top of page
Wave

PRIVACY NOTICE

Introduction.

Birthmark of Africa and its subsidiaries (“we”) are committed to ensuring transparency in our use of personal information. 

This notice explains how we collect and use your personal information when:

​

  1. You visit any of our websites and platforms (including but not limited to https://www.birthmarkofafrica.org);

  2. You sign up to receive marketing materials or otherwise communicate with us;

  3. You apply for a position or funding at the Institute or one of our subsidiaries via our recruitment system, or through any application process; or

  4. You attend an event we are running and/or hosting.

​​

Due to the nature of our work as a research institute, we may also process personal information for research projects. This will not be the case for the typical site user, and is more likely to apply to the data we collect through our platforms. However, because it is not always possible for us to proactively provide a privacy notice to those individuals, we also explain below how we process information when we carry out research.

​

This notice is not intended to cover those who are engaged or employed by us in their engaged/employed capacity and a separate privacy notice will apply to them

Notice.

​

Birthmark of Africa® is a registered Community Interest Company (CIC). Registered Company of England and Wales (13669296). 

Registered address Silverstream House, 45 Fitzroy Street, London, England, W1T 6EB. If you have any questions about this notice or how we handle your personal information, please contact research@birthmarkofafrica.org

What is personal information? .

When we use the phrase ‘personal information’ we mean any information that relates to you. At its simplest, this could be your name or email address. It could also include the content of any communications you have with us.

How do we collect personal information?.

We may collect personal information:

  • Directly from you, for example when you send us an email, use our sites or apply for a position, or when you create an account with us or use our platforms.

  • Indirectly, from another source, for example when we receive personal information in a dataset for a research project. When we recruit, we may receive information from recruitment agencies, former employers, or other background check agencies.

  • When it is available publicly. We may use public sources of information (for example, the electoral roll, open social media, and other online databases) to collect information used in our research. If you have any questions about our use of public information, please contact us.

  • Through our use of cookies and similar technologies. Please see our Cookie Notice for more information.

What personal information do we hold?.

We may collect, store and use the following categories of personal information about you:

  • Name and account details (username and password).

  • Contact details (email, telephone and address). Your CV or work history, and other information submitted as part of the application process.

  • Interview notes, and the results of any tests we carry out during the recruitment process.

  • Evidence of right to work in the UK, and a copy of your passport.

  • Your dietary preferences and accessibility requirements for events.

  • Information about your computer or device (such as its IP address).

  • Social media handles.

  • Information you provide to us (for example in an email to us, in comments and messages provided on one of our sites, or uploaded to your personal profile).

  • Your communication preferences (for example, whether you wish to be contacted by email).

  • Any other information provided to us through any medium.

Certain categories of information are sensitive and need more protection (for example, information about race, ethnicity, or health, as well as information about criminal convictions). We do not usually collect these categories of information for a typical site visitor. Where we collect this information we will explain our purposes for using this data and we will ask for your consent . You have the right to withdraw this consent at any time (see below for more information). If you withhold or withdraw consent this will not affect your use of the services.

We might separately collect these categories of information for a research project, but only if we have a valid reason for doing so and only if the law allows us to. For example, the law may allow us to use this information where it is substantially in the public interest and where we have protections in place to safeguard your information and your rights.

How can we lawfully use your personal information?.

We will only use your personal information when the law allows us to.  Most commonly, we will use your personal information:

  • Where we need to comply with a legal obligation.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.

  • We may (less commonly) use your personal information:

  • Where necessary to perform a contract with you or take steps at your request prior to entering such a contract.

  • Where we need to protect your vital interests (or someone else's interests).

  • With your consent.

Where we rely on legitimate interests, our legitimate interests include:

  • To ensure the smooth running of the Turing and our sites.

  • To conduct research and further the work of the Turing.

  • To monitor engagement with and enhance the accountability of our sites.

  • To monitor engagement of different groups with our sites.

  • Managing our contractual relationship with project sponsors and employees.

  • Evaluating and updating our services.

Why do we use your personal information?.

We use your personal information to:

  • Provide you with the services or information which you have requested.

  • Carry out research in the public interest, in accordance with our organisational aims. More information about our research can be found on our main website.

  • Communicate with you.

  • Enable us to make a decision about your recruitment and administer the recruitment process including checking you are legally entitled to work in the UK and carrying out pre-employment screening checks.

  • Improve your interactions with our sites.

  • Administer sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

  • Keep our sites and internal operations safe and secure and prevent fraud.

  • Deal with enquiries and/or complaints made by or about you.

  • Audit and/or administer our accounts.

  • Prevent fraud and to ensure the security of our systems.

  • Provide information to regulators.

  • Satisfy legal obligations which are binding on us.

  • Establish, defend or enforce legal claims.

Or for another reason if that reason is compatible with the original purpose.

Automated decision-making.

As a research institute, we may use personal information in ways which involve ‘automated decision making’ and which might constitute ‘profiling’; however, we do not typically do this in ways which will have a significant legal effect on you.

We do not make automated decisions based on any particularly sensitive personal information, unless it is justified in the public interest, in which case we will put in place appropriate measures to safeguard your rights.

​

When you use our sites, we may use the information collected to profile you. This is done to help us monitor the demographics of individuals who are engaging with certain materials where such monitoring is considered to be essential to the core aims of the relevant site - for example to meet our aim of engaging with a diverse cross section of our community in steering projects.

Do we share your personal information?.

We sometimes share information with other organisations, including other entities in our group, partner universities, founding members, research partners, and service providers.

We will share your information with third parties where required by law or where we have a legitimate interest in doing so.

Where we share information with other ‘controllers’ (organisations who will use the information for their own purposes, rather than to provide services to us) they are responsible to you for their use of your information and compliance with the law. We share information with other controllers such as:  founding members; research partners; project sponsors; HMRC; Companies House; and our professional advisers. We share the information in a secure way and take appropriate steps to ensure the recipient protects it.

We may also need to share your personal information in the context of the possible merger, restructuring or expansion of the Institute or our subsidiaries.

Where permitted by law, we may share the personal information collected through our sites with carefully selected partners and parties who collaborate with us on projects. 

We do this so that: we can demonstrate our understanding of the diversity of our sites’ communities; to improve our sites;  to run events that will be of relevance to the interests of the communities that use our sites; and so that we can be transparent and held accountable in relation to the commitments we have made to promote diversity and inclusion in our projects. 

We will always limit the data we share to what is necessary to achieve these purposes and we will apply measures with the aim of anonymising the data we share so that it will be difficult to trace back to you, such as removing direct identifiers and aggregating data before sharing.

​

Transferring information outside the UK and EU.

We are based in the UK. Generally, we hold personal information on servers located within the UK. However, we do use suppliers that operate around the world, which means it is possible that personal information we collect from you may be stored outside of the UK or the EU. Some of our sites may have servers outside of the UK or EU.

Certain countries outside the UK have a lower standard of protection for personal information, including lower security protections and fewer rights for individuals. Where your personal information is transferred outside the UK to a country which does not offer similar protection, we put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and respects UK data protection laws (such as requiring the recipients to enter into contracts which have been approved by the relevant UK authorities for this purpose).

​

Data security.

We have put in place suitable technical and organisational measures to protect the security of your information. These measures include limiting access to your personal information to those individuals who have a business need to know.

​

How long will we keep your personal information?.

We keep your personal information for as long as we reasonably need to use it for the reasons set out in this notice (see section 6 above). Typically, this will include the period for which the personal information is actively in use, plus up to 7 years, which is the time that the information may be relevant for the establishment or defence of legal claims.

​

Where a minimum retention period is required by law (such as retaining records for HMRC purposes) we comply with that minimum period plus up to 12 months to allow time for us to anonymise or delete information in accordance with our internal data management processes.

We may also keep personal information for longer where we are processing it for scientific or historical research purposes.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you.

Your rights in connection with your personal information.

Under certain circumstances, by law you have the right to:

  • Ask for a copy of your personal information (commonly known as a "subject access request").

  • Ask that we update or correct the personal information that we hold about you, if you believe it to be inaccurate.

  • Ask that we erase your personal information that we hold, where there is no good reason for us continuing to hold it. We may not need to erase it, but we will need to show that we continue to have a good reason to hold it.

  • Object to our use of your personal information if we are relying on a legitimate interest and there is something about your situation which makes you want to object. We may not need to stop, but we will need to show a good reason to keep using it. You can always ask us to stop using your personal information for direct marketing purposes.

  • Ask that we restrict our use of your personal information so that we are simply storing it, for example if you want us to establish its accuracy or our reason for using it.

  • Request the transfer of your personal information to you or another party. This only applies where you have provided us that information and we are processing it with your consent or to perform a contract with you. This is unlikely to apply in most cases.

  • Change your mind and withdraw consent you have given us.

To exercise any of the above rights, please contact research@birthmarkofafrica.org

These are legal rights, so they only apply in certain circumstances and are subject to exemptions.

We may also need to take steps to confirm your identity. This is another security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

If you have concerns about the way we are handling your personal information, you also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint/.

Updates to this notice.

We may update this notice. If we make substantial changes, we will bring these to your attention where reasonably possible. Otherwise, you can access the latest version of this notice on our main website.

Contact.

If you have any questions about this privacy notice, please contact research@birthmarkofafrica.org

bottom of page