General Privacy Policy

Document control

Version: 2.0
Responsible: Chris Boyle
Approver: Board of Trustees
Approved date: March 2024
Next Review date: March 2026

1. Introduction

The Royal Academy of Engineering takes its responsibilities in relation to data protection seriously. This document sets out the ways in which we collect, use, and share personal data across the Academy.

In this general privacy policy (the “Privacy Policy”):

References to we, us, or our means the Royal Academy of Engineering, a Registered charity (No. 293074) (Academy). We are located at Prince Philip House, 3-4 Carlton House Terrace, London, SW1Y 5DG, United Kingdom.
References to you or your means anyone using the Services and or the Website (both as defined below).
References to the Websites means the websites found at:
www.raeng.org.uk, www.enterprisehub.raeng.org.uk , www.qeprize.org , www.ingenia.org.uk , www.stemresources.raeng.org.uk , www.lif.raeng.org.uk , www.princephiliphouse.com and https://thisisengineering.org.uk / or such other of our websites as we may operate from time to time.

Note that there is a separate Employee Privacy Policy and HR Retention & Record Keeping Policy for data related to Academy staff.

2. Who is responsible for the personal data that we collect

The Academy is the controller because we determine how we use your personal data.

3. What legal basis do we have to process that we collect?

The lawful bases we rely on for processing your information are:

Consent – We will ask for your consent to process your marketing preferences, cookies, and Diversity & Inclusion data.
Contractual obligation – Data required for the performance of a contract we have or will enter with you.
Legal obligation – We are required to keep some data for legal obligations like tax purposes.
Public task - To enable us to support the Home Office in its statutory duties.
Legitimate interest - We require your personal information in order to enable us to manage and carry out our operations as an organisation and fulfil our role in relation to the pursuit, encouragement and maintenance of excellence in engineering and to promote the advancement of engineering for public benefit. Data subjects will always be given visibility of our Privacy Policy and the option to opt- out. Legitimate Interest is the legal basis for marketing to corporate individuals and marketing by post. Other uses of Legitimate Interest can be seen in Section 4.

4. Information that we hold about you

The information that we hold about you may include the following:
Type of Personal Information	Where this data is collected from	Purpose of processing	Lawful basis for processing
Contact details including: · Name · Title · Address · Email address · Telephone number	From you	a. To communicate with you and process any application, purchase, donation or query you may have. b. To contact you if you have applied for a grant whether you have been successful or unsuccessful and to award any grants to successful applicants. c. To carry out any due diligence to assess the risks of fraud, money laundering or reputational harm. d. To communicate with you in your professional capacity for example as a journalist, in order to inform you about developments in the field of engineering and our projects. e. To send you copies of our newsletters or magazines when you subscribe to receive these. f. To provide you with information about new call for applications. g. To support a scheme we are operating, where you made a previous application to that scheme within the last two years.	Legitimate Interests (for a, b, c, d) or Contractual Obligations (for a, b) or Consent (for e, f, g)
General information including: · Gender · Marital status · Date of birth · Academic qualifications · Biographies · Information about you and your next of kin	From you or the person who nominates you for an award	In some cases, to carry out profiling of individuals for research purposes by obtaining information from public information sources and publicly accessible social media sites to: · Assess prize nominations. · Determine whether an individual will be receptive to financially supporting the activities of the Academy; and · To build relationships with individuals with an engineering background and to send these individuals targeted information about the work and services of the Academy.	Legitimate Interests.
Photographs and video recordings such as images (including photographs and pictures) or video recordings created during workshops or for the Websites or other business activities of the Academy, or for other relevant purposes as permitted by law.	From the workshops and your attendance and interaction	To improve the quality of training carried out by the Academy and the Services. For marketing materials related to Academy activities.	Legitimate Interests.
Feedback on events, programmes, or workshops that we hold.	From you	To carry out satisfaction surveys, evaluations, and analysis.	Legitimate Interests.
Education and employment information including: · Educational background · Qualifications · Employer details · Employment history · Skills and experience · Professional licences · Membership of professional bodies	From you. From a person who nominates you; From government departments or organisations, we partner on our policy work, such as Professional Engineering Institutions. From publicly available sources such as: the Beauhurst database (operated by Business Funding Research Ltd), social media, newspapers and news websites, engineering industry periodicals, company websites, company reports such as annual reports, media and parliamentary databases.	To assess your application, to provide background on you to delegates for presentations. To provide you with information about opportunities within the engineering sector or highlight donation or sponsorship schemes, which we believe may be of interest to your based on knowledge that we have obtained about you based on publicly available sources.	Legitimate Interests.
Financial information and account details in relation to any payments we need to make to you such as grant payments or in relation to payments that you need to make to us to subscribe for any of our Services this can include Bank account number, credit card number or other financial account number and account details and Gift Aid Status.	From you.	To administer your payments or donations to us.	Contractual Obligations or Legal Obligations.
Marketing preferences, marketing activities and feedback and information relating to competition entry or prize draw entry, or other promotion, or responses to voluntary satisfaction surveys.	From you.	To build relationships with individuals with an engineering and policy background. We send individuals bespoke and targeted information about the work of and Services provided by the Academy or invite them to participate in the Academy’s policy work.	Legitimate Interests or Consent.
Data about your browsing preferences and journey through our websites collected by cookies.	From your interaction with cookies on our websites	Please see our Cookies Policy which can be accessed here: https://www.raeng.org.uk/terms-and- conditions/cookies for further details on how we use cookies on our Websites.	Legitimate Interests or Consent.
Images of you captured by CCTV at our premises in London.	Through our use of CCTV at our premises at Prince Philip House, 3-4 Carlton House Terrace, London, SW1Y 5DG.	We operate CCTV at our premises for security purposes and we will record images of all individuals entering our premises and anyone outside the immediate vicinity of these premises.	Legitimate Interests – In order to keep our premises, staff and members safe.
Information about relevant criminal convictions or offences.	From you, or if this information is publicly known we may collect this from websites. Through due diligence service providers SmartSearch or Experian.	a. For example, if you are applying for a grant with financial management responsibility, we will check whether there are any criminal convictions we may need to discuss. b. To comply with any legal or regulatory obligations (including in connection with a court order).	Legitimate Interests (for a) or Consent (for b).
Information about your nationality or immigration status	From you.	To deliver our responsibilities to the Home Office as a Designated Competent Body in the Assessment of Research and Innovation Talent Visas.	Public Task.
Social Media Activity and Media Articles	From online public sources. Through due diligence service providers Smart Search or Experian.	To conduct due diligence on individuals with a high potential of reputational damage.	Legitimate Interests.

5. Special Category data

The Academy recognises the sensitivity of special category data, and the additional safeguarding required to ensure this data is processed securely. Example of Special Category Data include racial or ethnic origin, sexual orientation, and health information. We are committed to protecting the privacy of individuals and only collecting, processing, and using this data in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable laws.

The Academy will only collect and use special category data where it is necessary and proportionate to achieve the legitimate purpose for which it is being collected. The Academy will take all necessary steps to protect special category data from unauthorized access, disclosure, or use. For example, we only report on special category data in a non-attributable and aggregated manner, and only staff that need to see the data will have permission to access it in the Academy systems.

The Academy collects the following types of special category data:

Type of special category data

Where this data is collected from

Purpose of processing

Conditions for processing

Occasionally, we may process information about:

· your racial/ethnic origin,

· sexual orientation,

· religious belief; or

· current physical, medical condition or disability information.

From you

We will process this information if it is relevant to:

enabling access to our facilities.
making reasonable adjustments;
tailoring our service(s) to your needs;
to monitor the effectiveness of our policies and processes as regards to equality; and
to monitor the diversity of our programmes, events and membership.
to promote engineering opportunities to under-represented groups

With your Explicit Consent or where appropriate,

Equality of opportunity or treatment.

6. Legal requirement

We may be required to obtain your personal information to comply with our legal requirements, or to enable us to provide you with the Services you have requested. If you do not provide the relevant personal information to us, we may not be able to provide these Services.

7. Who may we disclose your personal information to?

we may share your personal information with:

Type of third party	Examples
General
Our service providers	Our business partners, suppliers and sub- contractors for the performance of our business operations as well as for any contract we enter into with you. We will also share your personal information with the following categories of service provider to help us with our operational requirements. For example: travel agencies and travel providers in order to arrange travel for events and programmes that we hold around the world;
Our professional advisers	Including insurers, accountants, lawyers and other professional advisers that assist us in carrying out our business activities
International partner organisations with the Academy such as other International Academies	For example, the TIA (South Africa) and CONCYTEC (Peru).
Other UK national academies and corporate partners	Such as the Academy of Medical Sciences, the Royal Society, and the British Academy.
Organisations who are funding providers to the Academy	Department for Science, Innovation and Technology, Leverhulme Trust and Lloyd’s Register Foundation. A full list of funding providers is provided in our audited Report and Accounts at https://www.raenq.org.uk/about-us/strategy-and-finance
Expert peer reviewers who assist us with the review of applications for funding and support	We may use experts that Fellows have identified as able to offer valuable additional expertise in assessing an application for support. The role of reviewers and the criteria they use for assessment will be clear in the guidance notes to each scheme. They will receive proposals for the purposes of making that assessment only. In line with the widely recognised principles of anonymous peer review, we will not reveal the identity of particular assessors on a funding application. Our reviewers may be based all over the world.
Third party nominators who nominate individuals for prizes.	These third parties will provide us with personal information about you in relation to your confidential nomination for a Prize.

we may also disclose your personal information to other third parties, for example:

if we or substantially all of our assets are acquired by a third party or we merge with another charitable organisation (or are subject to a re-organisation within our group), personal information held by us will be one of the transferred assets; and
if we are under a duty to disclose or share your personal information to comply with any legal obligation, or we are involved in any litigation with you.

Whilst we have listed above the different third parties with whom we share personal information, please be assured that we will not share all of your personal information with all of the third parties listed above. For a list of third parties with whom your particular personal information may be shared, please contact the Compliance Manager at [email protected] , or by one of the other means of communication set out in the How to Contact Us section below.

We will only ever share the minimum of your personal information with such third parties as are listed above as is necessary to enable us to carry out our operations as a charitable academy of engineering and to fulfil our role in relation to the pursuit, encouragement, and maintenance of excellence in engineering and to promote the advancement of engineering for public benefit. The extent of the sharing of your personal information will differ depending on the nature of the relationship that you have with us.

8. Where will we transfer your personal information?

We will process your personal information both within the UK, the European Economic Area and beyond. This is because we hold events globally related to our charitable purpose, we have partnership programmes in place with other engineering related academies and bodies and innovation funding agencies in these countries and we may send applications for funding and grants that we receive to individuals who are academics in the field of engineering and who are based internationally.

When we transfer personal information outside the UK and EEA, we will implement appropriate and suitable safeguards to ensure that such data will be protected as required by applicable data protection law, for example, we will seek to anonymise it.

If we can't anonymise your personal information, we will put in place appropriate safeguards to protect your personal information. For further information please contact the Compliance Manager at [email protected]

9. How long will we keep your personal information?

We will retain your personal information for no longer than is necessary for the purposes for which the personal information is processed. The length of time we hold on to your personal information will vary according to what that information is and the reason for which it is being processed. Personal information which is held for the following purposes will be retained by us for seven years:

to respond to any queries or complaints you may have; and
to fulfil our obligations to H.M Revenue & Customs, Home Office, Department for Science, Technology and Innovation, Foreign Commonwealth and Development Office and other governing bodies

For those processing purposes not listed above, we will hold this information in accordance with our Data Retention Policy. For further information on our policy and how long we will keep your information for, please contact the Compliance Manager at [email protected], or by one of the other means of communication set out in the How to Contact Us section below.

10. Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal information to those who have a business need to know. Details of these measures may be obtained from the Compliance Manager at [email protected]

11. Staff training and awareness

Our staff receive regular training and updates on data protection and privacy to ensure they understand their responsibilities in safeguarding personal data. This training includes:

New Starter GDPR training presentation
E-Learning UK GDPR pathways
Understanding the principles of data protection,
Recognising and responding to data breaches,
Quarterly data protection and security newsletter updates,
GDPR drop-in sessions.

12. Your Rights

You have certain rights with respect to your personal information. These rights may only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. You can exercise these rights using the contact details below.

Your rights	What this means
Right of access to your personal information	You have the right to receive a copy of your personal information that we hold about you, subject to certain exemptions. We may require further information in order to respond to your request (for instance, evidence of your identity and information to enable us to locate the specific personal information you require).
Right to rectify your personal information	You have the right to ask us to correct your personal information that we hold where it is incorrect or incomplete.
Right to erasure of your personal information	You have the right to ask that your personal information be deleted in personal information certain circumstances. For example: · where your personal information is no longer necessary in relation to the purposes for which they were collected or otherwise used.
Right to restrict the use of your personal information	You have the right to suspend our use of your personal information in certain circumstances. For example: · where you think your personal information is inaccurate and only for such period to enable us to verify the accuracy of your personal information.
Right to data portability	You have the right to obtain your personal information in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible. This right is subject to limitations.
Right to object to the use of your personal information (including to object to direct marketing, automated decision making and profiling)	You have the right to object to the use of your personal information in certain circumstances and subject to certain exemptions. For example: · where you have grounds relating to your particular situation and we use your personal information for our legitimate interests (or those of a third party).
Right to withdraw consent	You have the right to withdraw your consent at any time where we rely on consent to use your personal information. Email [email protected] to withdraw consent.
Right to complain to the relevant data protection authority	You have the right to complain to the relevant data protection authority, which is, in the case of Academy, the Information Commissioner’s Office (ICO), where you think we have not used your personal information in accordance with data protection law.

13. How to complain

If you think there is a problem with how your personal information is being handled, please contact us by using the details set out in the How to Contact Us section below.

You also have a right to complain to the Information Commissioner’s Office who can be contacted on 0303 123 1113. Their contact details are also set out at www.ico.org.uk

14. Changes to our privacy policy

We will review this Privacy Policy regularly and we will update it from time to time.

Any changes we make to this Privacy Policy in the future will be posted on our website and, where appropriate, we will give you reasonable advance notice of any changes.

15. How to contact us

If you have any questions regarding this Privacy Policy or the way we use your personal information, you can contact the Compliance Manager via:

Email: [email protected]
Telephone: 020 7766 0752
Post: Head of Governance Risk and Compliance, Royal Academy of Engineering, Prince Philip House, 3-4 Carlton House Terrace, London SW1Y 5DG