The Daphne Jackson Trust regards the lawful and correct treatment of personal information as very important and is fully committed to the principles of data protection, as set out in the General Data Protection Regulation.
1. Why do we have this notice?
Our privacy notice will help you understand what information we collect, how we use it, and what choices you have.
A quick note on terminology: when we use the phrase “we” in this notice, it refers to the Daphne Jackson Trust only. Although our offices are based at the University of Surrey, we are an independent organisation with our own privacy arrangements.
When we say “our work”, we mean the services and activities undertaken by the Daphne Jackson Trust – such as our Fellowship scheme, training and conferences.
Under the General Data Protection Regulation (GDPR), the Daphne Jackson Trust is a ‘data controller’ which means that we are responsible for how and why personal data is used. Our staff can help you with any queries about the information in this privacy notice – please contact DJMFT@surrey.ac.uk or +44 (0)1483 689 162.
Please also note that this privacy notice covers the Daphne Jackson Trust website only. Other websites linked to or from this site are not covered by this notice.
2. Why do we collect and receive information that contains personal data?
We process personal data to undertake our work: namely providing Fellowships that enable researchers to return to their careers after a break of two or more years taken for family, caring or health reasons.
We aim to:
- enable researchers to return to research careers with confidence after a career break;
- maintain a talented research workforce by offering flexible Fellowships;
- support equality, diversity and inclusion in the workplace and wider research environment; and to
- develop partnerships that extend the reach and increase the impact of the work of the Trust.
Under GDPR, we use ‘legitimate interests’ to process most of your data. ‘Legitimate interests’ means the interests of our organisation in conducting and managing our activities to enable us to undertake our work. For instance, we may contact you about upcoming Fellowship opportunities or conferences we organise, but we do so in a way to send you only the information you are interested in.
We only rely on legitimate interests where we consider any potential impact on you (positive and negative), how intrusive it is (from a privacy perspective) and your rights (under data protection laws) do not override our interests in us using your information in this way. You can tell us if you wish to be contacted differently, or not at all – see section 9 in this document.
If you are applying for a Fellowship, we store some information about you to enable us to process your application. A small amount of the information we collect is sensitive personal information as described in section 3. Should we ever want to share this with third parties, we require your explicit consent. This is a separate arrangement to our legitimate interests and it would be made clear to you at the time, with clear rationale as to why and the option for you to say no.
Where you are (or were) an employee or volunteer with the Trust, our legal basis is neither that of legitimate interests or consent. Instead, as per the norm, it becomes that of entering a contract (see your employment contract for further details).
3. What personal data could we hold about you?
In order for us to undertake our work, we may store information about you. For Fellowship applicants (successful and unsuccessful, including previous fellows), we hold information that you provide when you contacted us. We ask you for personal information so that we know who you are, whether you are eligible for a fellowship and how to best to reach you.
We also hold information about those who work closely with us on non-fellowship matters. For instance, if you have attended one of our events or work at a University that hosts one of our Fellows and have interacted with us, we may have some of your details on file.
We use the personal information to administer our relationship with you, taking into account any stipulations you have made over the manner in which we do this. Information that you supply is treated in confidence and in accordance with the principles of the GDPR.
The types of personal data we hold about you depends on your relationship with us and what information you have provided. For instance, if we have had very limited communications via email, it’s likely we will only have your name and email address as part of this interaction. For those who have (or had) a Fellowship with us, it is likely we have more information about you that was collected at the time of your application. It may include:
- Your full name and title,
- Gender, nationality and date of birth
- Your job title and career history
- The email address and phone number you contacted us with or provided to us
- The name and address of the organisation you work (or worked) for
- Equality diversity and inclusion data including, but not limited to age, ethnicity, disability and socio-economic background
- The reasons behind your career break to confirm your eligibility for a fellowship:
- For family reasons, we may ask you to confirm the number and ages of your children as well as child care arrangements
- For health and caring reasons, some brief details about the nature of these.
This is classed as special category data under GDPR. We do not share this information with third parties without asking for your consent.
- Your research area of expertise, technical skills and retraining requirements
- Any awards, publications and conference presentations you have been associated with
- Professional memberships
- Languages written and spoken
- If you attend our events, we may have information about any dietary requirements or accessibility arrangements
- Depending on social media privacy settings, you might give us permission to access information from those services for example when you publicly tag us in a photo
- On occasion, we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events. We will make it clear that this activity will take place and give you the opportunity to exercise your rights.
All Daphne Jackson Trust staff take responsibility for keeping this personal information as up to date, accurate and secure as possible and all have been trained in data protection.
We do not source information about you from anyone else and we will not sell your personal data, under any circumstance to anyone.
4. How do we use your information and what is the legitimate interest for the processing?
We use your information solely for the purposes of undertaking our work:
- If you are a Fellow or an applicant, we’ll use your information to administer this process. We need to know some personal information in order to assess your suitability for a Fellowship, the quality of the idea and the support you may require.
- If you attend one of our events or ask us a question, we will use your information to respond accordingly or run an event safely.
- If you are connected with the Trust in some other way (such as a reviewer or employee/volunteer), we’ll use your information for the specific purpose involved.
We don’t use your information for marketing or fundraising, but we may send you information from time to time with updates about the Trust and events we are running. You can choose not to receive this by letting us know at any time (see section 9 in this document).
We store your personal data just for the intended purposes of the Trust. We don’t pass it on to other organisations without letting you know. We collect only the minimum amount of information necessary and keep it only for as long as necessary, after which it is deleted or destroyed in line with our Data Retention Policy.
- Generally, for awarded Fellowships, we keep non-sensitive information indefinitely. Any sensitive information is deleted nine years after completion of the Fellowship.
- For unsuccessful applicants, we retain information (including sensitive data) for three years. This helps us deal with any subsequent interaction with you and avoids repetition on your behalf. If we haven’t heard from you after three years, the sensitive information is deleted. If we still haven’t heard from you after a further two years, we’ll then delete your entire record.
5. What other information could we hold?
The Daphne Jackson Trust may also collect and receive:
- Billing and other information: if you donate or leave a legacy to the Daphne Jackson Trust, we may collect and store the billing address, credit card information or other payment methods provided to us. If you leave a legacy to us, we may use information regarding next of kin that you may have provided us to administer this.
- Service usage information: from time to time, we conduct surveys and interviews with individuals and organisations from the sector. We will explain any specific privacy notices as part of the activity, should it differ from this privacy notice.
- Website traffic: we store some information to enable us to see how popular pages on our website are. This typically involves assessing aggregated information such as IP addresses. Analysing this information allows us to tailor our services better.
- Device information: we may collect information about the device you are using to access our services such as the type of device it is, the operating system you are using, its settings, application IDs / unique identifiers and cache data. Whether we collect some or all of this information depends on what type of device you are using and its settings.
6. How do we protect the security of your information and what about international data transfers?
The Daphne Jackson Trust takes security seriously. We take physical, managerial and technical measures to protect the information you provide to us from loss, misuse, unauthorised access, alteration or disclosure. This includes using physical locks, access restriction, two-factor authentication, encryption and password protection where possible and practical for us to do so. These steps take into account the sensitivity of the information and the current state of technology.
Some personal information may be stored internationally – including in countries outside of the EU that do not have adequacy status such as the USA. We limit the quantity of information on such platforms as far as possible, but for some services we use, such as Eventbrite, SmartSurvey and Mailchimp, your data may be stored on internationally. We take steps to remove your data from such platforms as soon as possible.
Similarly, we may also contact reviewers to assess Fellowship applications who are based internationally, including in countries that have non-adequacy status. We ask that such reviewers do not disclose the information further, share it with anyone else and delete it after they have provided their review.
For further information, including the safeguards we have in place for international data transfers, please contact Dr Katie Perry.
Please note that the Daphne Jackson Trust uses third party cookies linked to Google Analytics for our website analytics. This allows us to understand the audience visiting our website and how we can tailor our site to meet your needs. You may opt-out of third-party cookies from Google Analytics on its website.
The Google Analytics cookies we use include _gid and _ga. These allow us to distinguish between users.
The _ga cookie, installed by Google Analytics, calculates visitor, session and ‘campaign’ data and also keeps track of site usage for our site’s analytics report. The cookie allows us to recognize unique visitors. It expires after 2 years.
The _gid cookie, also installed by Google Analytics, stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. It expires after 1 day.
8. When can we share and disclose your information?
For the vast majority of the time we do not share your personal information with other organisations. Any sharing is generally limited to internal use between staff, Trustees and our committee members.
On some occasions, we may share information with other organisation specific to the activity we are undertaking. We limit what information needs to be shared and, where practically possible, we try to tell you about such instances as they occur. For example,
- To process payments and donations, we share some information with third party payment processors such as banks, finance management and accountancy systems we use.
- We use a third-party ‘customer relationship management’ system (https://www.beaconcrm.org/) to manage our contacts. This contains your personal information to help us keep accurate records, subject to strict privacy arrangements.
- During the process of awarding Fellowships, we share information with reviewers, host organisations and sponsors. We do not routinely share sensitive information with these third parties unless we have your explicit consent beforehand. We give you clear rationale as to why we want to share this information and the option for you to say no.
Please note that some reviewers are based internationally – in counties outside of the EU, including those that do not have adequacy status. We limit data sharing in these cases as far as possible, but in some cases it is unavoidable and a necessary part of reviewing a Fellowship application. In all cases, the reviewers, host organisations and sponsors are acting as independent data controllers.
- We use electronic mail delivery systems (Mailchimp) to send you Daphne Jackson Trust newsletters and information. Some of your contact details will be stored in these systems (which may be based internationally) to allow us to undertake this activity, subject to strict privacy arrangements. If our publications are in print, some information may be shared with the print supplier company we may use.
- If you attend a Daphne Jackson Trust event or associated activity, we may share some information about you with the venue or hotel (e.g. for booking hotel rooms on your behalf).
We may, on occasion, need to provide access to personal information to other organisations, subject to a Data Sharing Agreement:
- With third party service providers and agents: we use third party service providers to support the provision of our services. These relate to business functions including (without limitation) IT support, hosting our data on cloud platforms, legal, accounting, audit, consulting and other professional service providers, and providers of other services related to our business.
- To comply with laws: such as legal, governance or regulatory requirements and to respond to lawful requests, court orders and legal process.
- To enforce our rights, prevent fraud and for safety: to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
- Some our services may be provided by organisations with which we have a contractual relationship, including subcontractors. Accordingly, your personal data may be disclosed to them. We only provide these organisations with the information that they need to be able to perform their services. We have agreements in place with our service providers which restrict how they process your personal data.
9. Your right to object to the way in which we process your information
Under GDPR, you have rights over how the personal information we hold about you is handled. These include your right to:
- access the information we hold about you;
- ask us to stop contacting you;
- amend your information or have inaccurate information changed;
- delete your information;
- change your preferences (for instance if you would prefer us to only contact you about certain things or restrict what information we have about you);
- withdraw your consent (where applicable)
- object to the way we process your information, including anything not mentioned above.
You can do this by contacting the Daphne Jackson Trust via DJMFT@surrey.ac.uk or any member of the team (https://daphnejackson.org/about-us/meet-the-team/). We will action your request within 1 month or sooner, providing there is no reasonable reason we cannot comply.
If you have any questions about this Privacy Notice or practices, please contact us via DJMFT@surrey.ac.uk. If you prefer not to use email, you can contact us via:
The Daphne Jackson Trust
Department of Physics
University of Surrey
Telephone +44 (0)1483 689166
10. Our promise to you
- We will not pass your personal details to anyone outside the Daphne Jackson Trust for them to use for their own marketing purposes unless you have previously provided us with your informed and specific consent.
- We will make sure that our contact with you is relevant to the service you require and in accordance with the preferences that you give us.
- You can change your contact preferences at any time by contacting us at DJMFT@surrey.ac.uk
- We do all we can to ensure your personal data is stored safely and remains secure.
- No statistical information which identifies you personally will be published without your consent.
- No personal data will be kept any longer than necessary to fulfil the purpose it was collected for. If you ask us to, it will be deleted.
- If you make an enquiry via our website, on the telephone or via email, or via any third party, we will collect the information you provide to us, together with any information provided by that third party so that we can respond to you.
11. How do I report a concern about how you have used my data?
If you feel we haven’t handled your data properly, please do contact the Chief Executive of the Daphne Jackson Trust, Dr Katie Perry, in the first instance and we will do everything we can to rectify the problem.
If you feel this doesn’t go far enough, or if you want to report your concern elsewhere, you can contact the Information Commissioner’s Office: https://ico.org.uk/concerns/
12. Changes to this Privacy Notice
We may change this notice from time to time, details of which will be displayed here. If you continue using our services after those changes are in effect, you agree to the revised notice.
- January 2020: we clarified our use of explicit consent should we ever share sensitive information with third parties.
- December 2021: we clarified the language throughout, expanded section 8 and added section 10. We also added information about data we collect for equality, diversity, and inclusion practices.