your information to promote the event and inform others about the content.


External stakeholders and interested members of the public








When registering to attend, or agreeing to speak at a SPECTRUM event








Video recordings and photography from our events, which may be online or in person








Video recordings of content presented at events may be published on the website and shared on social media.

Photographs from events may be used in promotional material or presentations about SPECTRUM and shared on social media.

We will always notify participants if an event is being recorded and/or if photographs will be taken. We will do our best to omit anyone who does not wish to be filmed and/or photographed, and will carefully review content prior to publishing to ensure you are not included in any footage or images.

Posting images and/or video on our website or social media channels constitutes international transfer of data. This will only be done with explicit consent of the individual(s) concerned.  


External stakeholders and interested members of the public


When signing up to receive our newsletter via the SPECTRUM website


Name, email address, job title, work organisation


If you have provided your consent, we will use this information to send you our newsletter and to notify you of future events or other relevant news and opportunities from our networks.


Members of the SPECTRUM Consortium


When joining the Consortium


Name, email address, job title, work organisation


To notify you of future events, relevant news and opportunities from our networks, and send you our newsletter. These are core functions of SPECTRUM.


Members of the SPECTRUM Academy


When joining the Consortium


Name, email address, job title, work organisation


For the delivery of the SPECTRUM Academy, including meetings, events and training opportunities.


Visitors to the SPECTRUM website

When visiting the SPECTRUM website

IP address, operating system and browser information where this is available

For more information on our use of cookies and details of how the University of Edinburgh is committed to preserving your privacy, please see the Privacy and cookie Policy information webpages.


We do not use profiling or automated decision-making processes. A human decision maker will always be involved before any decision is reached in relation to your data and its use.

Legal basis for using your information

We use consent for processing your personal data for the purpose of adding details of external stakeholders and interested members of the public to our mailing list.

To allow us to perform tasks for the day-to-day running of SPECTRUM, the legal basis for using your information will be legitimate interest. We may also process your information under the legal basis of contract, where this processing is necessary for a contract you have with us.

How we store and share your information

University staff working for SPECTRUM in communications and operational roles (such as staff who may assist with the organisation of events and meetings) will have access to your personal information. Information about you will be stored securely with controlled access.

Information that you share with us may be processed by the following third parties, when their services are required to deliver our events or other work.

  • Dotdigital for the delivery of newsletters and mailings
  • Eventbrite and Zoom to facilitate event registrations
  • Videography and photography companies at events
  • Co-hosts of events and conferences
  • Other participating institutions in SPECTRUM, where they are delivering work for the Consortium (e.g. events or developing research that may be of interest to you)
  • Other departments and services within the University of Edinburgh (e.g. IT, reprographics)
  • Research funding bodies (e.g. for reporting or audit of financial records)

Personal data will not be shared with external service providers other than those acting on the instructions of the University of Edinburgh or the University of Stirling. Where this is the case, a written contract will be put in place with the provider to set out the purposes for which the information can be used and the security measures that must be in place. This contract will ensure that the service provider agrees never to use your data for any additional purposes not set out in the agreement.

Otherwise, unless required to do so by law, we will not share, sell or distribute any of the information you provide to us without your consent.

How long will your information be held?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected and, in some cases, so we can comply with our legitimate and contractual obligations. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

However, some images, recordings or written comments may be retained permanently once they are published and be kept as an archive of University life. 

In the case of subscribed services, such as our newsletter, you can opt out of our mailing lists at any time.

We will retain personal information about SPECTRUM members as long as it is required to manage the grant and comply with funder reporting requirements.

Your data protection rights

Under UK GDPR and the amended Data Protection Act 2018, you have rights including:

  • Your right to be informed - You have the right to be informed how your personal data is collected and used.
  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

More details are available from the Information Commissioner’s Office.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact Consortium Manager, Sancha Martin at sancha.martin@ed.ac.uk if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you may in the first instance contact the University Data Protection Officer at dpo@ed.ac.uk

If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113