Protecting your privacy
The UK Data Protection Act 2018 requires all organisations within the EU who process Personal Data to be transparent on how, why and what data is captured, stored and processed; the lawful basis for holding and processing personal data; how individuals can access information on themselves held by the organisation; and how they can control, or object to, the use of their personal data.
The lead partner of the Coalition for Religious Equality and Inclusive Development (CREID) is the Institute of Development Studies (IDS). IDS manages privacy and personal information collected by CREID and is committed to protecting your privacy and complying with these regulations. Other leading partners within the coalition have their own privacy policies which can be found on their websites. Their strategic partners are Al-Khoei Foundation, Minority Rights Group and REFCEMI.
This statement sets out how this is implemented across all our communications channels, applications, services and networks, detailing your rights in relation to your personal data that CREID captures, stores and uses. In addition to the above, we collect information automatically about visits to our website through the use of cookies. You can find additional information about our use of cookies on the Disclaimer & Cookies page on www.creid.ac.
If you have any questions or requests concerning how we use your personal information or comply with data protection legislation, please contact the Data Protection Officer at IDS.
Your Rights
You have the right to access, rectify, restrict or prevent the processing of your data by CREID. CREID will always verify your identity before processing your request. To do this we might ask for another form of identification and ask for proof that you are the person asking this. If you choose to activate your right to rectify, restrict or prevent processing and/or storage of your data, CREID will ensure that this is communicated to any third party with access to your data.
You have the right to know what data CREID holds that relates to you. You can make a Subject Access Request at any time to the IDS Data Protection Officer (DPO). By making this request CREID is legally obliged to share all the information that the Institute holds on you, CREID will respond to a data access request within 72 hours. CREID then has 30 days in which to fulfil the requests.
If you wish to rectify the data that is held on you, CREID has a month in which to complete the process.
In addition, all marketing e-communications sent out by CREID provides you with an option to unsubscribe.
If you object to the lawful basis upon which we hold your data, you should contact the DPO where your objections will be reviewed. During this period all processing of your personal data will be suspended with immediate effect.
Alternatively, you may lodge a complaint with the UK Supervisory Authority for the implementation of GPDR which is the Information Commissioners Office (ICO).
We do not use any automated decision-making systems except those used to detect and remove viruses from content you may provide us or undertake automated profiling. We do not record data that falls under the Sensitive/Special Category. CREID will never attempt to buy or sell your personal data.
Storage, use of personal information and data protection
Any personal data captured by CREID is used and held in accordance with the requirements of the General Data Protection Regulation (GDPR) 2018. All IDS Staff are required to complete and pass an online data protection course which gives them knowledge on how to process personal data.
We will only disclose data when obliged to disclose personal data by law or we have your consent.
- Within CREID to monitor events and short training
- Suppliers we engage to process data on our behalf (i.e. payroll) or where you have requested to receive CREID’s weekly newsletter
- Legal representatives
- Members of CREID who are running events and you have opted into receiving information about these events
We will only share your personal information with third parties who process data on our behalf or where necessary, for example when your information needs to be provided to the financial institution that processes our credit card transactions. They receive your name, address, telephone number, credit card number and expiry date solely for the purpose of verifying the credit card number and processing the transaction in a secure environment.
Internet-based transfers
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means, for instance, that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
Website
When people visit the CREID website (www.creid.ac), we log non-personally-identifiable information including IP address, profile information, aggregate user data, and browser type. We use this data to monitor usage and improve our website services.
Email subscription services
You should not enter information on behalf of another person or about any other person. Your name and email address will be used only for delivering to you the services to which you have subscribed, for sending information about these services, for sending you password reminders and for validating security. They will not be provided to any third parties without your express consent.
If you are sharing your email account with other people, CREID cannot protect any information you provide against access by the other users of your email address, nor can CREID prevent other users of your email address from changing your subscription details.
Services allowing you to publish your personal information
For services allowing you to publish your personal information on a website (e.g. the IDS online Alumni platform), you are required to provide accurate information about yourself and accept sole and full responsibility for this and for keeping the information up to date. You should not enter information on behalf of another person or about any other person.
The inclusion of any information in the service is subject to acceptance procedures. Entering your information does not result in automatic inclusion in the service. By entering your information, you are submitting information to the approval process. You will be notified by email if the profile meets the inclusion criteria.
CREID, and IDS, reserves the right to edit each contribution (within the limits of the 2018 of the General Data Protection Regulation (GDPR) Act. If any of the information submitted is deemed to be offensive, inflammatory or materially misleading by CREID or IDS and we reserve the right to refuse to publish contributions. Decisions on content that is deemed to be offensive, inflammatory or misleading are made by the sole discretion of either CREID or IDS.
Use of personal information
We may process personal information collected via this website or other electronic communications networks (i.e. like email address) used by CREID, for the following purposes:
- Opting in to receive our newsletters via email
- Managing accounts and records
- Capturing data from CCTV camera placed in and outside the IDS Building to monitor a potential crime. Read the IDS CCTV Policy.
- Event sign-ups
- Processing personal data for persons who sign-up to attend one of our events
- Advertising and promotion of CREID events – either run by IDS or another member of CREID
- Research data
When CREID processes your personal information, it will be done so lawfully, fairly and transparently. We will never process your personal information for any other purpose or reasons specified at the time your personal information is collected. We will only ask you to provide information that is adequate and necessary to process your data according to its intended and agreed purpose. Your personal information will always be processed securely by authorised personnel employed by/or acting on behalf of IDS and will only be stored within appropriate formats and timeframes which are justifiable by law or business purpose. When this is no longer the case CREID will delete your personal information.
External providers use for personal data capture
CREID use a small number of third party processors to help provide our services and ensure the safety and security of our data. This includes organisational and personal information that you may have provided to us. All third party processors are contractually obligated to process personal data in line with GDPR requirements. Neither CREID nor any third-party providers we use will sell your personal information.
Newsletter Emails
CREID uses a third-party provider, Mailchimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry-standard technologies. For more information, please see Mailchimp privacy notice.
CCTV
CREID, via IDS, uses a third-party provider, AM Fire and Security to provide our CCTV coverage for in and outside of the building. Their privacy notice can be sent on request.
Events
CREID uses a third-party provider, Eventbrite, to capture sign-ups for our key events and seminars. For more information, please see Eventbrite privacy notice.
Web analytics
CREID uses a third-party provider Google Analytics to monitor web usage and page visits to the IDS website. For more information see the Google Analytics privacy notice.
Livestreaming
CREID uses a third-party provider Telestream to live stream some of our key events and seminars. These events are then broadcast on the IDS website, Facebook, YouTube or all 3. For more information see the Telestream privacy notice.
Lecture Capture
CREID uses a third-party provider Panopto to video capture some of our lectures for Students and the public. For more information see the Panopto privacy policy.
Microsoft Dynamics CRM
To store project proposals and data on freelancers and consultants who work for CREID to manage payments. For more information see Microsoft Dynamics privacy policy.
Subject access requests
You have the right to see what personal data we hold about you. To obtain a copy of the personal information we hold about you, please write to the Data Protection Officer, Institute of Development Studies, Brighton, East Sussex, BN19RE or email [email protected].
After you have requested a subject access request, you will be notified within 72 hours that your request is being dealt with. IDS will then have 30 days to provide the information to you.