Privacy Notice for Enlighten Services

Your Personal Data

The University of Glasgow will be what’s known as the ‘Data Controller’ of your personal data processed in relation to depositing, managing and sharing research outputs, and ensuring compliance with funder and government policies in the “Enlighten” repositories. This privacy notice will explain how The University of Glasgow will process your personal data.

Why we need it

We are collecting and processing your personal data as outlined in this privacy notice in order to help you to manage and share your research outputs, and to ensure compliance with funder and government Open Access policies and national assessment exercises. We will only collect data that we need in order to provide and oversee this service to you. The data will be used to populate related university systems including online staff profiles, Performance and Development Review (P&DR) documentation and reporting tools. It will also be used to provide an overview of the University’s research outputs and to support the University’s Key Performance Indicators and submission to assessment exercises.

The personal data we collect will enable us to manage and share data about research outputs with other University systems. This data will include:

  • Information relating to you personally, including your name, individual staff/student number, e-mail address and Glasgow Unique Identifier (GUID)
  • Publicly available unique author identifiers like Scopus IDs and ORCIDs
  • Esteem information which you may provide including research fellowships, prizes, awards and distinctions; membership of editorial boards, learned societies and grants committees
  • Information and selections for assessment exercises including supporting commentary
  • Evidence of Open Access compliance
  • Evidence of Knowledge exchange and Impact which you may provide

Legal basis for processing your data

We must have a legal basis for processing all personal data. In this instance, the legal basis is “Contract”.

What we do with it and who we share it with

The personal data you submit is processed by staff at the University of Glasgow in the United Kingdom, however data which you have consented to be public will be made available on our open website and will be available worldwide.

We also work with third parties, including their authorised employees in the performance of their duties and may transfer this data outside the EEA.

These Third Parties are:

  • ResearchFish

ECS Partners Limited (EPrints Services) provides technical support for Enlighten and have access to our servers to provide system support, subject to strict contractual safeguards to ensure the safe and confidential processing of personal data at all times.


The University uses ResearchFish to report on research outputs linked to publicly available funding.

ResearchFish Privacy statement


Staff who use the Create and Connect ORCID functionality in Enlighten must explicitly authorise ORCID to link to their Enlighten account to share their ORCID and to import and export research outputs from Enlighten to ORCID.

ORCID’s Privacy Policy

How long do we keep it for?

Where your personal data is linked to a research output it will be retained by the University in perpetuity to provide a complete record of the University’s research outputs. Where your personal data is not linked to a research output or activity in Enlighten (e.g. deposit of output) it will be retained for 12 months after you have left the University. After this time, data will be securely deleted.

What are your rights?

You can request access to the information we process about you at any time. If at any point you believe that the information, we process relating to you is incorrect, you can request to see this information and may in some instances request to have it restricted, corrected or, erased. You may also have the right to object to the processing of data and the right to data portability.

If you wish to exercise any of these rights, please contact


If you wish to raise a complaint on how we have handled your personal data, you can contact the University Data Protection Officer who will investigate the matter.

Our Data Protection Officer can be contacted at

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO)