Introduction

​The Alan Turing Institute is committed to ensuring transparency in its use of personal information.

This notice explains how we collect and use your personal information when:

  1. You visit our website (www.turing.ac.uk)
  2. You sign up to receive marketing materials or otherwise communicate with us

Due to the nature of our work as a research institute, we may also process personal information for research projects. This will not be the case for the typical website user. However, because it is not always possible for us to proactively provide a privacy notice to those individuals, we also explain below how we process information when we do research.

This notice is not intended to cover those who are engaged or employed by us.

Notice

Who we are and how to contact us

The Alan Turing Institute (or we) is a registered charity in England and Wales (charity number 1162533) and a company limited by guarantee, incorporated in England (number 9512457) which is based at the British Library, 96 Euston Road, London NW1 2DB.

If you have any questions about this notice or how we handle your personal information, please contact [email protected].

 

What is personal information?

When we use the phrase ‘personal information’ we mean any information that could be used to identify you. At its simplest, this could be your name, or email address. It could also include the content of any communications you have with us.

 

How do we collect personal information?

We may collect personal information:

  • Direct from you, for example when you send us an email.
  • Indirectly, from another source, for example when we receive personal information in a dataset for a research project.
  • When it is available publicly. We may use public sources of information (for example, the electoral roll, open social media, and other online databases) to collect information used in our research. If you have any questions about our use of public information, please contact us.
  • Through our use of cookies. Please see our Cookie Notice which can be found on our website for more information.

 

What personal information do we hold?

We may collect, store and use the following categories of personal information about you:

  • Name.
  • Contact details (email, telephone and address).
  • Information about your computer or device (such as its IP address).
  • Social media handles.
  • Information you provide to us (for example in an email).
  • Your communication preferences (for example, whether you wish to be contacted by email).
  • Any other information provided to us by one of the methods in section 3 above.

Certain types of information are sensitive and need more protection (for example, information about race or ethnicity, and of health, as well as information about criminal convictions). We do not usually collect these types of information for a typical website visitor.

We might separately collect these types of information for a research project, but only if we have a valid reason for doing so and only if the law allows us to. For example, the law allows us to use this type of information where it is in the public interest and where we have protections in place to safeguard your information and your rights.

 

How can we lawfully use your personal information?

We will only use your personal information when the law allows us to.  Most commonly, we will use your personal information:

  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.

We may (less commonly) use your personal information:

  • Where necessary to perform a contract with you.
  • Where we need to protect your interests (or someone else's interests).
  • With your consent.

Where we rely on legitimate interests, our legitimate interests include:

  • To ensure the smooth running of the Institute.
  • To conduct research and further the work of the Institute.
  • Managing our contractual relationship with project sponsors and employees.
  • Evaluating and updating our services.

 

Why do we use your personal information?

We use your personal information to:

  • To provide you with the services or information which you have requested.
  • To carry out research in the public interest, in accordance with our organisational aims. More information about our research can be found on our website.
  • To communicate with you.
  • To improve your interactions with our websites.
  • Administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • Keep our websites and internal operations safe and secure and prevent fraud.
  • Deal with enquiries and/or complaints made by or about you.
  • Audit and/or administer our accounts.
  • Prevent fraud and to ensure the security of our systems.
  • Provide information to regulators.
  • Satisfy legal obligations which are binding on us.
  • Establish, defend or enforce legal claims.

Or for another reason if that reason is compatible with the original purpose.

 

Automated decision-making

Whilst, as a research institute, we do use personal information in ways which may involve ‘automated decision making’ and which might constitute ‘profiling’, we do not typically do this in ways which will have a significant legal effect on you – for example, to assess your creditworthiness.

We do not make automated decisions based on any particularly sensitive personal information, unless it is justified in the public interest, in which case we will put in place appropriate measures to safeguard your rights.

 

Do we share your personal information?

We sometimes share information with other organisations, including other entities in our group, partner universities, research partners, service providers and others.

We will share your information with third parties where required by law or where we have another legitimate interest in doing so.

Where we share information with other ‘controllers’ (organisations who will use the information for their own purposes, rather than to provide services to us) they are responsible to you for their use of your information and compliance with the law. We share information with other controllers as follows:  partner universities; other research partners; project sponsors; HMRC; Charity Commission; and professional advisers. We share the information in a secure way and take appropriate steps to ensure the recipient protects it.

We may also need to share your personal information in the context of the possible merger, restructuring or expansion of the Institute.

 

Transferring information outside the UK and EU

We are based in the UK. Generally, we hold personal information on servers located within the UK. However, we do use suppliers that operate around the world, which means it is possible that personal information we collect from you may be stored outside of the UK or the EU.

Certain countries outside the UK and the EU have a lower standard of protection for personal information, including lower security protections and fewer rights for individuals. Where your personal information is transferred outside the UK or EU to a country which does not offer similar protection, we put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects UK and EU data protection laws (such as requiring the recipients to enter into contracts which have been approved by EU authorities for this purpose).

 

Data security

We have put in place suitable technical and organisational measures to protect the security of your information. Details of these measures are available from [email protected]. These measures include limiting access to your personal information to those individuals who have a business need to know.

 

How long will we keep your personal information?

We keep your personal information for as long as we reasonably need to use it for the reasons set out in this notice (see section 6 above). Typically, this will include the period for which the personal information is actively in use, plus up to 7 years, which is the time that the information may be relevant for the establishment or defence of legal claims.

Where a minimum retention period is required by law (such as retaining records for HMRC purposes) we comply with that minimum period plus up to 12 months to allow time for us to anonymise or delete information in accordance with our internal data management processes.

We may also keep personal information for longer where we are processing it for scientific or historical research purposes.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you.

 

Your rights in connection with your personal information

Under certain circumstances, by law you have the right to:

  • Ask for a copy of your personal information (commonly known as a "subject access request").
  • Ask that we update or correct the personal information that we hold about you, if you believe it to be inaccurate.
  • Ask that we erase your personal information that we hold, where there is no good reason for us continuing to hold it. We may not need to erase it, but we will need to show that we continue to have a good reason to hold it.
  • Object to our use of your personal information if we are relying on a legitimate interest and there is something about your situation which makes you want to object. We may not need to stop, but we will need to show a good reason to keep using it. You can always ask us to stop using your personal information for direct marketing purposes.
  • Ask that we restrict our use of your personal information so that we are simply storing it, for example if you want us to establish its accuracy or our reason for using it.
  • Request the transfer of your personal information to you or another party. This only applies where you have provided us that information and we are processing it with your consent or to perform a contract with you. This is unlikely to apply in most cases.
  • Change your mind and withdraw consent you have given us.

To exercise any of the above rights, please contact [email protected].

These are legal rights, so they only apply in certain circumstances and are subject to exemptions.

We may also need to take steps to confirm your identity. This is another security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

If you have concerns about the way we are handling your personal information, you also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint/.

 

Updates to this notice

We may exercise the right to update this notice. If we make substantial changes, we will bring these to your attention where reasonably possible. Otherwise, you can access the latest version of this notice on our website.

 

Contact

If you have any questions about this privacy notice, please contact [email protected].