BRECcIA privacy notice

1.  Introduction

The Careers Research and Advisory Centre (CRAC) Ltd is the non-profit organisation that manages the Vitae programme.  Vitae is the global leader in supporting the professional development of researchers, experienced in working with institutions as they strive for research excellence, innovation and impact.

You can find more information about CRAC and the work that we do on our website: www.crac.org.uk.

CRAC is committed to protecting the personal information of all its contacts and being clear about what information we hold about them and how we use it. This privacy notice tells you what to expect when CRAC collects personal information.

CRAC is registered as a data controller with the Information Commissioner’s Office (ICO). Our registration number is Z1030346.  You can check our registered details on the ICO’s website: https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/

2.  Data Controller and Data Protection Officer

CRAC is the Data Controller of any personal information collected within scope of this privacy notice. Our location and contact details are below:

The Careers Research and Advisory Centre (CRAC) Limited
22 Signet Court
Cambridge
CB5 8LA
Tel: 01223 460277
Email: dataprotection@crac.org.uk

Our Data Protection Officer (DPO) is the first point of contact for people whose information is processed. Contact details for our DPO are as follows:

David Nightingale
IT Manager
The Careers Research and Advisory Centre (CRAC) Limited
22 Signet Court
Cambridge
CB5 8LA
Email: dataprotection@crac.org.uk
Tel: 01223 460277

3.  How we use your personal information

We can only use your personal information where we have legitimate reasons for doing so and have told you what those reasons are.

To achieve the above aims, the specific uses that will be made of your personal information are listed below: 

  • Your responses will be used to determine the appropriate type and level of content for the Leadership Training programme due to take place later in 2020.
  • Your responses will be used after the training programme, along with responses to a further survey to be run after the training, to determine the impact of the training.
  • Your responses will be kept confidential and not shared with any third parties other than the BRECcIA programme (in anonymised form only).
  • An evaluation report will be drafted based on the aggregated, anonymised responses and shared with partners within the BRECcIA programme.
  • Responses will be retained for two years after completion of the final report which is scheduled to happen in July 2020.
  • If we want to use your personal information for a reason other than the purposes set out above, we will tell you before we start that use.

4.  Legal basis for using your personal information

Under data protection legislation, we require a legal basis to be able to process personal information for the purposes set out above. In this case, the legal basis is Legitimate interests: the processing is necessary for your legitimate interests and those of the BRECcIA programme who have commissioned us to carry out this survey, the subsequent training, and the evaluation process.

5.     What personal information we will collect

The personal information we collect in this survey is:

  • Email Address
  • Your supervisory/line management experience
  • Your current leadership experience

6. Personal information we obtain from another source

Within this survey, we will not be seeking any personal information from any other source.

7. Who we give your personal information to

Your personal information will be shared with the organisations participating in the BRECcIA programme only. We will not routinely pass your information to any other organisation except where required to do so as part of our functions or by law. 

8. Where Vitae your personal information will be stored

Your personal information will be stored securely within the European Economic Area and will not be transferred outside that territory without you being informed about the transfer, the purpose of the disclosure, and the existence or absence of an adequacy decision by the European Commission relating to the protection of personal information in that country.

9. How do we protect your personal information

CRAC has a number of security measures in place to protect Associate Trainer personal information, listed below:

  • All staff are required to undertake training in data protection and information security on joining CRAC and then on an annual basis
  • All Vitae regional representatives are required to undertake training in data protection and information security before engaging with Vitae Associate Trainers
  • Formal information security policies that must be read and understood by all staff
  • Personal information is only available to those members of staff who require access as part of their role.
  • CRAC has Cyber Essentials certification.

10. Your rights over your personal information

Once your personal information has been collected, you have certain rights in relation to that personal information that may be exercised. You have the right to: 

  1. Ask for a copy of your personal information
  2. Correct inaccurate personal information held about you
  3. Ask for your personal information to be deleted (within 30 days)
  4. Restrict processing of your personal information
  5. Ask for a copy of their information in a format that allows easy transfer (“data portability”)
  6. Object to automated decision making or profiling (if these take place)

11. How long we will hold your personal information

We are only able to retain a copy of your personal information as long as it is still needed for the purpose(s) for which it was collected. It will be retained for two years after completion of the final report which is scheduled to happen in July 2020

13.  Complaints about the use of Associate Trainer personal information

If you are unhappy with the way in which their personal information has been handled by CRAC, you may contact us at: dataprotection@crac.org.uk or via our Data Protection Officer (details in section 2) and we will try to resolve your issue informally.

If we are not able to resolve the issue to your satisfaction, you can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) and they can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Email: casework@ico.org.uk

14. Changes to this privacy notice

We keep our privacy notices under regular review and we will inform you of any changes to this notice by sending an update by email.

This privacy notice was last updated on 02/04/2020.