The Behavioural Insights Team website
This notice is effective from 4 December 2018
This website is operated by the Behavioural Insights Team (BIT). This privacy notice sets out how we collect and use your personal data.
Behavioural Insights Ltd (the legal name of Behavioural Insights Team) is the controller and is responsible for your personal data collected via this site.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights in relation to your personal data, please contact the DPO:
By post: Behavioural Insights Ltd, 4 Matthew Parker Street, London, SW1H 9NP
By email: email@example.com.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We promise to respect any of your personal information which is under our control and to keep it safe. We aim to be clear when we collect your information about what we will do with it and let you know of any material changes to this notice.
What kind of information do we collect from you?
If you register on the site, sign up for events or subscribe to newsletters, we may ask for personal information such as your name, email address, occupation, contact details and communication preferences. We may ask you for feedback about BIT or to provide responses to surveys.
Newsletters or other messages sent to you after you have subscribed may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such newsletters and messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data. When collected, this information is processed by MailChimp (see “Who else has access to your information” section below).
We may also record your activity when visiting the site (see our Cookies Policy) and other technical data such as login data, browser type and version and time zone setting and location. If you post content or communicate via the site, we may store and monitor your content and communications.
We do not collect any special categories of personal data about you through the website or your use of our website (as defined under the General Data Protection Regulation, special category data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
What do we do with information we collect?
We will only use your personal data where we have a lawful basis for doing so.
In particular, we may process your personal information where it is necessary in our legitimate interests (and your interests and fundamental rights do not override those interests) in order to:
- operate this site, keep it up to date and deliver relevant content to you;
- to carry out analysis and research to improve our sites, events, newsletters and activities;
- to prevent and detect fraud and abuse of our site and protect other users;
- ask you to leave comments, reviews, or participate in surveys;
- establish, defend or enforce legal claims.
These activities are necessary for our legitimate interests to study how individuals that are interested in BIT engage with our website and content and make any required improvements, to keep our website up to date and relevant, to develop and grow our business, to prevent fraud or abuse or to enforce our legal rights.
If you sign up via the site, we may use your information to provide you with newsletters and information about us, our partners and our publications, activities and events. In this case, we will be relying on consent as the lawful basis for processing your personal data.
Please make sure that any personal details you provide are accurate and up to date, and let us know about any changes as soon as possible.
How to unsubscribe
If you have previously signed up to receive emails from us but you don’t want to receive any more communications, please click the unsubscribe link on any email from us or, where relevant, change the preferences on your account. You can also email us at firstname.lastname@example.org at any time.
Who else has access to your information?
We may disclose your information to third parties in connection with the purposes of processing your personal data set out in this policy. These third parties may include:
- other companies in our group
- business partners, suppliers and sub-contractors who may process information on our behalf;
- analytics and search engine providers;
- IT service providers.
MailChimp’s servers are located in the United States so personal data will be transferred to the United States. MailChimp has certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
If you are concerned about us sharing your personal data with MailChimp, please do not sign up to receive information from us.
Comments and other information which you post on the site will be displayed publicly and to other users. Please be careful when disclosing personal information which may identify you or anyone else. We are not responsible for the protection or security of information which you disclose in public areas.
We may disclose your personal information if required by law, or to protect or defend ourselves or others against illegal or harmful activities, or as part of a reorganisation or restructuring of our organisation.
We may share your date with one of our group companies. As of the date of last review of this notice, the group of companies comprise:
- Behavioural Insights Ltd
- Behavioural Insights Ventures Ltd
- Behavioural Insights US (Inc)
- Behavioural Insights (Australia) Pty Ltd
- Behavioural Insights (New Zealand) Ltd
- Behavioural Insights (Singapore) Pte Ltd
In sharing this personal information with other group entities, your information may be transferred outside of the EEA . In this case, we will ensure appropriate safeguards are implemented and you are fully informed of the transfer (unless it is otherwise prohibited by law to inform you).
There is an adequacy decision from the European Commission in respect of transfers of personal data to New Zealand. This means that New Zealand is deemed to provide an adequate level of protection for your personal information if we transfer personal data to Behavioural Insights (New Zealand) Ltd.
In relation to other group entities outside of the EEA, we are putting in place standard contractual measures (as laid down in the European Commission Decision 2010/87/EU of 5 February 2010 or as updated from time to time) to ensure an adequate level of protection for your personal information if we transfer personal data to any of those entities. If you require further information about this, you can request it from the Data Protection Officer.
We take all reasonable steps to protect your personal information and follow procedures designed to minimise unauthorised access, alteration, loss or disclosure of your information.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available, users are advised to verify their authenticity using third party anti-virus software or similar applications.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. When it is no longer necessary to retain your personal data, it will be securely deleted.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data, including rights to:
- Request access to your personal data: this enables you to receive a copy of the personal data we hold about you and to check we are lawfully processing it.
- Request correction of your personal data: this enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal data: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Object to processing of your personal data: you can object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request restriction of processing your personal data: This enables you to ask us to suspend the processing of your personal data.
- Data portability: Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format.
- Request transfer of your personal data.
- Right to withdraw consent to the processing of your personal data: This applies where we have relied on consent to process personal data. Please note that withdrawal of consent will not affect the lawfulness of any processing carried out before withdrawing your consent.
If you wish to exercise any of the rights set out above, please contact the Data Protection Officer with your specific request by email to: email@example.com
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Changes to this Notice
We may change this Privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on the website or by contacting you directly.
Behavioural Insights Ltd is a limited company registered in England and Wales. Registration number: 08567792
Registered office: 4 Matthew Parker Street, London SW1H 9NP