Your personal data is data which by itself, or with other data available to us, can be used to identify you. The Centre for Information Resilience,takes the protection of your personal data and its confidential treatment extremely seriously. By means of this data protection notice, we wish to inform you of how your personal data is processed and protected and about your data protection rights.
Who is responsible for your information
The data processing controller is:
The Centre for Information Resilience
Should you have any queries or concerns in relation to data processing, please feel free to get in touch with us at firstname.lastname@example.org
The information that we collect about you
We may collect and process the following information about you:
Information that you give us: This is information about you that you give to us by filling in forms or corresponding with us by telephone, post, email, or otherwise. It may include, for example, your name, email address, and telephone number; your age, gender, and location or; information about your professional role and organisational affiliations. It may also include data contained in files that you provide to us when you upload them via our online submissions form.
Information that our website and other systems collect about you:
If you exchange emails, telephone conversations, or other electronic communications with our employees and other staff members, our information technology systems, such as our email provider, will record details of those conversations
Other information: We may also collect some information from other sources.
If we have a business relationship with the organisation that you represent, your colleagues or other contacts may give us information about you such as your contact details or details of your role in the relationship.
We may collect information from third-party data providers or publicly available sources for anti-money laundering, background checking, or similar purposes, and to protect our organisation and comply with our legal and regulatory obligations.
The uses that we make of your information
We only collect and process your personal data if we have a legal basis which include:
Legitimate interest. We process your personal data based on our legitimate interests in communicating with you and managing your interactions with you.
Compliance with applicable laws or performance of a contract. We process your personal data as necessary for the performance of a contract or as necessary for us to comply with a relevant legal obligation (e.g. where we are required to make disclosures to courts or regulators.)
Public interest. We process your personal data for the performance of a task carried out in the public interest (e.g. if you submit data relevant to ongoing investigations into human rights abuses in certain countries)
Consent. In limited circumstances, we will use your consent as the basis for processing special categories of information or prior to sending you electronic communications.
We may use your information for the following purposes:
To undertake research in accordance with our objectives as a community interest company
To operate, manage, develop and promote our organisation, including managing and administrating events, resources, and other services we may provide to you
To manage and process inquiries and other interactions with you
To operate our website and understand its use for statistical and security purposes and to improve its functionality and use
to protect our organisation from fraud, money-laundering, breach of confidence, theft of proprietary materials, and other financial or business crimes;
to comply with our legal and regulatory obligations;
sending you information you have requested or consented to receive, such as reports or information regarding relevant activities
To consider you for a vacancy
We will tell you, when we ask you to provide information about yourself if the provision of the requested information is necessary for compliance with a legal obligation or, on the other hand, if it is purely voluntary and there will be no implications if you decline to provide the information. Otherwise, you should assume that we need the information for our organisation or compliance purposes (as described above). If you are uncertain as to our need for information that we requested from you, please contact the representative asking for the information, or contact us (see below), with your query.
If we are using your sensitive personal data (including personal data relating to your racial or ethnic origin, political, religious, and philosophical beliefs, trade union membership, sexual orientation, or health, we will only do so with your explicit consent or, if otherwise, only to the extent permitted by applicable law.
Disclosure and third parties
We may disclose personal information about you, where reasonably necessary for the various purposes set out above:
to service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under strict conditions of confidentiality and security;. We operate security protocols to varying degrees of stringency, depending on the sensitivity of client information. If you have security concerns, contact us to discuss this.
to a person who takes over our organisation and assets, or relevant parts of them; or
in exceptional circumstances:
to competent regulatory, prosecuting, and other governmental agencies, or litigation counterparties; or
where we are required by law to disclose
where we have stated or informed your otherwise
We may share our research, which may contain personal data, with third parties we have engaged on a project where it is necessary for our legitimate interests (or those of a third party) and the data subjects’ interests and fundamental rights do not override those interests
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will not sell any of your personal data to any third party. Nor will we pass on your personal data to any third party for the purpose of marketing unless we have obtained your consent to do so.
Security and International Transfers
We will take all reasonable steps to protect your personal data. However, the Internet is global and no data transmitted via the Internet can be guaranteed by us to be completely secure during transmission. We cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default
It is possible that the information you provide will be passed outside of the EU, for example where CIR officers, agents,, suppliers or subcontractors involved in data processing for the purposes described above are based overseas. In these cases, we will ensure that our arrangements with them are governed by data transfer agreement, contractual compliance or further safeguards designed to ensure your personal information is protected.
Retention and deletion of your information
We will delete the information that we hold about you when we no longer need it. How long we retain your personal data depends on the purpose for which it was obtained and its nature. We will keep your personal data for the period necessary to fulfil the purposes described in this Statement unless a longer retention period is permitted or required by law. In specific circumstances, we may store your personal data for longer periods of time, for example where your data is being used for the purpose of documenting possible human rights violations and relevant legal proceedings are planned or ongoing.
Are we responsible for the websites to which we link?
We do not endorse and are not responsible for the content of third-party websites or resources, and our privacy statement does not apply to any sites that are not affiliated with CIR, even if you access them via a link on our site. You should review the privacy policies of any third-party site before providing any information.
You have a right of access to the personal information that we hold about you, and to some related information, under data protection law. You can also require any inaccurate personal information to be corrected or deleted. You may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances.
If you wish to exercise any of these rights, please Contact us as set out below. You can also lodge a complaint about our processing of your personal information with the Information Commissioners Office.
We welcome questions, comments and requests regarding this privacy statement and our processing of personal information. Please send them to email@example.com
Changes to this policy
Any changes we make to this privacy statement in the future will be posted to our website and also available if you contact us.
Please check back frequently to see any changes.