Sense about Science, who runs the Ask for Evidence campaign, takes your privacy and our data protection processes seriously. It is important to us that we maintain your trust and support by handling your personal information properly.
We ensure that staff and everyone else working for us collects, uses and stores personal information lawfully and securely, in line with:
We will be clear about how we use your data and we want this use to be in line with your expectations.
We collect personal information from people visiting our website when you request a specific service (eg signing up to an email newsletter), when you email us or when you complete a contact questionnaire at one of our events. We also collect information about transactions when you donate to us.
We may collect the following types of information:
- name and title
- name and contact details of your institution or place of work
- bank and payment details
- notes on your involvement with Sense about Science
This information will initially be provided by you but may also include additional publicly available information.
We process personal information collected for the following reasons:
- Dealing with queries and requests
- Processing donations
- Maintaining information about our supporter base so we understand what our supporters are interested in
- Reporting website ‘reach’ to funders and other partners
- Keeping you informed about our activities.
We do not pass your data onto anyone outside of Sense about Science without your consent.
We are committed to keeping your information secure. We have appropriate processes in place to safeguard and secure the information we collect.
We will only contact you if you have given us clear permission to do so, and with news and information about areas of our work that we might reasonably expect you to be interested in.
You can change your mind at any time about how we contact you and how we process your data, or ask us to stop contacting you altogether by emailing hello@senseaboutscience. Our ‘unsubscribe’ option appears on all our communications with you and is easy to find and use.
If you would like to know more about our privacy or data protection procedures, then please contact us and we’ll be happy to explain more.
Please note that we may change this notice from time to time by updating this page.
Data transfer security policy
The purpose of this policy is to set out the way in which data should be protected and transferred within the organisation. The person responsible for data protection is the head of governance.
A large amount of data in the organisation is stored electronically. It is essential that this data is carefully protected and transferred securely.
The storing of all data must adhere to the standards set out in the Data Protection Act 1998 and General Data Protection Regulation (2018). In particular it must be noted that personal data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of data protection.
Before any data is transferred the necessity of the transfer should be considered. Data should only be transferred when it is essential for the smooth operation of the organisation.
The transferring of any sensitive data must always be authorised by the head of governance prior to it happening.
- Definition of sensitive data
Any data which contains personal details about individuals is sensitive data. In addition, any data which contains confidential information about the organisation, its products/services, its customers and its suppliers is sensitive data. If there is any doubt whether data would be classed as sensitive, the head of governance should be consulted.
All sensitive or confidential data should be encrypted, compressed and password protected before transmission. If an employee does not know how to do this s/he should seek appropriate assistance from the IT department.
SaS data including emails on personal mobiles/tablets/computers:
- Employees must protect the security of the Sense about Science’s data, and personal data regarding individuals. All devices must be password protected. Any loss or theft of these items should be reported to the head of governance.
- All Sense about Science data must be removed from your personal devices when you leave the organisation.
If data is to be transferred through memory sticks, CD-ROMs or similar formats then the secure handling of these devices must be ensured. No such device should be sent through the open post – a secure courier service must always be used. The recipient should be clearly stated.
If data is sent via a courier the intended recipient must be made aware when to expect the data. The recipient must confirm safe receipt as soon as the data arrives. The sender is responsible for ensuring that the confirmation is received, and liaising with the courier service if there is any delay in the receipt of the data.
Action to be taken if data goes missing
The head of governance or director must be informed immediately if any confidential or sensitive data goes missing. An immediate investigation will be launched to discover where the data has gone.
If it is found that the data has been received by an unauthorised individual it must be determined whether that individual has accessed the data. If that individual has, and the data was correctly encrypted, compressed and password protected it suggests that the individual has unlawfully accessed the data. In such situations it might be appropriate to involve the police in the investigation.
The head of governance will consider whether any individuals need to be informed about the data having gone missing – even if it is subsequently found. This might be necessary if there is a risk of personal data relating to individuals having been sent to the wrong person.
Negligent transfer of data
If an employee has been negligent in transferring sensitive and confidential data this might be considered to be gross misconduct, which might result in summary dismissal. This is particularly likely to be the decision if:
- The employee did not encrypt, compress and password protect data
- The employee transferred data using the open post and did not use a courier service
- The employee transferred data without seeking the appropriate approvals
What are cookies
We set cookies for a variety of reasons:
When you submit data to through a form – such as the one found on our supporter page – cookies may be set to remember your user details for future correspondence.
In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Anonymous performance cookies
These cookies are set by third party analytics software, which collects information about the pages visitors go to most often, and if you encounter missing pages or broken links. This information is completely anonymous and it helps us improve how the website works.
Third Party Cookies
Google Analytics – helps us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit. For more information on Google Analytics cookies, see the official Google Analytics page.
Embedded content – including Google Maps for interactive mapping, YouTube or Vimeo for hosted video and Flickr for images. When you visit a page containing content from one of these sites a cookie may be set. Please check the relevant third party website for more information.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help button for how to do this). Remember that cookies can be essential to the functionality of some websites so do make sure you are aware how your favourite websites are using cookies before turning them off for these sites.
Updated: 21 May 2018