Last revised: 20th September 2022
Faculty Science Limited (“Faculty”, “we”, “us” or “our”) respects your privacy and is committed to protecting your personal data that we collect or process.. This policy informs you about how we look after your personal data and tells you about your rights and how applicable privacy law protects you.
If you have any questions about this policy, please contact our Data Protection Officer, whose details are set out below.
1. Purpose of this policy
What does this policy cover?
- you visit our website, available at www.faculty.ai and other hosted Faculty services;
- you sign up to our newsletter;
- you attend one of our events (virtual or otherwise);
- we are providing you or your organisation with bespoke professional services
- you visit our office;
- when we use information about you provided by a third party for marketing purposes.
How will we change this policy?
This policy may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or use of data.
2. The data we collect about you
Personal data, or personal information, means any information relating to an individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
|Category of personal data||Types of personal information captured by category|
|1. Identity information||
|2. Contact details||
|3. Marketing and Communications Data||
|4. Services information||
|5. Visitor information||
|6. Navigational and usage information||
Data we do not collect
We will not request any Special Categories of Personal Data (that is, details about your race or ethnicity, religious or philisophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic or biometirc data). Nor do we collect any information about criminal convictions and offences.
Our services are not directed towards children under the age of 16, and therefore we do not hold any personal data relating to children under 16. If you have reason to believe that we may have been provided with personal data on a child under 16, please contact us immediately.
3. How your personal data is collected
We use different methods to collect data from and about you, including through:
|Direct interaction||You may provide us your personal details by contacting us through the website, when you sign up for our newsletter, or otherwise corresponding with us via phone, email or otherwise. This includes personal data when you:
|Automated technology or interactions||As you interact with our website, we will automatically collect technical data about your equipment, location, time, browsing actions and patterns. We collect this personal data using cookies and other similar technologies. Please see the Cookies section of this policy for further details.|
|Third parties or publicly available sources||We may receive personal data about you from various third parties or publicly available sources as set out below:
4. How we use your personal data
We will only use your personal data in accordance with applicable privacy laws. We have set out below a description of all the ways we may use your personal data, and the lawful bases of applicable law that we rely on to do so. We have also identified what our legitimate interests are where appropriate. Please see the Glossary section of this policy for more information on the lawful basis for processing personal data.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
|Purpose/Activity||Type of data||Lawful basis for processing|
|To manage our relationship with you which will include:
||(a) You have provided your consent for us to use your personal data for a specific purpose
(b) Necessary for our legitimate interest to develop our services and grow our business
|To provide you with services and maintain internal records of those services.||
||(a) Performance of a contract with you
(b) Necessary for our legitimate interest to understand how customers use our services, to develop new services and to grow our business
|Security and health and safety of visitors||
||(a) Necessary to comply with the law, when certain information is necessary to satisfy our legal or regulatory obligations|
|To administer this website, including;
||(a) Necessary for our legitimate interest in maintaining our website, to develop business and to grow our business and inform our marketing strategy|
|To comply with applicable law||Any personal data that we hold on you||(a) Necessary to comply with the law, when certain information is necessary to satisfy our legal or regulatory obligations.|
You can ask us to stop sending you marketing communications at any time by following the opt-out links on any marketing message sent to you, by contacting us directly at any time or at this link.
Where you opt out of receiving these marketing communications, this will not apply to personal data provided to us as a result of provision of services or a visit to our offices.
Change of purpose
We will only use your personal data for the purpose for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. Disclosure of your personal data
To provide services and run our business
We may share personal data collected by us with third party service providers situated around the world, including locations where the local law may grant you fewer rights than you have in your own country.
We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes.
The below is a list of indicative third parties that we use. Copies of their respective privacy policies are available if you follow the links provided.
We may provide your personal data to a third party in the event that we enter into discussions that might lead to a change in control, such as a merger, acquisition, or purchase.
We may also share your personal data with:
- any of our subsidiaries and affiliates; and
- third party in the event that we enter into discussions that might lead to a change in control, such as a merger, acquisition, or purchase.
6. Transfer of data to third countries
Personal data we collect may be transferred by us to third parties, as set out in the Disclosure of your personal data section of this policy, including service providers that may be situated outside the United Kingdom (UK) and may be processed by staff operating outside the UK.
Where required by law, we have put in place legal mechanisms designed to ensure adequate data protection of your personal data that is processed by Faculty affiliates and third party service providers, including the transfer of your personal data to countries other than the UK. If you would like more information about these legal mechanisms, which may include the EU’s Standard Contractual Clauses, please contact us at the address below. By providing your personal data to Faculty you voluntarily consent to such trans-border transfer and hosting of such information.
7. Data Security
We take great care in implementing, enforcing and maintaining security policies to help ensure the security of your personal data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed or otherwise, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Faculty limits access to any personal data we hold to staff who:
- Are appropriately trained on the requirements applicable to the processing, care and handling of Personal Data;
- Are under confidentiality obligations;
- Are required to access, process and use the data to carry out the various tasks outlined in the How we use your personal data section of this policy; and
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. In any security breach involving personal data , we shall take remedial measures, including without limitation, reasonable measures to restore the security of the personal data and limit unauthorised or illegal dissemination of the personal data or any part thereof.
We maintain documentation regarding compliance with the requirements of the law, including but not limited to documentation of any known breaches and hold reasonable insurance policies in connection with data security.
8. Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
9. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights include:
- Right to access your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request transfer of you personal data
- Right to withdraw consent
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data, or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you wish to exercise any of the rights set out above, please contact us. We aim to respond to all legitimate requests promptly. Occasionally it could take us longer than usual if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Please see the Glossary section of this policy for more information about your rights under data protection.
Cookies managed by Faculty are referred to as first party cookies whereas cookies from third parties are referred to as third party cookies. We categorise the cookies we use on our website as per the table below.
Without these cookies, services cannot be provided.
|Performance Cookies||These cookies allow us to employ data analytics so we can measure and improve the performance of our site and provide more relevant content to you. These cookies are used to collect information about the number of visitors to the site, length of sessions and campaign data for analytics purposes.
These cookies are not passing any personally identifiable information to any external third party other than in the limited cases where we may engage a service provider to act on our behalf, for example Google Analytics. Third parties are unable to use the data for their own purposes.
|Targeting/social media cookies||These targeting and social media cookies are placed by third parties and used to:
They remember that you have visited a site and quite often they will be linked to site functionality provided by other organisations. This may impact the content and messages you see on other websites you visit.
|Functionality Cookies||These cookies allow the site to remember choices you’ve made, such as language preference or the region you are in.
These cookies cannot track your browsing activity on other websites. They do not gather any information about you that could be used for advertising or remembering where you’ve been on the internet outside of our site.
You can choose which performance, targeting and functionality cookies we can set by following this link, you can also update your cookie preferences at any time. However, if you use your browser setting to block all cookies, including essential cookies, you may not be able to access all or parts of the website.
11. Information about how to contact us
Our Contact details
If you have any questions regarding this policy you can contact our DPO in the following ways:
Using our contact pay on this website or contacting:
Faculty Science Limited
Level 6, 160 Old Street, London, EC1V 9BW
If you have any concerns about our use of your personal data or information rights practices, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues ( www.ico.org.uk) or by calling 0303 123 1113.
We have appointed IT Governance Europe Limited to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection (EU GDPR), or have any queries in relation to your rights or general privacy matters, please contact our representative at firstname.lastname@example.org. Please ensure to include our company name in any correspondence you send to our representative.
Lawful basis for processing personal data.
|Legitimate interest||means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contracting us.|
|Performance of Contract||Means processing your data where it is necessary for the performance of a contract to which you (or your organisation) are a party to or to take steps at your request before entering into such a contract|
|Comply with legal obligations||Means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to|
|You have provided your consent||Means processing your personal data where you have given clear consent to processing your personal data for a specific purpose|
|Vital interest||Means processing of your personal data where it is necessary to protect your life|
|Public task||Mean the processing of your personal data where the processing in necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law (this will not be applicable to any processing Faculty does)|
Your legal rights.
|You have to the rights to|
|Request access||You may request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
|Request Correction||You may request correction of the personal data we hold about you. This enable you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy if the new data you provide us|
|Request Erasure||You may request the erasure of your personal data. This enable you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Note: we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
|Object to Processing||You may object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.|
|Request restriction of processing||You may request the restriction of processing of your personal data. This enable you to ask us to suspend the processing of your personal data in the following scenarios:
|Request transfer||You may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used information to perform a contract with you|
|Withdraw consent at any time||You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing activities carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.|