<!DOCTYPE html>
<html>
<head>
 <title>Research Database Application (ReDA) Privacy Policy</title>
</head>
<body>

<h1>Research Database Application (ReDA) Privacy Policy</h1>

<p>A PDF version of this policy is available for download here: <a href="[Link to PDF version]">ReDA Privacy Policy</a></p>

<h2>Introduction</h2>

<p>Infonetica Ltd ("Infonetica") provides the Research Database Application (ReDA) service. In doing so, we hold the personal information of registered ReDA users.</p>

<p>Infonetica acts as a <strong>data processor</strong> under the UK GDPR and the Data Protection Act 1998 ("the Act"). We have specific obligations regarding the processing of personal information. This privacy policy outlines how Infonetica handles personal data related to the ReDA service. <strong>Please note that our Customer is the data controller.</strong></p>

<p>For services where Infonetica acts as a data controller, please refer to our General Privacy Policy (<a href="http://infonetica.net/general-privacy-policy/">http://infonetica.net/general-privacy-policy/</a>). </p>

<h2>Who we are and how you can contact us</h2>

<p>We are Infonetica Ltd (company number 04503405), with a registered address at: The Lower Ground Floor Office, The Civic Centre, High Street, Esher, Surrey, KT10 9SD.</p>

<p>You can contact us:</p>

<ul>
 <li><strong>In writing:</strong> At the address above.</li>
 <li><strong>By email:</strong> <a href="mailto:enquiries@www.infonetica.net">enquiries@www.infonetica.net</a></li>
 <li><strong>By phone:</strong> 0208 334 6900</li>
</ul>

<h2>ReDA</h2>

<p>ReDA is a software application owned and operated by Infonetica. Organizations wishing to use the ReDA service ("Customers") must register with Infonetica. Once registered, ReDA accounts are created for individuals within or affiliated with the Customer.</p>

<h2>Registered Users</h2>

<p>When a ReDA account is created, the registered user must provide a small amount of personal data either:</p>

<ul>
 <li><strong>Directly:</strong> Via the Customer's ReDA access webpage (provided by Infonetica).</li>
 <li><strong>To the Customer's systems administrator:</strong> Who will create the ReDA account and transmit the relevant personal information to Infonetica.</li>
</ul>

<p>This personal data is held by Infonetica in a database on secure servers located in the United Kingdom.  The personal data held includes:</p>

<ul>
 <li>Name</li>
 <li>Organisational identifier</li>
 <li>Department</li>
 <li>Email address</li>
 <li>Username</li>
 <li>Role </li>
 <li>Other information required by Infonetica to provide the ReDA service</li>
</ul>

<p><strong>We only store data necessary to provide the ReDA service.</strong></p>

<p>Personal information about an account is available to the relevant ReDA systems administrators via the ReDA Administration Interface. This information is used by the administrator to:</p>

<ul>
 <li>Identify and contact the individual.</li>
 <li>Generate statistics about the usage of ReDA accounts.</li>
</ul>

<h2>ReDA System Administrators</h2>

<p>ReDA system administrators are appointed by Infonetica and the Customer through a joint approval process. They are subject to terms and conditions that include adhering to appropriate privacy legislation.  These terms are outlined in a separate contract but are summarized below:</p>

<h3>Administrator Responsibilities:</h3>
<ul>
 <li>Ensure that access to a resource is only given to authorized individuals under the terms of the resource license.</li>
 <li>Terminate ReDA access promptly when appropriate.</li>
 <li>Keep ReDA usernames, passwords, and other personal information confidential.</li>
 <li>Ensure that information concerning ReDA account holders is accurate.</li>
 <li>Investigate cases of suspected abuse or inappropriate content.</li>
</ul>

<h3>Individual User Responsibilities:</h3>

<ul>
 <li>Keep their account confidential and do not permit any third-party access.</li>
 <li>Use their account only for the purpose for which it was issued by the Customer.</li>
 <li>Accept the terms of this ReDA Privacy Policy.</li>
</ul>

<p><em>These lists highlight the core obligations related to personal privacy but do not represent the entirety of Administrator and User responsibilities.</em></p>

<h2>Information Provided by ReDA Administrators</h2>

<p>Each ReDA administrator must provide Infonetica with the following personal data:</p>

<ul>
 <li>Name</li>
 <li>Email address</li>
 <li>Telephone numbers (working and non-working hours, where requested by the Customer).</li>
</ul>

<p>Infonetica will hold this information on the ReDA database and use it to contact system administrators regarding the ReDA accounts for which they are responsible.</p>

<p>Customers must also input at least two of the following identifiers into the ReDA system:</p>

<ul>
 <li>A contact name</li>
 <li>A telephone number</li>
 <li>An email address or URL </li>
</ul>

<p>This enables registered users to contact their ReDA administrator with ReDA-related inquiries. This information is visible to registered users on the ReDA website.</p>

<h2>Data Retention</h2>

<p>Infonetica will retain the personal data of systems administrators for as long as they remain the nominated ReDA administrator for the Customer.  Data will be deleted upon account deletion.</p>

<p>We will keep the personal data of registered users while they remain registered. This information is deleted when:</p>

<ul>
 <li>The account is deleted by the system administrator.</li>
 <li>6 years after the contract with our Customer has ended (whichever is later).</li>
</ul>

<p>Following account deletion, ReDA will still hold statistical information about the account. However, this information is linked only to the username and/or a Persistent ID. This link does not allow access to any personal information about the individual.</p>

<h2>Business Transfer</h2>

<p>If Infonetica or the ReDA service is sold or integrated with another business, details of all registered users within ReDA would be passed on to the new owners of the business.</p>

<h2>Cookies</h2>

<p>A "cookie" is a small text file that a website transfers to your browser on your computer's hard drive. Cookies enable the website to recognize your browser and remember certain information.</p>

<p>ReDA uses or may use the following types of cookies:</p>

<ul>
 <li><strong>Session Cookies:</strong> These remain in your browser's cookie file for a maximum of eight hours after creation or until you close your browser. They contain the ReDA username and an ReDA token, facilitating the ReDA single sign-on service. This allows access to all ReDA registered resources to which a user is entitled.</li>

 <li><strong>Persistent Cookies:</strong> These remain in your browser's cookie file until deleted or for eighteen (18) months from their creation. <strong>At the time of writing, this type of cookie is not used by ReDA, but Infonetica foresees situations where it may be required in the future.</strong></li>
</ul>

<p>You can set your browser to warn you before accepting cookies and refuse them when alerted.</p>

<h2>Refusal/Deletion of Cookies</h2>

<p>You can refuse cookies by adjusting your browser settings; however, this may limit your ability to use all ReDA features.  You can easily delete any cookies that have been installed. Please consult your browser's documentation for instructions on managing cookies.</p>

<h2>Access to Your Personal Information</h2>

<p>Registered users can view their personal information held by logging into ReDA with their username and password. Users are responsible for maintaining their information; however, administrators can also update and monitor it.</p>

<h2>Scope of this Privacy Policy and Updates</h2>

<p>This privacy policy applies only to the use of your personal information by Infonetica in connection with the ReDA service.</p>

<p><strong>The use of personal data or information by the Customer or any resource provider is governed by their own privacy policies. Infonetica is not responsible for their use of your personal information.</strong></p>

<p>Infonetica may update this privacy policy periodically.  Any changes will be posted on the ReDA website or at a location chosen by the Customer. Regularly reviewing this policy ensures you are aware of the personal data Infonetica holds and how it is used.</p>

<h2>Security of Your Personal Information</h2>

<p>Infonetica takes appropriate technical and organizational measures to secure your personal data. Our servers are located in secure data centers with physical access limited to authorized staff. All data transmissions to and from the ReDA database are encrypted.  Password information sent to ReDA is hashed (a form of one-way encryption) before being stored in the database.</p>

<p>Data is processed automatically by Infonetica's systems without human intervention.  Our staff is trained on the importance of data privacy and adheres to the principles and requirements of the Act. We strive to ensure compliance with this privacy policy.  Personal data held by Infonetica is never modified or disclosed to third parties, except as described in this policy.  We continually monitor and improve our security measures to protect the confidentiality and appropriate use of your information.</p>

<h2>Queries or Complaints</h2>

<p>If you have any inquiries, please contact the Customer in the first instance (as they are the data controller).</p>

<p>Direct any questions or concerns about this privacy policy or Infonetica's compliance with the Act to:</p>

<p>
Infonetica<br>
The Lower Ground Floor Office<br>
The Civic Centre, High Street<br>
Esher, Surrey KT10 9SD
</p>

<p>You can also contact us by:</p>

<ul>
 <li><strong>Email:</strong> <a href="mailto:enquiries@www.infonetica.net">enquiries@www.infonetica.net</a></li>
 <li><strong>Telephone:</strong> +44 (0) 208 334 6900 </li>
</ul>

<h2>Disclaimer</h2>

<p>This document outlines the fundamental privacy principles for the ReDA system.  Our Customers may specify different criteria, and therefore, some aspects of this document may not always apply.</p>


</body>
</html>