1. What kind of information do we collect?
Sign-up details: If you register or sign up for events, newsletters or publications on the site, we will ask you for personal information such as your name, email address, and occupation
Supporter details: If you are asked and agree to become a Supporter of States of Change as an organisation, you will be asked to provide details of your organisation. If you are asked and agree to become a Supporter of States of Change as an individual, you will be asked to provide your name, photograph and position within your organisation.
Feedback and surveys: We may also ask you for feedback about Nesta or to complete surveys.
Research: If you agree to work with us in relation to any research we are conducting we will ask you for your name and contact details, occupation and may ask for further information about you as may be relevant to the particular research you are participating in.
2. What do we do with information we collect and what is our legal basis for this?
Third party processors: As is indicated below, we may use third party platforms and processors to deliver newsletters, and any request to update your data contact preferences. In using these third parties we are pursuing our legitimate interest to use third party technology to achieve greater efficiency within our organisation. To balance our interests against yours, we have taken steps to ensure these third parties maintain appropriate technical and organisational measures to keep your personal information secure.
Sign-up details: If you sign-up for us to send you newsletters, publications and other information about States of Change or Nesta, our partners and activities (see “Marketing” section below), we will use your personal information to send these to you. Our legal basis for doing this is your consent. You have the right to withdraw this consent at any time, as explained in the “Marketing” section below. If you are given the opportunity to sign-up, register for an event, or programme, or to create a personal profile through Facebook or Twitter, Facebook and Twitter will make your email address registered to your Facebook or Twitter account available to Nesta, and Nesta will use the email address to enable you to log in to the particular platform. Our legitimate interest in doing this is the use of third party platforms for business efficiency and ease of registration for users.
Supporter details: If you are asked and agree to become a Supporter of States of Change as an organisation, your organisation name and logo will be displayed publicly on the website. If you are asked and agree to become a Supporter of States of Change as an individual, your personal information will be displayed publicly on the website, and you will be sent newsletters, information and updates about States of Change as it evolves, and details of events.
Events: If you register to attend one of our events we will use your personal information to process your application to attend the event, take payment, if any, for our administration and management of the event and to send you any updates or information regarding the event. Our legal basis for doing so is to fulfil the agreement with you for your attendance.
We use CVent and Eventbrite as registration systems for many of our events and their servers are based in the United States (U.S.) and may store and process your information outside the European Economic Area (EEA). Both CVent and Eventbrite comply with the EU-US Privacy Shield Framework. If you wish to know more please see:
If you buy a ticket for an event, we use third party systems to process your purchase and take payment. The payment processing organisation will be the data controller of your information for the purpose of processing the transaction, and may process your information outside of the EEA. Please read the terms and conditions before completing your purchase and making payment.
Feedback and surveys: If you agree to give us feedback or complete a survey, we will use the information to improve our work and activities. We usually use Surveygizmo to process surveys, and they only process your information on our instructions. Surveygizmo operate in the US and comply with the EU-U.S. Privacy Shield Framework. For more information see: https://www.surveygizmo.com/privacy/. If you agree to participate in any survey that will form part of any research project, we will tell you at the time you take part how your information will be used for the particular research project or programme, and how long it will be kept for.
Research: If you agree to take part in any research we will use your information for the purpose of that research project or programme. Full details of how your personal information will be used will be given to you at the time you agree to participate; this could include to inform the development of a new prize, project, programme or other initiative, being incorporated into reports or other research outcomes, and may include being publicly displayed on web pages relating to the particular research project or programme.
Online activity: The information that we obtain about your device helps us to monitor the website and keep it secure. The cookies we use tell us how you use the site and what pages you have visited. In pursuing these activities, we use our legitimate interest of monitoring and improving the performance of the site, and its security, to help us understand more about our customer’s interests and preferences and to inform our marketing strategy. Some of these cookies are used for remarketing purposes and, if you agree, will be used to send you tailored advertisements. For more information, see “Cookies” below.
Social media interaction: We use a third party providers to check whether the people whose contact email addresses we have collected have registered with those email accounts on social media platforms, such as Facebook or Twitter. We currently use 89up Limited, who provide us with statistical information about how many of our contacts are on Facebook. We do not receive any information as to who is on Facebook. 89up Limited also provides us with the Twitter handle for our contacts who are on Twitter. We use this information to follow our contacts on Twitter. In pursuing these activities, we are pursuing our legitimate interests to understand more about our contacts’ use of social media and this will then inform our marketing strategy. We have an appropriate contract in place with to ensure the security and protection of the data.
For all kinds of information collected: Please make sure that any personal details you provide are accurate and up to date, and let us know about any changes. Please get consent first before giving us anyone else’s information.
The nature of Nesta’s work means we often work in partnership with other organisations, however, we will not share your information with any other organisation unless we have your permission first, unless we have a legitimate interest to do so (see section 5 below).
We may also use your information to carry out analysis and research to improve our publications, events and activities, customise our website and its content to your particular preferences, notify you of any changes to our website or to our activities that may affect you, to prevent and detect fraud and abuse, and to protect other users.
However you choose to engage with or support Nesta, we may retain your information for our own legitimate business interests for statistical analysis purposes, in order to review, develop and improve our business activities. In this situation, we will only keep any personal information if it is necessary to do so, and will always put in place appropriate safeguards, including where possible anonymising or minimising the data retained.
We use a third party to provide cloud based data security, storage and disaster recovery service to backup data that we hold, we currently use Barracuda Networks lncorporated. Barracuda are a company based in the U.S. and store your Data outside the EEA. Barracuda complies with the EU-U.S. Privacy Shield Framework. https://www.barracuda.com/company/legal/privacy
3. How long will we keep your information for?
General principle: We will only keep any personal information that you provide to us for as long as is necessary to fulfil the purpose for which you gave us the information and we will securely delete information when it is no longer needed for that purpose, as explained in more detail below.
Supporter details: We will retain your information for as long as you or your organisation remains a Supporter of States of Change.
Events: If you attend one of our events, we will use your information for the purpose of the event, and will only contact you for any other purpose if you have said we can. We will retain your personal information collected for the purpose of the event for 3 years for evaluation and business development purposes to help us understand our audience and reach, and to improve future events.
If you buy a ticket for one of our events, we will also keep your information on our customer database and to tell you about future similar events. If you do not wish us to contact you about future events please let us know by writing to us or emailing us at the at the contact details below.
Research: If you agree to take part in any research your personal information will be kept for as long as it is of value to Nesta and the wider research community, and for as long as may be specified by any external research funder, patent law, legislative and other regulatory requirements. Research data shall be reviewed at least every 5 years to consider its continued value to Nesta, and personal data anonymised or pseudonymised where possible, unless to do so would affect the integrity of the research data and/or its outcomes, or its future value.
To the extent that Personal Data arising from any research is embodied within a research report or other research outcome, it will be retained in perpetuity as part of the published materials.
Research that supports the development of a prize, project, programme, publication or other research outcome, shall be kept for at least 5 years beyond publication or any other research outcome has been completed. If the research is funded or the subject of any other contract, your personal data may be kept for 6 years after the end of the contract or longer if the contract or funding agreement specifies, which could be up to 12 years after the contract ends.
Consent: We keep records of consent, and any withdrawal of consent, on our files for as long as your personal information is being used in-line with that consent and for a period of 6 years after the consent is withdrawn (unless otherwise requested by you).
Processing for statistical analysis purposes: This type of processing will only be undertaken whilst we retain your personal information in line with the principles explained above.
If you sign up to our mailing list we will use your details to keep you informed about latest news, blogs, programme updates, research, publications, event details, jobs and funding opportunities, and may request feedback, including our annual audience survey.
We use third party providers to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. We currently use Mailchimp, Salesforce and Cvent whose servers are hosted in the USA, but do comply with the EU-U.S. Privacy Shield. If you want to know more about how your information will be stored and processed see: https://www.salesforce.com/company/privacy/full_privacy/
If you no longer want to receive marketing communications from us, you can unsubscribe from our mailing list at any time by please clicking the unsubscribe link, at the bottom of our emails or by emailing firstname.lastname@example.org detailing your name and email address. If you are given the opportunity to update your contact preferences in any email from us, this will link to a form hosted by Surveygizmo. If this function is not made available, please email us at the above address with your preference updates.
We use third party remarketing services to tailor advertising to you based upon your browsing history on this website, for more information see “Cookies” below.
5. Who else has access to your information?
We may share your information with our partners and companies who help us to operate this site, and if you register to attend an event or participate in any research, we may share your details with the companies/organisations and individuals who help us to fund, organise and operate the event or research. Our legal basis for doing this is to pursue our legitimate interest of being able to work collaboratively with other organisations to operate and administer the event. Some of these organisations may process your information in countries outside the EEA, such as the United States, where data protection laws are not the same as in the EEA. Rest assured that we will always ensure any transfer is subject to appropriate security measures to safeguard your personal data. Where transfers are necessary to countries where data protection has not yet been declared to be adequate, we rely on GDPR Article 49(1)(c) for these transfers. Full details of these organisations, confirmation of where they would process your personal information, and details of the steps we have taken to safeguard your personal data will be provided as part of the online data collection process.
We may share your information within the Nesta group of companies, for the purposes of managing the event, grant or activity. Nesta currently provides all support and services for its subsidiary companies, therefore, our legal basis for sharing your information is to pursue the legitimate interests of shared resources and management reporting between the companies within the group. Our group companies will not process your data outside the EEA unless we notify you otherwise. Details of our group companies can be found here: https://www.nesta.org.uk/nesta-group-companies
Nice and Serious, the developer of this website, will have access to personal information that you provide, including your name and where you work, if provided, solely for the purpose of the administration and maintenance of the website. Nesta has an appropriate agreement in place with Nice and Serious to ensure the security of your personal information. For more information see https://niceandserious.com/.
We may disclose your personal information to law enforcement agencies if required by law (in which case our legal basis for doing this is for compliance with a legal obligation), or to protect or defend ourselves or others against illegal or harmful activities (in which case, our legal basis for doing this is the pursuit of these legitimate interests).
This site contains cookies. Cookies are small text files that are placed on your computer by websites you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to site owners. Most web browsers allow some control of most cookies through browser settings.
We also use third party tracking cookies for remarketing, including Google Adwords. These third parties help us to send you tailored advertisements about Nesta, that we think may be of interest to you, based on what parts of Nesta’s websites you have viewed. The advertisements will be shown to you on other search results pages, or on sites within Google’s or any other third party display network. We do not collect any identifiable information through the use of these third party remarketing services.
If you do not wish to receive such advertisements, then you must deactivate the Google Adwords cookie from your account. For more information on how Google uses advertising cookies, and to manage your settings and opt-out of these features please see https://support.google.com/ana...
We take steps to protect your personal information and follow procedures designed to minimise unauthorised access or disclosure of your information. If you have a password for an account on this site, please keep this safe and do not share it with anyone else. You are responsible for all activity on your account and must contact us immediately if you are aware of any unauthorised use of your password or other security breach.
8. Contacting us, exercising your rights and complaints
You are legally entitled to know what personal information we hold about you and how that information is processed, which includes the right to:
If you wish to know what information we hold about you, or wish to exercise any of your other rights as detailed above, or have any complaint about how we are using your personal information, then please email us using email@example.com or write to us at 58 Victoria Embankment London EC4Y 0DS UK and provide enough information to identify yourself (e.g. name and address or any registration details).
If our information is incorrect or out of date, please provide us with information to update it. If you want us to delete, restrict or stop using any information we hold about you, please explain the reasons why you are asking this. If you are unhappy with how we are using your information, again please explain to us the reasons and we will investigate the matter.
You can also write to the same address if you have a complaint about this policy.
If you are unhappy with how any data rights request or complaint has dealt with you have the right to complain to the Information Commissioner at Wycliff House, Water Lane, Wilmslow, Cheshire SK9 5AF or the following link. https://ico.org.uk/concerns or helpline: 0303 123 1113.
Nesta, a company limited by guarantee registered in England and Wales with company number 7706036 and charity number 1144091.
Registered as a charity in Scotland number SC042833.
Registered office: 58 Victoria Embankment, London, EC4Y 0DS
Join our mailing list so we can email you updates about States of Change, including: the States of Change newsletter, stories from the community of practice, programme updates, new research and publications and occasional requests to take part in research or surveys.