Deposit your research outputs in Symplectic
Symplectic and data protection
This is the University’s data protection policy for the Symplectic Publications system; the central repository for information about all publications authored by University members of staff and postgraduates. It is commercial software licensed from Symplectic and is hosted by the University of Leeds IT Service.
For more information read the Symplectic Privacy Notice.
Data protection
The University recognises the importance of personal privacy and ensures that all personal data is processed in accordance with the UK data protection regulations. Compliance is overseen by the Information Governance Team in conjunction with colleagues across the institution. The University is registered as a Data Controller on the ICO register.
Under UK data protection regulations, you have a right of access to your data and a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent. If you would like to exercise these rights, or if you have any concerns or questions relating to data protection, then please contact our Research Services team.
You can also contact the University of Leeds Data Protection Officer.
If you are unhappy with the way in which the University of Leeds has handled your personal information you have the right to complain to the Information Commissioner’s Office. Read more information on reporting a concern to the Information Commissioner’s Office.
ORCID iD
An ORCID iD is required for all research active staff which you should actively link to your Symplectic profile by authenticating against the ORCID system.
In addition to its use in Symplectic and White Rose Research Online, the University may transfer your ORCID iD to other corporate systems, to link it to your HR record for example. It may also be passed to the Higher Education Statistics Agency (HESA).
Notes:
- When you leave the University, you can remove your ORCID iD which otherwise will be retained in the system as part of your archived account (accessible to administrative users only). For information about how to do this, please see the ORCID quick start guide or contact our Research Services team.
- The University does not control your ORCID which is owned by you. To delete it from the ORCID database see the ORCID Support article about deactivating an ORCID account.
Data privacy within Symplectic
Symplectic has been designed to include broad default levels of data privacy. In some instances, this is configurable by system administrators to alter the behaviour of the system starting from these default privacy levels.
The most basic aspect of privacy is that the general public cannot directly access any data stored in the system. Some form of authentication is first required, typically by securely logging in to the web application. This restricts all data access to the controlled list of users of the system managed by system administrators at the University of Leeds.
All users assigned rights to use the publications, users, teaching activities or professional activities modules can, by default, access all other users' data in the same categories. This is so researchers are able to search for and find each other and are able to discover information about the published research outputs, teaching and professional activities of institutional colleagues, as well as enter and maintain information about their own research activities. Researchers are encouraged to ‘claim’ joint ownership of shared items, such as jointly authored research outputs, to create an accurate picture of research activities across the University.
There are targeted controls within Elements to opt-out of the institution-wide sharing of some of this information. There's the ability to prevent the display of individually claimed publications on individual users' internal profile pages by accessing the item level privacy settings (manage privacy settings icon).
How to manage your privacy in Elements
In the Symplectic interface, the red oval shown in the image below indicates the location of the privacy settings icon:
After selecting the privacy settings icon, a window appears showing your options. The top setting, relating to the ‘research output privacy’ is set to ‘public’ by default, but a user is able to hide their ‘relationship’ to a particular output by choosing the ‘private’ option, as shown:
Data privacy outside of Symplectic
There are two ways that data can flow out of Elements: through third-party databases and from active data extraction.
Searching third party databases
In order to search online data sources such as PubMed, Scopus or Web of Science for research outputs that are potentially associated with researchers at the University of Leeds, Symplectic actively pushes certain user data to several third-party services. The data supplied to these third-party services is just enough to perform those searches. For a typical researcher this might include publishing name variants, an ORCID iD and other identifiers (eg an email address). All such functionality can be disabled by you on a per data source and per user basis whenever you wish to do so. Please see the Personal Data section below for more information.
Active data extraction
Data can be actively extracted from the system, either manually from the user interface or programmatically from the system API (Application Programming Interface) or Reporting Database.
These methods are only available to users assigned the appropriate rights and credentials.
Administrative staff in the Libraries and IT, along with your named faculty OA contact, have access to the internal reporting interface (eg for REF compliance checking) and your faculty or school has access to the API (eg to generate the publication list on your web profile). Currently the Reporting Database is used to populate data in the IRIS system.
Personal data
The types of personal data that the system typically processes will include: name; contact information; supplementary identifiers (eg ORCID iD, institutional identifiers, photos); basic professional information (eg job title, place of work/area of research/department); research biography information (eg publication and affiliation history).
Use of personal data
As an automated aggregation and reporting platform, the following core activities that involve the processing of personal data may be carried out by the system on your behalf:
- sharing of users' profiles with other users within your institution
- collecting and storing personal data that users may upload about themselves or other data subjects, which may or may not be shared with other users
- collecting and storing personal data about users from third-party data sources (see the Researcher Profiles section below)
- formatting personal data to make it easier to understand and report on (eg by automatically merging duplicate publication records from external sources)
- suggesting possible corrections, improvements or additions to personal data to appropriate users of the system (eg by asking users whether an ORCID iD is theirs).
Researcher profiles
The University of Leeds has configured the system to connect to third-party data services to perform data searches, to accumulate information about research activities and to build and enrich academic research profiles of University staff. This involves using personal data stored in the system to search for matching additional information held by the providers of those data services (eg by searching the Web of Science using the names of users).
The personal data used in this way is just enough to perform those matches, and may include:
- name variants, including configured publishing name variants
- other search-specific user settings (including research institution affiliations, research career start date, research keywords and journal names)
- various non-research-institution specific researcher identifiers (including arXiv author identifier, Researcher ID, ORCID, SSRN Author ID, Scopus ID).
Automated processing
While Symplectic does enable certain automated processing activities to be performed (such as attempting to match individuals with details of their research activities - see the Researcher Profiles section above) and is capable of carrying out complex instructions based on decisions made by humans (such as ‘whenever you see my ORCID iD in a publication's metadata, please register that publication as mine’), we do not consider these activities to involve the evaluation of any personal aspect relating to the relevant data subject (ie ‘profiling’) nor to be automated decision-making functionality.
Logs
The University of Leeds IT Service maintains logs of its servers’ activities. The server log files include the IP address of each computer which accesses the application. The logs are used to support essential maintenance of the site including analysing how the site is used so improvements can be made. This use comes under the following lawful basis:
“Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller” (from Regulation EU 2016/679).
The University of Leeds IT Service retains server logs for one year.