Donate now
Close

Privacy Policy

At PTEN Research, we are committed to protecting and respecting your privacy. This privacy notice tells you what to expect us to do with your personal information.

Contact details

By post to:

  • The Director of Finance & Business Administration, PTEN Research Foundation, 4th Floor, St. James House, St. James Square, CHELTENHAM, Gloucestershire, GL50 3PR, United Kingdom.

By email to:

  • contact@ptenresearch.org

What information we collect, use, and why

If you wish to subscribe to our newsletters, we collect personal information such as names and contact details. The information you enter on our website is shared with Campaign Monitor, the company which manages the circulation of our newsletter on our behalf. You can read more about Campaign Monitor and how they process data here: https://www.campaignmonitor.com/trust/privacy-hub/

If you wish to apply for grant funding as a researcher, we collect information necessary to process applications for research funding, such as the applicant’s qualifications and employment history, and the employment history of individuals who will be working on the grant; and to monitor the appropriate use of grant funds, including expenditure on individual salaries. In addition, we collect information including postal address, telephone number, e-mail address and/or social media identity of both applicants and ancillary support staff.

If you wish to apply for a job with us, we collect information necessary for us to assess the suitability of those who apply, and to process those applications, which may include data on employment status and previous experience depending on the context.

If you wish to make a donation, we collect personal information in order to process charitable donations that we receive by post, given our status as a charity registered with the Charity Commission for England and Wales: for example, names and contact details of donors; your payment details (including card or bank information for transfers and direct debits); and your financial transaction information. Our website directs prospective donors to KindLink, the charitable donation platform with which we have an account, and which processes donations on our behalf. Donors who use KindLink to make donations to us are directed to the privacy statement on KindLink’s website here https://www.kindlink.com/privacy-policy We access donors’ personal information through our KindLink account to ensure donations to the Foundation and related Gift Aid claims from HMRC are properly processed. 

In the event that donors wish to make substantial donations (typically of £10,000 or more), we may ask you to provide us with additional information in order for us to comply with the UK Fundraising Code of Practice and the Proceeds of Crime Act 2002.

Social media

On occasion, we collect personal information from social media, for example, LinkedIn, in respect of those who apply for job applications with us. Communication, engagement and actions taken through external social media platforms that we participate on are subject to the terms and conditions as well as the privacy policies held with each social media platform. You are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to your own privacy and personal details.

Lawful bases

Our lawful bases for collecting or using personal information are as follows:

  • Specific consent

Consent is where we ask you if we can use your information in a certain way, and you agree to this (for example, when you subscribe to our newsletters, or donate to us).  Where we use your information for a purpose based on consent, you have the right to withdraw consent for any future use of your information for this purpose at any time. 

  • Legal obligation

We have a basis to use your personal information where we need to do so to comply with one of our legal or regulatory obligations.  For example, in some cases we may need to share your information with our various regulators such as the Charity Commission, Fundraising Regulator or Information Commissioner, or to use information we collect about you for due diligence or ethical screening purposes.

  • Performance of a contract/take steps at your request to prepare for entry into a contract

We have a basis to use your personal information where we are entering into a contract with you or performing our obligations under that contract.  Examples of this would be if you are applying to work with us, or being funded to undertake research.

  • Legitimate interests

We have a basis to use your personal information if it is reasonably necessary for us (or others) to do so and in our/their “legitimate interests” (provided that what the information is used for is fair and does not unduly impact your rights).

We consider our legitimate interests to include all of the day-to-day activities we undertake with personal information.  Some examples not mentioned under the other bases above where we are relying on legitimate interests are: use of personal information to administer, review and keep an internal record of the people we work with, including consultants, contractors and researchers.

We only rely on legitimate interests where we consider that any potential impact on you (positive and negative), how intrusive it is from a privacy perspective and your rights under data protection laws do not override our (or others’) interests in us using your information in this way.

How we decide how long to keep information for

We consider various criteria when determining the appropriate retention period for personal data including: 

  • the purposes for which we process your personal data and how long we need to keep the data to achieve these purposes;
  • how long personal data is likely to remain accurate and up-to-date;
  • for how long the personal data might be relevant to possible future legal claims; and
  • any applicable legal, accounting, reporting or regulatory requirements which specify how long certain records must be kept.  

Who we share information with (in addition to those listed above)

  • HMRC – in instances where Gift Aid claims are made. The HMRC is a controller of information relating to Gift Aid claimants, and we must provide HMRC with the information necessary for donors who are eligible for Gift Aid to receive their associated tax credits.HMRC’s privacy statement can be found here https://www.gov.uk/government/publications/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you/data-protection-act-dpa-information-hm-revenue-and-customs-hold-about-you.
  • Webreality – a company that manages our website for us. Webreality processes information as directed by the Foundation, for the purposes set out in this privacy notice. Webreality also provide Google Analytics with de-identified data on visitors to our website for the purpose of providing us with feedback that will improve the experience of visitors to our website.You can read more about how Webreality process data here https://www.webreality.co.uk/privacy-policy/#:~:text=We%20will%20only%20use%20your%20personal%20information%20for%20the%20purposes,compatible%20with%20the%20original%20purpose.
  • Dropbox and CloudAlly - cloud-based platforms with which we contract to store our data. These organisations have multi-layered security that includes encryption and maintain our data on servers located internationally. We limit access to such information held on our behalf to Foundation staff and trustees for whom such access is essential for operating and governance purposes.
  • GoDaddy - a company that manages our email and other software applications that we use. GoDaddy has multi-layered security that includes encryption and maintains our data on servers that are located internationally.
  • Where necessary, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While unlikely, we may be required to disclose your information to comply with regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

How we protect your information

When you provide personal information to PTEN Research, we implement a variety of security measures to maintain the safety and integrity of your details, and protect your information from loss, misuse, unauthorised access or disclosure, alteration, or destruction. The details about you kept by us, or by  the third-party organisations with which we contract, are protected with restricted and limited access, as well as a rigorous authorisation process upon accessing.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal data.
  • Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

You do not usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

February 2025