Privacy Notice

The 3Rs self-assessment tools and website are operated by the National Centre for the Replacement, Refinement and Reduction of Animals in Research (“NC3Rs”) (“we”, “us” or “our”). Our registered office is at Gibbs Building, 215 Euston Road, London, NW1 2BE.

The NC3Rs is an independent scientific organisation, tasked by Government with supporting the UK science base through the application of the replacement, reduction and refinement of the use of animals in research (the “3Rs”). Though it is represented legally by the Medical Research Council (“MRC”), which in turn is part of the executive non-departmental public body UK Research and Innovation (“UKRI”), the NC3Rs is managed independently. To avoid doubt, the MRC is the controller of personal data collected through the 3Rs Self-Assessment Tools, but it will only be managed by the representatives of the NC3Rs. Any references to NC3Rs shall mean the MRC or, in the event that MRC ceases to exist, to UK Research and Innovation.

This privacy policy (“Policy”) sets out how we use and otherwise process any personal information that you provide when you use the 3Rs self-assessment tools (pages accessed at https://3rsselfassessment.nc3rs.org.uk/) (the “3Rs Self-Assessment Tools”).

The NC3Rs takes your privacy seriously and recognises the importance of honest and responsible use of your “personal information” (being information which identifies and relates to you, either on its own or when combined with other information held by us. Your name, address and contact details are all examples of your personal information, if they identify you (also known as “personal data”)). The term “process” means any activity relating to personal information, including, by way of example, collection, storage, use, consultation and transmission. We are a “controller” of your personal information. This is a legal term - it means that we make decisions about how and why we process your personal information and, because of this, we are responsible for making sure it is used in accordance with data protection laws.

Should we ask you to provide, or should you choose to volunteer certain personal information about yourself to us when using the 3Rs Self-Assessment Tools, then you can be assured that it will only be used in accordance with this Policy.

The NC3Rs may change this Policy from time to time by updating this page. You should check this page to ensure that you are happy with any changes or information. This Policy is effective from 01/04/2020.

What personal information we collect

When you access our 3Rs Self-Assessment Tools, we may automatically collect standard internet and website log information, as well as information collected through the cookies set out in our cookies policy below (see 'About our use of cookies'). If you want to contact us, or to use certain services we may provide through the 3Rs Self-Assessment Tools from time to time, you will need to provide us with some additional personal information so that we can liaise with you and deal with your request, query or project proposal. If you do choose to provide us with your personal information, we will collect that information for our own use for the purposes described in this Policy.

When using our 3Rs Self-Assessment Tools, users can set up one of three different types of accounts with us which each require different information:

  • Lead user of Research Institution Tool: we require your name, organisation name, title/position, email address, username and justification for why it is appropriate for you to be a ‘lead user’;
  • Lead user of Research Group Tool: we require your email address and username; and
  • Sub-users for either tool - we require your email address and username.

Applications to be a lead-user of the Research Group Tool or a sub-user are automatically approved by our systems, however those applying to be a lead-user of the Research Institution Tool need to be verified by NC3Rs staff as legitimate and appropriate (to prevent incorrect use of our systems).

We may collect the following information:

  • Service Information: if you create an account with us, any internal communications within the 3Rs Self-Assessment Tools (e.g. communications between lead and sub-users) and anything you create or share as part of your account (including your name, email address and username, organisation name, title/position and justification for why it is appropriate for you to be a lead user if relevant);
  • Correspondence Information: details of each request or enquiry you submit to us, whether this is to an NC3Rs email address/other contact method;
  • Technical Information: statistical information relating to page views or use of functionalities for usage monitoring (see 'About our use of cookies');
  • IP address Information: the IP address(es) you use to access the 3Rs Self-Assessment Tools (this information cannot be correlated with any other identifying information without directly accessing another database, which is heavily secured in a different system);
  • Recipient Information: the email address and/or other contact details you provide us with if you use the 3Rs Self-Assessment Tools to send information or requests (e.g. invite sub-users to use the tools) to a third party recipient; and
  • Self-assessment Information: means any personal information that you choose to provide when undertaking a self-assessment (including proposed answers to self-assessment, submitted answers, comments, textual answers and feedback), as set out in more detail in the “3Rs self-assessment tools” paragraph below, and the 3Rs performance score of the assessment submitted by the lead user through the 3Rs Self-Assessment Tools.

Most of this information will be collected primarily from you as information voluntarily provided to us. However, we may also collect it (where lawful to do so) from other individuals that you have agreed may provide your personal information to us. This may include, for example, as part of their request, enquiry or assessment. We may also collect your personal information from government, tax or law enforcement agencies. We may also collect personal information about you from your use of other websites run by the NC3Rs. Where we collect your personal information from other sources, we may combine it with other information we hold about you.

If any of the personal information you have given to us changes, such as your contact details, please update your details within your account without delay. If you do not have a user account then this is not necessary, as the only personal information we collect when you access the 3Rs Self-Assessment Tools is your IP address.

Statistical information on the use of the 3Rs Self-Assessment Tools may be collected to help provide analytics on user engagement and to help with future development.

Please note that, during the self-assessment process, it is possible to provide further personal information to us outside of those categories set out above. We strongly discourage providing any such additional personal information unless it is strictly necessary as part of the services we are providing.

Use of your personal information

We process your personal information for particular purposes in connection with your use of the 3Rs Self-Assessment Tools and the management and administration of our organisation.

We are required by law to always have a permitted reason or justification (called a “lawful basis”) for processing your personal information. There are six such permitted lawful bases for processing personal information. We have set out the different purposes for which we process your personal information and the relevant lawful basis on which we rely for that processing below.

Please note that where we have indicated below that our processing of your personal information is either:

  • necessary for us to comply with a legal obligation; or
  • necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it,

and you choose not to provide the relevant personal information to us, we may not be able to enter into or continue the contract or interaction with you.

We may use information about you for purposes described in this Policy. For example, we will use information about you for the following purposes:

Public interests: This is where us processing your personal information is necessary for the performance of a task in the public interest or in the exercise of official authority vested in us:

  • to respond and/or deal with your request or enquiry – Service Information, Correspondence Information, Self-assessment Information;
  • to evaluate the information you provide to us through the 3Rs Self-Assessment Tools, through our automated assessment procedure – Service Information, Self-assessment Information;
  • to improve the 3Rs Self-Assessment Tools, including diagnosis of technical problems, and to ensure that content from the 3Rs Self-Assessment Tools is presented in the most effective manner for you and for your computer (or other electronic Internet-enabled device) – Technical Information, IP address information;
  • to administer the 3Rs Self-Assessment Tools – Technical Information;
  • for internal record keeping – Service Information, Correspondence Information, Self-assessment Information, IP address Information;
  • where necessary as part of any restructuring – Service Information, Correspondence Information, Technical Information, Self-assessment Information;
  • to monitor access to and use of the 3Rs Self-Assessment Tools and to identify any abuse of the 3Rs Self-Assessment Tools (such as a denial of service attack) – IP address Information.

Legal obligation: This is where us processing your personal information is necessary for compliance with one of our binding legal obligations

  • for compliance with legal, regulatory and other good governance obligations – Service Information, Correspondence Information, Technical Information, Self-assessment Information.
  • to enable secure management of account – Service Information, IP address Information.

Contract: This is where us processing your personal information is necessary for the performance of a contract with you (or to take steps at your request prior to entering into a contract with you)

  • see the “3Rs Self-assessment tools” paragraph below;
  • to provide the services requested by you in accordance with our terms and conditions, including password resets and dealing with queries – Service Information;
  • to enable users to register an anonymised form of authentication in the 3Rs Self-Assessment Tools – Service Information;
  • used in communication to assure users that it is a legitimate communication (e.g. password reset, account disabled) – Service Information
  • to enable users to create an account in the 3Rs Self-Assessment Tools – Service Information
  • to ensure legitimate registration – Service Information
  • to allow users to control and maintain access to their account – Service Information
  • for legitimate 3Rs Self-Assessment Tool functionality for example, to allow users to input comments, provide proposed answers, submit final answers, and undertake the self-assesments and obtain feedback on it – Service Information

Legitimate interests: This is where us processing your personal information is necessary for the purposes of the legitimate interests pursued by a third party (the 3Rs Self-Assessment Tool user)

  • to allow 3Rs Self-Assessment Tool users to send information or a request (e.g. an invite to become a sub-user) to a third party recipient (the legitimate interest pursued being the ability of the user to invite other users to assist with the application being submitted) – Recipient Information
  • to authorise lead users of the Research Institution Tool – Service Information

This list may be updated from time to time as business needs and legal requirements dictate. Some of the personal information that we hold will be kept in paper files, while other personal information will be included in computerised files and electronic databases.

In most cases, the information we process about you is required to deal with your request, enquiry, submission(s) through the 3Rs Self-Assessment Tools, is required by law or is necessary for the exercise of our legitimate business interests and needs, in which case special care is taken to safeguard your rights and to ensure any such use is proportionate.

We may also convert personal information about you (which may include Self-Assessment Information) into anonymous data and use it (normally on an aggregated statistical basis) for research and analysis.

Special category personal information

We are required by law to treat certain categories of personal information with even more care than usual. These are called sensitive or special categories of personal information and different lawful bases apply to them. We will only collect special categories of personal information if you voluntarily provide them to us. We will not ask for your special categories of personal information and encourage you not to provide us with it.

Third parties

Sometimes we need to disclose your personal information to other people and/or organisations. Details of the data sharing we undertake are set out below.

Inside the MRC/UKRI Group

Your personal information will be made available for the purposes mentioned above (or as otherwise notified to you from time to time), on a ‘need-to-know’ basis and only to responsible management, legal, audit, compliance, information technology and other corporate staff who properly need to know these details for their functions within the NC3Rs.

We will also need to share your personal information with other organisations in the group for our general business purposes/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis, for example IT support and the group’s project management board.

Access rights between members of the Medical Research Council (“MRC”) group are limited and granted only on a need to know basis, depending on job functions and roles.

Where any MRC group organisations process your personal information on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal information is protected and we will enter into a written contract imposing appropriate security standards on them.

Outside the MRC/UKRI Group

Your personal information may also be made available to third parties providing relevant services under contract to us. These companies may use information about you to perform their functions on our behalf (as processors). We have put in place various security and data privacy measures, including with such third parties, in order to protect personal information. Examples of these third party service providers include service providers and/or sub-contractors, such as IT systems software and maintenance, back up, and server hosting providers. We will also share your IP address information with Google Analytics to monitor access to the 3Rs Self-Assessment Tools (see below for further information).

In certain circumstances, we will also disclose your personal information to third parties who will receive it as controllers of your personal information in their own right for the purposes set out above, in particular:

  • if we transfer, purchase, reorganise, merge or sell any part of the organisation or the business of a third party, and we disclose or transfer your personal information to the prospective seller, buyer or other third party involved in a transfer, reorganisation or merger arrangement (and their advisors); and
  • if we need to disclose your personal information in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our staff, 3Rs Self-Assessment Tools users or others.

We have set out below a list of the categories of recipients with whom we are likely to share your personal information:

  • providers of IT support and maintenance, for example the MRC and Wubbleyou Ltd;
  • consultants and professional advisors including legal advisors and accountants;
  • courts, court-appointed persons/entities, receivers and liquidators;
  • business partners and joint ventures;
  • trade associations and professional bodies; and
  • insurers.

We may also share your personal information with third parties (including to obtain feedback from other users), as directed by you. Please see the ‘3Rs self-assessment tools’ section below for further information on how your personal information is shared with lead users/sub-users through your use of the platform.

We may also disclose specific information upon lawful request by government authorities, statutory and regulatory bodies including the Information Commissioner’s Office, the police and Her Majesty’s Revenue and Customs law enforcement and regulatory authorities where required or permitted by law and for tax or other purposes.

Analytics

When you use the 3Rs Self-Assessment Tools, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the platform. This information is only processed in a way that does not identify anyone.

The 3Rs self-assessment tools

The 3Rs Self-Assessment Tools provided through our platform allow the lead-user of an account to invite sub-users to contribute to the self-assessment of a research group or institution. The sub-users provide responses to questions regarding the current 3Rs activities of either the group or institution as appropriate, which the lead-user then to submits for analysis by the system in order to assess the current status and receive feedback on areas for improvement. Should they choose to use the tools, the lead-user has the option of:

  • retaining the incomplete assessment within their account for completion at a later date (as the system automatically saves these as answers added);
  • retaining submitted self-assessments for longitudinal comparisons (until automatically deleted according to a retention schedule);
  • exporting a copy of the results diagram and/or written feedback; and/or
  • deleting the self-assessment from your account whether incomplete or submitted.

Where you choose to provide responses to questions in the 3Rs Self-Assessment Tools with or without comments alongside, (whether as a lead or sub-user) the system will disclose those details to the other party. By requesting such data sharing, this is part of the terms of your use of the 3Rs Self-Assessment Tools, which includes the disclosure of Self-assessment Information (and any additional details volunteered by you) to each identified registered user with whom you choose to share this information.

Sub-users have the ability to delete their account. When deleting a sub-user account, your sub-user answers are not deleted as they are required for the 3Rs Self-Assessment Tools’ functionality, so instead personal/identifiable data is removed as much as possible.

Please note that users of the 3Rs Self-Assessment Tools are not permitted to enter other people’s personal information onto the 3Rs Self-Assessment Tools without obtaining their prior consent to the processing of their personal information by the NC3Rs in accordance with this Policy.

Any information provided when using the tools will be retained by the NC3Rs for the duration of your 3Rs Self-Assessment Tools account with us (unless automatically deleted as part of the retention schedule, or you choose to delete it from your account, or to delete your account, in which case we will keep it for five weeks (one cycle of the backup process) after the deletion command is received).

Where in the world is your personal information transferred to?

If any of our processing activities require your personal information to be transferred outside the European Economic Area (“EEA”), we will only make that transfer if:

  • the country to which the personal information is to be transferred ensures an adequate level of protection for personal information;
  • we have put in place appropriate safeguards to protect your personal information, such as an appropriate contract with the recipient (please contact self-assessment@nc3rs.org.uk if you wish to obtain a copy of these);
  • the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
  • you explicitly consent to the transfer.

The only personal information that may be processed outside the EEA is IP address information processed by Google Analytics. We understand that the countries your IP address may be transferred to are the USA, Chile, Taiwan and Singapore, however please refer to Google’s relevant privacy policy for how this information is used.

Security and data storage

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place reasonable physical, technical and organisational procedures to safeguard and secure the information we collect. However, no organisation can fully eliminate security risks associated with the transmission of personal information or intellectual property through online transactions, and you do so at your own risk.

How long do we keep your personal information for?

We will only retain your personal information for a limited period of time. This will depend on a number of factors, including:

  • any laws or regulations that we are required to follow;
  • whether we are in a legal or other type of dispute with each other or any third party;
  • the type of information that we hold about you; and
  • whether we are asked by you or a regulatory authority to keep your personal information for a valid reason.

In relation to Service Information, we will keep this for:

  • 12 months + five weeks (one cycle of the backup process) if it relates to an account that has never been activated;
  • 12 months after last account login + five weeks (one cycle of the backup process); or
  • until you, the user, deletes the account + five weeks (one cycle of the backup process) if it relates to an activated account.

In relation to Self-assessment Information, we will keep an incomplete self-assessment saved in the system until:

  • you (or the lead user, if not you) delete it + five weeks (one cycle of the backup process); or
  • until the user (or the lead user, if not you) deletes account + five weeks (one cycle of the backup process) – however if you as a sub-user delete your account, some Self-assessment Information may be retained afterwards for functionality but your personal information will be removed as much as possible.

Please note that if Self-assessment Information is accepted by a lead-user and/or if personal information is included in submitted answers, some associated personal information will be retained as a reminder as to why previous decisions were reached (for 26 months). In addition, scores and feedback will be retained for 5 years after submission.

If you are only using the 3Rs Self-Assessment Tools and not the EDA application, we will keep your IP address Information during your use of the 3Rs Self-Assessment Tools and for up to 26 months afterwards as part of the Google Analytics Analysis of 3Rs Self-Assessment Tools usage.

The IP address Information that is part of the Google Analytics Analysis will be retained by Google as a separate controller of that information, which will be used in accordance with its own applicable privacy policy. In all other cases, IP address Information will be retained by us for 12 months.

We will hold your Correspondence Information for up to 12 months from collection, and will remove all personal information from your Technical Information within 12 months of collection.

If you set up an account in the 3Rs Self-Assessment Tools, we will delete your account after approximately 12 months of inactivity (after a reminder email is sent). In addition, any user may elect to delete their account at any time. We will therefore store your personal information held on your account until the account is deleted + five weeks (one cycle of the backup process).

Links to other websites

The 3Rs Self-Assessment Tools (including feedback provided) and website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave the 3Rs Self-Assessment Tools, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information - your rights

We will not sell or lease your personal information to third parties unless we have your permission or are required to by law.

You have certain legal rights, which are briefly summarised in the table below, in relation to any personal information about you which we hold.

Where our processing of your personal information is based on your consent, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal information for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.

Where our processing of your personal information is necessary for our legitimate interests, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms, or that the processing is necessary for us to establish, exercise or defend a legal claim.

If you wish to exercise any of your rights please contact self-assessment@nc3rs.org.uk in the first instance.

You also have the right to lodge a complaint with the Information Commissioner’s Office, which is the UK data protection regulator. More information can be found on the Information Commissioner’s Office website at https://ico.org.uk/.

Your right What does it mean? Limitations and conditions of your right
Right of access Subject to certain conditions, you are entitled to have access to your personal information (this is more commonly known as submitting a “data subject access request”). If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.

We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other individuals.
Right to data portability Subject to certain conditions, you are entitled to receive the personal information which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format. If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations.

This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal information that has been provided to us by you.
Rights in relation to inaccurate personal or incomplete data You may challenge the accuracy or completeness of your personal information and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date.

We encourage you to notify us of any changes regarding your personal information as soon as they occur, including changes to your contact details.
Please always check first whether there are any available self-help tools in your account management page.

This right only applies to your own personal information. When exercising this right, please be as specific as possible.
Right to object to or restrict our data processing Subject to certain conditions, you are entitled to have your personal information erased (also known as the “right to be forgotten”), e.g. where your personal information is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful. We may not be in a position to erase your personal information, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.
Right to withdrawal of consent As stated above, where our processing of your personal information is based on your consent you have the right to withdraw your consent at any time. If you withdraw your consent, this will only take effect for future processing.

If you believe that any information we are holding on you is incorrect or incomplete, please correct the information in your account details as soon as possible.

About Our Use of Cookies

A cookie is a small piece of data which a website sends to a user's browser. The browser then sends the cookie(s) back when it makes subsequent requests to the website. Cookies may be stored on your computer's hard drive.

Cookies can allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, by gathering and remembering information about your preferences. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. You can choose to accept or decline cookies using your browser settings. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the 3Rs Self-Assessment Tools.

Cookies we use

We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them).

We have grouped our cookies into the following categories, to make it easier for you to understand why we need them:

Strictly Necessary: these cookies are strictly necessary for the 3Rs Self-Assessment Tools to work properly. They are needed to allow you to move around the 3Rs Self-Assessment Tools and use our features.

Functionality: these cookies enable technical performance of our 3Rs Self-Assessment Tools and allow us to ‘remember’ the choices you make and your preferences.

Performance/Analytical: these cookies allow us to collect certain information about how you navigate the 3Rs Self-Assessment Tools. They help us to understand which parts of our 3Rs Self-Assessment Tools are interesting to you and which are not as well as what we can do to improve them.

Targeting/Advertising: these cookies are used to deliver adverts relevant to an identified machine or other device (not a named or otherwise identifiable person) which are tailored to interests associated with the website activity tied to that machine or device. For example, if a cookie on a third party website recognises that a particular product was purchased from a particular device, that cookie may ‘talk to’ marketing cookies on our 3Rs Self-Assessment Tools to ensure advertisements about similar products displayed on our 3Rs Self-Assessment Tools are accessible from that device. These cookies are also used to limit the number of times a user sees an advertisement as well as to help measure the effectiveness of an advertising campaign. They may also remember that the 3Rs Self-Assessment Tools have been visited from a device and share that information with marketing organisations. The marketing cookies on our 3Rs Self-Assessment Tools are operated by third parties with our permission. Marketing cookies are used to monitor from which advertising source a user was directed towards our 3Rs Self-Assessment Tools so that we know whether it is worth us investing in that particular advertising source.

Essential 3Rs self-assessment tools functionality

The 3Rs Self-Assessment Tools use cookies for a small number of core functions. These cookies are set as soon as you visit the 3Rs Self-Assessment Tools platform.

  • cookie-agreed: This cookie is used to record your consent for agreeing to our use of cookies. By clicking the 'I agree' button, you agree to our use of cookies.
  • has-js: This cookie is used to determine if your browser has JavaScript support enabled.

The 3Rs Self-Assessment Tools also use cookies for their core functionality:

  • JSESSIONID: This cookie tracks your session ID, which is used to keep you logged in. This is first set before you log in to the 3Rs Self-Assessment Tools, and is re-generated when you log in or out.
  • AcceptTermsAndConditions: This cookie records that you have accepted the 3Rs Self-Assessment Tools terms and conditions.

Cookies set by third party sites and website analytics

To enhance our content and to deliver a more streamlined online experience for our users, we sometimes embed images and videos from other websites on the 3Rs Self-Assessment Tools.

We currently use and may in future use content from sites such as Facebook, LinkedIn and Twitter. You may be presented with cookies from these third party websites. Please note that we do not control the dissemination of these cookies and you should consult the relevant third party website for information on how these cookies are used and how you can control them.

We use Google Analytics to identify which pages are being used and how often unique traffic hits our 3Rs Self-Assessment Tools. We only use this information for statistical analysis purposes. This helps us analyse data about web page traffic and improve the 3Rs Self-Assessment Tools in order to tailor it to customer needs, compile reports and to help us improve the 3Rs Self-Assessment Tools. Google Analytics uses cookies to collect information about how visitors use the 3Rs Self-Assessment Tools. The cookies collect information in an anonymous form, including the number of visitors to the 3Rs Self-Assessment Tools, where visitors have come to the 3Rs Self-Assessment Tools from, and the pages they visited. For more information on Google's Privacy policy please follow this link: https://www.google.com/intl/en_uk/policies/privacy/. The following cookies are used by Google Analytics:

  • _ga: This cookie is used to distinguish the individual users of the 3Rs Self-Assessment Tools
  • _gat: This cookie is used for rate limiting purposes.

Please refer to Google's technical documentation for more detailed information about these cookies (under the section 'analytics.js – Cookie Usage').

Secure Usage Instructions

Password

Remember that your password is personal and non-transferable. You are recommended to change it regularly. Remember to memorise it and avoid writing it down. Password Do's and Don'ts:

DO

  • Keep your passwords safe
  • Change your passwords regularly

DO NOT

  • Let anyone else use your password
  • Use easily guessable words (e.g. your name)
  • Re-use passwords too regularly
  • Use the same password for different systems

Using a shared computer

You should take additional precautions when using public or shared computers. Remember you can be observed by others, so make sure you are not being overlooked and keep your password safe.

It is important for you to protect against unauthorised access to your password and to your computer, so be sure to log out when you finish a session.

How to log out of the 3Rs Self-Assessment Tools

To log out from the 3Rs Self-Assessment Tools, click on ‘LOGOUT’ in the top right of any 3Rs Self-Assessment Tools application window.

If you use a shared or public computer to access the 3Rs Self-Assessment Tools, you should log out to prevent other users from accessing your personal information.

Avoiding caching issues

Browsers store web pages in the cache on your computer to avoid having to fetch another copy when the user returns to the page. If the page has been updated since the user last looked, the user will sometimes miss new information because they're viewing the page from their local cache. In order to avoid viewing pages that are out of date it is a good idea to clear your cache regularly.

Instructions for popular web browsers:

Chrome: Click the menu icon at the top right corner of the screen and go to More tools > Clear Browsing Data. Select the items you want to delete, choose the period for which you want to delete them and click Clear Browsing Data.

Internet Explorer: Go to Tools > Safety > Delete browsing history. Then untick the option for Preserve Favourites website data, tick the options for Temporary Internet Files and Cookies and click Delete.

Firefox: Go to Tools > Clear Recent History. Choose the time range and the items you wish to clear and click Clear Now.

Disable password auto-complete function

Instructions for popular web browsers:

Chrome: Click the menu icon at the top right corner of the screen and go to Settings > Show advanced settings > Passwords and forms. Deselect the "Enable Autofill to fill out web forms in a single click" tick box.

Internet Explorer: Go to Tools > Internet Options > Content Tab > Settings next to AutoComplete stores previous entries on webpages and suggests matches for you. Deselect the "Usernames and passwords on forms" tick box.

Firefox: Go to Tools > Options > Privacy > Saved forms > Settings. Select all options in the 'Clear Private Data' window, click OK, click 'Clear Saved Form Data Now'. Uncheck 'Save information I enter in forms and the Search Bar' and click OK.

Updates to this policy

We may update this Policy from time to time to reflect changes to the type of personal information that we process and/or the way in which it is processed. We also encourage you to check this Policy on a regular basis.

Where can you find out more?

If you want more information about any of the subjects covered in this Policy or if you would like to discuss any issues or concerns with us, you can contact us in any of the following ways in the first instance:

By email at: self-assessment@nc3rs.org.uk

By telephone at: 0207 611 2233

By post at: NC3Rs, Gibbs Building, 215 Euston Road, London, NW1 2BE

If your query or concern has not been resolved after communicating with us in this way, UKRI has appointed a Data Protection Officer who you can contact. The current Data Protection Officer is David Hyett who can be contacted at dataprotection@ukri.org or David Hyett, Head of Information Governance, UKRI, Polaris House, Swindon, SN2 1FL.