This policy applies to all employees, elected members, representatives/agents, contracted independents, suppliers/traders and consultants/advisers working within the professional proximity of the Royal Academy of Engineering (the Academy). Users of our services shall/may process (includes obtaining, using or disclosing) sensitive data within a professional capacity and abide by their duties and responsibilities under the Act.

1) This policy is appropriate to:

  • Any sensitive data collected during the practice of Academy business
  • Information held on the company computers, personal devices, and provided in published or structured manuals within and beyond, but relating to the Academy
  • Any sensitive data used by members of staff during or supportive to Academy business

It has been drafted in accordance with the provision set out in Schedule 1 of the Data Protection Act 1998 and the Eight Principles:

i. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –

(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

ii. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose/those purposes.

iii. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

iv. Personal data shall be accurate and, where necessary, kept up to date.

v. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

vi. Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998.

vii. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

viii. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

2) Disciplinary measures will be taken against all applicants, who at any point fail to comply with this policy, the Eight Principles and, subsequently the provisions set in the Data Protection Act 1998.

Who are we

The Royal Academy of Engineering is the UK’s designated national academy for engineering; recognising, celebrating and connecting the most talented and prominent engineers from across the sector.


To facilitate the understanding of this policy, certain terms, words and statements have been defined as follows:

  • We/Our - employees, agent’s contractors, suppliers and consultants of and in contract with the Royal Academy of Engineering
  • The Academy - the Royal Academy of Engineering
  • You/Subject - applicable parties and consent providers
  • DPO - Data protection officer
  • Sensitive data – any information pertaining to race, ethnicity, religion, beliefs, trade union membership, physical or mental health/sexual orientation, political view and criminal offences
  • ICO - Information Commissioner's Office
  • The Act - Data Protection Act 1998

Data collection and handling

a. Information we may collect from you

We may collect and process the following data about you:

  • Information that you provide by filing in forms on our website. This includes information provided at the time of registering to use our site, subscribing to our services, posting material or requesting further services. We may also ask you for information for other purposes. For example if you report a problem with our site.
  • If you contact us we may keep a record of that correspondence.
  • Details of transactions you carry out through our site.
  • Details of your visits to our site including, but not limited to traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access.

b. IP addresses

We may collect information about your computer, including where available your IP address, operating system and browser type for system administration.

In some instances we may report aggregate information to third parties we engage for particular purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.

c. Cookies

It is possible that so-called 'cookies' are used on some of our web pages. A cookie is a small text file that is stored from a website to your hard disk. The stored information will allow you to use our website in a faster and more convenient way. Cookies can help us, for example, to better adapt our website to your specific requirements. Or your password might be stored - so you will not have to enter it again (during your next visit). If you do not wish to be recognised by cookies you may install a warning on your web browser which will provide effective protection against all types of cookies.

More information about cookies on this website

More information about cookies on this website

d. Storing your personal data

All information you provide to us is stored on our database and web servers; to which only restricted Academy personnel have access. Academy servers are protected by up-to-date firewalls with integrated virus protection from external threats. Access to data within our internal network is controlled by user accounts and specific access rights. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

e. Handling your personal data

We use information held about you in the following ways:

  • To ensure that content from our site is presented to you in the most effective manner for you and for your computer
  • To provide you with information, products or services that you request from us (for example, our newsletter) or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service

If you are an existing user of our services, we will only contact you by electronic means (email or SMS) with information about goods and services similar to those which you have used or requested from us previously.

If you are a new user we will contact you by electronic means, only if you have consented to this.

Access to your information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Changes/amendments to our privacy policy

This policy will be reviewed periodically to take account of changes in the law and guidance issued by the Information Commissioner.

How to contact us

For further information, questions comments and requests in relation to this privacy policy, we can be contacted via the following:

Phone: +44 (0) 207 766 0616

Email: Data protection officer


The Data Protection Officer
Royal Academy of Engineering
Prince Philip House
3-4 Carlton House Terrace
London SW1Y 5DG
United Kingdom