In accordance with Data Protection Legislation and the Privacy Electronic Communications Regulations, this privacy notice will:
• inform you as to how we look after your personal data when you visit our website
• tell you about your privacy rights
• tell you how the law protects you.

What is the purpose of this information

Imperial College of Science, Technology and Medicine (the “College” or “Imperial”) is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the applicable data protection legislation the Data Protection Act 2018 and the General Data Protection Regulations (the ‘GDPR’).
The College is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of how your information will be used.

Data protection principles

We will comply with data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.

The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (called anonymous data).

We may collect, store, and use the following category of personal information about you:

• Personal contact details such as name, title and work or personal email addresses, if you give that information through the website to sign up to our newsletter.

How we will use your personal data

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information where you have consented* to the processing by submitting information to the SepTiC website or when it forms part of our legitimate interests**. Examples include:
• Administering the group Newsletter*
• Assisting you when you request us do something or provide you information*/**
• To undertake surveys and understand our community better.*

​Where we store your data

We store your data primarily on secure servers in the United Kingdom (UK) and the European Economic Area (EEA) and whilst we make every effort to keep your data in the UK / EEA, we occasionally work with third parties in the United States. In these cases, we ensure they will abide by the same level of assurances as the UK / EEA respectively. This will include;

• Ensuring suitable contractual clauses are in place. This helps ensure they will only process your personal data on our instruction, and they are subject to a duty of confidentiality.
• Undertaking reviews of the third parties to ensure similar security standards as our own
• Conducting risk / impact assessments relating to the activity being undertaken.

How we keep your data secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and we ensure only data that is necessary for the activity will be requested and processed in line with local / College wide standards.

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We therefore will retain your data for the duration of your relationship with the group.

Cookies

Please refer to our Use of cookies page to find out about the different types of cookies we set and the associated retention periods.

Your rights

You can find out what information we hold about you by submitting a subject access request and ask us not to use the information we collect.

You also have the right to have data erased if it is no longer necessary for the purpose for which it was originally collected/processed, or if there are no overriding legitimate grounds for the processing. This is sometimes known as ‘the right to be forgotten’.

To find out more, please see – Guide 12 – Individual Rights | Administration and support services | Imperial College London or contact septic@imperial.ac.uk

Direct Marketing

You can ask us or third parties to stop sending you marketing messages at any time. If you’ve signed up for email alerts, you can unsubscribe or change your settings at any time by selecting the ‘unsubscribe’ link that appears in every email.

Links to other websites

The Imperial College London websites contain links to other websites.

This privacy policy only applies to imperial.ac.uk (including any sub-domain and other Imperial owned websites) and doesn’t cover other websites that we link to. These services, have their own terms and conditions and privacy policies. If you do go to another website from this one, read the privacy policy on that website to find out what it does with your information.

Following a link to Imperial College London from another website

If you come to Imperial College London websites from another website, we may receive information from the other website. You should read the privacy policy of the website you came from to find out more about this.