THE FARADAY INSTITUTION - PROTECTING YOUR PRIVACY
Privacy Notice v1.1 (January 2019)
We want you to be clear about your rights and how we use your personal data under the General Data Protection Regulations (GDPR) and the DPA 2018.
This Privacy Notice explains the categories of personal data we may collect about you, it also explains the purpose of processing your data and how we keep it safe.
For your convenience we have split the information into manageable sections which we hope will answer any questions you have but if not, please do get in touch with us, details are shown in the contact section of this notice.
This notice may be updated periodically.
- What is the Faraday Institution?
The Faraday Institution is registered charity and is the UK’s independent institute for electrochemical energy storage science and technology research, training, and analysis.
For the purposes of the GDPR we are the data controller and you can contact us at: email@example.com
The following link will provide you with further details of the Faraday Institution: https://faraday.ac.uk
- Explaining the legal basis for processing your personal data
The lawful bases on which we process your data are:
- Consent e.g. where you ask to be kept informed of the services, opportunities and news we supply.
- Explicit consent – if we need to collect special categories of data from you in order to provide you with the services you require or meet our legal obligations, we will ask for your consent for specific categories, e.g. racial or ethnic origin; health information.
- To fulfil a contract, e.g. where we supply or receive services from a 3rd party, business partner, associate or employee.
- Legitimate interest in order to pursue our business interests which would be reasonably expected.
- Compliance with legal obligations, e.g. disclosure upon the provision of appropriate legally valid documentation by enforcement authorities.
- When do we collect your personal data?
- When you visit our website, (here we just collect transaction-based data).
- When you complete our online or paper application forms.
- When you contact us by any means with queries, comments etc.
- When you book any kind of appointment or event with us.
- When you’ve given a third-party permission to share your details with us.
- For employees throughout the period of your employment.
- Categories of Personal Data we may collect
- Your contact details i.e. your:
- Contact details (e.g. email, mobile, landline, etc.)
- Bank account details.
- Credit referencing
- Details of your interactions with us when you contact us by any means such as: email, telephone or in person
- Additionally, for employment/associate purposes:
- Social security details
- Next of Kin details
- Health information
- Institution/s you studied/worked at
- Why we use your Personal Data?
To ensure that we provide you with the information and service you need we sometimes combine the data we have about you. This is allowed as part of our legitimate interest to provide you with the optimum service, but we will not use data beyond its original purpose without reference to you.
If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
If you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some or all of the services you’ve asked for. In this case we will contact you to confirm your request.
The reasons we use your personal data include:
- To operate and administer our business to provide you with the best possible service. This is done on the basis of our legitimate business interests.
- To respond to your queries and requests we may keep a record of communication with you. We do this on the basis of our contractual obligations and our legitimate interests in providing you with the best service.
- To process payments and prevent fraud for all parties, this is done on the basis of our legitimate business interests.
- To protect your vital interests if you become unable to provide consent.
- To hire and manage employees and contractors. We do this as part of our contract with you.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. (For example, updates to this Privacy Notice). These service messages will not include any marketing content and do not require prior consent when sent by email or text message. We need to keep you informed as part of complying with our legal obligations.
- To comply with our contractual or legal obligations to share data with law enforcement if necessary. (for example, if a court order is presented to share your personal data with law enforcement agencies or courts)
- To comply with the requirements of our funding providers who may from time to time require information to carry out evaluation of our processes and/or impact.
- How we look after your Personal Data
We know how much data security matters. We will treat your data with the utmost care and respect and take all appropriate steps to protect it.
- We secure access to all transactional areas of our websites and apps using ‘https’ technology.
- Access to your personal data is restricted and secure, and sensitive personal data is secured via password protection and encryption.
- Storage of paper copies are secured and access is restricted.
- How long do we keep your Personal Data?
- Whenever we collect or process your personal data, we will store it safely and only for as long as is necessary for the original purpose for which it was collected or as required by law.
- At the end of the retention period, your data will either be deleted completely or anonymised.
- Who do we share your data with?
We sometimes share your personal data with trusted third parties to provide services and business functions.
We set very clear directions and expectations for those organisations in our contracts to ensure the safety and protection of your privacy and personal data, including:
- Providing them only the information they need to perform their specific services.
- Only to use your data for the exact purpose specified by us in the contract.
- Obligations to ensure that your privacy is respected and protected in accordance with the contractual and the GDPR requirements under the terms of their privacy policies.
- To securely delete or render anonymous any of your personal data at the termination of the contract.
- They will inform us immediately in the event of a suspected or actual breach being detected
The types of third parties we work with include:
- IT companies supporting our business
- Cloud storage companies
- Customer Relationship Management application providers
- Educational establishments
- Educational professionals
- Research funding agencies
- Regulatory authorities
- Estate services
- Online webinar providers
- Financial service providers
- Legal services
- Travel service providers
- Information security companies
- Secure document shredding companies
We may also share your data with third parties in very specific circumstances, for example:
- If we receive a valid request from the police or other law enforcement agency, regulatory or Government authority we may be required to disclose your personal data
- We may from time to time have requirements from our funding providers to have details of applicants for awards that we have made for them to carry out evaluations of our processes and impact. In such cases, we will indicate that this is the case on the application forms in order to obtain your consent.
- We may, from time to time, expand, reduce or sell the Organisation and this may involve the transfer of business entities or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
- Processing and Transferring your Personal Data
- Your data is processed by us and by contracted third parties in the UK, we also use reputable cloud service providers for data storage and back up which may use servers outside the European Union. These companies are also obliged by law to meet the GDPR.
- If we do transfer your personal data across an international border, we have procedures in place to ensure your data receives the same protection as if it were being processed in the EU.
- Your rights over your Personal Data explained
You have the right to:
- Access and review personal data we hold about you
- Rectify/correct any inaccurate personal information we hold about you.
- Request a copy of data you supplied to us, in a machine readable format or for the transfer of this data to another Organisation
- Request the restriction of processing of your personal data
- Object to us processing your personal data
- Request the erasure of your data, (right to be forgotten)
For any of these requests please contact: firstname.lastname@example.org. We will examine your request and respond to you as quickly as possible.
- Withdrawal of consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
- Legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We will consider your request balancing your individual rights against our legitimate interests
You have the right to stop the use of your personal data for marketing activity through all channels, or selected channels.
- To action this:
- Click the ‘unsubscribe’ link in any email communication that we send you.
- Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
- Questions or Issues you may have
If you require any further information, we will be pleased to assist. If you are contacting us to complain about an alleged breach of this Privacy Notice or our legal privacy obligations, please provide us with as much detail as possible in relation to your complaint so that we can deal with your concern quickly and effectively.
We will take every privacy complaint seriously and assess it with the aim of resolving all issues quickly and efficiently. We’d be grateful for your cooperation with us during this process by providing us with any relevant information that we may need.
- Our Contact Details
Tel: +44 (0) 1235 425300
The Faraday Institution
Didcot OX11 0RA
- Contacting the Regulator
If you feel that we have not handled your data correctly, or you are unhappy with our response to any requests regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office, (ICO), in the UK, or your National Supervisory Authority or data regulator if you are outside the UK at the time of your complaint.
You can contact the ICO by calling +44 303 123 1113 or go online to www.ico.org.uk