Privacy Policy

This website does not store or capture personal information, but merely logs the user’s IP address which is automatically recognised by the webserver. We do not use cookies for collecting user information from the site and we will not collect any information about you except that required for system administration of the webserver.

The National Oceanography Centre (NOC) provides a number of privacy notices to explain how we use different categories of personal information. Below we supply details to the individual privacy notices.

    • NOC privacy notice for applicants for jobs at NOC

      Purpose

      This NOC Recruitment Privacy Notice relates to personal information submitted by you, to NOC as part of the application process for jobs at the NOC. We use this information to assess your suitability for jobs you have applied for.

      What is the legal basis for NOC processing your personal information?

      The lawful basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract (ie employment contract) or to take steps at your request, before entering a contract.

      If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.

      The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes.

      We process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(e) for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).

      What personal information does NOC process?

      NOC collects and processes a range of information about you. We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

      • You will be asked to set up a user account in the NOC recruitment portal and provide us with:
        • your name,
        • contact details,
        • information regarding your right to work in the UK,
        • diversity information,
        • previous employment history,
        • qualification and training information,
        • and other information relevant to the job.
      • If your personal information and CV have been submitted by a trusted third party, your details will be uploaded on to the system by the NOC Recruitment Team.

      In the circumstance where you are accepted for employment, as part of the onboarding process, we will request further personal information required to fulfil your employment contract. That personal information is covered by the NOC staff privacy notice, below.

      Who has access to your personal data?

      NOC restricts access to personal data on an as-needs-basis. Your information will only be shared with NOC staff taking part in the recruitment process, the NOC People and Skills team and NOC staff with expertise to assess your suitability for the position.

      Do we use any data processors?

      NOC may share your personal data with a number of third party processors in assessing your suitability

      • If the position involves supervision by non-NOC staff, we may share your application details with relevant external supervisors in order for them to contribute to assessing your suitability. Such external people will be required to treat your details in strictest confidence and abide by NOC information security standards.
      • With your permission, we may contact references provided by you to undertake pre-offer reference checks.
      • For apprenticeships, your information will be input to the UK Government Digital Apprenticeship Service (DAS) and your information shared with the relevant apprenticeship training partner. Here is the link to the UK Government Digital Apprenticeship Service (DAS) privacy notice.

      How does NOC protect data?

      NOC takes the security of your data seriously. The NOC has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees or third parties in the recruitment process.

      Where the NOC engages third parties to process personal data on its behalf, we do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

      Will the personal information be shared outside of the UK?

      No, your personal information will not be shared with third parties outside of the UK.

      How long does NOC keep data?

      Your personal information will be held for 12 months following no activity on your recruitment portal account, logging into your account is included as activity. At this point your account will be de-activated by anonymizing your information and the secure deletion of all documents attached to your account. At any time, you also have the option to deactivate your account yourself when logged in, this will also anonymise all data and delete attached documents.

      Within the 12 month period, if you consent, NOC may also contact you to inform you of other NOC job vacancies that we consider you may be interested in.

      We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons. Where the successful candidate for one of our vacancies requires sponsorship we are required to retain personal information relating to both the successful and unsuccessful candidates from the recruitment campaign until audited, or until 1 year after sponsorship ends. This is in accordance with Home Office Tier 2 VISA requirements.

      Your rights as an applicant to the NOC

      As a data subject, you have a number of rights:

      • NOC must inform you of how your personal information is being used – which is the purpose of this Privacy Notice.
      • You have the right to request NOC to provide a copy of your personal information we store about you.
      • You have the right to request the correction of any inaccuracies in your personal information.
      • You have the right to update your personal information if it has changed.
      • At any time, you may withdraw your job application by notifying NOC in writing.
      • If you do not have an active job application with NOC, you have the right to request the de-activation of your account (see above – How long does NOC keep data?).

      If you would like to exercise any of these rights or discuss your personal information, please contact NOC’s People and Skills team by emailing askhr@noc.ac.uk. If you are not happy with the response from the People and Skills team, you may contact the NOC Information Governance team: governance@noc.ac.uk. In the event that NOC is unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the data protection authority in your country or the UK main data protection regulator, the Information Commissioner’s Office (ICO). Full details may be accessed on the complaints section of the Information Commissioner’s Office website. Here is the link to ICO complaints.

      Automated decision-making

      Suitability decisions are not based on automated decision-making.

      About this Privacy Notice

      From time to time, we may need to change this privacy notice, for example, if we introduce new data into the recruitment process and we encourage you to check this privacy notice from time to time.

    • NOC privacy notice for NOC staff

      Purpose

      This privacy notice covers the personal data that you supply to The National Oceanography Centre (NOC) relating to your employment with NOC. The organisation is committed to being transparent about how it collects, stores and processes your data and to meeting its data protection obligations.

      What is the legal basis for NOC processing your personal information?

      The lawful basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract (ie employment contract) or to take steps at your request, before entering a contract.

      If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the Act.

      The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnicity information is article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights. And Schedule 1 part 1(1) of the DPA2018 which again relates to processing for employment purposes.

      We process information about applicant criminal convictions and offences. The lawful basis we rely to process this data are Article 6(1)(e) for the performance of our public task. In addition we rely on the processing condition at Schedule 1 part 2 paragraph 6(2)(a).

      What personal information does NOC process?

      NOC collects and processes a range of information about you. We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary. This includes (as applicable):

      • information provided by you such as your name, address and contact details, including email address and telephone number, date of birth and gender.
      • the terms and conditions of your employment.
      • details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the NOC.
      • information about your pay and benefits.
      • details of your bank account and national insurance number.
      • information about your marital status, next of kin, dependants and emergency contacts.
      • information about your nationality and entitlement to work in the UK.
      • information from references.
      • information on Disclosure and Barring Service (DBS) checks including the outcome of the checks.
      • details of your work pattern (days of work and working hours).
      • details of periods of leave taken by you, including holiday, sickness and other absence, and the reasons for the leave.
      • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence.
      • performance management information, including annual appraisals, performance development reviews (PDR) and ratings, training you have participated in, performance improvement plans and related correspondence.
      • information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments.
      • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
      • other relevant information as applicable required by NOC in order to ensure we fulfil our obligations as an employer.

      NOC collects this information in a variety of ways.

      For example, data is collected through application forms and CVs; obtained from your passport or other identity documents; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

      You are also able to directly update some of the information held on your record on NOC’s Business Information System - UNIT 4, and to view the other fields in your record.

      In some cases, the organisation collects personal data about you from third parties, such as references supplied by former employers and information from criminal records checks permitted by law.

      Data is stored in a range of different places, including in your electronic personnel file, in NOC’s Business Information System, the flexitime tracking system and across other IT systems (including the organisation’s network drives and email system).

      Who has access to data?

      NOC restricts access to personal data on an as-needs-basis. Your information will be shared within People & Skills team (including external managed services covering payroll, flexible benefits, occupational health), your line manager, managers in the business area in which you work and senior managers and IT staff if access to the data is necessary for performance of their roles.

      Your data could also be shared with employee representatives in the context of collective consultation on a redundancy or merger, if such a situation were to arise. This would be limited to the information needed for the purposes of consultation, such as your name, role and length of service.

      Relevant data (e.g. mobile number) may also be shared for the purposes of the organisation’s Business Continuity Plan or Serious Incident Group procedures.

      Your data may also be shared for the purposes of audit compliance and may be transferred to countries outside the European Economic Area (EEA) for information required within the NOC or for audit or compliance purposes, including EU funded grant activity. Data will only be transferred outside the EEA where required and where adequate safeguards such as an International Data Agreement or contract are in place.

      Do we use any data processors?

      NOC engages with a number of third party processors in providing elements of our business processes:

      How does NOC protect data?

      NOC takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees in the performance of their duties.

      Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

      How long does NOC keep data?

      During your employment, NOC will retain your personal information and ensure it is up to date and accurate, After you leave the organisation, we will retain only key information such as job and salary records for one year and we will delete your record entirely after 6 years, unless we are required to maintain data for a longer period for compliance or donor reporting reasons.

      Your rights as a NOC employee

      As a data subject, you have a number of rights. You can:

      • access and obtain a copy of your data on request;
      • require the organisation to change incorrect or incomplete data;
      • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
      • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing;
      • ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.

      If you would like to exercise any of these rights or discuss your personal information, please contact NOC’s Legal and Governance team on governance@noc.ac.uk In the event that NOC is unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the data protection authority in your country or the UK main data protection regulator, the Information Commissioner’s Office (ICO). Full details may be accessed on the complaints section of the Information Commissioner’s Office website

      What if you do not provide personal data?

      You have some obligations under your employment contract to provide the organisation with data. In particular, you are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. You may also have to provide the NOC with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.

      Certain information, such as contact details, your right to work in the UK and payment details, have to be provided to enable the organisation to enter a contract of employment with you. If you do not provide other information, this will hinder the organisation’s ability to administer the rights and obligations arising as a result of the employment relationship efficiently.

      Automated decision-making

      Employment decisions are not based solely on automated decision-making.

      About this Privacy Notice

      From time to time, we may need to change this privacy notice, for example, if we introduce new data into our business processes supporting your employment contract. We will inform NOC staff when a new privacy notice is published.

    • NOC privacy notice for NOC visitors

      Purpose

      This privacy notice covers the personal data that you supply to The National Oceanography Centre (NOC) as a visitor to NOC. The organisation is committed to being transparent about how it collects, stores and processes your data and to meet its data protection obligations.

      For the purposes of this document you are classed as a visitor which is a term we use to cover users of our buildings and facilities who are not on staff payroll including job applicants, students, contractors, attendees of meetings, conferences and events organised or hosted by NOC, employees of associated organisations and other individuals who require access to NOC buildings and facilities on a temporary basis or for a limited or defined period of time.

      What is the legal basis for NOC processing your personal information?

      We rely on several lawful bases for processing on your personal data, in line with the retained EU law version of the General Data Protection Regulation ((EU)) 2016/279) (the UK GDPR) and the Data Protection Act 2018.

      • If we have a contract with you or are taking steps at your request prior to entering into a contract, we may rely on article 6(1)(b) of the UK GDPR, which relates to the processing of data necessary to perform a contract;
      • We rely on article 6(1)(c) of the UK GDPR to process some information to allow us to comply with our legal obligations (including health and safety and public liability);
      • We rely on article 6(1)f) of the UK GDPR to process some information for the purposes of our legitimate interests, including when we provide services to you, and when we use information to develop the way in which the NOC operates and fulfils its charitable objectives
      • If you provide us with any information about reasonable adjustments you require under the Equality Act 2010 the lawful basis we rely on for processing this information is article 6(1)(c) to comply with our legal obligations under the UK GDPR and the Data Protection Act 2018.

      The primary purpose for the personal information we maintain about you as a visitor is to facilitate access to the NOC and, if required, to our IT services, to ensure we can meet our obligations to safeguard you whilst on our premises or using our facilities and to make arrangements for accommodating any needs or requirements you may make us aware of.
      We also use individual visitor information to help us understand the make-up of the community we serve. We use it to generate reports and to help us make decisions which will impact visitors and the services you use.

      What personal information does NOC process?

      NOC collects and processes a range of information about you. We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than is necessary. This includes (as applicable):

      • information provided by you such as your name, address, and contact details, including email address and telephone number, date of birth and gender.
      • details of your visit, including start and end date.
      • information about your nationality and entitlement to visit the UK.
      • equal opportunities monitoring information, including information you provide about your ethnic origin, sexual orientation, health and religion or belief.
      • other relevant information required by NOC in order to ensure we fulfil our obligations as agreed with you.

      As well as information listed above, there is other information we may process depending on the nature
      of your visit to the NOC. This includes:

      • qualifications;
      • bank account details as may be required to take a payment from you or to provide you with access to funding;
      • information about medical or health conditions, or where a visitor may have a disability for which the organisation needs to make reasonable adjustments; information about your marital status, next of kin, dependants, and emergency contacts.
      • publicity photographs and/or video/digital images;
      • relevant data (e.g. mobile number) may also be collected and shared for the purposes of the organisation’s Business Continuity Plan or Serious Incident Group procedures.

      The NOC collects this information in a variety of ways.

      For example, data is collected through visitor registration forms, including information obtained from your passport, or other identity documents; from forms completed by you at the start of your visit; from
      correspondence with you.

      In some cases, the organisation collects personal data about you from third parties, such as UKVI to ensure your right to be in the UK has been provided.

      Data is stored in a range of different places, including in your electronic visitor file, in NOC’s Business Information System, and across other IT systems (including the organisation’s network drives and email
      system).

      Who has access to data?

      NOC restricts access to personal data on an as-needs-basis. Your information may be shared within People & Skills team, the NOC staff who are responsible for your visit, managers in the area in which
      you are undertaking study or research, and IT staff if access to NOC systems and data is necessary for your visit.

      Your data may also be shared for the purposes of audit compliance and may be transferred to countries outside the UK for information required within the NOC or for audit or compliance purposes, including
      EU funded grant activity. Data will only be transferred outside the UK where required and where adequate safeguards such as an International Data Transfer Agreement or other contract containing appropriate safeguards are in place.

      Do we use any data processors?

      NOC engages with a number of third-party processors in providing elements of our business processes, for example via a payment provider to process payments for attendance at events or any other legitimate reason.

      Individuals will be informed if their data will be processed by another party.

      If an individual is unwilling to provide some data NOC considers necessary for the business relationship, then NOC may choose not to enter into a relationship with that individual.

      How does NOC protect data?

      NOC takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed,
      and is only accessed as required by its employees in the performance of their duties.

      Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate
      technical and organisational measures to ensure the security of data.

      How long does NOC keep data?

      NOC will retain your personal information only for the time necessary according to the purpose of the holding of the data. Your data will be retained for the time you are deemed to be a visitor of NOC. Once
      you cease to be a visitor, the data may be retained for as long as may be necessary for NOC business purposes related to the purpose of your visit. This may include for the purposes of relevant audit activity
      some years after your visit has ended.

      Your rights as a data subject

      As a data subject, you have a number of rights. You can:

      • access and obtain a copy of your data on request;
      • require the organisation to change incorrect or incomplete data;
      • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
      • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing;
      • ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

      If you would like to exercise any of these rights, please contact NOC’s Legal and Governance team on
      governance@noc.ac.uk. In the event that NOC is unable to adequately address any concerns you may
      have about the way in which we use your data, you have the right to lodge a formal complaint with the
      data protection authority in your country or the UK main data protection regulator, the Information
      Commissioner's Office (ICO). Full details may be accessed on the complaints section of the Information
      Commissioner's Office website. Here is the link to ICO complaints.

      What if you do not provide personal data?

      If an individual is unwilling to provide some data NOC considers necessary to meet its obligations, then
      NOC may choose not to allow access to its buildings or facilities.

      About this Privacy Notice

      From time to time, we may need to change this privacy notice, for example, if we introduce new data
      into our business processes supporting your employment contract.

    • NOC privacy notice for suppliers and customers

      Purpose

      This privacy notice covers the personal data that you supply to The National Oceanography Centre (NOC) relating to you acting in a capacity as a customer of, or supplier to, NOC. The organisation is committed to being transparent about how it collects, stores and processes your data and to meeting its data protection obligations.

      What is the legal basis for NOC processing your personal information?

      The lawful basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.

      The NOC needs to process data in order to be able to enter into a contract with you or your employing organisation and to meet its obligations under the contract. For example, it needs to process your data to undertake due diligence activities, or to invoice or pay you in accordance with contract.

      NOC will only ever ask for and process data which is required to enable the contractual relationship and does not collect sensitive personal data from customers or suppliers.

      What personal information does NOC process?

      NOC collects and processes a range of information about you. This includes (as applicable):

      • information provided by you such as your name, address and contact details, including email address and telephone number.
      • details of your bank account.
      • other relevant information as applicable required by NOC in order to ensure we fulfil our obligations created by the business relationship.

      NOC collects this information in a variety of ways.

      For example, data is collected through customer or supplier forms and through the completion of contractual or due diligence documentation.

      Data is stored in NOC’s Business Information System, paper files (contracts) and across other IT systems (including the organisation’s network drives and email system).

      Who has access to data?

      NOC restricts access to personal data on an as-needs-basis. Your information will be shared within NOC to the extent necessary to administer the business relationship.

      Your data may also be shared for the purposes of audit compliance and may be transferred to countries outside the European Economic Area (EEA) for information required within the NOC or for audit or compliance purposes, including EU funded grant activity. Data will only be transferred outside the EEA where required and where adequate safeguards such as an International Data Agreement or contract are in place.

      Do we use any data processors?

      For data supplied by our customers and suppliers, NOC will only use third party processors in the context of due diligence, audit activity or banking. For example, we may use an external credit checking partner and may pass your details to our bank in order to enable payments to be made. Data processors with whom we may share information:

      How does NOC protect data?

      NOC takes the security of your data seriously. The organisation has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees in the performance of their duties.

      Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

      How long does NOC keep data?

      NOC will retain your personal information only for the time necessary according to the purpose of the holding of the data. Your data will be retained for the time you are deemed to be a registered supplier or customer of NOC. If you cease to be a customer or supplier, then the data may be retained for as long as may be necessary for NOC business purposes related to the business relationship that was in place. This may include for the purposes of relevant audit activity some years after the supplier or customer contract relationship has ended.

      Your rights as a data subject

      As a data subject, you have a number of rights. You can:

      • access and obtain a copy of your data on request;
      • require the organisation to change incorrect or incomplete data;
      • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
      • object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing;
      • ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.

      If you would like to exercise any of these rights, please contact NOC’s Legal and Governance team on governance@noc.ac.uk  In the event that NOC is unable to adequately address any concerns you may have about the way in which we use your data, you have the right to lodge a formal complaint with the data protection authority in your country or the UK main data protection regulator, the Information Commissioner’s Office (ICO). Full details may be accessed on the complaints section of the Information Commissioner’s Office website

      What if you do not provide personal data?

      If an organisation is unwilling to provide some data NOC considers necessary for the business relationship, then NOC may choose not to enter into the business relationship with that organisation.

      About this Privacy Notice

      From time to time, we may need to change this privacy notice, for example, if we introduce new data into our business processes supporting supplier and customer contracts. We will inform you when a new privacy notice is published.

    • NOC privacy notice for donors and fundraising

      Purpose

      This statement explains how The NOC processes the personal data of its donors and fundraising contacts.

      We are a "data controller" for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation 2016 ("Data Protection Law"). This means that we are responsible for the processing of your personal information.

      What is the legal basis for NOC processing your personal information?

      We have a basis to use your personal information if it is reasonably necessary for us to do so and in our “legitimate interests”.  Whenever we process your personal information under the 'legitimate interest' lawful basis we make sure that we consider your rights and interests and will not process your personal information if we feel that there is an imbalance.

      Some examples of a legitimate interest are when we:

      • process your registration to an event, or when you apply to volunteer
      • claim Gift Aid to boost your donation
      • improve our services, for our legal purposes (for example, dealing with complaints and claims), or for complying with Charity Commission guidance
      • contact prospective company and trust supporters by email, phone and post to find out more about their giving policies, make them aware of NOC, and opportunities to support us or for us to apply for their grants
      • contact prospective supporters by post where information in the public domain indicates possible interest in supporting NOC
      • contact people who have previously supported NOC where there is reason to expect they may wish to support again
      • use your personal information for data analytics
      • conduct research to better understand who our supporters are

      What personal information does NOC process?

      Personal information includes your name, email, postal address, telephone number, as well as information you provide in any communications between us. We will mainly use this information:

      • To process your donations, to claim Gift Aid, and verify any financial transactions.
      • To update you with important administrative messages about your donation, an event or services or goods you have requested.
      • To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify supporters who make major gifts so we can assess risks.
      • To keep a record of your relationship with us.
      • To invite you to participate in surveys or research.
      • Where you volunteer with us, to administer the volunteering arrangement.

      If you do not provide this information, we will not be able to process your donation, sign you up for a particular event or provide goods and services you have requested. We may also supplement the data you have provided with your job title and employer name if you have provided this to us or it is in the public domain. We may also use your personal information to contact you about our work and how you can support NOC (see section 8 on 'Marketing' below for further information).

      We sometimes receive limited data about children if they decide to fundraise for us, and we will collect data about children for events we organise specifically for young people or where they agree to volunteer for us. Wherever possible, we will ask for consent from parents to collect information about children and young people under the age of 16.

      How do we collect information about you?

      When you interact with us directly: This could be if you ask us about our activities, register for an event, donate, ask a question, purchase something, complete a survey, apply for a volunteering opportunity, or otherwise provide us with your personal information. This includes when you phone us, write to us by post or email or meet us in person.

      When you interact with us through third parties: This could be if you provide a donation through a third party we work with, such as Just Giving.

      When you visit our website: We gather general information which might include which pages you visit and which information is of most interest. We may also track when you click on links in emails. We use "cookies" to help our site run effectively (see 'Cookies' policy).

      From other information that is available to the public: To tailor our communications with you we may collect information from publicly available sources or through third party subscription services or service providers (further details below – see 'Making our work unique to you').

      Making our work unique to you – research and profiling

      To improve how we talk to you and the information we provide through our website, services, products and information we may conduct our own research using publicly available information about you.  We may also work with third party organisations who provide additional insight, this may include wealth screening information or general information that is publicly available. This information can be appended to the information that you have provided which allows us to use our resources more effectively by better understanding the background of our supporters and making appropriate requests based on what may interest them and their capacity to give.
      We may carry out targeted fundraising activities using profiling and screening, based on the information that we hold about you.

      You can of course opt out of this activity at any time by emailing giving@noc.ac.uk

      Marketing

      We will send you information by email about our work and how you can help us to protect and understand the oceans. As well as sharing our latest news, we will contact you about events and fundraising for NOC, our campaigns, and the many ways you can shape our work.

      You can stop us sending you email communications at any time by clicking the unsubscribe link at the bottom of the email. This can take up to 28 days to take effect.

      We will only contact you about how you can support NOC by phone, if you have agreed for us to contact you in this manner, or if you are an existing donor.

      However, we may send you information about our work and how you can support NOC by mail unless you have told us that you would prefer not to hear from us in that way.

      To opt out of postal mailings, or telephone contact, please email giving@noc.ac.uk.

      Who has access to data?

      The personal information we collect about you will be used by our staff (and volunteers, including Trustees and Ambassadors) at NOC so that they can support you.

      We will never sell your personal information to other organisations. Nor do we sell any information about your web browsing activity.

      We may employ a consultant to guide us in appropriate fundraising best practice and advise us on donation amounts for fundraising appeals. Consultants would be provided with the above categories of data, where possible made anonymous by excluding names and emails, in order to ascertain your ability to donate.

      We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, to enforce our conditions of sale and other agreements

      Do we use any data processors?

      NOC may however share your information with our trusted partners and suppliers who work with us or on our behalf to deliver our services, but processing of this information is always carried out under our instruction. Some examples of where we may share your information are with our fulfilment partners who help to create and send information to you to reduce our costs, or process Gift Aid for us. We enter contracts with these service providers that require them to comply with Data Protection Laws and ensure that they have appropriate controls to secure your information. We make sure that they store the data securely, delete it when they no longer need it and never use it for any other purposes.

      Other Data processors with whom we may share information are the database and payment services system providers we use to manage your data and handle donations and other payments.  These data processors maintain their own rules and policies for the management of the data we provide as presented on their web pages as follows:

      How does NOC protect data?

      We take looking after your information seriously. The NOC has appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

      Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent this way, we cannot guarantee the security of data transmitted to our site.

      The NOC does not process your card or bank details when making donations through our website.  Any debit or credit card details which we receive on our website are passed securely to Stripe our payment processing partner, according to the Payment Card Industry Security Standards. See www.stripe.com/gb/privacy. The payment details you provide in relation to setting up a Direct Debit are captured and recorded directly to GoCardless, our payment processing partner, according to the BACS (See https://gocardless.com/privacy/payers/). Please note that payments made indirectly, for example through Just Giving, have Separate Terms (Donations made through Just Giving have their own Terms and Privacy Policies (see www.justgiving.com ).

      How long does NOC keep data?

      We only keep it as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid).

      Your rights as a data subject

      You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting governance@noc.ac.uk. You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office, https://ico.org.uk/

      Access to your personal information: You have the right to request access to a copy of the personal information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. This is free of charge but please make all requests for access in writing and provide evidence of your identity.

      Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.

      Consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.

      Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.

      Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, or you have withdrawn consent, or where we have no lawful basis for keeping it.

      Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

      Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.

      No automated-decision making: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.

      Please note, some of these rights only apply in certain circumstances, where one of your rights does not apply, we will communicate the reason to you.

      For further information about our privacy practices, please contact governance@noc.ac.uk

      About this Privacy Notice

      From time to time, we may need to change this privacy notice, for example, if we introduce new data into our business processes supporting donors. We will inform you when a new privacy notice is published.