The Engineering Exchange has reviewed our data management processes. Please read the below Local Privacy Notice carefully, to find out how and when we process your personal data.
The Engineering Exchange (“we” “us”, or “our”) respects your privacy and is committed to protecting your personal data.
Please read this Privacy Notice carefully – it describes why and how we collect and use personal data and provides information about your rights. It applies to personal data provided to us, both by individuals themselves or by third parties and supplements the following wider UCL privacy notice(s):
- General privacy notice when you visit UCL’s website
We keep this Privacy Notice under regular review. It was last updated on 28/01/2019.
The Engineering Exchange is part of the Faculty of Engineering and The Bartlett Faculty of the Built Environment at University College London (UCL).
UCL, a company incorporated by Royal Charter (number RC 000631), is the entity that determines how and why your personal data is processed. This means that UCL is the ‘controller’ of your personal data for the purposes of data protection law.
Personal data that we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you. This may include:
- Your name and contact details;
- The names and other details about third parties who are involved in the issues we are helping you with;
- Details about projects you have participated in; and
- The context in which we first received your contact details.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To register you as a client and to manage our relationship with you.
- To help you with your enquiry. Depending on the circumstances, this may include special category personal data. Here, the processing of your information is carried out on the basis of your explicit consent; or
- To notify you about upcoming opportunities, events etc.
Where the processing is based on your consent, you have the right to withdraw your consent at any time by contacting us using the details set out below. Please note that this will not affect the lawfulness of processing based on consent before its withdrawal.
We may also use anonymised data, meaning data from which you cannot be identified, for the purposes of:
- Service evaluation;
- Education and research; or
- Fundraising and promotional purposes.
Anonymised data may also be used in published reports or journals and at conferences.
Who we share your personal data with
Your personal data will be collected and processed primarily by our staff and UCL (Access to your personal information is limited to staff who have a legitimate need to see it for the purpose of carrying out their job at UCL). We may have to share your personal data with the parties set out below for the purposes outlined in section 4:
- Just Space
- London Sustainability Exchange
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes – we only permit them to process your personal data for specified purposes and in accordance with our instructions.
Lawful basis for processing
Data Protection Legislation requires that we meet certain conditions before we are allowed to use your data in the manner described in this notice, including having a "lawful basis" for the processing. The basis for processing will be as follows:
- Legitimate interests. The processing of your personal data may be necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or by fundamental rights and freedoms which require protection of personal data [Note: read UCL’s guidance on legitimate interests]
We use Mailchimp to securely store and process personal data. Because Mailchimp is based outside the European Economic Area (EEA), this means your data is transferred outside the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have established procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We will keep your personal data according to the Records Retention Schedule.
Under certain circumstances, you may have the following rights under data protection legislation in relation to your personal data:
- Right to request access to your personal data;
- Right to request correction of your personal data;
- Right to request erasure of your personal data;
- Right to object to processing of your personal data;
- Right to request restriction of the processing your personal data;
- Right to request the transfer of your personal data; and
- Right to withdraw consent.
If you wish to exercise any of these rights, please contact the Data Protection Officer.
You can contact UCL by telephoning +44 (0)20 7679 2000 or by writing to: University College London, Gower Street, London WC1E 6BT.
Please note that UCL has appointed a Data Protection Officer. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below:
Data Protection & Freedom of Information Officer: firstname.lastname@example.org
If you wish to complain about our use of personal data, please send an email with the details of your complaint to the Data Protection Officer so that we can look into the issue and respond to you.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website.