NeighbourlyLab is committed to protecting your personal information.
If you have any questions about this Privacy Notice or any Data Protection related matters relevant to NEIGHBOURLYLAB you can send an email to our Data Protection Officer: email@example.com
What personal information do we collect
If your personal information is used by NEIGHBOURLYLAB because you are attending one of our events, we will collect the following information: The information below is to provide you with a non-specific list of possible personal information we may request from you within any project or piece of research we conduct. We may collect and process the following types of personal information which will be highly dependent on the work we are doing:
• Personal identifiers: for example, name, email address, telephone number, where you work, job title.
• Responses to interviews and surveys such as feedback surveys
• Personal information related to the Equality Act 2010 inclusive of data known as ‘Protected Characteristics’ (disability, medical information, or information required to facilitate the accessibility of an event)
Why do we collect your information and what do we use it for
We collect your personal information for the following purposes:
To organize events, contact you about the event, and any feedback you might have regarding the event
To accommodate any disability or dietary needs at an event
With your consent, to contact you about further events or to participate in an interview, seminar, presentation, conference, and/or workshop, and/or focus group session as part of a project or piece of research.
To make confidential contact with you where you have indicated an interest in being contacted about the research area or participating in any research projects associated with this area of research (you are able to opt out at any time and are under no obligation to participate in any research projects)
We will also use your personal information to respond to and identify your personal information when you submit a data subject rights request.
Our lawful basis for processing your data
We process the personal data of event participants in a variety of ways.
Most commonly, the lawful basis for using your personal information may be one or more of the following:
Legitimate Interest if your information is publicly available or if your information was shared by a commissioner within the context of a wider project
For collecting your sensitive personal information, also known as GDPR special categories of personal information, in general, we rely on GDPR Article 9.2(a) : Consent. This is also relevant to any personal information known as “protected characteristics” under the UK Equality Act 2010.
Security, Storage and Sharing of your data
We take the security of your information very seriously and have put physical, technical, operational, and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.
We use Google Workspace & Google Cloud Platform for the secure storage of personal information processed by us. Through the use of Google services, the organisation is able to provide a high level of security around the storage of highly sensitive personal data which is captured within a high variety of our activities. You can find further security and compliance information in the Google Compliance Resource Centre, Privacy Resource Centre and the Google Cloud & the GDPR pages.
Your personal data may also be stored with specific third-party services for the minimum period necessary to perform activities with your personal information. Each third-party is subject to contractual and security reviews to ensure adequate and comparative levels of security, we’d expect for ourselves, is provided for the data they process on our behalf.
The types of third-party providers we use include:
Mass email services
Survey platform services
Client Relationship Management services
Website services and platform providers
IT services organisations
Where appropriate, we may share your personal information with our professional advisers including our lawyers and auditors, project partners, industry experts, peers (of a group you are involved in as a Sector Stakeholder), and local and central government departments where it is strictly necessary. It is also possible that we may be required to share your data to comply with applicable laws or with valid legal processes, such as in response to a court order.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded by implementing at least one of the following safeguards:
Transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK (the UK also recognises the European Commission list of adequate countries. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries)
Specific contracts/agreements approved by the UK which give personal data the same protection it has in the UK. For further details, see UK International Data Transfer Agreements. We will also assess in-country standards as part of this process.
We may share the information we gather with other organisations in the following scenarios (where this has been outlined in the privacy notice):
Evaluators and Delivery Partner organisations and other organisations that are funded by us or collaborating with us on projects or pieces of research.
Independent contractors or suppliers, we hire to work on specific projects or pieces of research we conduct or commission.
Always refer to the research project Privacy Notice to confirm how your data will be stored, shared, and kept secure.
How long we keep your data
We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.
The length of time which we plan to keep any information for will be outlined on the privacy notice for each individual project. Wherever possible, personal data will be anonymised or pseudonymised, as long as this does not impair the aims of the project.
When data is no longer needed, unless there is another legal reason for us to retain your personal information, we will securely destroy any paper or digital records.
Your rights concerning your data
You have non-absolute rights concerning your data: Where consent has been used, you can revoke it. You have the right to request that we rectify your data if it is wrong or needs updating. You have the right to access a copy of the information we hold about you, the right to erasure if no legal requirements oblige us to retain your information, the right to restrict or object to the use of your data right to rectification and the right to obtain a copy of your data in a commonly legible format. You can request these actions by contacting firstname.lastname@example.org. If you have concerns regarding the use of your information, you can also contact the ICO.
Last update to this Privacy Notice
This Privacy Notice was last updated in August 2023.