Privacy notice
How RVRC Hub handles personal data.
Data controller
NMIS, University of Strathclyde, is the data controller for RVRC Hub user accounts, company information and audit data. Participating companies are controllers of their own DPP content, which is held by their DPP provider and not by RVRC Hub.
Lawful basis for processing
Personal data is processed under the legitimate interests of operating a research testbed, with consent relied upon for specific communications such as email notifications.
Categories of personal data
RVRC Hub processes: display names, email addresses, company affiliations, role assignments, login timestamps and IP addresses, access request purposes and audit event metadata.
Recipients
Data may be shared with: the configured identity provider (Keycloak), the configured transactional email provider, and DPP providers when federation occurs for data access. Audit data is accessible to NMIS site administrators.
Retention
Account data is retained for the lifetime of the testbed programme. Audit events are retained indefinitely for governance purposes. Notifications are pruned after 180 days when read. Users may request account deletion subject to the constraints described in the terms.
Your rights
You have the right to access, rectify, erase, port, restrict and object to the processing of your personal data. To exercise these rights, contact the NMIS Data Protection Officer via the University of Strathclyde.
International transfers
RVRC Hub is hosted in the United Kingdom. Where DPP providers operate outside the UK, data transfers are governed by the provider relationship and applicable UK GDPR provisions.
This privacy notice is for the RVRC Hub Stage 1 testbed and may be updated as the programme evolves.