Website Privacy Policy

This privacy policy was updated 24 May 2019

Your privacy is very important to CRAC. We regularly review our policies and processes to keep your data secure. Please take a moment to familiarise yourself with how we manage your privacy. Let us know if you have any questions.


Introduction

The Careers Research and Advisory Centre (CRAC) Ltd is the non-profit organisation that manages the Vitae programme.  Vitae is the global leader in supporting the professional development of researchers, experienced in working with institutions as they strive for research excellence, innovation and impact.

You can find more information about CRAC and the work that we do on our website: www.crac.org.uk.

CRAC is committed to protecting the personal information of all its contacts and being clear about what information we hold about them and how we use it. This privacy notice tells you what to expect when CRAC collects personal information.

CRAC is registered as a data controller with the Information Commissioner’s Office (ICO). Our registration number is Z1030346.  You can check our registered details on the ICO’s website: https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/

Data Controller and Data Protection Officer

CRAC is the Data Controller of any personal information collected within scope of this privacy notice. Our location and contact details are below:

The Careers Research and Advisory Centre (CRAC) Limited
22 Signet Court
Cambridge
CB5 8LA
Tel: 01223 460277
Email: dataprotection@crac.org.uk

Our Data Protection Officer (DPO) is the first point of contact for people whose information is processed. Contact details for our DPO are as follows:

David Nightingale
IT Manager
Email: david.nightingale@crac.org.uk
Tel: 01223 460277

Data we collect from users of this website

If you contact us by phone or email or by using a contact form on this website, we will collect and process your contact details for the purpose of answering your enquiry and providing you with information about related products and services. 

We will not add you to any mass mailing or contact list without getting your explicit consent and providing you with an easy means to opt-out at any time. 

This website uses cookies to monitor and improve the website’s performance and user experience.  Our cookie policy provides more information.

 

Data we collect in the course of our business

We may collect personal data, including sensitive personal data, when delivering products and services. 

When collecting personal and sensitive personal data we will always link to a privacy notice that explains clearly what data is being collected, why it is being collected, how it will be used, the lawful basis for the processing, how it will be stored and how long it will be stored for. The privacy notice will provide contact details in case you wish to make an enquiry or complaint about the data collection. 

Where consent is used as the lawful basis, we will provide you with an easy means to withdraw consent.

 

Disclosure or sharing of your information

We only share your personal information with partners who assist in providing our services or products to you. We check that our partners have adequate information security controls in place. We will not share your personal information with third parties for marketing purposes without first informing you and getting your explicit consent. We may share your data with third parties if required to do so by law.

 

Where we store your data

We store your data on secure servers in the European Economic Area. Data will be transferred outside the EEA only when all requirements of the Data Protection Act and General Data Protection Regulation (GDPR) are met. 

All data are processed over a secure platform using encryption technology. However, sending information over the internet is generally not completely secure, and we cannot guarantee the security of any data you send us. You may email us your data at your own risk. Once we receive your data, we have data security controls in place to keep the data secure.

 

How long we retain your data for

We are only able to retain a copy of your personal information as long as it is still needed for the purpose(s) for which it was collected as stated in the relevant privacy notice. 

 

Your rights and access to your information

Once your personal information has been collected, you have certain rights in relation to that personal information that may be exercised. You have the right to:

  • - Ask for a copy of your personal information
  • - Correct inaccurate personal information held about you
  • - Ask for your personal information to be deleted (within 30 days)
  • - Restrict processing of your personal information
  • - Ask for a copy of their information in a format that allows easy transfer (data portability)
  • - Object to automated decision making or profiling (if these take place) 

If you have any questions in relation to these rights, please contact dataprotection@crac.org.uk.

Complaints about the use of your personal information

If you are unhappy with the way in which their personal information has been handled by CRAC, they may contact us at: dataprotection@crac.org.uk or via our Data Protection Officer (details in section 2) and we will try to resolve your issue informally.

If we are not able to resolve the issue to your satisfaction, you can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) and they can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Email: casework@ico.org.uk