Legal

Faculty Privacy Policy

Effective Date 04 July 2024

Faculty Science Limited (“Faculty”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data that we collect or process. This policy informs you about how we look after your personal data and tells you about your rights and how applicable privacy law protects you. 
If you have any questions about this policy, please contact our Data Protection Officer, whose details are set out below.

1. Purpose of this policy

How will we change this policy?

We keep this privacy policy under regular review. If we change this policy we will let you know by providing notice on our website and the latest date this policy has been updated is set out at the top of this policy. 
Unless otherwise stated, all changes to this privacy policy are effective as of the stated Effective Date and your continued use of our services following the Effective Date will constitute that you have read and understood the latest version of this privacy policy. 
This policy may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or use of data. 

2. The data we collect about you

Personal data, or personal information, means any information relating to an individual from which that person can be identified. 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity information

  • Title
  • First name
  • Last name
  • IP addresses

Contact details

  • Email address
  • Company name
  • Phone number
  • Office address
  • Other mailing addresses

Marketing and Communications Data

  • Preferences in receiving marketing form us (including where you’ve opted out) and your communication preferences
  • Information on your engagement with Faculty Science Ltd. via meetings, events, groups or networks
  • Topics of interest, biographical information
  • Content of social media posts

Services information

  • Historical information regarding the services we have provided to you

Visitor information

  • Your identity & contact information
  • The purpose of your visit
  • Which member(s) of our team you came to visit
  • CCTV footage

Navigational and usage information

  • Information about where and how you interact with this site
  • Pages visited/links clicked
  • Date and time of interactions
  • Consent information for use of cookies
  • Browser information

Information necessary for recruitment activity

  • information set out in categories 1) and 2) above
  • details of your qualifications, skills, experience and employment history, including start and end dates with previous employers and with the organisation and details of your referees.

On select occasions where it is necessary

  • information about any medical or health conditions, including whether or not you have a disability in connection with which we need to make reasonable adjustments
  • details of your pension arrangements, and any related information necessary to enable us to implement and administer them
  • information about your nationality and entitlement to work in the UK• details of your driving licence and vehicles you are entitled to drive
  • criminal records information, including the outcome of any Disclosure and Barring Service (‘DBS’) checks
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief
  • other relevant information as applicable and as required by us in order to ensure that we fulfil our obligations as a prospective employer.

We may also collect, use and share aggregated data such as statistical or analytical data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Navigational and Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy. 

3. How your personal data is collected

We use different methods to collect data from and about you, including through:

Direct interaction

You may provide us your personal details by contacting us through the website, when you sign up for our newsletter, or otherwise corresponding with us via phone, email or otherwise. This includes personal data when you:

  • Contact us through our website;
  • Subscribe to our newsletter;
  • Request marketing material be sent to you;
  • Attend one of our events;
  • Procure our professional services;
  • Complete our digital visitor form when you visit our offices

Automated technology or interactions

As you interact with our website, we will automatically collect technical data about your equipment, location, time, browsing actions and patterns. We collect this personal data using cookies and other similar technologies. Please see the Cookies section of this policy for further details.

Third parties or publicly available sources

We may receive personal data about you from various third parties or publicly available sources as set out below:

  • Media contacts, including preferred contact methods, topics of interest and biographical information, influencer profiles from: Cision Media Group and Cognism Ltd.
  • Data brokers, including via email marketing lists or other databases available for acquisition.
  • Datasets derived from publicly available social media.

4. How we use your personal data

We will only use your personal data in accordance with applicable privacy laws. We have set out below a description of all the ways we may use your personal data, and the lawful bases of applicable law that we rely on to do so. We have also identified what our legitimate interests are where appropriate. Please see the Glossary section of this policy for more information on the lawful basis for processing personal data.

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

To manage our relationship with you which will include:

  • Notifying you about changes to our terms or this privacy policy
  • Sales outreach
  • Targeted and specific marketing, such as our newsletter
  • To invite you to an event
  • To respond to and keep track of correspondence you’ve sent through our website contact form
  1. Identity information
  2. Contact information
  3. Marketing and communication data

(a) You have provided your consent for us to use your personal data for a specific purpose (b) Necessary for our legitimate interest to develop our services and grow our business

To provide you with services and maintain internal records of those services.

  1. Identity Information
  2. Contact information
  3. Services information

(a) Performance of a contract with you (b) Necessary for our legitimate interest to understand how customers use our services, to develop new services and to grow our business

Security and health and safety of visitors

  1. Visitor information

(a) Necessary to comply with the law, when certain information is necessary to satisfy our legal or regulatory obligations

To administer this website, including;

  • Troubleshooting
  • Data analytics
  • Maintenance
  • Deliver relevant website content and advertisements
  1. Navigational and usage information

(a) Necessary for our legitimate interest in maintaining our website, to develop business and to grow our business and inform our marketing strategy

To comply with applicable law

Any personal data that we hold on you

(a) Necessary to comply with the law, when certain information is necessary to satisfy our legal or regulatory obligations.

Data used to further recruitment activity

Information set out or referred to at column 7 of the table at section 2 above.

(a) Necessary for our legitimate interest in recruiting talent, meeting our human resource needs and expanding our business.

Special category data used to further recruitment activity

Special category data

(a) Necessary for our legitimate interest in recruiting talent, meeting our human resource needs and expanding our business. (b) Where the data processed by us is special category data (for example your health data), we will rely on the following additional bases for processing that data; namely that it is:

  • Processing is necessary carrying out our obligations and exercising our rights in relation to your employment, and for the safeguarding of your fundamental rights;
  • Processing is necessary to protect your vital interests or those of another person, where you are incapable of giving your consent;

Opting-Out

You can ask us to stop sending you marketing communications at any time by following the opt-out links on any marketing message sent to you,  by contacting us directly at any time or at this link. 

Where you opt out of receiving these marketing communications, this will not apply to personal data provided to us as a result of provision of services or a visit to our offices. 

Change of purpose

We will only use your personal data for the purpose for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. 

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

5. Disclosure of your personal data

To provide services and run our business 

We may share personal data collected by us with third party service providers situated around the world, including locations where the local law may grant you fewer rights than you have in your own country. 

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable  law. We do not allow our third-party service providers to use your personal data for their own purposes. 

The below is a list of indicative third parties that we use. Copies of their respective privacy policies are available if you follow the links provided. 

We may provide your personal data to a third party in the event that we enter into discussions that might lead to a change in control, such as a merger, acquisition, or purchase.

Other circumstances 

We may also share your personal data with:

• any of our subsidiaries and affiliates;  

• our professional advisors; and

• A third party in the event that we enter into discussions that might lead to a change in control, such as a merger, acquisition, or purchase. 

6. Transfer of data to third countries

Personal data we collect may be transferred by us to third parties, as set out in the Disclosure of your personal data section of this policy, including service providers that may be situated outside the United Kingdom (UK) and may be processed by staff operating outside the UK. 

Where required by law, we have put in place legal mechanisms designed to ensure adequate data protection of your personal data that is processed by Faculty affiliates and third party service providers, including the transfer of your personal data to countries other than the UK. If you would like more information about these legal mechanisms, which may include the EU’s Standard Contractual Clauses or the UK Model Clauses, please contact us at the address below. By providing your personal data to Faculty, you voluntarily consent to such trans-border transfer and hosting of such information.

7. Data Security

We take great care in implementing, enforcing and maintaining security policies to help ensure the security of your personal data. 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed or otherwise, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

Faculty limits access to any personal data we hold to staff who:

  • Are appropriately trained on the requirements applicable to the processing, care and handling of Personal Data;

  • Are under confidentiality obligations; 

  • Are required to access, process and use the data to carry out the various tasks outlined in the How we use your personal data section of this policy; and 

  • Require access in order for Faculty to fulfil its obligations under this privacy policy. 

Breaches

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. In any security breach involving personal data, we shall take remedial measures, including without limitation, reasonable measures to restore the security of the personal data and limit unauthorised or illegal dissemination of the personal data or any part thereof. 

We maintain documentation regarding compliance with the requirements of the law, including but not limited to documentation of any known breaches and hold reasonable insurance policies in connection with data security. 

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal, regulatory, tax, accounting or other requirements. 

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us. 

We will keep recruitment data (including interview notes) for no longer than is reasonable, taking into account the limitation periods for potential claims such as race or sex discrimination (as extended to take account of early conciliation), after which they will be destroyed. If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so but will first consider whether the records can be pseudonymised, and the longer period for which they will be kept.

9. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights include:

  • Right to access your personal data

  • Request correction of your personal data 

  • Request erasure of your personal data 

  • Object to processing of your personal data 

  • Request transfer of you personal data 

  • Right to withdraw consent 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data, or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If you wish to exercise any of the rights set out above, please contact us. We aim to respond to all legitimate requests promptly. Occasionally it could take us longer than usual if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

Please see the Glossary section of this policy for more information about your rights under data protection.

10. Cookies

Cookies are small text files of letters and numbers that are stored on your browser or the hard drive of your computer if you agree to their use. Our website uses cookies to distinguish you from other visitors, which helps provide you with a better browsing experience and allows us to run analytics and improve the usability of our site. 

Cookies managed by Faculty are referred to as first party cookies whereas cookies from third parties are referred to as third party cookies. We categorise the cookies we use on our website as per the table below. 

Strictly Necessary Cookies

These cookies are essential in order to enable you to navigate around the site and use its different features, they are also used to store information on what consents you have given regarding the use of cookies for non-essential purposes. Without these cookies, services cannot be provided.

Performance Cookies

These cookies allow us to employ data analytics so we can measure and improve the performance of our site and provide more relevant content to you. These cookies are used to collect information about the number of visitors to the site, length of sessions and campaign data for analytics purposes.These cookies are not passing any personally identifiable information to any external third party other than in the limited cases where we may engage a service provider to act on our behalf, for example Google Analytics. Third parties are unable to use the data for their own purposes.

Targeting/social media cookies

These targeting and social media cookies are placed by third parties and used to:

  • Track how you use the site and any advertising you may have seen before visiting the site;
  • Track behavioural data, such as pages viewed, visitor source, time spent on the site;
  • Present more relevant ads based on your preferences;
  • Share content of the site via social media; and
  • Track the use of embedded services.

They remember that you have visited a site and quite often they will be linked to site functionality provided by other organisations. This may impact the content and messages you see on other websites you visit.

Functionality Cookies

These cookies allow the site to remember choices you’ve made, such as language preference or the region you are in.

These cookies cannot track your browsing activity on other websites. They do not gather any information about you that could be used for advertising or remembering where you’ve been on the internet outside of our site.

You can choose which performance, targeting and functionality cookies we can set by following this link, you can also update your cookie preferences at any time. However, if you use your browser setting to block all cookies, including essential cookies, you may not be able to access all or parts of the website.

11. Historic use of data

For transparency purposes, we maintain a list of historic processing activities:

To develop and test products and services on a limited, by-exception basis. (Faculty principally supplies services to clients, who provide any data necessary for the provision of the service, and only exceptionally use publicly available data to test products or services as part of our own R&D). This data is retained for a minimum amount of time and then deleted.

Data publicly posted on X/Twitter.

We have historically used data available on X/Twitter to test products.

User IDs were pseudonymised and held for a limited period (24 January 2024 – 6 February 2024), after which the data was deleted.

We have never sold, rented or shared this data when using it for this purpose. We no longer control data for this purpose.

Necessary for our legitimate interest in developing our products and services

12. Information about how to contact us

Our Data Protection Officer (DPO) is responsible for overseeing questions in relation to this privacy policy. If you have any questions regarding this privacy policy, including any requests to exercise your legal rights, please contact our DPO using the details below.

Our contact details

If you have any questions regarding this policy you can contact our DPO in the following ways:

Using our contact pay on this website or contacting:

Legal Team
Faculty Science Limited
legal@faculty.ai
Level 6, 160 Old Street, London, EC1V 9BW

If you have any concerns about our use of your personal data or information rights practices, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues ( www.ico.org.uk) or by calling 0303 123 1113.

EU Representative

We have appointed IT Governance Europe Limited to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection (EU GDPR), or have any queries in relation to your rights or general privacy matters, please contact our representative at eurep@itgovernance.eu. Please ensure to include our company name in any correspondence you send to our representative.

13. Glossary

Lawful basis for processing personal data.

Legitimate interest

means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contracting us.

Performance of Contract

Means processing your data where it is necessary for the performance of a contract to which you (or your organisation) are a party to or to take steps at your request before entering into such a contract

Comply with legal obligations

Means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to

You have provided your consent

Means processing your personal data where you have given clear consent to processing your personal data for a specific purpose

Vital interest

Means processing of your personal data where it is necessary to protect your life

Public task

Mean the processing of your personal data where the processing in necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law (this will not be applicable to any processing Faculty does)

Your legal rights

Request access

You may request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Request Correction

You may request correction of the personal data we hold about you. This enable you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy if the new data you provide us

Request Erasure

You may request the erasure of your personal data. This enable you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.Note: we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to Processing

You may object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing

You may request the restriction of processing of your personal data. This enable you to ask us to suspend the processing of your personal data in the following scenarios:If you want us to establish the data’s accuracyWhere our use of the data is unlawful but you do not want us to erase itWhere you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claimsYou have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it

Request transfer

You may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used information to perform a contract with you

Withdraw consent at any time

You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing activities carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.