The Business, Energy and Industrial Strategy Department (BEIS) is committed to protecting the privacy and security of your personal data. This notice describes how we collect and use your personal data in accordance with data protection law, including the UK General Data Protection Regulation (UK GDPR) and data protection law (ODA) 2018.

BEIS is the data controller. This means that we are responsible for deciding how we hold and use your personal data. We are required under data protection legislation to inform you of the information contained in this privacy notice.

This notice explains your rights and the purposes for which we use your information.

About the Research Collaboration Advisory Team (CATR)

the CATR offers researchers guidance on how to protect their work from hostile activity, ensuring international collaboration is safe. We promote government advice on security-related topics, such as export controls, cybersecurity and intellectual property protection. We work with higher education institutions and across government to better understand the risks facing the research sector.

Your data

We will process the following personal data:

  • names, business contact details and contact details of our contact points within higher education and research institutions
  • names, professional contact details and contact details of staff and researchers within higher education, research institutions and their current and potential research collaboration partners


The purpose for which we process your personal data is to provide higher education research institutions with advice and support on reliable research advice and the security of research collaboration, and to better understand national security risks. in research.

The legal basis for the processing of your personal data is:

  • public task: processing is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller. In this case it is for BEIS perform the function of providing higher education research institutions with advice and support on reliable research advice and the security of research collaboration, and better understand national security risks in research.


We will share your personal data with third parties when:

  • required or permitted by law
  • it is in the public interest to do so, including national security considerations
  • you authorize us to do so
  • it is necessary for the performance of our functions as a government service, including in relation to sharing information with other UK government services and agencies

We will also share your personal data with the police and other law enforcement agencies where necessary for the prevention, investigation, detection or prosecution of criminal offenses, and other regulatory authorities where this is necessary for the purposes of their regulatory functions. .

As your personal data will be stored on our IT infrastructure, it will also be shared with our data processors Microsoft and Amazon Web Services.

Data Security

We have measures in place to protect the security of your information.

We have agreements in place with all data processors, independent or joint data controllers.

We take the security of your data very seriously. We have strict security standards, and all of our staff and others who process personal data on our behalf receive regular training on how to protect the information.

Where possible, personal data is minimized, aggregated or anonymized.

We have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect about you.

Additionally, we limit access to your personal information to those who have a business or legal need.

We have procedures in place to deal with any suspected breach of data security and will notify you and the regulator of a suspected breach when we are legally required to do so.

All organizations we work with are required to agree to move, process and destroy data securely, i.e. in accordance with the principles set out in the UK Government Security Policy Framework, published by the Cabinet Office, when handling, transferring, storing, accessing or destroying information.


Personal data is stored in accordance with the BEIS retention and disposal policy. We aim to retain your personal information for as long as necessary for the purposes for which we use it and in accordance with our retention and disposal policy.

In certain circumstances, we will anonymize your personal information so that it can no longer be associated with you, in which case we will use that information without further notice. Your personal data will be kept by us for up to 10 years.

your rights

You have the right to:

  • request information about how your personal data is processed and request a copy of that personal data
  • request that any inaccuracies in your personal data be rectified without delay
  • request that any incomplete personal data be completed, including by means of a supplementary declaration
  • request that your personal data be erased if there is no longer a reason for it to be processed
  • in certain circumstances (for example, where the accuracy is disputed) to request that the processing of your personal data be restricted
  • object to the processing of your personal data where it is processed for direct marketing purposes
  • object to the processing of your personal data

International transfers

Your personal data will be processed in the UK.

Your personal data will not be processed in the European Economic Area (EEA) or by any international organization.

As your personal data is stored on our IT infrastructure and shared with our data processors Microsoft and Amazon Web Services, it may be transferred and stored securely outside the European Economic Area. Where appropriate, it will benefit from equivalent legal protection through the use of standard contractual clauses.


If you believe your personal data has been misused or mistreated, you can lodge a complaint with the Information Commissioner, who is an independent UK regulator. The Information Commissioner can be contacted at:

Any complaint to the Information Commissioner is without prejudice to your right to seek redress in court.

The controller of your personal data is the Department for Business, Energy & Industrial Strategy (BEIS). You can contact the BEIS Data Protection Officer at: