Impact (Impact Research Ltd and Impact Health Research Ltd) takes your privacy seriously. We may update this Notice from time to time and shall indicate on the Site when changes have been made.
Impact is registered with the Information Commissioner’s Office for its data processing activities. We also work to a Data Protection Policy (available on request) which all staff are required to adhere to.
This page sums up Impact’s approach to data protection; activity specific privacy notices are provided for the different types processing we undertake on the website. It outlines, in broad terms, how we collect, store, use, share and dispose of personal information. It sets out how you may access and seek correction of your personal information or raise concerns about a misuse of your personal information. If you have any queries about our processing of personal data, please contact our data protection officer: email@example.com
Impact complies with the principles of the General Data Protection Regulation (Data Protection Act 2018) which means it:
- Processes personal data lawfully, fairly and in a transparent manner.
- Collects personal data only for specified, explicit and legitimate purposes.
- Processes personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing.
- Keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
- Keeps personal data only for the period necessary for processing and is then removed and securely deleted
- Processed in a manner that ensures appropriate security of the personal data; it is stored in secure systems and only transferred by secure means
- Is accountabile for the data.
What kinds of personal information do we collect and how?
We collect personally identifiable information for the following purposes:
- Customer contact
- Job applications
- Managing staff and temporary staff
- Monitoring usage of our website.
What do we do with personal data?
Impact ensures that it protects data that is has collected or received from a third person. We only use it for the purpose for which it was collected, stores it in appropriately secure systems. We only keep data for as long as it is needed (usually until the specific project is complete), and then it is securely disposed of. Data protection retention policy and data protection fair processing notice (applicants) is available on request.
We do not sell any personal data collected during to the course of our work to third parties. If personal data is being shared with a third party, then this activity will be covered in an activity specific privacy notice.
No data is transferred outside of the European Economic Area (EEA) unless appropriate safeguards are in place.
We do not use personal data to take automated decisions. If this situation changes, details will be made available.
From time to time, we will offer visitors to the website the opportunity to be notified about the publication of reports or opportunities to participate in research studies. Any personal data collected to do this will only be used for this purpose; it will not be used for any other marketing activities or shared with third parties. Once the notification has been sent or passed to the team responsible for the research, data is securely deleted from the website. The lawful basis for such processing activity is legitimate interest.
Social media interactions
We use a number of third party services, for example, Twitter’s Analytics software, to monitor social media interactions. This helps us to respond to your comments and feedback, understand how Impact is perceived outside of the organisation and gain additional insight into how to share our research outputs to ever larger audiences. Although these tools collect personal data (your name and username), we do not use this information. We only analyse and report on the volume of interactions (comments, likes, re-tweets etc.).
How do we ensure individual’s data rights are met?
Impact handles your personal data in accordance with the rights given to individuals under data protection legislation. We make available specific privacy notices for each project or activity that we undertake. If at any time you wish us to withdraw your data or correct errors in it, please contact us. In certain circumstances, data subjects have the right to restrict or object processing. They also have the right to see information held about them. If you want to make a request for access to data or to have other data rights observed, please contact our data protection officer email: firstname.lastname@example.org . We will also cooperate fully when a subject access request is made of any data controller we are working with.
If you have a concern about the way Impact processes personal data, we request that you raise your concern with us in the first instance (see the details above). Alternatively, you can contact the Information Commissioner’s Office, the body responsible for enforcing data protection legislation in the UK.
Updated December 2020