DATA PROTECTION FRAMEWORK
Corsham Institute is based within the United Kingdom, and as such is registered with the Information Commissioner’s Office (ICO) as a Data Controller under the UK Data Protection Act of 2018 (which encompasses the requirements of the EU General Data Protection Regulation 2016/679).
Corsham Institute has completed applicable Data Protection Impact Assessments for all activities which collect, process or store personal information via this website, and these are available upon request from Corsham Institute’s Data Protection Manager (see Section 9).
1. CUSTOMER AND CITIZEN DATA
You may decide to send us your personal information via this website if you are seeking more information, or for other similar purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are providing us with explicit consent to use your personal data only for the purposes for which you have disclosed it to us.
Corsham Institute may access and use your Customer Data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) make contact with you, (c) provide services to you, or (d) maintain the operations and security of the website and services we provide to you. We will not use your personal information for any other purposes, for example the communication of marketing material, unless we have gained your explicit consent to do so.
We will at all times handle and store your personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security. This includes the activities and procedures undertaken by our own personnel and any authorised third-party data processors (see Section 5), and the technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our applications, supporting computer systems and premises.
2. SENSITIVE PERSONAL DATA
GDPR details a number of “special categories” of personal data categories which are considered to be sensitive, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Data Protection Impact Assessments are available upon request from the Corsham Institute’s Data Protection Manager (see Section 9).
3. CHILDREN’S PERSONAL DATA
This website, and any services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact the Corsham Institute Data Protection Manager (see Section 9) immediately so that we can take appropriate action.
4. CUSTOMER AND CITIZEN DATA RIGHTS
As prescribed within data protection regulations, you have several rights connected to the provision of your personal data to Corsham Institute using this website. These include your rights to request that Corsham Institute:
confirms to you what personal data it may hold about you, if any, and for what purposes
changes the consent which you have provided in relation to your personal data
corrects any inaccurate or incomplete personal data which may be held about you
provides you with a complete copy of your personal data for you to move elsewhere
stops processing your personal data, whilst an objection from you is being resolved
permanently erases all your personal data promptly, and confirms to you that it has done so (there may be reasons why we may be unable to do this)
To contact Corsham Institute, please see Section 9 below.
If Corsham Institute does not address your request, or fails to provide you with a valid reason why it is unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.
5. DECLARATION OF SUB-PROCESSING
To make an informed decision on whether to provide your personal data to Corsham Institute using this website, we need to make you aware of three organisations that act as authorised Data Processors for us in the provision of our services to you:
MyLife Digital Ltd, a provider of consent management services, based in the United Kingdom, certified to ISO27001, and registered with the ICO under the UK Data Protection Act 2018
Squarespace Inc, a provider of website content management services, based in USA. Squarespace Inc. complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
Salesforce, with its UK Headquarters at Salesforce.com EMEA Limited, Village 9, Floor 26, Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY, is used for the storage and processing of the data that Corsham Institute holds and that data is processed and stored in both London, UK, Frankfurt, Germany and Paris, France. Salesforce Limited complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
The activities within which each of these Data Processors participates have been recorded within the applicable Corsham Institute Data Protection Impact Assessments and these are available upon request from the Corsham Institute’s Data Protection Manager (see Section 9).
6. WEBSITE COOKIES
Cookies are small text files sent by us to your computer, or from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or until they expire.
7. EXTERNAL LINKS
This website may include relevant hyperlinks to external websites not controlled by Corsham Institute. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences caused by your use of them.
9. CONTACTING CORSHAM INSTITUTE
The Data Protection Manager