Privacy Notice
In compliance with UK Data Protection Act 2018, often referred to as GDPR, this Privacy Notice explains what personally identifiable information we collect from you:
- when you visit our website;
- when you apply for a position with us or join us;
- or are a recipient of our services;
- or enter into contractual arrangements with us;
- or visit our site.
The Pirbright Institute is a research institution for the purposes of preventing and controlling viral diseases and is committed to processing all personal information about our clients, collaborative partners and stakeholders, students, staff, contractors or visitors in ways that comply with its legal and regulatory obligations, and to being clear about what it does with personally identifiable data.
This notice applies to clients, collaborative partners & stakeholders, students, staff, or visitors. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.
Data collection
The data we collect to fulfil our research, training, employment, and our postgraduate services is taken as a data controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Privacy Notice.
We may collect personal information when:
- when you apply for a job or student placement;
- you are a member of our personnel (staff or student)
- you use our website;
- you work with us on academic or medical research;
- you are screened as an approved visitor or contractor to work with us and enter our site;
- you use our services;
- you are contracted to provide us with services or materials;
- you are a recipient of our training or events we provide.
We may collect the following types of information:
- Name, address, email, contact phone numbers, date of birth.
- Next of kin or emergency point of contact
- Registration of vehicles used on business or entering our site
- Nationality
- Qualifications
- Referee details (name/address/phone/email)
- Employment status / details
- CCTV, body worn video (BWV) and automatic number plate recognition (ANPR) camera footage
- Information obtained through electronic means such as IP address or cookies
- Information about your use of our information and communications systems
- Photographs
Special Categories of data
We also collect special category data, necessary for legal requirements and reporting but also to help us eliminate gender bias and developing an inclusive culture that values all staff, as governed by the Athena Swan standards to which we are certified.
Special categories of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing, and using this type of personal information and we do this with either your consent or as permitted by UK data protection legislation
The special category information we collect includes:
- Ethnicity
- Religion
- Sexual Orientation
- Disability
- Details of any Criminal convictions
Why do we collect this information?
The personal data collected is needed to:
- undertake our scientific research;
- issue our publications;
- provide specialist training and events;
- for necessary funding and administrative purposes;
- to meet our legal and regulatory obligations;
- to safely manage the work-related activities of personnel such as travel;
- to run our post graduate schemes.
We also collect personal contacts from our Business, Corporate and Trustee stakeholders, and collaborative partners for our legitimate interests. Almost entirely, these contacts are corporate or business individuals and while this is still categorised under UK legislation as personal data we are aware that it can be used for business-to-business purposes, as stipulated by UK and European data protection regulations and the Privacy of Electronic Communications Regulation (PECR) with which we also comply.
Information we may collect through our website is needed:
- to help identify your computer;
- analyse data about web page traffic and to help us tailor our website for your needs;
- to allow students, staff and guests to access information they may require.
Our website is hosted by a third-party provider.
All traffic (transferral of files) between our website and the users web browser is encrypted and delivered over HTTPS.
We capture data using cookies; a cookie consists of a piece of text sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
See our Cookies Notice for more information of the information gathering associated with our website.
Our site may, from time to time, contain links to and from the websites of our stakeholders, partner organisations and affiliates. Those sites have their own privacy policies, and The Pirbright Institute does not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
Email links via our website do not store the data that is input, the data will be collated into an email and sent to us.
The contact form collates the data you input into an email and sent to us. We only store this data temporarily in the website database and it is deleted once we have replied to you.
How do we collect this information?
We collect personal information:
- directly from our customers;
- directly from our stakeholders;
- directly from our partners, e.g. grant or commercial funding;
- directly from students, e.g. when a student applies to join us;
- from publicly available sources, e.g. networking, social media, internet services, exhibitions, direct referrals, other Corporate bodies;
- from guests, contractors, or visitors;
- from CCTV, body worn video (BWV) and ANPR images.
We are committed to keeping your information up to date as far as is reasonably possible. However, any person who believes that we have made an error, can contact us as outlined below, and we will use reasonable endeavours to correct any established error.
How do we use the data we collect?
Most of our data is held within our databases, accessible to only to those staff who need access.
Any processing activities undertaken are fully compliant with UK data protection regulations and Privacy and Electronic Communications Regulations (PECR) where needed for the marketing or promotional approaches we undertake.
Our main processing activities include:
- providing services requested from us;
- to meet our legal and regulatory obligations;
- processing for funding and administrative purposes;
- promotional material about the Institute, our research or other relevant information in the areas of work undertaken;
- sending statements, invoices, and payment reminders, and collecting payments;
- sending non-marketing commercial communications;
- sending our email newsletter or notifications to those requesting them;
- the use of cameras (CCTV, body worn and ANPR) for security, crime prevention and safeguarding purposes.
Keeping your information safe and secure
The Pirbright Institute is committed to keeping customers’ personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
We currently share very limited data outside the European Economic Area (EEA) and in very specific and limited circumstances. These mainly only relating to staff who are visiting or working outside the EEA. Where it is necessary to transfer personal information to third parties located outside the UK, we will ensure that information is protected to a level which meets the requirements of UK data protection regulations.
Third party access
Access to your personal information is only allowed when required by law or is required as part our fulfilling our service obligations.
We do make use of third-party service providers to help us fulfil our services and where we do the third party is required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
We use third party providers to:
- administer our staff and student records;
- for screening and security checks;
- to help us manage and host events;
- host and administer of our website;
- allow us to receive funding for the research we undertake;
- to help us promote the Institute or advertise forthcoming events;
- provide safe travel advice to overseas travellers;
- to achieve and renew our certified awards.
Third party providers are carefully chosen and, to the best of our belief and understanding, comply with current UK legislation. If the third party’s data handling or storage is located outside of the UK, then guarantees are required that the activities they are undertaking on our behalf are fully compliant with local laws and do not breach UK law.
If you would like to know more about the third party providers we use please contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
Links to other websites
Our website and email newsletters and bulletins may contain links to other websites of interest.
However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
How long do we keep personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for other aspects of your personal information are available from our Data Protection Officer at dataprotection@pirbright.ac.uk.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker, or contractor of the Institute we will retain and securely destroy your personal information in accordance with our data retention policy or applicable laws and regulations.
The Pirbright Institute undertakes limited marketing activity and only that which is necessary to promote the Institute to other institutions, scientists, and stakeholders. This is completed for our legitimate interests or where you have given your consent and will include:
- Publications
- Events
- Training Courses
- Research Services
- Product and reagent sales
Any marketing we undertake is made in a fully complaint manner as governed by UK data protection regulations and PECR, with the contacts being given the option to opt out from such contact.
Controlling your personal information
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
If you want to review, verify, correct or question anything detailed in this policy or anything about your personal information, please contact the Data Protection Officer at dataprotection@pirbright.ac.uk.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances to the extent permitted by law.
Under certain circumstances, by law you have the right to:
- request details of personal information which we hold about you;
- restrict the collection or use of your personal data;
- to withdraw any permission, you have given us to use your data;
- or even to delete any records that we may hold.
You also have the right to complain or object to the way we use your personally identifiable information. If you have any issues or worries about what we do please write to our Data Protection Officer at dataprotection@pirbright.ac.uk.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Data breaches
The Pirbright Institute will report any unlawful data breach of information it controls, or any unlawful data breach of information held by any of our third party data processors, to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how handle your personal information, please contact the DPO by email at dataprotection@pirbright.ac.uk.
If you would like to know more specific details about how we collect and use the data, or how long we keep it, in our main areas of business please click the relevant link below.
Applying for a job
The Pirbright Institute is committed to protecting and respecting privacy of anyone who applies for a role at the Institute and will ensure that the information you provide as part of recruitment/internal move is only used for the purposes set out in this notice.
What information we require
When you apply for a job through our recruitment portal, or other means, we will use the relevant information to assist in the recruitment and selection process.
We will gather and process personal information about you from your CV and our registration process. This includes, but is not limited to:
- your name, address, and contact details, including email address and telephone number;
- your qualifications, skills, experience, and employment history, including start and end dates, with previous and current employer(s);
- your nationality and evidence of your entitlement to work in the UK;
- information about any criminal record;
- equal opportunities information, which is used for the purposes of monitoring only, including information about your gender, age, ethnic origin, sexual orientation, and religion or belief. This information is anonymised for the purposes of reporting.
How we will use information
We hold and use this information in order to:
- administer our recruitment services to you;
- communicate with you regarding job opportunities that are relevant to your fields of interest and the progress of any applications you make;
- provide your details to appropriate Hiring Manager and those involved in the recruitment process (excluding any equal opportunities information you have provided which is not on your CV);
- provide you with job alerts relating to roles you might be interested in;
- comply with our legal requirement – to check to see if you have the right to work in UK and to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question;
- seek your feedback on our services to conduct research and development for the improvement of our service and the user experience;
- fulfil our obligations when you are offered employment e.g. your address/email for the purposes of issuing you a contract of employment and undertaking our pre-employment vetting processes; your bank details for the purposes of paying you once employed
- to ensure we are complaint with our Equality, Diversity and Inclusion policy and practices;
- undertake our vetting process prior to employment and periodically during employment.
The Pirbright Institute is an equal opportunities employer and a company committed to diversity and so we will collect special category personal information such as ethnic origin and information during the application process for monitoring and recording purposes and to meet our requirements under Athena Swan accreditation. All special category and sensitive information will be used on an anonymised basis. This information is not shared with the recruitment panel. All job applicants and members of staff will receive equal treatment and that we will not discriminate on grounds of gender, marital status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion, or age.
Who will have access to the data?
We currently do not share any data outside the EEA for our candidates or employees, but should we need to transfer personal information to third parties located outside the UK, we will ensure that information is protected to a level which meets the requirements of the UK and the receiving countries data protection laws or regulations.
We may share your personal information on the basis that it is necessary to do so to perform the contract you enter into with us as follows:
- Restricted members of the HR and recruitment team including recruitment panel.
- Trusted third parties who provide functions on our behalf, such as payroll, pension, benefits qualification and screening and criminal record checking services, these third parties are required to process your data and comply with similar stringent undertakings of privacy and confidentiality as The Pirbright Institute; in accordance with UK Legislation.
- Regulatory or law enforcement agencies, when required by law to do so.
- To answer your enquiries.
- We may also seek your consent to collect, hold, use and disclose your personal information for any other purpose not listed above for auditing purposes.
We do not share your personal information with third parties who wish to use it for marketing purposes.
As an applicant, you have control of your personal data through our recruitment portal. If you decide to upload a CV, cover letter, personal statement or other similar document or information we will keep your data for a maximum of 12 months as part of our talent pool, and for any other potential recruitment positions, unless you request that it is deleted before that time. We may contact you for future opportunities which we feel may be of interest to you.
You can update your CV at any time, simply by following the same procedure to submit a new CV through your online registration account.
You can also amend your communications preferences at any time through your online account and ask us to restrict the processing of your personal information at any time. You will do this by closing your account on the online portal (using the delete option in your account).
If you have deleted your account and subsequently apply for another job at The Pirbright Institute, we will ask you to reregister as a new applicant.
How do we protect data?
Pirbright takes the security of your personal information seriously. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.
Pirbright engages with third parties to process personal data or sensitive personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Please note that clicking on links from job boards’ data privacy practices may be different to that of Pirbright. Visitors should consult the other websites' privacy policies as we are not responsible for, and have no control over, information that is submitted to or collected by these third parties.
How long will we keep information?
We will hold your personal data for twelve months or all the time your account remains active on our portal.
You can request us to delete your data and can do so by closing your account on the online portal (using the delete option in your account).
For any further information you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
The Pirbright Institute is committed to protecting and respecting privacy of anyone who applies for a role at the Institute and will ensure that the information you provide as part of recruitment/internal move is only used for the purposes set out in this notice.
What information we require
When you apply for a job through our recruitment portal, or other means, we will use the relevant information to assist in the recruitment and selection process.
We will gather and process personal information about you from your CV and our registration process. This includes, but is not limited to:
- your name, address, and contact details, including email address and telephone number;
- your qualifications, skills, experience, and employment history, including start and end dates, with previous and current employer(s);
- your nationality and evidence of your entitlement to work in the UK;
- information about any criminal record;
- equal opportunities information, which is used for the purposes of monitoring only, including information about your gender, age, ethnic origin, sexual orientation, and religion or belief. This information is anonymised for the purposes of reporting.
How we will use information
We hold and use this information in order to:
- administer our recruitment services to you;
- communicate with you regarding job opportunities that are relevant to your fields of interest and the progress of any applications you make;
- provide your details to appropriate Hiring Manager and those involved in the recruitment process (excluding any equal opportunities information you have provided which is not on your CV);
- provide you with job alerts relating to roles you might be interested in;
- comply with our legal requirement – to check to see if you have the right to work in UK and to carry out criminal records checks to ensure that individuals are permitted to undertake the role in question;
- seek your feedback on our services to conduct research and development for the improvement of our service and the user experience;
- fulfil our obligations when you are offered employment e.g. your address/email for the purposes of issuing you a contract of employment and undertaking our pre-employment vetting processes; your bank details for the purposes of paying you once employed
- to ensure we are complaint with our Equality, Diversity and Inclusion policy and practices;
- undertake our vetting process prior to employment and periodically during employment.
The Pirbright Institute is an equal opportunities employer and a company committed to diversity and so we will collect special category personal information such as ethnic origin and information during the application process for monitoring and recording purposes and to meet our requirements under Athena Swan accreditation. All special category and sensitive information will be used on an anonymised basis. This information is not shared with the recruitment panel. All job applicants and members of staff will receive equal treatment and that we will not discriminate on grounds of gender, marital status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion, or age.
Who will have access to the data?
We currently do not share any data outside the EEA for our candidates or employees, but should we need to transfer personal information to third parties located outside the UK, we will ensure that information is protected to a level which meets the requirements of the UK and the receiving countries data protection laws or regulations.
We may share your personal information on the basis that it is necessary to do so to perform the contract you enter into with us as follows:
- Restricted members of the HR and recruitment team including recruitment panel.
- Trusted third parties who provide functions on our behalf, such as payroll, pension, benefits qualification and screening and criminal record checking services, these third parties are required to process your data and comply with similar stringent undertakings of privacy and confidentiality as The Pirbright Institute; in accordance with UK Legislation.
- Regulatory or law enforcement agencies, when required by law to do so.
- To answer your enquiries.
- We may also seek your consent to collect, hold, use and disclose your personal information for any other purpose not listed above for auditing purposes.
We do not share your personal information with third parties who wish to use it for marketing purposes.
As an applicant, you have control of your personal data through our recruitment portal. If you decide to upload a CV, cover letter, personal statement or other similar document or information we will keep your data for a maximum of 12 months as part of our talent pool, and for any other potential recruitment positions, unless you request that it is deleted before that time. We may contact you for future opportunities which we feel may be of interest to you.
You can update your CV at any time, simply by following the same procedure to submit a new CV through your online registration account.
You can also amend your communications preferences at any time through your online account and ask us to restrict the processing of your personal information at any time. You will do this by closing your account on the online portal (using the delete option in your account).
If you have deleted your account and subsequently apply for another job at The Pirbright Institute, we will ask you to reregister as a new applicant.
How do we protect data?
Pirbright takes the security of your personal information seriously. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect.
Pirbright engages with third parties to process personal data or sensitive personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Please note that clicking on links from job boards’ data privacy practices may be different to that of Pirbright. Visitors should consult the other websites' privacy policies as we are not responsible for, and have no control over, information that is submitted to or collected by these third parties.
How long will we keep information?
We will hold your personal data for twelve months or all the time your account remains active on our portal.
You can request us to delete your data and can do so by closing your account on the online portal (using the delete option in your account).
For any further information you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
The Pirbright Institute has partnerships with different universities and companies in the UK to offer a selection of studentships studying viral infections of animals. This offers students an opportunity to obtain a broad view of infectious diseases in a research environment, looking into problems of livestock diseases using interdisciplinary and cross-institutional approaches. Studentships at Pirbright are typically for a 3.5-year term (PhD), 1-year term (undergraduate year in industry placement) or 3-6 months (MSc research project).
What information we require
Students do not sign staff employment contracts, but the data needed during their tenure will mirror the detail needed as if they were appointed as a member of staff. This will include the collection and use of only necessary data including:
- Name, address, email, contact phone numbers
- NI
- Nationality
- Emergency contacts (name, address, email telephone)
- Disciplinary records
- Animal rights membership
- Referee details (name, bus title)
Additionally, special category data may be captured (this is requested with consent so is given voluntarily at the point of recruitment) for the purposes of compliance with Athena Swan accreditation and meeting our commitment of being an equal opportunities employer and a company committed to diversity and equality.
Data needed for this purpose includes:
- Ethnicity
- Physical Disabilities
- Sexual orientation
- Religious beliefs
How we will collect information
Directly from the student through application.
Additionally, we will liaise with their university where additional data may be provided.
How we will use information?
Pirbright is a joint controller with the university providing the course / award and as part of this studentship it will require the sharing of necessary data and the monitoring of performance with the university. Personal data will be processed as part of the studentship agreement or for legitimate interests.
Who will have access to the data?
We may share your personal information on the basis that it is necessary to do so to perform the studentship agreement you enter into with us as follows:
- The Academic Affairs & Training Team.
- Supervisors of the studentship.
- Restricted members of the HR team.
- Restricted members of the Security team for screening and access control requirements.
- Trusted third parties who provide functions on our behalf, such as payroll, benefits qualification and screening and criminal record checking services, these third parties are required to process your data and comply with similar stringent undertakings of privacy and confidentiality as The Pirbright Institute; in accordance with UK legislation.
- Regulatory or law enforcement agencies, when required by law to do so.
We do not share your personal information with third parties who wish to use it for marketing purposes, nor do we share your data outside the EEA.
How long will we keep information?
We need to keep records for the duration of the study and for 1 year after studies are completed.
Training records of training undertaken by students are retained for 6 years.
Any paper or hard copy files are shredded, and electronic information deleted.
A summary of studentships is maintained in anonymised format in excel spreadsheet for Institute governance records; these are not deleted.
For any further information you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
With leading research into areas such as foot-and-mouth disease, African swine fever and avian immunology, Pirbright offers a variety of external training courses to upskill the industry and demonstrate new scientific techniques.
Training courses may be self-funded, although others are sponsored as part of grant funded projects undertaken by researchers at Pirbright. The training extends worldwide, upskilling personnel at all levels.
Pirbright also offers a range of online training courses through a subscription service as part of our Pirbright Training programme.
What information we require
The data collected is necessary for anyone attending the courses; these vary from 1-day courses to residential courses of up to a few weeks, with trainees offered accommodation on site at the Institute if required.
Personal data to facilitate this will include:
- Name, address, email, Contact phone numbers.
- Gender
- Nationality
- Visa details
- Referee details (name, email telephone, address, position in organisation)
- Payment details
For online training we will only require your name, email address and contact number. Payment details are provided to and administered by a third-party provider where the course materials are accessed, therefore payment details are not processed or stored by The Pirbright Institute in these cases.
How we will collect information
We will collect your data on a training course registration form available to download from our website. All applications are submitted to us by email.
How we will use information
Your information is used to confirm your attendance at the course you booked and secure payment for our services.
Who will have access to the data?
Only Pirbright employees involved in arranging or delivering the training, will have access to customer information.
All course attendees will be issued with certification of course attendance.
For our online training services, Pirbright use an outsourced specialist training platform to take payments and host course modules. For further details please contact external.training@pirbright.ac.uk
How long will we keep information?
We will securely hold only such of your personal data as is strictly necessary to make arrangements for your training course and/or visit to our site, and then only hold that data from when the training or visit is booked and agreed, to when all administration following on from the training or visit has been resolved, such as sending assessment results, obtaining feedback, dealing with payments or other queries, and this will be for a period of no more than twelve months after the training or visit. This includes online training. Any personal data processed, such as booking the training course and/or visit to site, will be completed as necessary data to meet your training need. Post training, we would very much like to stay in touch with you, to share future training and development opportunities, to work with you to further develop your skills, and for us to be able to further support and build collaboration with you. If you are happy to do this, please indicate in the relevant box on the application form.
Training records for Pirbright personnel, held on their personnel files training records, are retained for 6 years after employment or student placement has finished.
For any further information you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
The Pirbright Institute is a centre of excellence for research and surveillance of viral diseases of livestock and those that spread from animals to humans. To that end we have extensive facilities for performing studies with the primary host animals, i.e. livestock, and the disease agents that we study.
We offer services such as arthropod genetics, avian immunology, bioimaging, diagnostics & surveillance, cell cytometry and sorting and contract research.
Data for research purposes is mainly non-personal (other than recognising the need for contact names, addresses) but where this is processed in a personal capacity it will be under exemption for purposes in the public interest, scientific or historical research purposes.
What information we require
We need personal data from our stakeholders, partners, from the scientists involved with the research or project, on the funders who sponsor the research plus other stakeholders who are involved e.g. farmers and Industrial producers of veterinary vaccines and antivirals.
The personal data involved is limited to the personal contact details (names, business address, business telephone and email) with all processing undertaken in a commercial and contractual capacity.
In some cases, we may need to take special category data limited to Union membership as required by the funding or contractual obligations so as not to compromise the research.
How we will collect information
Information will be collected directly from the commercial contact or as provided by stakeholders, partners, funders, or grant sponsor.
How we will use information
We may use the information in the following ways:
- to contact you in respect of the research / project
- to promote events, publications, or conferences
- to offer specialised training
- to meet the requirements of the funder / sponsor of the research / project
- to share reports or findings with key partners and stakeholders
- with the press or media where external publication is necessary
Who will have access to the data?
Data will only be accessible by selected Pirbright employees, Agencies or Bodies who are stakeholders in the research, trusted data processors and only with people who need to see or use the data.
We do not, and will never, sell or share your personal information with other third parties.
From time to time, we may make use of external expertise who can analyse the research data. Rest assured we do not disclose any names in this data and only where it is necessary for the benefit of the research / project.
How long will we keep information?
For the duration set out in the research project or as directed by the commercial requirements of sponsorship or funding.
For any further information you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
What information we require
The Pirbright Institute has been in existence for over 100 years and over the years to become one of the UK's leading virus diagnostics and surveillance centres and is now also at the forefront of virus research. Pirbright’s achievements continue to play a pivotal role in controlling and preventing some of the world's most devastating diseases with the development of new and improved diagnostics and vaccines.
Our research and work are of interest to other medical institutes, stakeholders within the sector, for academic studies and network contacts and partners; for this reason, we like to share news, updates on medical research, about what we do.
We host regular annual events, conferences for celebratory and / or promotional sessions for these key stakeholders or with scientists, researchers or other contacts who have expressed an interest. To do these we need to use personal data such as your name email address, telephone number, address, and potentially dietary information.
We may also collect with your consent photographic images for the purposes of promoting via social media or other channels the events that you have attended.
How we will collect information
Data has been accumulated over several years from various sources and retained within a secured database record. The data is collected:
- directly form you having enquired about or attended previous events or information we have shared;
- from publicly available sources;
- from our social media channels;
- though out networking contacts.
How we will use information
Your details are held on database for the purposes of promoting and inviting you to our events which we believe will be a matter of interest to you in relation to the Institute or the research or work we are completing.
Who will have access to the data?
Data and our database are only available to Pirbright staff who need access to the data with the bulk of this processing and administrative completed internally by our Communications and Engagement Team.
Occasionally, we do make use of third-party service providers to help us fulfil our services and where we do the third party is required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
How long will we keep information?
We will only retain your personal information for as long as necessary to fulfil the purposes of sharing information or event we believe are of interest to you. With each invite or cascade we will give you the option to tell us you no longer wish to be included or to receive this material.
Data for events is held during the advertising of the event which can be up to 3 months. Post event your details will be uploaded to our database for up to 6 years or removed as requested by you.
Photographic images are retained indefinitely unless a request is made for us to delete that image.
For any further information you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
The Pirbright Institute is a business that undertakes confidential research but also research that involve hazardous chemicals, bacteria and viruses. For this reason, visitors to the site are needed to be monitored and screened to check for the legitimacy of access but also where necessary to check their background and experience.
What information we require
The data needed for our personnel screening and security monitoring processing activities include:
- Name, address and address history, email, contact telephone number(s)
- Vehicle registration number
- Photographs (for identity pass cards)
- Career history
- Date of birth
- Disclosure and Barring Service Check
- National Insurance Number
- Financial Check
- Animal Rights Connection
- CCTV and video imaging
How we will collect information
We will collect the information when we know that you want to visit the site as a visitor, an approved visitor or contractor, or as a member of staff. All access to the site must be approved by a member of Pirbright staff.
Where we need to complete screening checks, we will ask you to complete a Screening Processing Form which captures your name, email, telephone and signature and enables us to share your details with a third party who will complete the checks for us.
We have CCTV cameras across our whole site monitoring the perimeter and internal buildings; we also have ANPR cameras monitoring traffic in and out. Images from these cameras is automatically running and available within the gatehouse and to security personnel.
For more details on our use of CCTVs and cameras you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
How we will use information
The information collected as part of our screening process is shared with an approved and trusted third party who will securely and confidentially complete the level of screening check we require. The third party processes the data in accordance with UK Data Privacy legislation and will not use the data for their own purposes and only as instructed and allowed by The Pirbright Institute.
The data collected from images on CCTV, body worn cameras and ANPR cameras is used to:
- assist in the prevention or detection of crime or equivalent malpractice;
- assist in the identification and prosecution of offenders;
- monitor the security of the premises;
- ensure that health and safety rules and procedures are being complied with;
- assist with the identification of unauthorised actions or unsafe working practices that might result in disciplinary proceedings being instituted against employees and to assist in providing relevant evidence;
- promote productivity and efficiency.
Who will have access to the data?
Data is available only on a restricted basis and only to staff or employees who need access which includes our HR team, Security, third party processor(s) and the host of your visit or line manager.
How long will we keep information?
Data captured by our cameras is automatically overwritten every 30 days.
No personnel information submitted to the third parting screening service provider is handled or held by Pirbright. The third-party processor will delete all data they have processed after 12 months or sooner should you request it.
For any further information you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
The Pirbright Institute is a centre of excellence for research and surveillance of viral diseases of livestock and those that spread from animals to humans. To that end we have extensive facilities for performing studies with the primary host animals, i.e. livestock, and the disease agents that we study.
Pirbright enters into a number of contractual arrangements with organisations or companies for the provision of services or materials.
What information we require
Pirbright will request personally identifying information from companies and organisations we enter into commercial arrangements with that may include, but is not limited to:
- Names of company officers.
- Names and contact details of contract holders.
- References in support of bids or tenders.
The personal data involved is limited to the personal contact details (names, business address, business telephone and email) with all processing undertaken in a commercial and contractual capacity.
How we will collect information
Information will be collected directly from the commercial contact or as provided by contract winner or holder.
How we will use information
We may use the information to:
- to evaluate commercial tenders or bids;
- to validate a company or organisations in accordance with good governance procedures.
Who will have access to the data?
Data will only be accessible by selected Pirbright employees involved in the contracting process.
We may share information on activities with partners and stakeholders that could include personnel information in the form of contact details.
We do not, and will never, sell or share your personal information with other third parties
We do utilise third-party providers with subject matter expertise to audit our business practices. We do not disclose any names in this data and only where it is necessary for the benefit of the research / project.
How long will we keep information?
We currently retain all commercial information relating to contracts for 7 years.
For any further information you can contact our Data Protection Officer at dataprotection@pirbright.ac.uk.
Changes to our Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
This Privacy Notice was last updated in November 2020.
The Pirbright Institute is the host Institute for the BBSRC Institutes’ Connecting Culture Fund project “MentforMe” (the “Programme”).
In delivering the Programme we are the data controller of your data and are committed that all personal information is used in compliance with legal and regulatory obligations. This notice serves to inform any mentors, mentees or partner Institutes how your personal data will be processed.
As an organisation, The Pirbright Institute is registered with the Information Commissioner in accordance with the General Data Protection Regulations under ref: ZB690507
Data collection
The data collected and processed to deliver the programme will be limited to the only the personal data needed.
How do we collect this information?
We collect personal information:
directly from Institutes who participate in the Programme
directly from Mentors or Mentees; i.e any employee of a participating Institute who wishes to act as a mentor or volunteers to be mentored
from guests or visitors to the website or mentor platform
What data do we collect?
- We collect information as follows:
- Contact details – name, addresses, telephone numbers and email addresses; Institute Name, Title, Function or Department and contact details.
- Information about you (only where volunteered by you) – photograph, Areas of Expertise, or Learning Interests
- Technical data - IP, location data and network stat when you visit our website or use the Programme platform.
For the purposes of the Programme, we may need to collect special category or sensitive data for reporting to the BBSRC as Scheme sponsor. This data will only be taken where you have volunteered the details and will be reported only in an anonymous form. The data may include your: ethnicity, age, disability and gender.
How do we use the data we collect?
The personal data collected is needed in order to:
- Deliver the programme and enable mentors and mentees to engage and support each other.
- Fulfil your requests or enquiries – e.g. amendments to files, questions or guidance.
- To share details of the Programme with the Mentor Scheme sponsor BBSRC
Our Legal Basis to process
The personal data that is used is limited to the information we need and is processed with your agreement when registering for the Programme.
Data that is shared with BBSRC and any participating Institutes is processed under agreement between the Institutes.
Additionally, there will be instances where we will process information using our legitimate interests where for example in the relationship or engagement we have with you.
Any special category data will be processed with your consent and shared with BBSRC as part of the Programme conditions and for permissible reasons under UK GDPR / Data Protection Act 2018.
Keeping your information safe and secure
Pirbright will process personal information securely to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
Third party access
Access to your personal information is only allowed when required by law or is required as part our fulfilling our service obligations.
We do make use of third-party service providers to help us fulfil our services and where we do the third party is required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
We use third party providers to:
- Administer the Programme platform (MentorCloud) where mentors and mentees share their data.
- For support in the administration of our IT hardware, software, systems and network
International Data Transfers
All Data for the Programme is processed and stored in the UK and EU.
In any circumstance where we may have to transfer your personal data out of the UK or EEA, we ensure a similar degree of data privacy and protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK
Where we use service providers who are not in territories approved by the UK or EU commission, we will look to implement additional safeguards such as a detailed review of security measures and the use Standard Contractual Clauses (SCCs) approved by the UK.
How long do we keep personal information?
We will only retain your personal information for as long as necessary deliver the Programme and for reporting purposes as determined by BBSRC under the Connecting Culture Fund project “MentforMe”.
How We use Cookies
Pirbright like most organisations make use of Cookie technology and therefore we capture data using Cookies; a cookie consists of a piece of text sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
See our Cookie Notice.
Links to Other Websites
This privacy statement does not cover the links to other websites. We encourage you to read the privacy statements on the other websites you visit.
Controlling your personal information (Your Rights)
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, you have rights under UK Data Protection Act 2018 (DPA) and UK GDPR in relation to your personal information. You may have the right to:
- be informed of how we will use your data as provided by this Policy
- access the information held about you. Your right of access can be exercised in accordance with data protection law;
- object to us processing, or ask us to restrict our processing of your personal information for any of the purposes listed in this policy, at any time.
- ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge.
- ask us to erase or delete your personal information should you no longer wish to participate in the Programme. We will do our best to respond to such requests, but these are subject to certain limitations such as legal requirements.
- request a transfer of your personal information (again in certain circumstances).
If you wish to exercise any of the above rights or to review, verify, correct or question anything detailed in this policy; are unhappy with any aspect of how we use your data do please write to our Data Protection Officer at dataprotection@pirbright.ac.uk.
We will respond to your request promptly and look to resolve any query within 30 days and free of charge. However, we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will always notify you if such a charge is being applied.
Complaints
You also have the right to make a complaint at any time and we appreciate the chance to deal with your concerns in the first instance. To register a complaint please email us at dataprotection@pirbright.ac.uk.
If you are unsatisfied by our reply then you have the right to lodge a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk
Changes to our Privacy Policy:
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
This privacy policy was last updated in May 2024.
Cookie Notice
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you, for example, by:
- Enabling a service to recognise your device so you don't have to give the same information several times during one task.
- Recognising that you may already have given a username and password so you don't need to do it for every web page requested.
- Measuring how many people are using our services, so they can be made easier to use and to ensure there is enough capacity to ensure they are fast.
- Analysing anonymised data to help us understand how people interact with our services so we can make them better.
You can manage these small files and learn more about them from the GOV.UK Cookie article.
For more information on deleting and controlling cookies visit aboutcookies.org.
First-party cookies
We use a session cookie which is used to identify users on the website. This is anonymous, unless the user is a registered user logged into the site.
Third-party cookies
We use a supplier who may also set cookies on their websites' on its behalf. The purpose of the cookies are for web analytics only, no information from the user is obtained. Google Analytics software is used to do this. Google privacy policy.
Cookies for social media
We have a X (Twitter) account (@Pirbright_Inst) and a Facebook page. Both X and Facebook use cookie technology. For more information, please see the Twitter Privacy Policy and Facebook Privacy Policy.
How to control and delete cookies
We will not use cookies to collect personally identifiable information about you.
However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The ‘Help’ function within your browser should tell you how.
Alternatively, you may wish to visit www.aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies.
Please be aware that restricting cookies may impact on the functionality of our website.
If you wish to view your cookie code, just click on a cookie to open it. You'll see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.
For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.