NEW: The Kinship Care Practice Guide translates the strongest evidence into actionable recommendations. Find out more.

Introduction

Foundations, the What Works Centre for Children & Families, is committed to protecting your personal information.

This Privacy Notice is to inform you of how we use your personal data when you interact with us. We have identified other areas of work where we will process your personal data. Please refer to each of these areas for which the privacy notice specifies elements of our data processing that are more directly relevant:

  1. When you are a participant in a research project or being consulted as a stakeholder for a project (Research Participants)
  2. When we are reviewing the sector and project ideas, including areas for potential research, and making decisions on the allocation of projects and funding (Discovery, Review & Allocation
  3. When you are part of the Project Team, either alongside or funded by Foundations to conduct a project which may or may not be research related. This also includes individuals who assist in the project set up processes where they may not collect, receive or analyse any data within the project itself (Project Team)
  4. Within our organisational communications and sectoral outreach work to inform and enhance current sectoral policies, practices and procedures (Communications)
  5. When you are attending an event run by Foundations (Events)
  6. When you are visiting our offices (Visitors)
  7. When you supply a service to us (Suppliers)
  8. When you apply for a job with us (Recruitment)
  9. When you use our website (Website)

Research Participants

Read more

1. What personal information we collect

If your personal information is used by Foundations because you are a participant in one of our research projects, you should also refer to the Privacy Notice for the project you are involved. This will be provided to you by us or the project delivery team(s) or independent research evaluator organisation(s) at the time they are collecting your personal information. 

Research participants are typically made up of children, families, teachers, carers, social workers and other people within a professional capacity involved in a programme of work upon which we are conducting a project or piece of research.

The information below is to provide you with a non-exhaustive list of possible personal information we may request from you within any project or piece of research we conduct. We may collect and process the following types of personal information which will be highly dependent on the work we are doing. The list below is non-exclusive:

  • Personal identifiers: for example, name, email address, telephone number, post code, unique pupil number (UPN), where you work, job title, local council
  • Characteristics: for example, age, gender, ethnicity, academic achievement, instances of harm, location, first language, disability, school attendance information, special educational needs (SEN), eligibility for free school meals
  • Responses to interviews and surveys
  • Information held in Child Protection Plans (CPP), Child Looked After (CLA) records, Child in Need (CiN) records, case reports, social care, and social worker reports/documentation
  • Further information that may assist in our activities for the archiving of information ready for future use
  • Sensitive information including hospital or GP records, criminal records and further special categories of personal information as characterised in the UK GDPR (race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, information concerning your sex life or sexual orientation)
  • Personal information related to the Equality Act 2010 inclusive of data known as ‘Protected Characteristics’ (age, disability, gender reassignment, marriage or civil partnership (in employment only), pregnancy and maternity, race, religion or belief, sex, sexual orientation)
  • Personal information related to our internal equality and diversity monitoring policy (geographical location, organisation, socio-economic class, caring responsibilities, educational background)

The list above may not be relevant to you, and you should always refer to the project specific Privacy Notice. If you think you have not received a relevant Privacy Notice for the project or piece of research in which you are participating, please make contact with our Data Protection Officer: dpo@theevidencequarter.com 

Each piece of research we conduct will have a Trial Protocol (TP) document written which outlines all the parameters of the research being undertaken. The language in the TP is aimed at an academic audience and each TP contains a section about data protection processes. To provide more clarity on our data protection practices within research we conduct and commission we have also prepared a “Foundations Research Data Protection Statement” to go alongside information found within the TP. If you are interested in reading this statement it can be found here.

On some occasions, webinars and events may be recorded and published onto YouTube or equivalent video-sharing website.

2. Why we collect your information and what we use it for

We collect your personal information for two distinct reasons when you are a research participant. You should always refer to the Privacy Notice provided to you which will be specific to the research you’re involved in.

The first reason for collecting your personal information will be to analyse it in the context of the research. This means the personal information collected from you is needed so we can conduct research on your personal information. Our work seeks better outcomes for children, young people and families by bringing the best available evidence to practitioners and other decision makers across the children’s social care and child protection sector.

It is highly unlikely we will analyse one participant’s personal information in isolation. Most research we conduct is the bringing together of multiple people’s information to make discoveries to inform results to be published in a research report. Your personal information is never published unless we have gained permission from you to do so. Research outcomes are mainly statistical, and derived into statements and reproducible facts without any individual personal information associated to them.

Where possible and applicable, personal information collected in the context of research will be added to our data archive which is held by the Office for National Statistics Secure Research Service (ONS SRS). This is for the personal information to be used by us and future ONS accredited researchers for new research to be conducted. For further information about our data archive please see our data archive pages which can be accessed here.

The second reason for collecting your personal information is so we are able to gather the information needed for the research project from you. To achieve this we will use your personal information (not all uses listed below will be relevant to you and you should refer to the purposes for use as listed in the project Privacy Notice):

  • To conduct an interview, workshop or focus group with you as a participant, which may or may not be recorded
  • To contact you to participate in an interview, and/or a workshop, and/or a focus group session as part of a project or piece of research
  • To gain your permission for participation in the research
  • To match your data with your data held in the government data sources, including the, the National Pupil Database (NPD), the Individualised Learner Record (ILR) and the Higher Education Statistics Agency (HESA).
  • To allow us to match your data with your data held in government data sources for the enrichment of data held in our secure data archive in the Office for National Statistics Secure Research Service. For example, this means we will create the ability for research data we have collected to be re-used for future research, against centralised (government secure) datasets for new research discoveries and research reports that will inform sector policy and procedures.
  • To transcribe the audio captured from any recorded interviews, workshops or focus groups we have with you as a participant
  • To identify your data, which would be deleted where possible, should you no longer agree to have your data processed for the purpose of conducting the evaluation
  • To associate your answers with yourself where we would like to make confidential contact with you based upon the answers you have provided which we have identified as useful in our development of the research area
  • To make confidential contact with you where you have indicated interest in being contacted about the research area or to participate in any research projects associated with this area of research (you are able to opt out at any time and are under no obligation to participate in any subsequent research projects)

We will also use your personal information to respond to and identify your personal information when you submit a data subject rights request.

3. Collecting your personal information

As a Research Participant we will collect your data in a variety of ways and at a variety of times throughout any given project. 

Not all methods of collection listed below will be relevant to you and you should rely on the project specific Privacy Notice to keep you informed. Below is a list of all possible ways we, or a Project Team may collect your personal information.

We refer to “primary data collection” when data is collected directly from you, and we refer to “secondary data collection” when the data is not collected directly from you. The following list is non-exclusive:

  • From yourself within online/telephone interviews (primary data collection) 
  • From yourself within online workshop or focus group interviews (primary data collection) 
  • From yourself via an online survey we have sent you or you have voluntarily answered (primary data collection) 
  • From yourself when you communicate directly with us (primary data collection)
  • From your place of work to make initial contact with you (secondary data collection) 
  • From publicly available websites and sources including social media (secondary data collection) 
  • From a reference passed to Foundations or the Project Team by an individual or organisation within Foundation’s or the Project Team’s network of previously established contacts database (secondary data collection)
  • From a database held by Foundations or the Project Team where your data has been held with your permission for a secondary use within a Foundations (including a Project Team) project (secondary data collection)

We also receive personal information indirectly (secondary data collection), from other sources in the following scenarios. The following list is non-exclusive:

  • We may receive information from local authorities, schools, virtual schools, education providers, charities, and other organisations that are funded by us or collaborating with us on research projects.
  • We may receive information from parents, relatives, guardians, carers, care providers, social workers, allied professionals, care reports, case reports/records and administrative data that is shared with us.
  • We may also directly match research participant information with government data sources, including but not limited to the National Pupil Database (NPD) and the Individualised Learner Record (ILR)

4. Our lawful basis for using your data

We process the personal data of research participants in a variety of ways. As a research participant we will only use your personal data when the law allows us to.

We will always inform you of our lawful basis for processing within either the Research Participant Data Privacy Notice and/or the Participant Information Sheet and/or a Consent Form you are presented with at the point of collection of your personal data. 

Most commonly, the lawful basis for using your personal information may be one or more of the following within a project:

  • Legitimate Interest for societal benefit within a research project
  • Public Task when we work in the public interest 
  • Legal Obligation when we must comply with the laws of the country in which we are working in or where you have provided information where we have a statutory requirement to inform relevant authorities

For the collection of your sensitive personal information, also known as GDPR special categories of personal information, in general we rely on GDPR Article 9.2(j) for research purposes with a basis in law. This is also relevant to any personal information known as “protected characteristics” under the UK Equality Act 2010. Confirmation of this will be found in the project specific Data Privacy Notice.

A note on Consent: Research projects will often ask you for your consent to participate in a project. Unless it is clearly stated in the relevant Privacy Notice provided to you, in general, this will notbe data protection consent as the lawful basis we use to process your personal information.

A lot of research we do is dependent on gathering “informed consent” for your participation as part of ethical considerations required by either a research ethics committee who have reviewed the project proposal or to follow best practice in accordance with the Helsinki Declaration.

Should you withdraw your consent for participation when the data is being analysed, we would not be able to immediately remove your data until the analysis is complete. Where possible we would endeavour to remove all association to your personal information from the point of withdrawal and inform you where this may not be possible depending on the stage of analysis and project as a whole.

5. Security, Storage and Sharing of your data

We take the security of your information very seriously and have put physical, technical, operational, and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.

Your personal data may also be stored with specific third-party services for the minimum period necessary to perform activities with your personal information. Each third-party is subject to contractual and security reviews to ensure adequate and comparative levels of security, we’d expect for ourselves, is provided for the data they process on our behalf. 

The types of third-party providers we use include, but are not limited to:

  • Transcription services
  • Mass email services
  • Communications providers
  • Survey platform services
  • Client Relationship Management services
  • Website services and platform providers
  • IT services organisations

Where appropriate, we may share your personal information with our professional advisers including our lawyers and auditors, project partners, industry experts, peers (of a group you are involved in as a Sector Stakeholder), and local and central government departments where it is strictly necessary. It is also possible that we may be required to share your data to comply with applicable laws or with valid legal processes, such as in response to a court order.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded by implementing at least one of the following safeguards:

  • Transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK (the UK also recognises the European Commission list of adequate countries. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries)
  • Specific contracts/agreements approved by the UK which give personal data the same protection it has in the UK. For further details, see UK International Data Transfer Agreements. We will also assess in-country standards as part of this process.

We may share the information we gather with other organisations in these scenarios (where this has been outlined in the privacy notice). The following list is non-exclusive:

  • Evaluators and Delivery Partner organisations and other organisations that are funded by us or collaborating with us on projects or pieces of research.
  • Independent contractors or suppliers we hire to work on specific projects or pieces of research we conduct or commission.
  • The Department of Education (DfE), the NPD and ILR for the purpose of matching as outlined above.
  • The Office for National Statistics (ONS) for the purpose of placing data into our data archive ready for future research 

Where there is a requirement or desire to archive your data for purposes of public interest which may mean the possibility of a secondary use, we carefully review all organisation’s research project proposals to maintain appropriate safeguarding of data when access is granted. Further safeguarding is maintained within the ONS Secure Research Service (SRS) where your data is held. A non-exclusive list of examples of security safeguards may include:

  • ONS “5 Safes
  • Pseudonymisation
  • Anonymisation
  • Functional Anonymisation
  • Data Coarsening

We may not have the ability to know what future projects your personal information is being used due to the security safeguards which also indicates a low risk of re-identification by us and any organisation. For further information on our data archive please visit our data archive pages here.

Always refer to the research project Privacy Notice to confirm how your data will be stored, shared, and kept secure.

6. How long we keep your data

We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.

The length of time which we plan to keep any information for will be outlined on the privacy notice for each individual project. Wherever possible, personal data will be anonymised or pseudonymised, as long as this does not impair the aims of the project. 

When data is no longer needed, unless there is another legal reason for us to retain your personal information, we will securely destroy any paper or digital records (as specified in the privacy notice for any particular project).

Archived data within the ONS SRS shall remain in a pseudonymised OR anonymised form within the archive for an indefinite period of time. The retention of the data in the archive is calculated in accordance with an ONS policy alignment which states the following:

“ONS will delete data if it has been unused for a period of two years and there is no demonstrable research need for it to be retained. If that data had previously been used for research, it will be retained in an archive for five years after it was last accessed to allow for analysis to be repeated.”

We will also review the storage of all data in the archive every two years to assess whether there is a continued benefit to storing the data and its potential use in future research. At which time we may either delete the data identified as no longer having benefit for future research or will send a request to the ONS for an extension to the length of time it is retained in the SRS with reasonable explanation on the reason for this extended retention outside the parameters of the ONS policy outlined above.

Article 5(1)(e) of the GDPR permits storage of personal data for longer periods for the purposes of historical research, archiving in the public interest, and statistical purposes. The ICO’s guidance on storage limitation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/storage-limitation/#archiving) also indicates that personal data can be held indefinitely for research and archiving purposes, and this is also consistent with the National Archives Guide to Archiving Personal Data (https://www.nationalarchives.gov.uk/documents/information-management/guide-to-archiving-personal-data.pdf).

In his preliminary opinion on data protection and scientific research, published on 6 January 2020, the European Data Protection Supervisor (EDPS) acknowledged that there are few guidelines on the application of data protection rules to scientific research. We have referred to the EDPS’s preliminary opinion when developing our approach to data storage, but we note that further work is taking place within the European Data Protection Board (EDPB) and national authorities on questions of data retention for archiving and research purposes. Foundations will continue to monitor developments in this area and review our approach to data storage and retention to ensure it continues to reflect the law and best practice in this area.

7. Last update to this Privacy Notice

This Privacy Notice was last updated in June 2023.

8. Project & Research Privacy Notices

Foundations maintains access to all research projects and research privacy notices to maintain transparency and accountability for each research project. Please see the relevant project which can be found by typing the name of the project into the Website search box above. Alternatively, you can send us a message at dpo@theevidencequarter.com 

Discovery, Review & Allocation

Read More

1. What personal information we collect

We work to review the Children’s Social Care Sector and engage with sector stakeholders, decision makers, panels, advisory groups, and people directly employed in the sector. From this work we discover, review, and generate ideas for potential programmes of work we may like to fund and/or study as a project or piece of research. To achieve this, we will typically collect and process the following personal information:

  • Name, Email Address, Phone number
  • Job Title, occupation, place of work, employer
  • Your CV, qualifications and relevant experience including any previously published work
  • Areas of professional interests
  • Information captured in emails, surveys, and communications
  • Information recorded in interviews we have with you
  • Personal information published by and associated with an establishment or organisation undertaking a programme of work that might benefit from the type of project or research we fund 
  • Personal information submitted by an organisation to us
  • Personal information we require to process communications and applications
  • Personal information held within previous academic research journals and papers
  • Personal information made publicly available on websites and social media
  • Personal information you provide to us whilst we are working with you

The types of context where we may collect any of the information listed above include, but are not limited to, situations when you are:

  • Engaging with us during our reviews of the Children’s Social Care sector (“Sector Stakeholder”)
  • Working with us to review potential new project or areas of research and/or helping us to make decisions on whom to allocate resources (“Sector Stakeholder”)
  • Working on, or part of, a programme of work we think could benefit from a project or piece of research might would fund (“Delivery Partner”)
  • Part of an organisation applying to have a project or piece of research conducted and/or funded by us based upon a programme of work you have conceived, or are involved with, or wish to be involved with (“Delivery Partner”)
  • Part of an organisation applying to win a contract from us to undertake a project or piece of research with us, or be funded by us to undertake a project or piece of research according to a brief we have written (“Evaluator”)

Where you are working on a programme of work that is to benefit from a project or piece of research, we refer to the organisation(s) delivering the programme of work as a ‘Delivery Partner’. A Delivery Partner organisation may also receive funding from us to continue the programme of work. A Delivery Partner organisation may also be introducing a new programme of work as part of our project or piece of research so that we might conduct our project or piece of research based on the new programme of work. You may be referred to as a ‘Delivery Partner’ further through this document

Where you are working within an organisation expressing an interest or applying to undertake a project or piece of research, we refer to the organisation as an ‘Evaluator’. As such we have developed a “Panel of Evaluators”, a set of organisations Foundations partners with to conduct projects.

You may also be part of an advisory group or an industry expert or stakeholder (‘Sector Stakeholder’) providing us with opinion and/or further information as part our work to discover and review new projects and their allocation.

We will never process any personal information which you would not expect us to process when we are working with you.

2. Why we collect your information and what we use it for

There are many uses of personal information in our work for Discovery, Review and Allocation. The following uses of your information, unless specified further below, are relevant to all individuals involved. The lists are non-exclusive:

  • To identify you as a relevant individual 
  • To invite you to meet with us or attend an event we are holding either virtually or in person
  • To invite you to attend an industry event with us with the option of liaising with you to speak at an event either with us or on our behalf (this may also include speaking to the media for the purpose of publication including print, radio, and television)
  • To invite you to participate in a survey, panel, or poll we are conducting
  • To request and capture your opinions which will be used to inform our decisions in this area of work
  • To discuss thoughts and ideas around sectoral challenges and initiatives
  • To identify and review programmes of work undertaken in the children’s social care sector
  • To allocate you to a project or piece of research where you will be become a member of the Project Team
  • To record a podcast, webinar and/or video with us for purposes of creating promotional or sectoral awareness content which we will publish for public consumption (non-profit)
  • If applicable, for reference within an academic paper, journal or sectoral publication including print, radio, or television
  • To monitor your level of engagement with us
  • If applicable, to book and arrange transport and accommodation for you
  • To inform and discuss with you our intentions for archiving research generated data for future use
  • To associate you to a piece of work you have conducted
  • To interact about and for the development of a project idea, a call for projects, evaluators and research partners, an Expression of Interest (EOI) submission, an invitation to tender (ITT) document or submission, and/or a funding application or funding process
  • To maintain legal and ethical compliance measures 

Sector Stakeholders

  • To request your permission for involvement in an advisory group, committee, or industry ambassador programme we have created including but not limited to our:
    • Evaluation Advisory Group
    • Stakeholder Advisory Group
    • Panel of Evaluator Engagement Group(s)
    • Local Authority Engagement Group(s)
  • Sharing of your personal information for the encouragement of networking, idea generation and healthy debate, with other individuals in the same Sector Stakeholder groups as yourself (listed above) 
  • If applicable, to pay you for your time or services

Delivery Partner

  • To review applicability and eligibility for the implementation of a programme of work we have proposed that will be part of a project or piece of research we wish to conduct
  • To review applicability and eligibility of a programme of work already implemented (without our influence) for a project or piece of research we wish to conduct
  • To make decisions regarding allocation of resources, applicable evaluators, funding and timing for a project or piece of research based on information you have provided
  • To make our funders aware of a project and where applicable the individuals involved in the project (this may be the Department of Education)

Evaluator

  • To make decisions on your eligibility and applicability as an individual, collective or organisation, to conduct a project or a piece of research work in respect of a brief we have written
  • For the review of documents, you have submitted to us

3. Collecting your personal information

There are many ways we collect your personal information during our Discovery, Review and Allocationwork. These include, but are not limited to:

  • From publicly available sources including websites, social media, broadcast media, publications in print, radio and television, and academic or scientific publications
  • From sector related referrals (employees, Sector Stakeholders, Delivery Partners, Evaluators, current and past Project Team members, local or central government sources, our funders, our board of directors, sector related charities, schools, social workers, Higher Education Providers, Professors, researchers, data scientists, academics)
  • From yourself within online/telephone meetings and/or interviews 
  • From yourself within online or in person forums, panels, workshops, focus groups or sectoral relevant meetings or interviews
  • From yourself via online polling requests or surveys we have sent you which you have answered
  • From yourself when you communicate directly with us 
  • From your place of work to make initial contact with you
  • Within documentation you or a relevant organisation has submitted or provided to us 

4. Our lawful basis for using your data

Most frequently we will process your personal information on the basis of our legitimate interest as a Data Controller within our work for the benefit of society. There may be occasions where we have entered into a contract with you and therefore the lawful basis shall be upon the obligations of a contract in which you have agreed. There may also be occasions where our funder(s), most appropriately, the Department for Education shall instruct us in this work which will more likely be a task within the public interest, also known as “Public Task”.

5. How long we keep your data

We will only keep personal information for as long as it is needed to fulfill the purpose for which it was collected.

Where it has been indicated to us that an individual is no longer relevant, has changed role or organisation, or has requested to be forgotten, unless there is no other legal reason for retaining the personal information, we will update or delete the personal information as required. We review all lists at least on an annual basis.

Your personal information may be moved into Communications activities lists and therefore retained longer than may be anticipated – this is within our legitimate interest to do so, and all individuals have the ability to opt-out of such further communications at any time. 

Project Team

Read More

1. What personal information we collect

As an individual (data subject) working on a project in collaboration with Foundations or on a project that is funded by Foundations we will collect the following categories of your personal data (we work to only collect the minimum amount necessary). This list is non-exclusive:

  • Name(s), Email Address, Phone number
  • Job Title, occupation, place of work, employer
  • Areas of professional interests
  • Your CV, qualifications and relevant experience including any previously published work
  • Information held in past successful or unsuccessful funding applications
  • Information held on documentation created within a past project in which you were a member of a Project Team
  • Information captured in emails, surveys and communications
  • Information recorded in interviews we have with you

This information is also relevant to employees of organisations acting within the framework of being part of Foundations’ ‘Panel of Evaluators’ (a set of organisations Foundations partner with to conduct projects) and ‘Advisory Groups’ (groups of industry specific relevant stakeholders who advise Foundations in various capacities on projects Foundations is undertaking – either directly related to a project or informing the development of a project).

2. Why we collect your information and what we use it for

Within a Project Team, which includes all individuals (“Data Subjects”) involved in the life cycle of a project from idea inception to funding, conducting the project, writing, and printing the report through to completion and data deletion, we collect and process personal information for different purposes throughout. 

There are members of the Project Team that will be involved in activities around a project yet not involved in the delivery or activity of the project or piece of research itself. These Project Team member’s personal information will be used for the following reasons:

  • To interact for the development of a project idea, funding application and acceptance or rejection
  • To maintain legal and ethical compliance measures for a project
  • To communicate between stakeholders to assist and support the project technically, organisationally, or contractually
  • To liaise for the creation of documentation and reports including but not limited to any interim or final project reports as required
  • For setting up and conducting of individual or group conversations which are held digitally or in person
  • To make contact with individuals to address any challenges faced
  • To identify you in past project documentation if helpful to a live project

Where you are part of the Project Team that will deliver the aims of the project or piece of research and are involved in conducting the activities associated in the delivery of a project or piece of research, we use your personal information for the following reasons:

  • To review your applicability for being part of the Project Team that will deliver a project
  • To set up meetings, events, and communication activities relevant to the work within the project
  • To send you information and set up desired and possibly automated lines of communication to yourself for the duration of the project
  • To identify yourself as a relevant project stakeholder for project or research participants which may mean we share your direct contact details to relevant participants for the purpose of the smooth running of a project or to address any challenges faced
  • Where relevant and agreed, to make you identifiable on published documentation so you receive the required accreditation for the work you have conducted
  • To add credibility to project documents where you are a recognised authority in a particular field or subject which may in turn attract investment or good will for participation in the project
  • If relevant to the project, to conduct interviews, send and receive surveys and set up the ability to gain access to datasets in external locations and databases
  • To set up visits and access requirements to organisations, buildings or protected individuals
  • To run a Disclosure and Barring Service (DBS) application and processes if required for the project and share the outcome as required
  • To send or receive instructions from you in the pursuit of the objective of the project
  • To identify you in past project documentation if helpful to a live project
  • To monitor and review Equality, Diversity, and Inclusion (EDI) measures within the Project Team for non-discrimination under the Equality Act 2010
  • To monitor and review further personal characteristics as part of our internal equality and diversity monitoring measures in the sector and for the work we conduct

3. Collecting your personal information

Personal information will be captured within initial applications to Foundations where Foundations has advertised for applications from researchers and research organisations to conduct Foundations supported and/or funded research projects or other related projects. There are a variety of documents with personal data capture fields in which Project Team applicants must complete as part of the application and subsequent approval processes.

Once an application is successful, we will collect further Project Team member personal information from the individuals named in the initial application materials and communications, this is most likely collected over email. There may be times Foundations captures further personal information of Project Team members from publicly available websites and social media platforms.

Throughout the duration of a project there may be a further capture of personal information via documentation submitted, Certification Services, Disclosure & Barring Service (DBS) (if applicable), and any subsequent requirements by external websites and software which require further personal information as part of their functional processes. Foundations may or may not be responsible for collecting your personal information for requirements throughout a given project although it is likely that Foundations will collect this personal information so it may assist any processes that become required.

Foundations also retains a list of sector relevant stakeholders created from publicly available locations, websites, and social media, and made up of stakeholders Foundations has interacted with on a previous project or on an individual basis with a current Foundations employee. 

Individual Foundations employees may also maintain a professional relationship with you as a relevant industry stakeholder where there is a previously established relationship. Foundations will always confirm you are comfortable with your personal information being processed by Foundations where your data has been collected indirectly via an existing relationship with its employee.

You may volunteer personal information to Foundations which may or may not be related to a project in which you are involved which Foundations will record for awareness of future opportunities to work with you. Other ways Foundations will collect your personal information include, but are not limited to:

  • From yourself within online/telephone interviews 
  • From yourself within online workshop or focus group interviews 
  • From yourself via an online survey we have sent you or you have voluntarily answered 
  • From yourself when you communicate directly with us 
  • From your place of work to make initial contact with you 

4. Our lawful basis for using your data

In the lifecycle of a project one the following lawful basis for processing your personal information will apply and is dependent on how you interact with us:

  • Contract: Processing your personal information in accordance with a contract we have with you or the organisation you work for.
  • Legal: Complying with applicable law with regard to personal data necessary to satisfy our legal and regulatory obligations, including with regard to public health and workplace safety, entitlement to work and when applicable to conduct security checks for a project.
  • Legitimate Interest: In the processing of your personal information in relation to a project application, to set up project related activities and in the overall organisational, monitoring and management activities during a project. This includes moving your data to an internal stakeholder list for possible future collaboration and notifications.

5. How long we keep your data

We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.

Where it has been indicated to us that an individual in a Project Team is no longer relevant, has changed role or organisation, or has requested to be forgotten, unless there is no other legal reason for retaining the personal information, we will update or delete the personal information as required.

Personal information of Project Team members may be moved into Communications activities lists and therefore retained longer than may be anticipated for an individual project – this is within our legitimate interest to do so, and all Project Team members have the ability to opt-out of such further communications at any time.

Communications

Read More

1. What personal information we collect

There are a variety of ways and reasons we communicate with you which are outlined in sections 2 & 3 of this Privacy Notice. In order to achieve our objectives, we will collect one or more of the following categories of your personal data within the communications work we conduct:

  • Name(s), Email Address, Phone number
  • Job Title, occupation, place of work, employer
  • Areas of professional interests
  • Information captured in emails, surveys, sectoral polling and other communications with you
  • Opinions you have expressed to us which are relevant to a project objective
  • Publicly available personal information (e.g. from websites and social media platforms)
  • Social media handles and publicly expressed content

2. Why we collect your information and what we use it for

To complete the objectives of Foundations, communications are fundamental to its success. Communications work includes the gathering and dispensing of information for a variety of purposes. Using personal information is important to deliver on Foundations’s communications strategy.

The reasons we use your personal data for communications work, which will depend on how we capture your personal information, includes:

  • To send you information about online and offline events
  • To invite you to attend and/or register you for an online or offline event
  • To add you to the Foundations list of sector related stakeholders to receive communication from us once you have registered for an event or registered an interest via another source
  • To send you our newsletter and relevant ad hoc updates including latest news, blogs, programme updates, research projects, research publications, event details, recruitment and funding opportunities
  • To gather and use survey answers which you have completed
  • To identify if you are a relevant sector stakeholder from publicly available information on websites and social media accounts
  • Where you have been identified as a sector stakeholder, to invite you and to allow you to participate in interviews, forums, panels, focus groups, research reviews and research projects as a Research Participant or industry expert
  • To transcribe audio captured from any recorded interviews, workshops or focus groups we have with you as a participant
  • Quoting you in documentation where we have found your information from publicly available sources 
  • Gaining permission from you to use a quote you have provided in communication with us
  • To gather opinion from you on the work and activities we are conducting
  • To request referral to other sector relevant stakeholders you may have awareness of
  • To make contact with you where we have identified a match to your skillset and/or opinion to a particular project and invite further consultation
  • To identify you in our data lists and take any required actions where we have received a data subject rights request from you
  • To understand and if appropriate take action where Foundations is under any legal or regulatory obligations regarding the uses of your data
  • To use in promotional collateral and material as still images or videos where we have either sought your permission to do so or you have verbally agreed have an ad hoc photo taken or to participate in an on-camera interview at a Foundations event you are attending (you may appear in the background and be recognisable)
  • To allow for accessibility and dietary needs/requirements at our events
  • To improve upon previous communications work and activities, to develop capacity and the ability for Foundations to perform its service to society

If you no longer want to receive marketing communications from us, you can unsubscribe from our mailing list at any time by please clicking the unsubscribe link, at the bottom of our emails or by emailing dpo@theevidencequarter.com detailing your name and email address and indicating that this is in relation to the unsubscribing.

3. Collecting your personal information

Collection of your personal information within communications work will be via one or more of the following:

  • When you register or sign up for the Foundations mailing list, events, newsletters or publications on our website or via direct contact from yourself
  • When you complete a Foundations survey which may be on the Foundations website, via a link we have sent you in an email or direct message, a link to a survey that has been sent on our behalf via an email or other industry newsletter or forum, or a link to the survey from an external website or social media platform
  • When we communicate with you to request direct feedback from you which may be via email, direct message, unified communications or social media platform
  • From your posts on our website or on social media platforms directed to us or publicly available
  • During our work to monitor content and communications with us via each of the platforms and technologies we employ in our communications work
  • We collect information from publicly available sources and from individuals who have made us aware of yourself where we have identified you as a relevant sectoral stakeholder
  • From events location/space service providers to accommodate for any needs or requirements
  • When we record you at an event either foreground or background depending on the circumstances of the recording taking place (we will also provide a Privacy Notice at the events location)
  • External event registration locations
  • Where relevant, when we take payment from you

We use third party providers to deliver our e-newsletters, manage event registrations and sign-ups, edit and possibly transcribe recorded footage and to take payments where required. These third parties gather further personal information on behalf of Foundations in conjunction with their services to Foundations. 

We also gather statistics around email opening, clicks, event attendance, engagement levels and events management using industry standard technologies to help us monitor and improve our communications work.

Foundations maintains Data Processing Agreements with all third-party providers where personal data is being collected and processed on Foundations’ behalf.

4. Our lawful basis for using your data

We process personal information for our communications work based on different legal bases:

  • Legitimate Interest: We may rely on our legitimate interests to process your personal data, provided that such interests are not overridden by your interests, fundamental rights, or freedoms. In particular, we may process your personal data with reliance on a legitimate interest where we have identified you as a relevant stakeholder in the Higher Education sector and in the effective and lawful operation of our businesses, maintenance of our relationships with collaborative organisations, and the effective delivery of information and services we may provide to you. We may have other legitimate interests and, if so, we will make clear what those interests are at the relevant point in time.
  • Consent: We may rely on the consent that you provide us at the point of collection of your personal data to use such information for the purposes outlined herein. For example, you may have agreed to receive marketing materials such as our electronic newsletters (you are able to opt-out or unsubscribe at any time).
  • Public Task: From time-to-time when we carry out communications activities, we may have to process personal data to perform a task that’s in the public interest or in the exercise of a Foundations funder’s official authority.
  • Legal: We may process your personal data if necessary for us to comply with a legal obligation arising under an applicable law to which we are subject.

5. How long we keep your data

We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.

If you have provided consent for us to use your information for our communications work, we will retain your information until you have not interacted with our communications for at least a year at the time we conduct our annual audit of our communications lists or until you withdraw that consent, whichever is earliest. Where we have not relied on consent for the processing of your information, where you indicate to us you no longer wish for us to retain your information, we will delete your information.

We review all Communication’s activities lists on an annual basis and delete, update or request confirmation of accuracy of data and/or preferences where appropriate or required. 

Events

Read More

1. What personal information we collect

When we reach out to you about our events, we will collect one or more of the following categories of your personal data within the event organisation and follow-up work we conduct:

  • Name(s), Email Address, Phone number
  • Job Title, occupation, place of work, employer
  • Areas of interest 
  • Opinions you have expressed to us which are relevant to an event 
  • Publicly available personal information (e.g. from websites and social media platforms)
  • Social media handles and publicly expressed content
  • Videos of you where you are in the background when you attend an in-person event we are recording
  • Videos of you or Podcasts recordings of you where you are acting as a speaker for our work or being interviewed on or off camera either as an invited guest or as an attendee of an event Foundations is holding
  • Accessibility and/or dietary needs/preferences (in relation to events management)
  • If applicable, payment details managed by a third-party payment provider

2. Why we collect your information and what we use it for

To complete the objectives of Foundations, events are fundamental to its success. Event communications is important to deliver on Foundations’ social outreach strategy.

The reasons we use your personal data for events work, which will depend on how we capture your personal information, includes:

  • To send you information about online and offline events
  • To invite you to attend and/or register you for an online or offline event
  • To manage your data in context of an event which may mean taking payment, alerting you to issues, reviewing your application to the event and sending you updates about the event
  • To add you to the Foundations list of sector related stakeholders once you have registered for an event, to receive communication from us or registered an interest from another source
  • To transcribe audio captured from any recorded interviews, workshops or focus groups we have with you as a participant
  • To gather opinion from you on the event activities we are conducting
  • To understand and if appropriate take action where Foundations is under any legal or regulatory obligations regarding the uses of your data
  • To use in promotional collateral and material as still images or videos where we have either sought your permission to do so or you have verbally agreed have an ad hoc photo taken or to participate in an on-camera interview at a Foundations event you are attending (you may appear in the background and be recognisable)
  • To allow for accessibility and dietary needs/requirements at our events
  • To improve upon previous communications work and activities, to develop capacity and the ability for Foundations to perform its service to society

If you no longer want to receive event communications from us, you can unsubscribe from our mailing list at any time by please clicking the unsubscribe link, at the bottom of our emails or by emailing dpo@theevidencequarter.com detailing your name and email address and indicating that this is in relation to the unsubscribing.

3. Collecting your personal information

Collection of your personal information within events work will be via one or more of the following:

  • When you register or sign up for the Foundations events on our website or via direct contact from yourself
  • When we communicate with you to request direct feedback from you which may be via email, direct message, unified communications or social media platform
  • From events location/space service providers to accommodate for any needs or requirements
  • When we record you at an event either foreground or background depending on the circumstances of the recording taking place (we will also provide a Privacy Notice at the events location)
  • External event registration locations
  • Where relevant, when we take payment from you

We use third party providers to manage event registrations and sign-ups, edit and possibly transcribe recorded footage and to take payments where required. These third parties gather further personal information on behalf of Foundations in conjunction with their services to Foundations. 

We also gather statistics around email opening, clicks, event attendance, engagement levels and events management using industry standard technologies to help us monitor and improve our communications work.

Foundations maintains Data Processing Agreements with all third-party providers where personal data is being collected and processed on Foundations’ behalf.

4. Our lawful basis for using your data

We process personal information for our events work based on different legal bases:

  • Legitimate Interest: We may rely on our legitimate interests to process your personal data, provided that such interests are not overridden by your interests, fundamental rights, or freedoms. 
  • Consent: We may rely on the consent that you provide us at the point of collection of your personal data to use such information for the purposes outlined herein (you are able to opt-out or unsubscribe at any time).
  • Public Task: From time-to-time when we carry out events activities, we may have to process personal data to perform a task that’s in the public interest or in the exercise of a Foundations funder’s official authority.
  • Legal: We may process your personal data if necessary for us to comply with a legal obligation arising under an applicable law to which we are subject.

5. How long we keep your data

We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.

If you attend one of our events, we will use your information for the purpose of the event and will only contact you for any other purpose if you have said we can. We will retain your personal information collected for the purpose of the event for 3 years for evaluation and organisation development purposes to help us understand our audience and reach, and to improve future events.

We review all Communication’s activities lists on an annual basis and delete, update or request confirmation of accuracy of data and/or preferences where appropriate or required. 

On some occasions, webinars and events may be recorded and published onto YouTube or equivalent video-sharing website.

Visitors

Read More

1. What personal information we collect

To accommodate your visit to our offices we will process the following categories of personal information:

  • Name(s), Email Address, Phone number
  • Job Title, occupation, place of work, employer
  • Information that may aid accessibility needs including any relevant special categories of information (“Health Data”)
  • Reason for visiting
  • Areas of professional interest
  • Information recorded in interviews we may have with you
  • Time of entry and exit, and duration of visit
  • Recorded footage of you (where we are video recording a live event)
  • CCTV footage of you

2. Why we collect your information and what we use it for

When you visit the Foundations offices we will use your personal information to register you at the reception of our building who will log entry and exit times as part of building security measures. 

You may be asked to write your name and further details into a visitors’ book by building entrance staff and you will be captured on CCTV cameras during your visit which is also for security and monitoring purposes.

Your personal information will be limited to those who you would expect to know of your visit and where you voluntarily interact with other employees of Foundations whom you meet, or other event attendees. 

Your personal information will also be stored in an electronic calendar application and used as a lookup to understand arrival and departure times and to identify when you last visited. 

Should you be visiting for an event at our offices we may produce name badges for ease of identification by ourselves and others in attendance, and we may make a video recording (filming) of the event where you may be in the background. We may ask you to be in the foreground of a video recording of an event i.e., conduct an ad hoc interview with you or record you asking a question to a panel member.

You are under no obligation to be in the foreground of any filming we do at an event, and we will inform you of recording taking place so you are able to move to a location where you do not appear in the background of any filming should you not wish. 

Please do let us know either before, during or after a filmed event if you no longer wish to be recognised within a recording and we shall endeavour to remove or obscure the image so you would not be identifiable on any recordings we have made.

3. Collecting your personal information

Office visitor information will be collected via email from yourself or the individual that has arranged your visit on your behalf or via a third party which we will pass on to building management so they can communicate your arrival to us. Your personal information will also be collected from you when you add your details to a building management visitors book.

If you are visiting the Foundations offices to attend an event you may be asked to write your personal information on a name badge/sticker and you may be filmed, should we be recording the event as part of our Communications work (see the Communications section above). 

4. Our lawful basis for using your data

We process the personal information of visitors to our offices based on the legitimate interest of the data controller (Foundations).

5. How long we keep your data

We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.

Your personal information shall be retained within digital email calendars and subject to archiving processes conducted on an ad hoc basis. Name badges will be destroyed when you leave the premises. The ID that is requested to be shown at the building front desk is for verification purposes only and we don’t record this information. 

Closed-circuit television (CCTV) operates inside and outside the building for security purposes. The information is viewed by the building security company on a live feed and may be recorded at the discretion of the provision of security services supplied by the building we occupy.

When we provide you Wi-Fi on site for the use of visitors. We’ll provide you with the login details. We record the device address and will automatically allocate you an IP address whilst on site. We also log traffic information in the form of sites visited, duration and date sent/received. This information is retained for a reasonable period of time to monitor the security of Wi-Fi use when onsite.

We sometimes record audio and video of training sessions delivered by external training providers. We don’t do this without the prior agreement of the training provider and no recordings are shared outside of the Foundations. Training recordings will be deleted when they are of no subsequent use to Foundations and its staff.

Suppliers

Read More

1. What personal information we collect

The type of personal information we collect from you will depend on the context in which we interact with you. In general, this will include, but is not limited to:

  • Name and job title
  • Contact information including the company/organisation/institution you work for, telephone numbers and email addresses, where provided
  • Payment information
  • Information that you provide to us as part of us scoping or providing services to you or working with you as partners on a project (or as part of you providing services to us if you are a supplier), which depends on the nature of the work
  • Relevant information as required by any applicable Know Your Client and/or Anti-Money Laundering regulations (which may include request for identity information such as passports and information collected from publicly available sources e.g. Companies House)

2. Why we collect your information and what we use it for

We use your personal information in the context of you or the organisation you work for providing a service to us. Personal information will be used for the following purposes (the list is non-exclusive):

  • Review your applicability to provide your services to us
  • Conduct business operations with you
  • Request feedback from you
  • Conduct Equality, Diversity and Inclusion monitoring activities
  • Resolve queries or complaints
  • Provide you access to digital or physical infrastructure as appropriate
  • Prevent or detect fraud or money laundering including fraudulent payments and fraudulent use of our services
  • Establish, defend, or enforce legal claims or regulatory investigations
  • Process your invoice or grant claim and its payment
  • Contact you to agree on a contract or a purchase order with you
  • Process the payment of invoices, expense claims or grant claims

3. Collecting your personal information

We have gathered your information in one or more of the following ways (the list is non-exclusive):

  • When you have approached us to become supplier
  • An industry or business event we are both attending 
  • When you or the organisation you work for has submitted a proposal to become a supplier and/or entered into a contract of work with us
  • Where it is given to us by one of our business partners or related associates or employees
  • Publicly facing websites including social media during our review of applicability to provide a service to us
  • When you communicate with us or submit information via our website
  • Referral from an organisation you already act as a supplier

4. Our lawful basis for using your data

Processing your (“Data Subject”) personal information is necessary for the performance of a contract to which you are a party, or in order to take steps at the request of the Data Subject prior to entering into a contract.

5. How long we keep your data

We will only keep personal information for as long as it is needed to fulfill the purpose for which it was collected.

Recruitment

Read More

1. What personal information we collect

Where you have applied for a job, work experience, fixed term contract, secondment or internship with us we will collect the following. This list is non-exclusive:

  • Contact details such as name, title, addresses, telephone numbers, and personal email addresses
  • Preferred method of contact
  • Copies of driving licence, passport, birth certificates and proof of current address, such as bank statements and council tax bills
  • Notice period, preferred start date,
  • Evidence of how you meet the requirements of the job, such as application forms, CVs, covering letters, references, assessment outputs, employment history, academic qualifications/history, professional training/certifications, skills, and work experience or internships
  • Evidence of your current and/or future work eligibility status, immigration status, including visa type, and visa expiry date 
  • Diversity and equal opportunities monitoring information – this can include information about your race or ethnicity, religious beliefs, sexual orientation, disability and other ‘special category data’ information about your health, including any medical needs or conditions
  • Other information required for some applications
  • If you contact us regarding your application, a record of that correspondence including, but not limited to, the content and attachments of emails
  • Details of your use of our recruitment tools and services, such as your candidate profile, the source of your application, the date/time, the role(s) you applied for, salary history/expectations, alerts for vacancies, the status of your application and updates on how it moves forward
  • Derived data about you, that is, data that includes our staff’s opinion of you such as, but not limited, to the stages you complete of the recruitment process and those you do not, records of interviews, interview notes/feedback, assessment feedback, rejection stage, rejection reason, and job offer details

We may also collect, store and use the “special categories” of more sensitive personal information including, but not limited to:

  • Information about your physical or mental health, or disability status
  • Information about your health and medical conditions for health and safety reporting purposes
  • Criminal records information
  • Personal information related to the Equality Act 2010 inclusive of data known as ‘Protected Characteristics’ (age, disability, gender reassignment, marriage or civil partnership (in employment only), pregnancy and maternity, race, religion or belief, sex, sexual orientation)
  • Personal information related to our internal equality and diversity monitoring policy (geographical location, organisation, socio-economic class, caring responsibilities, educational background)

2. Why we collect your information and what we use it for

We use your personal information in the recruitment process for employment, work experience, fixed term contract, secondment or internship at Foundations in the following ways:

  • To reply to you about the position you have applied for or inquired about
  • To approach you as a good fit for employment, work experience or internship
  • To check you are the right candidate for the role
  • To move your application forward including making changes in applicant tracking systems or dedicated recruitment-based software and websites
  • To receive a reference from a sectoral relevant individual where they have gained permission from you to be introduced to us
  • To send you notifications for other job, work experience or internship vacancies
  • To inform you about the status of your application
  • To invite you to participate in relevant surveys, questionnaires, research projects and events where your profile has been identified relevant to research work, we are conducting (we will never share or sell your personal data and we will never include you in research participation where we have not gained your permission to do so)
  • With permission, retain your personal information for longer statutory requirements where you have not been successful but would like the opportunity to invite you to apply again in the future

Please be reassured that Foundations limit access to your recruitment personal data to those who have a genuine need to access it:

  • the HR/people team
  • the recruiting manager for the role in question
  • interviewers/assessment reviewers for the role in question
  • the director of the team where the role in question sits
  • the director of finance and resources who has final authority for appointment (note that there may be overlap between the people in those positions)

We maintain a reserve list of candidates who met our requirements but were not successful in securing the specific post they applied for. We’ll ask for your permission to be added to this list. We will refer to the list when other roles are advertised and will contact you if you match the role. We will ask for your permission before putting you forward for the role.

If you are successfully recruited, we will upload your details to our HR system. We will also share your data for statistical analysis (it will be anonymised first) if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

For the purposes of reporting on and improving the effectiveness and efficiency of our recruitment systems and processes, we may retain a handful of personal data points about you (the source of your application, the stage you reached in the process, and the overall reason you were rejected), however, none of these data points are personally traceable to you.

3. Collecting your personal information

We have gathered your information in one or more of the following ways:

  • Via publicly available sources such as social media, where we have identified you as an individual we would like to approach as a good fit for employment, work experience or internship at Foundations
  • From a reference of a sectoral relevant individual where they have gained permission from you to be introduced to us
  • From a Higher Education Provider (HEP) such as a college or University who has recommended you to us
  • From a current or former employee where they hold a previously established relationship with you and sharing your personal information with Foundations would not be unexpected
  • From yourself via a recruitment web advert we have developed which may also mean we have received your personal data via a recruitment platform or website
  • From a recruiter, recruitment agency or other applicant tracking system or recruitment website
  • From yourself when you have participated in a survey or questionnaire as a research participant and we have identified you as a potential candidate for employment, work experience or internship at Foundations
  • From yourself where you have responded to an advert on our website, completed our contact us page on our website or sent an unsolicited prospective email to us
  • We also use platforms such as LinkedIn, Indeed, CV Library and others where we may have identified you as a potential candidate for employment, work experience or internship at Foundations
  • From publicly available websites and social media platforms
  • From former employers and people named by candidates as references
  • Where relevant, the Disclosure and Barring Service (DBS)
  • If relevant to the role, Government departments or other relevant and related institutions.

4. Our lawful basis for using your data

We process personal data throughout the recruitment application process based on different legal bases:

  • Contract: Processing your data is necessary to move your application forward before signing a contract of work. This concerns employment or pre-employment checks.
  • Legal: Complying with applicable law with regard to personal data necessary to satisfy our legal and regulatory obligations, including with regard to public health and workplace safety, entitlement to work and when applicable security checks.
  • Legitimate Interest: Evaluating your application and to manage our relationship with you, to ensure that we recruit appropriate employees, and to evaluate and maintain the efficacy of our recruiting process more generally. We will also process your personal data to invite you to participate in projects which may be, or similar to, surveys, questionnaires, events, interviews or other research projects where the work we are conducting is for societal benefit.
  • Public Task: When we carry out National Security vetting for some roles, we have to process personal data to perform a task that’s in the public interest or in the exercise of a Foundations funder’s official authority.
  • Consent: If we offer you the opportunity to participate in our optional recruiting programs or if we collect sensitive personal data for legally permitted purposes other than compliance with our legal obligations regarding public health and workplace safety. We will ask for consent from you where you are not successful, and we want to retain your personal information for longer than 6 months. Also, for us to send you surveys, questionnaires, information about events, interviews or other research project opportunities where the work we are conducting is for societal benefit.

5. How long we keep your data

We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.

We will store your information for the duration of the recruitment process. Where you have not been successful, we shall retain your personal data for up to 6 months in accordance with the UK Limitation Act 1980. We will only retain your personal data longer than 6 months where we have gained your permission to do so. 

If you have been successful in the recruitment process, we will provide you with an Employee Privacy Notice outlining the retention period of your personal information.

Website

Read More

1. What personal information we collect

When you visit our website, we will collect the following information about you:

  • Information about the device used to access our website, your visits and use of the website including your IP address, internet log information, location, browser type and version, referrer and activity, and details of visitor behaviour patterns
  • We record your activity and preferences when visiting our website through the use of cookies (see “Cookies”, below)
  • IP address, operating system and browser information

2. Why we collect your information and what we use it for

The personal information we collect when you visit our website goes toward helping us:

  • Monitor the website and keep it secure, it helps us understand how we might improve the website through numbers of visits, visitor patterns and behaviour
  • Promote and develop services and grow our organisation
  • Run our organisation, provide administration and IT services, ensure network security, and prevent fraud
  • Collect information to understand more about our stakeholders’ interests and preferences and to inform our marketing strategy
  • To keep our website updated and relevant, to develop our organisation, and to inform our marketing strategies
  • To add you to Communications activities lists where you have indicated your consent for us to do so
  • Answer any enquiries you submit to us via the website inclusive of information submitted via the Foundations Speaker Request Form

Cookies we use tell us how you use the site and what pages you have visited. 

3. Collecting your personal information

We collect data about you from your device and via third-party website analytics services such as Google Analytics and cookies (see below) when you visit our website. We do not make, and do not allow our Google Analytics settings to make, any attempt to find out the identities of those visiting our website.

This website includes embedded content (e.g., videos, images, articles, etc.) from other websites and links to external websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow other parties to collect or share data about you. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. We do not control these external websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit. 

Cookies

As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies to enhance your experience of our website.

Our website uses cookies for collecting user information which may include IP address, operating system, and browser information. We use persistent cookies to track returning visitors. They expire after 12 months and enable us to compare website traffic from month to month.

Cookies are text files, which identify a user’s computer to our servers. Cookies in themselves do not identify the individual user, just the computer used. You can learn more about cookies by visiting http://www.allaboutcookies.org/.

You can manage and delete cookies through your web browser. Each browser manages cookies differently, but you can learn more about cookie settings in the most common browsers using the links below:

You can also prevent your data from being used by Google Analytics by using the Google Opt-out Browser Add-on, available at this link.

4. Our lawful basis for using your data

We process the personal information of visitors to our website based on our legitimate interest as the data controller. 

We request your consent for adding your personal information to our Communications activity lists where you have provided your information via a form on our website. You are able to opt-out of receiving communications from us by emailing us on dpo@theevidencequarter.com or by selecting the ‘unsubscribe’ preference we include on each marketing email we send.

We also request for consent for the use of cookies when you first visit our website. You can opt to refuse cookies that are not necessary, and you are able to update cookie collection preferences through browser settings (see Cookies in Section 5).

5. How long we keep your data

We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.

Depending on your reason for visiting the website and how you decide to interact with our website will determine the amount of time we retain your personal information outlined above. You are able to delete Cookies (please see section 3).

Please review the sections that are relevant to yourself within each part of this this Privacy Notice within which we outline what personal information we collect, why we collect it, how we collect it, where we get it from, what we do with it, our lawful basis for using it, how we store it, who we share it with, how long we keep it, what rights you have, how to complain and how to contact us.

This Privacy Notice does not create any contractual rights or obligations. We may change this privacy notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on the website or by contacting you directly.

If you have any questions about this Privacy Notice or any Data Protection related matters relevant to Foundations you can send an email to our Data Protection Officer: dpo@theevidencequarter.com 

You can find our appropriate policy document for the use of special category data here.

Our contact details

Name: Foundations, the national What Works centre for children & families

Address: The Evidence Quarter, 4th Floor, Albany House, Petty France, London, SW1H 9EA

Email: dpo@theevidencequarter.com 

Security, Storage and Sharing of your data

We take the security of your information very seriously and have put physical, technical, operational, and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.

We use Google Workspace & Google Cloud Platform for the secure storage of personal information processed by us. Through the use of Google services, the organisation is able to provide a high level of security around the storage of highly sensitive personal data which is captured within a high variety of our activities. You can find further security and compliance information in the Google Compliance Resource CentrePrivacy Resource Centre and the Google Cloud & the GDPR pages.

Your personal data may also be stored with specific third-party services for the minimum period necessary to perform activities with your personal information. Each third-party is subject to contractual and security reviews to ensure adequate and comparative levels of security, we’d expect for ourselves, is provided for the data they process on our behalf. 

The types of third-party providers we use include:

Where appropriate, we may share your personal information with our professional advisers including our lawyers and auditors, project partners, industry experts, peers (of a group you are involved in as a Sector Stakeholder), and local and central government departments where it is strictly necessary. It is also possible that we may be required to share your data to comply with applicable laws or with valid legal processes, such as in response to a court order.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded by implementing at least one of the following safeguards:

Research Participants may have specific differences to how personal information is secured, stored and shared compared to our activities with other data subject’s personal information. 

Cookies

As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies to enhance your experience of our website.

Our website uses cookies for collecting user information which may include IP address, operating system, and browser information. We use persistent cookies to track returning visitors. They expire after 12 months and enable us to compare website traffic from month to month.

Cookies are text files, which identify a user’s computer to our servers. Cookies in themselves do not identify the individual user, just the computer used. You can learn more about cookies by visiting http://www.allaboutcookies.org/.

You can manage and delete cookies through your web browser. Each browser manages cookies differently, but you can learn more about cookie settings in the most common browsers using the links below:

You can also prevent your data from being used by Google Analytics by using the Google Opt-out Browser Add-on, available at this link.

Your data protection rights

You have the following rights in respect of your personal data:

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at dpo@theevidencequarter.com if you wish to make a request.

How to Complain

We kindly request you allow us the opportunity to address your complaints when they arise.

If you have any concerns about our use of your personal information, you can make a complaint to us by contacting dpo@theevidencequarter.com 

You can also complain to the UK Information Commissioner’s Office (ICO) using the details below if you are unhappy with how we have used your data. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

The ICO’s address:   

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Last update to this Privacy Notice

This Privacy Notice was last updated in June 2023.

Project & Research Privacy Notices

Foundations maintains access to all research projects and research privacy notices to maintain transparency and accountability for each research project. Please see the relevant project which can be found by typing the name of the project into the Website search box above. Alternatively, you can send us a message at dpo@theevidencequarter.com