Privacy policy
Version 1 | Last modified 28 February 2022
Data protection legislation applies to all data controllers regardless of whether they are charities or small organisations. Data protection legislation is the UK General Data Protection Regulations (GDPR), the Data Protection Act 2018 (DPA 2018) to the extent that it relates to processing of personal data and privacy; and all applicable laws and guidance issued by any relevant regulator about the processing of personal data and privacy.
This Privacy Policy describes how and why the British Academy collects, uses and stores your personal data. Personal data refers to any information relating to you through which you can be identified, such as your name and contact details, biographical information or information about your qualifications. The notice also covers your rights and how you can contact us if you have any queries in relation to how we process your data.
Please note that this Policy only covers how the British Academy processes your data. There may be instances where our website links to other websites which aren’t under our control. Therefore, when following external links it is best to check third party privacy policies to be clear on their collection, processing and use of your information.
‘We’ means The British Academy and Clio Enterprises Limited
‘ICO’ is the Information Commissioner’s Office, the body responsible for enforcing data protection legislation within the UK and the regulatory authority for the purposes of the GDPR
‘Personal data’ means any information about an identified or identifiable person. Some categories of personal data are recognised as being particularly sensitive (“special category data”).
‘Processing’ means all aspects of handling personal data, for example collecting, recording, keeping, storing, sharing, archiving, deleting and destroying it.
‘Data Controller’ means anyone (a person, people, public authority, agency or any other body) which, on its own or with others, decides the purposes and methods of processing personal data. We are a data controller insofar as we process personal data in the ways described in this policy.
‘Data processor’ means anyone who processes personal data under the data controller’s instructions, for example a service provider. We act as a data processor in certain circumstances.
‘Subject Access Request’ is a request for personal data that an organisation may hold about an individual. This request can be extended to include the deletion, rectification and restriction of processing.
The British Academy is the UK’s national body for the humanities and social sciences. Founded in 1902, we have three principal roles: as an independent fellowship of world-leading scholars and researchers; a funding body that supports new research nationally and internationally; and as a forum for debate and engagement.
The British Academy is a registered charity in England and Wales (charity number 233176). It has one wholly-owned trading subsidiary (Clio Enterprises Limited, company number 07595846). The registered address of the British Academy and its subsidiary is 10-11 Carlton House Terrace, London, SW1Y 5AH.
This Privacy Policy applies to all the above entities.
We obtain information about you in the following ways:
There are many instances in which you might provide information about yourself to us directly. These include if you apply for research funding; book to take part in one of our events; voluntarily complete a customer survey or event evaluation form; make a donation; apply for employment; hire a room in our venue; contact us with a query; or register to receive one of our e-newsletters.
Your activities and involvement with the Academy will result in personal data being generated. This could include images of you captured by our CCTV systems; your use of our public wi-fi; or information generated when you visit our website or social media channels such as:
- Technical information, including the type of device you’re using, the IP address, browser and operating system being used to connect your computer to the internet.
- Information about your visit to our website, for example, we might collect information about which pages you visit most often, which services, events or information are of most interest to you, and your referral sources (e.g. how you arrived at our website). We may also track which pages you visit when you click on links in emails from us.
- Information about your interactions on social media platforms such as Facebook or Twitter, e.g. if you tag us in an event photo or like a post. The information we receive will depend on the privacy preferences you have set on those types of platforms.
We collect and use your personal information by using cookies on our website – more information on cookies can be found within the British Academy Cookie Policy.
In some instances, we might collect information about you via desktop research from publicly available sources in order to tailor our communications with you to your background and interests. Such research might include LinkedIn profiles, social media accounts and other digital sources to create a fuller understanding of someone’s interests and support.
There will also be occasions where information about you is provided by a third party. Examples might include if you are nominated for one of the Academy’s prizes or medals; if a friend or colleague adds you as their plus one for an event; or if you are successful with a job application in which case your referee will be contacted and asked to provide a reference for you.
We collect the following types of personal data.
Fellows are scholars who have 'attained distinction in any of the branches of study which it is the object of the Academy to promote' – i.e., the humanities and the social sciences. Election is a mark of distinction, as only a very small number of scholars in any field are elected. The British Academy may process the following types of personal data of Fellows:
- Name, age, date of birth and contact details
- Contact details
- Details of affiliation with educational institutions
- Details of your Fellowship duration
- Details of your experience, qualifications, occupation, skills and any awards you have received
- Details of published work
- Details of events attended
- Race or ethnic background and native languages
- Religion
- Nationality
- Photographs or videos (at events, if audience shots, audio recordings or videos are intended, signs will be clearly displayed and those not wishing to be filmed/photographed/recorded can simply notify a member of staff).
We use your personal data for the following purposes, including:
- Processing grant applications, prizes and medals nominations, Fellowship nominations or job applications.
- Processing Fellowship subscriptions.
- Maintaining databases of our Fellows, funded researchers and other supporters and stakeholders.
- Creating and maintaining case studies.
The ECR Network is a UK-wide network for all Social Sciences and Humanities researchers from a broad range of backgrounds, including those that are Academy funded, and those that are not. The British Academy may process the following types of personal data of ECR Network members:
- Name, age, date of birth and contact details
- Contact details
- Details of affiliation with educational institutions
- Details of your experience, qualifications, occupation, skills and any awards you have received
- Details of events attended and accessibility requirements
- Race or ethnic background and native languages
- Religion
- nationality
We use your personal data for the following purposes, including:
- Processing ECR Network membership.
- Maintaining databases of our ECR Network members.
- Sharing basic personal data with ECR Network members affiliated institutions and regional ECR hub institutions.
- Photographs or videos (at events, if audience shots, audio recordings or videos are intended, signs will be clearly displayed and those not wishing to be filmed/photographed/recorded can simply notify a member of staff).
The British Academy generally collects personal data directly from supporters and donors, for example when donating, registering for newsletters or an event, or otherwise communicate with the Academy. This information is likely to include a name, contact details (including postal address, telephone number, email address).[PS1]
Unless you have already given us your email address or telephone number so that we can tell you about making donations to us or about the supply of goods and services, we must ask you to “opt-in” to receive fundraising and marketing emails from us. You have the choice as to whether you want to receive or continue to receive these messages. You are also able to select how you want to receive them (post, phone, email, text) and to change your preferences at any time.
When you receive a communication from us, we may collect information about your response and this may affect how we communicate with you in future.
If you set up a direct debit directly with us your details will be held and processed by a third party – Moorepay. We do not keep financial data if your gift is made online. If you donate via our website, these details are processed by third parties Stripe and GoCardless, all domiciled in the UK and subject to the GDPR. This processing is governed by their own privacy policies.[PS2]
We also collect your information when you give it to us indirectly via third parties, for example when you donate to us through other websites like Just Giving, Ticket Tailor, or the British Schools and Universities Foundation. These independent third parties will only share your information with us when you give consent and we will use your personal information, including your address and telephone number, for the purpose of contacting you in the future. You are free to change your contact preferences at any time.[PS3]
To help better understand donors, what they would like to support and preferred method of communication, the Academy uses a variety of research techniques. This helps the Academy be efficient and cost-effective with its resources and reduces the risk of someone receiving irrelevant or intrusive information.
For the members of The British Academy Board of Trustees and its subcommittees, other committees and working groups, we may hold and process the following personal data:
- Name, age, date of birth and contact details.
- Contact details.
- CVs.
- Related party information.
We use your personal data for the following purposes, including:
- Maintaining databases of our Trustees, subcommittee members and working groups.
- Providing evidence of Trustees to third parties, such as the Charity Commission and Companies House.
Sharing basic personal data with ECR network members affiliated institutions and regional ECR hub institutions.
We also hold personal data from customers and visitors to Carlton House Terrace. We may hold and process the following personal data:
- Financial and credit card information which you give to us, including your gift aid status
- Purchase history.
- Taxpayer and payment details.
- Accessibility requirements.
- Photographs or videos (at events, if audience shots, audio recordings or videos are intended, signs will be clearly displayed and those not wishing to be filmed/photographed/recorded can simply notify a member of staff).
Much of this information is taken from online registration forms.
We use your personal data for the following purposes, including:
- Providing access to the Carlton House Terrace facility.
- Managing events that you attend.
As an employer, we need to keep information relating to each member of staff and contractors who has a contract with us. This will include the pre-employment stage, references, and records relating to the time they worked for us including probationary, appraisal and disciplinary information.
We also hold information that allows us to pay salaries and work with other payroll and pension providers. Information we may hold about staff includes the following:
- Name and contact details.
- Length and periods of service (and absence from service).
- Details of training you receive.
- Details of your experience, qualifications, occupation, skills.
- Details of next of kin.
- Age/date of birth.
- Details of any health conditions.
- Details of any dependents.
- Information that allows us to pay salaries and work with other payroll and pension providers.
- References, and records relating to the time they worked for The British Academy.
- Probationary, appraisal and disciplinary information.
Much of this information will be taken from the job application form.
We use your personal data for the following purposes, including:
- Providing employment in accordance with your contract.
- Paying you your salary and expenses.
- Maintaining your company benefits, including pension.
Data protection legislation recognises certain categories of personal information as sensitive (Special Category) and therefore requiring greater protection, for example information about your health, ethnicity and religion. We do not normally collect or store special categories of personal data. However, there are some situations where we may need to do so.
The key instances where we collect sensitive data are if you apply for a job or research funding. In these cases, we will ask optional questions about your race or ethnicity or sexual orientation. This information will only be used for equal opportunities monitoring. We may collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so.
Optional questions relating to sensitive data will also be asked in monitoring and evaluation documents, e.g. in evaluation forms sent after you have attended an event. In order to ensure that our events appeal to a broad audience we collect anonymous feedback about our audiences.
We also ask for sensitive data if required for reasons relating to health and safety e.g. if you are attending an event which includes catering and we need to know about food allergies or if you have accepted a job role with us and we need to know about any illnesses or disabilities to ensure that you are safely supported at work.
In all cases, the processing of sensitive data is carefully considered and justified and, where possible, anonymised.
We will never sell your personal data.
We occasionally share your personal data with contractors or suppliers who provide us with services. For example, we use a mailing house for the distribution of marketing materials to Fellows of the British Academy. Information is transferred to data processors securely, and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.
We plan some of our events in partnership with other organisations who will want to see the guestlist of attendees and a copy of the evaluation responses submitted by event attendees. We will share your name, organisation (where provided) and anonymous evaluation feedback with partners. No email addresses or contact information will be shared.
If you are a Fellow of the British Academy, we will send you the British Academy Review and key Academy literature (unless you specifically ask us not to). Targeted marketing material is also sent to other relevant stakeholders under legitimate interest. Stakeholders can choose to unsubscribe from general marketing communications at any time.
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of those aged 18 or younger. Event bookings must be made by those over the age of 18 and promotion for our schools’ activities is only targeted at adults including teachers, parents and guardians.
Personal data about children and young people is collected from teachers, parents and guardians on a strictly need to know basis (e.g. if a child with a food allergy is due to attend an event where catering is provided) and where the child and their teacher/parent/guardian consents (e.g. in photography or filming at events). This information is only accessible by our staff.
We employ a variety of physical and technical measures to protect information we hold and to prevent unauthorised access to or use or disclosure of your personal data.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.
Payments
If you use a payment card to donate, pay for your Fellowship or to purchase something from us online, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.
CCTV
The British Academy premises are protected by CCTV and you may be recorded when you visit us. We use CCTV to help provide a safe and secure environment for visitors, for our staff and to prevent or detect crime. The system might also be used to monitor quality control and to provide event feedback in the case of issues arising.
The system is managed in accordance with our standard operating procedures and with good practice guidance issued by the Information Commissioner’s Office. CCTV images will only be accessed by authorised staff and are stored for up to 30 days, unless flagged for review. For further details on how CCTV is maintained by the British Academy, you can request a copy of the CCTV Policy at [email protected].
Where we store your data
We are wholly based in the UK and store data within the European Economic Area. Some organisations which provide data processing services to us do so under contract and may be based outside of the EEA. We will only allow them to do so if your data is adequately protected and there is a legitimate agreement between us.
Retention of your personal data
We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we’re not harming any of your rights and interests). This will depend on our legal obligations and the nature and type of information and the reason for which we collected it. For example, should you ask us not to send you marketing emails, we will stop storing your email address for marketing purposes; we will, however, need to keep a record of your preference.
We continually review what information we hold and will delete personal data which is no longer required, in accordance with our Data Retention Policy.
This section covers your rights and how to make a complaint if necessary.
We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:
- The right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within one month;
- The right to have your personal data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- The right to have inaccurate personal data rectified;
- The right to object to your personal data being used for marketing or profiling; and
- Where technically feasible) the right to be given a copy of personal data that you have provided to us (and which we process automatically on the basis of your consent or the performance of a contract) in a common electronic format for your re-use.
There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.
If you would like further information on your rights or wish to exercise them, please contact our Data Protection Officer at the address below.
Should you wish to make a subject access request, we can provide you with a template form which includes guidance on how to do this. Please contact us for a copy of the template for a subject access request by emailing here: [email protected].
Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting our Data Protection Officer ([email protected]) in the first instance.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
www.ico.org.uk