Privacy statement

Protecting your privacy

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) requires all organisations within the EU who process Personal Data to be transparent on how, why and what data is captured, stored and processed; the lawful basis for holding and processing personal data; how individuals canaccess information on themselves held by the organisation; and how they can control, or object to, the use of their personal data.

IDS is committed to protecting your privacy and complying with these regulations. This statement sets out how this is implemented across all of our communications channels, applications and networks, and details your rights in relation to your personal data that IDS captures, stores and uses. In addition to the above, we collect information automatically about visits to our website.

Read more about IDS Disclaimer and Cookies.

If you have any questions or requests concerning how we use your personal information or comply with data protection legislation please contact the Data Protection Officer.

Your Rights

You have the right to access, rectify, restrict or prevent processing of your data by IDS. IDS will always verify your identify before processing your request. To do this we might ask for another form of identification and ask for proof that you are the person asking this. If you choose to activate your right to rectify, restrict or prevent processing and/or storage of your personal data, IDS will ensure that this is communicated to any third party with access to your data.

You have the right to know what data IDS holds that relates to you. You can make a Subject Access Request at any time to the IDS Data Protection Officer (DPO). By making this request IDS is legally obliged to share all the information that the Institute holds on you, IDS will respond to a data access request within 72 hours. IDS then 30 days in which to fulfil the requests.

If you wish to rectify the data that is held on you, IDS has a month in which to complete the process.

In addition all marketing e-communications sent out by IDS provides you with an option to unsubscribe.

If you object to the lawful basis upon which we hold your data, you should contact the DPO where your objections will be reviewed. During this period all processing of your personal data will be suspended with immediate effect.

Alternatively you may lodge a complaint with the UK Supervisory Authority for the implementation of GPDR which is the Information Commissioners Office (ICO).

We do not use any automated decision-making systems except those used to detect and remove viruses from content you may provide us or undertake automated profiling. We do not record data which falls under the Sensitive/Special Category. IDS will never attempt to buy or sell your Personal Data.

Storage, use of personal information and data protection

Any personal data captured by IDS is used and held in accordance with the requirements of the General Data Protection Regulation (GDPR) 2018.  All IDS Staff are required to complete and pass an online data protection course which gives them knowledge on how to process personal data.

We will only disclose data when obliged to disclose personal data by law or we have your consent.

  • Within IDS to monitor events and short training
  • Suppliers we engage to process data on our behalf (i.e. payroll) or marketing emails
  • Legal representatives

We will only share your personal information with third parties who process data on our behalf or where necessary, for example when your information needs to be provided to the financial institution that processes our credit card transactions. They receive your name, address, telephone number, credit card number and expiry date solely for the purpose of verifying the credit card number and processing the transaction in a secure environment. They employ industry standard security technology to ensure the confidentiality of your transactions.

Research Projects

IDS undertakes research projects with partners and organisations from around the world. From the 25 May 2018 all new research projects  are required to fill out a Data Protection Impact Assessment form (DPIA) which checks how personal data is managed in that project. Projects are also required to carry out Privacy Impact Assessments on actual activities that collect personal data.

Fundraising

IDS is a UK registered charity receiving no statutory funding and relying on independent fundraising efforts for much of its income. As such we may from time to time gather, or engage specialist agencies to gather, publicly available information about selected individuals to identify people who may have an affinity with our mission but with whom we have not yet had any contact.

This research helps us to understand more about individuals so we can focus the conversations we have with them about fundraising and volunteering in the most effective way and ensure we avoid communicating with people in an inappropriate way. If you would prefer us not to use your data in this way please email: dpo@ids.ac.uk to let us know.

We will also use publicly available sources of information to carry out due diligence on our donors in line with our Fundraising Ethics Policy and to meet money laundering regulations.

Internet-based transfers

Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means, for instance, that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.

Website

When people visit the IDS website, we log non-personally-identifiable information including IP address, profile information, aggregate user data, and browser type. We use this data to monitor usage and improve our website services.

Email subscription services

You should not enter information on behalf of another person or about any other person. Your name and email address will be used only for delivering to you the services to which you have subscribed, for sending information about these services, for sending you password reminders and for validating security. They will not be provided to any third parties without your express consent.

If you are sharing your email address with other people, IDS cannot protect any information you provide against access by the other users of your email address, nor can IDS prevent other users of your email address changing your subscription details.

Online Payments

Privacy: IDS provides an online payment facility to process short course payments and donations to our fundraising campaign. Personal data you provide to IDS through these transactions will be used solely for the purpose of payment to this IDS short course. Your personal data collected and used for this online payment system will not be passed onto or shared with any other organisation. Only IDS Staff will have access to personal information that you send, but this will not be used for any other purposes apart from IDS short course administration.

Security: You should protect personal data at all times throughout your online transaction and make sure you logoff properly when the transaction is complete. Only the last four digits of your credit/debit card numbers are stored in the database on successful payment. To protect the security of your information during transmission we use Secure Sockets Layer (SSL) software, which encrypts the information you input to and from the site.

Services allowing you to publish your personal information

For services allowing you to publish your personal information on a website (e.g. the IDS online Alumni platform), you are required to provide accurate information about yourself and accept sole and full responsibility for this and for keeping the information up to date. You should not enter information on behalf of another person or about any other person.

The inclusion of any information in the service is subject to acceptance procedures. Entering your information does not result in automatic inclusion in the service. By entering your information, you are submitting information to the approval process. You will be notified by e-mail if the profile meets the inclusion criteria.

IDS reserves the right to edit each contribution (within the limits of the 2018 of the General Data Protection Regulation (GDPR) Act. If any of the information submitted is deemed to be offensive, inflammatory or materially misleading by IDS (in its sole discretion), IDS reserves the right to refuse to publish contributions.

Password protected services

You are responsible for the safeguarding of any information, such as passwords and user IDs needed for use of your computer and/or your account with IDS, and IDS will not be responsible for any consequences of such information failing to be adequately safeguarded.

You should not enter information on behalf of another person or about any other person.

You are required to use all reasonable endeavours to ensure against unauthorised access to the service, in particular the use of user names and passwords by unauthorised individuals.

Password reminders and other information from the service will be sent to the email address you have given.

Use of personal information

We may process personal information collected via this website or other electronic communications networks (i.e. like email address) used by IDS, for the following purposes:

Advertising and Marketing

  • Opting in to receive our e-newsletters to receive the latest information on IDS

Accounts and records

  • The administration of supplier records relating to goods, orders, services
  • Accounts provided to IDS

CCTV

  • Capturing data from CCTV camera placed in and outside the IDS Building for the purpose of monitoring a potential crime. Read the IDS CCTV Policy.

Event sign-ups

  • Processing personal data for persons who sign-up to attend one of our seminars held at IDS.

Fundraising and giving

  • Processing personal data for persons who give money to IDS via the general fund or scholarship fund.

Job applications

  • Processing personal data for persons who apply for a job vacancy at IDS.

Student recruitment

  • Sharing data for administrative purposes with the University of Sussex on Students that apply to the IDS MA and PhD courses. The data is shared with our Teaching staff.

Short course recruitment

  • Processing personal data for persons who register to attend one of IDS’ short courses.

Postgraduate Alumni relations

  • The continuation of the relationship between IDS and its alumni
  • Advertising and promotion of IDS alumni events and reunions
  • Eliciting non-financial support for IDS students and/or IDS research and communications
  • The promotion of benefits and services available to alumni from third parties
  • IDS-related fundraising initiatives involving alumni

Research data

  • IDS captures a degree of personal data for research and academic purposes. Some of this data is needed to be kept long-term and shared with other partners around the world. At the inception of each project, the project lead will have to fill in a Data Protection Impact Assessment (DPIA) form to map out how personal data is shared and stored.

Short course recruitment

  • Processing personal data for persons who register to attend one of IDS’ short courses.

However IDS processes your personal information, it will be done so lawfully, fairly and transparently. We will never process your person information for any other purpose or reasons specified at the time your personal information is collected. We will only ask you to provide information which is adequate and necessary in order to process your data according to its intended and agreed purpose. Your personal information will always be processed securely by authorised personnel employed by/or acting on behalf of IDS and will only be stored within appropriate formats for periods of time which are justifiable by law or business purpose.

External providers we use for personal data capture

IDS uses a range of 3rd party processors who process personal data on behalf of IDS. All 3rd party processors are contractually obligated to process personal data in lien with GDPR requirements.

Marketing Emails

  • IDS uses a third party provider, Pure 360, to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies. For more information, please see Pure 360 privacy notice.

CCTV

  • IDS uses a third party provider, AM Fire and Security to provide our CCTV coverage for in and outside of the building. Their privacy notice can be sent on request.

Events

  • IDS uses a third party provider, Event Brite, to capture sign-ups for our key events and seminars. For more information, please see Event Brite privacy notice.

Job Applications

  • IDS uses a third party provider, Stonefish, to administer applications for IDS vacancies. Data captured will be the minimum needed to process job applications. For more information, please see Stonefish privacy notice.

Alumni Network

  • IDS uses a third party provider, ToucanTech, to host the Alumni network platform. For more information, please see privacy notice on the platform.

Donation processing

  • IDS uses a third party provider to manage online donations to IDS from anywhere in the world. Data captured will be the minimum needed processing this. For more information, please see Charities Aid Foundation (CAF) privacy notice.

Student Recruitment

  • IDS uses a third party provider, The University of Sussex, to capture application data for prospective Students applying for our Masters degree courses. For more information see the University of Sussex privacy notice.

Short course Recruitment

  • IDS uses a third party provider, Slatwall, to capture application data for prospective short course applications for our short training courses. We use a third party provider Sage Pay to process our online payments for our short professional courses. See Sage Pay privacy notice.

Web analytics

  • IDS uses a third party provider Google Analytics to monitor web usage and page visits to the IDS website. For more information see the Google Analytics privacy notice.

Live streaming

  • IDS uses a third party provider Telestream to live stream some of our key events and seminars. These events are then broadcast on the IDS website, facebook, YouTube or all 3. For more information see the Telestream privacy notice.

Lecture Capture

  • IDS uses a third party provider Panopto to video capture some of our lectures for Students and the public. For more information see the Panopto privacy policy.

Microsoft Dynamics CRM

  • To store project proposals and data on freelancers and consultants who work for IDS to manage payments. For more information see Microsoft Dynamics privacy policy.

Subject access requests

You have the right to see what personal data we hold about you. To obtain a copy of the personal information we hold about you, please write to the Data Protection Officer, Institute of Development Studies, Brighton, East Sussex, BN19RE or email dpo@ids.ac.uk.

After you have requested a subject access request, you will be notified within 72 hours that your request is being dealt with. IDS will then have 30 days to provide the information to you. Please see the subject access request form for more details.