Friends of Imperial College (Friends) respects your privacy and is committed to protecting your personal data. This privacy notice will:

  • inform you as to how we look after your personal data when you visit our websites;
  • tell you about your privacy rights;
  • tell you how the law protects you.

Friends is the controller for the personal information we process, unless otherwise stated.

There are many ways you can contact us, including by phone, email, social media and post. More details can be seen on our contact page. (we should have a contract page)

Personal data we collect

We collect data that you provide directly to us, through your interaction with Friends, how you use our website, and how our website performs. This may include personal data.

Personal data, or personal information, means any information related to an individual. It does not include data where the identity has been removed to make it anonymous, for example where we aggregate information for reporting purposes.

We may collect, use, store and transfer different categories of personal data which we have listed below:

  • Identity data - includes first name, last name, title, username and your Internet Protocol (IP) address.
  • Contact data -includes postal address, email address and telephone numbers.
  • Communication information - your communication preferences along with records of communications and interactions we have had with you
  • Transaction data -includes details about payments to and from you and other details of membership and events you have purchased from us.
  • Event data – includes tickets booked by members including any guests, along with attendance at events
  • Technical data - includes your Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • User profile data - includes your interests, preferences, feedback and survey responses.
  • Usage data - information on how you use the website, using cookies and page tagging techniques
  • Email usage - how you access our emails. For example, whether you open them, and which links you click on

If you make a donation to Friends, we collect further information including:

  • Your donation history, including gift amount, purpose, date, method of payment and payment references
  • Tax status and Gift Aid declaration information

Please note that we do not collect or store any credit/debit card details in our database, these are processed by third-party payment service providers. To allow us to reconcile transactions, we hold an identifier generated by the payment provider

This data can be viewed by authorised people at Friends, and trusted third parties to:

  • improve the site by monitoring how you use it e.g. pages you visit on the site and browser versions used
  • allow us to organise attendance at events
  • gather feedback to improve our services
  • help us respond to your feedback, if you’ve asked us to
  • send email alerts or notifications to users who request them
  • allow you to access Friends services and make transactions

We collect the minimum data required in order to provide our services to members, guests and people who view our website.

Information used for special events

Some member-only events require us to handle additional information. This is typically in order to plan tours, arrange hotels and access the premises of certain organisations that may have specific requirements. Such additional information may include:

  • nationality and potentially passport information in order to check the identity of visitors
  • dietary requirements in order to provide refreshments during a visit
  • information relating to disabled access needs

If we request such information we will state the purpose and arrangements to securely handle this information on a case-by-case basis, typically in the event details or email communication.

How we use your personal data

We will only use your personal data when there is a legal basis to do so. Most commonly, we will use your personal data in the following circumstances:

  • where we need to perform the contract we are about to enter into or have entered into with you in order to provide services to members and guests.
  • where it is necessary for our legitimate interests as a organisation providing members with a range of activities through our programme of events.
  • where we need to comply with a legal or regulatory obligation.
  • to understand the behaviour of visitors to the site as input to site design.

We use tools to ensure that our website meets the needs of people using it. To do so we process anonymised data to assess:

  • the number of visitors to different pages
  • the types of information being searched for via the sites search engine
  • to identify any anomalies in site usage.

Where we store your data

We store your data on servers in the European Economic Area (EEA). These are managed by Third Parties on our behalf and have the appropriate security measures in place.

We use Mailchimp to provide bulk email services. We minimise the personal data held by mailchimp to name and email address. Mailchimp states that they may transfer and process personal data to and in the United States and anywhere else in the world where Mailchimp, its Affiliates or its Sub-processors maintain data processing operations. Mailchimp also states that it shall at all times ensure that such transfers are made in compliance with the requirements of Data Protection Laws. Transfers outside the EEA are made on the legal basis of Privacy Shield or Standard Contractual Clauses. Details are provided by Mailchimp in their Data Processing Addendum.

How we keep your data secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those people and third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

How long we use personal data

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Third Parties that have access to personal data

In order to provide our services, we make use of the following third-party organisations.

Third Party

Contact and privacy details

Raising IT is our Website Provider, including its hosting and support. RaisingIT is a UK-based organisation specialising in support for charities. Their support is provided by a team within the EEA and the hosting services they use are also within the EEA.

Raising IT Ltd., 28 Scrutton Street, London, EC2A 4RP

Details of how Raising IT handles person information are provided in their Privacy Policy

Mailchimp provides bulk email services that allow us to distribute programme and event notifications. We provide Distribution Lists with email addresses to Mailchimp in order to send emails to our members and other people registered with Friends.

The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE 
Suite 5000, Atlanta, GA 30308 USA

Details of how Mailchimp handles personal information are provided on their Legal page containing their Privacy Policy and Data Processing Addendum 

Stripe provides a payment services that allow our members and guests to make one-off online payments for subscriptions and events, using payment cards.

Stripe Payments UK Ltd., 9th Floor, 107 Cheapside, London, EC2V 6DN

Details of how Stripe handles personal information are provided in their Privacy Policy

GoCardless provides a payment services that allow our members to make regular online payments such as annual subscriptions through Direct Debits

GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN

Details of how Gocardless  handles personal information are provided in their Privacy Notice

Eventbrite is used for promoting events to the wider public and may be used by people who choose not to book events through Friends Website.

People booking events via this channel will provide their personal information to Eventbrite who will be data controller for the personal data entered this way. Friends will collate data for people who have booked events through Eventbrite in order to manage attendance.

Eventbrite, Inc., Attn: 155 5th Street, Floor 7, San Francisco, CA 94103, USA

Details of how Eventbrite handles personal information are provided in their Privacy Policy 

Friends administrative email and collaboration tools are provided by Google Business Suite.

Email correspondence with our Administrator uses Gmail. Please ensure that any information you send to our Administrator is managed securely and do not send sensitive personal information via unencrypted emails across the public internet.

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Detais of how Google handles personal information are provided on their Privacy Policy and GDPR page

Further information relating to our Website Provider

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply:

  1. Your data will be made available to our website provider
  2. The data that may be available to them include any of the data we collect as described in this privacy notice.
  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of 7 years.
  5. This processing does not affect your rights as detailed in this privacy notice.

Disclosing your information

We may pass on your personal information if we have a legal obligation to do so, or if we must enforce or apply our terms of use and other agreements.

Subject to your consent, we may also share your information with Imperial College London or organisations who carry out activities on behalf of the College.

Your rights

You can find out what information we hold about you by reviewing your basic profile information in "My Details" or by submitting a data subject request. Similarly you may update your own details or change communication preferences, alternatively you may submit a request for us to do so on your behalf.

You also have the right to have data erased if it is no longer necessary for the purpose for which it was originally collected/processed, or if there are no overriding legitimate grounds for the processing. This is sometimes known as ‘the right to be forgotten’.

If you wish to submit a data subject request, please contact [email protected]

Defining your preferences

Opting out of communication

You may change your communication preferences using the "My Details" form available from our home page. If you are subscribed to our email notifications, you can change your preferences or unsubscribe by clicking on the link at the bottom of the emails that you receive from us.

You may also request us to change how we communicate with you by contacting [email protected]

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly. For example, you may be unable to login as a registered user or be unable to book events.

Please refer to our Cookie Declaration to find out about the different types of cookies we set.

Links to other websites

Friends website contain links to other websites.

This privacy policy only applies to this website www.friendsofimperial.org.uk and does not cover other websites that we link to. Such services have their own terms and conditions and privacy policies. If you do go to another website from this one, we recommend that you read the privacy policy on that website to find out what it does with any information that you may enter.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, which will be consistent with the significance of the changes we make.

You can see when this Privacy Notice was last updated by checking the table provided below.

Date

Summary of Changes

27th August 2019

Major revision to reflect Friends new website and hosting arrangements, use of third party payment providers and bulk email service.