Privacy policy
How we collect, use and share your personal data.
Introduction
Research in Practice is part of the National Children’s Bureau, which is registered in England and Wales (company number 952717 and subsidiary NCB RiP 15336152) and a charity (258825). The registered office is located at National Children’s Bureau, 23 Mentmore Terrace, Hackney, London E8 3PN. A Company Limited by Guarantee. To view NCB’s privacy notice, please click here
Glossary
- Partner: an organisation with a contract with us permitting significant access to our services and content.
- Link Officer: an individual at a Partner organisation who acts as a primary point of contact (and a Data Controller under applicable law) during the paid contract.
- Record of Engagement: a Partner organisation's recorded activity, used for reporting to Link Officers to illustrate value for money during a paid contract.
- Individual Subscriber: an individual who subscribes to limited services and content.
- Public Account: a website profile created by an individual with no affiliation to a Partner organisation. This is a free use account with limited features.
- Data privacy law scope
Data collection
We will collect basic personal data about you, including:
- name
- work address, phone number and email
- job title, department and company
- images (with additional consent)
- video (with additional consent)
- audio (with additional consent)
- email correspondence and CRM notes
On occasions or following a commission we may also need to collect and store special categories data that includes sensitive personal information about your health or medical conditions. We will only do this if it is necessary, and if we need your consent we will ask you for it, or via a data controller in your organisation.
Lawful basis for processing
Partners and Individual Subscribers
If you are a member or employee of a Partner organisation, or you have been nominated by a member organisation to have an account, we need your personal data to fulfil our contractual relationship, and we therefore rely on contractual obligation as our lawful basis to process your personal data.
Public Accounts
If you have created a Public Account, we will only collect and use data you provide. We rely on legitimate interest to process such data.
Commissions
For a commission we have a legitimate right to process your information, such as providing event attendance or research.
Change of purpose
We will only use your personal data for the purposes for which it is collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you to explain the legal basis which allows us to do so or request your consent.
Photography, video and audio
We capture photography, video and audio to deliver and promote our services. This data can contain personal information. All photography, video and audio recordings seek consent from participants at the point of capture, which is kept on record. This includes parental consent where children and/or young people are involved.
Recording online events
We will let you know when we are recording an online event by including a statement in the joining instructions. This statement will also include the implications for your personal data. Recorded events may be displayed on the Research in Practice website and/or microsites. The name that delegates submit to the platform will be displayed, as will any video feed or comments that you share during the webinar. By taking part in a recorded webinar, you are accepting that the information that is displayed will be recorded.
Who processes my data?
All data we hold about you will be processed by our staff and approved third party contractors (sub-processors). Third party processors are required to take appropriate security measures to protect your personal data in line with our policies and act only under our instruction. They do not have permission to use your data for their own purpose without your prior consent.
Data retention
We will only retain your personal information for as long as necessary to fulfil the purpose/s it was collected for, including satisfying any legal, accounting, or reporting requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your rights of access, correction, erasure and restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and up-to-date. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a 'data subject access request'). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. You may also request for supplementary information to be added to your information where relevant and appropriate.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In circumstances where you may have provided your consent to the collection and use of your personal information for a specific purpose, you have the right to withdraw your consent for that processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose/s you originally agreed to, unless we have a legitimate basis for doing so in law.
Contact us
If you have any questions, comments or information requests regarding this privacy notice or data processed by Research in Practice in accordance with the General Data Protection Regulation (GDPR), National Children’s Bureau have a Data Protection Officer to oversee data protection compliance and you can contact them at DataProtection@ncb.org.uk.
Changes to this privacy policy
We reserve the right to update this privacy policy at any time, and we will notify you if we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.