Privacy Policy

Cyber Security Certification Badge
1. Introduction

We operate this Privacy and Cookies Policy because we are committed to safeguarding the privacy of those using our website and the confidentiality of any information that we collect about you. For any queries related to our Data Protection policies, please contact our Data Protection Officer Lauren Mennie at [email protected].

We are Institute for Strategic Dialogue. We are a limited company in England (number 06581421) whose registered office is 3rd Floor, 45 Albemarle Street, Mayfair, London, W1S 4JL. We are the data controller in respect of all personal data collected via our website. We are registered as a data controller with the Information Commissioner’s Office (“ICO”) and our registration number is ZA306601. Our sister organisation Institute for Strategic Dialogue gGmbH (ISD Germany) acts as our EU representative.

This Privacy and Cookies Policy sets out how we will use any personal data that we may obtain from you. Our website is not intended for children and we do not knowingly collect data relating to children. If we change any of the terms of our Privacy and Cookies Policy we will post the revised policy on our website behind the “Privacy and Cookies Policy” link at the bottom of each page. Whenever you submit your information to us, whether it be by using our website, by email, over the telephone, in person or by any other means, we will collect and use of such information in accordance with the terms of this Privacy and Cookies Policy. We are committed to ensuring that all personal data we hold is treated properly and in accordance with applicable data protection legislation. In accordance with data protection legislation, we are required to explain to you how we will treat any personal data which we collect from or about you. You have the right to lodge a complaint with the ICO if you have any concerns with regard to the way in which we process your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

2. What information do we collect and how do we use it?

You may give us information about you by corresponding with us by phone, e-mail, social media or otherwise, by submitting an enquiry via our website, by submitting information for the purposes of being considered for a vacancy, by opting in to receive our newsletter and/or other marketing information, or by signing up to any initiatives, resources or programmes provided by us. We may also collect information about you through social media channels and other publicly accessible sources where such information is collected pursuant to our research and academic objectives. In such circumstances we have adopted procedures to ensure that such information is, where appropriate, anonymised or pseudonymised before it is processed any further.

The information we may collect, use, store and transfer about you includes the following:

  • name, username or similar identifier (such as social media handle), title and job title (“Identity Data”);
  • work contact details, address, email address and telephone number(s) (“Contact Data”);
  • bank account and payment card details (“Financial Data”);
  • passport information and other information necessary to book transport and accommodation on your behalf (“Travel Data”);
  • your preferences in receiving marketing from us and your communication preferences (“Marketing Data”).

As a visitor to our website, we may also automatically collect data about you such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website (“Technical Data”) as you interact with our website. We collect Technical data by using cookies and other similar technologies. Please refer to section 8 for further information regarding the cookies used on our website.

We have set out below a description of what personal data you may give us, the ways we use your personal data, and which of the legal bases we rely on to do so.

Purpose/Activity Type of Data Lawful basis for processing
To respond to an enquiry made by you (whether by phone/email/social media/ through the website or by other means) (a) Identity Data (b) Contact Data (c) Information submitted pursuant to your enquiry Necessary for our legitimate interests (to respond to your enquiry and provide you with the information requested regarding our organisation and the services we provide)
To provide you with our newsletter and/or other marketing information (a) Identity Data (b) Contact Data (c) Marketing Data Consent. If you subscribe to receive our newsletter and/or other marketing information but subsequently decide that you no longer wish to receive our newsletter and/or other marketing information, please see section 4 below
To provide you with information regarding, or access to, our initiatives, resources or programmes and to obtain feedback in respect of such initiatives, resources or programmes (a) Identity Data (b) Contact Data (c) Financial Data (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how our initiatives, resources and programmes are used and to improve such initiatives, resources and programmes)
To sign you up to attend and/or participate at our events (a) Identity Data (b) Contact Data (c) Financial Data (d) Travel Data Performance of a contract with you
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity Data (b) Contact Data (c) Technical Data (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To use data analytics to improve our website, customer relationships and experiences (a) Technical Data Necessary for our legitimate interests (to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To consider you for a vacancy (a) Identity Data (b) Contact Data (c) Information contained within your CV and application Necessary for our legitimate interests (for running and improving our business)
To undertake research in accordance with our charitable objectives. (a) Identity Data (b) Profile data such as opinions and affiliations linked to your social media accounts

In order to ensure this data is processed lawfully and transparently, the following procedures are followed by ISD:

  • Data collected from social media platforms is primarily accessed through the official application programming interface (API) of that platform, and stored and used in compliance with that API’s terms of service. Data is only collected from platforms which users have knowingly accessed and have consented to provide that platform with published data.
  • Any collected data is securely stored on a monitored server, accessible only to approved ISD staff. Data collected from social media sites is not stored for longer than is necessary.
  • ISD applies techniques in artificial intelligence to social media data in order to conduct research. We ensure that the reasons for applying these techniques, the methodology used to analyse data, and the conclusions drawn from our analysis are presented clearly and fully in each report.
  • ISD does not publish research based on personal data that is irrelevant to our research, nor is personal data shared with third parties without appropriate data protection safeguards. Most data published or shared with a third party is aggregated, anonymised or altered to prevent identification of a natural person.
  • Where possible, data published in the course of ISD’s research is aggregated, anonymised or altered to prevent identification of a natural person. An exception to this policy is when the user is publicly known to the extent that they would not reasonably expect their public social media posts to be private.
  • In the event that a data breach is discovered, ISD will act in accordance with the GDPR to ensure that any damage from a breach is minimised, including informing relevant supervisory authorities and acting to identify and resolve any security issues allowing the breach.
  • In order to respect the rights of data controllers to maintain control of their personal data, ISD will remove any personal data pertaining to an individual who requests such deletion. This includes taking reasonable measures to ensure that content deleted from social media platforms is also removed from datasets used by ISD.

If we require your information for the purposes of performing a contract with you and you fail to provide this information, or if the information you provide is not accurate, we may not be able to perform the contract we have or are trying to enter into with you. You warrant that any information you supply to us is accurate and up to date, that you will inform us if any such information requires updating, and that if you submit a third party’s details to us you have that third party’s permission to do so. We will not sell any of your personal data to any third party.

3. Third parties

We may share personal data about you:

  1. with third parties who are directly involved in dealing with any request or enquiry made by you;
  2. where such disclosure is required by law;
  3. with third parties who are providing us with professional advice;
  4. Where the disclosure is in connection with any criminal investigation, legal proceedings or prospective legal proceedings where permitted by law;
  5. where the disclosure is in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  6. where we are required to enforce our terms of use; or
  7. where we have stated or informed you otherwise (e.g. in this policy or on our website).

We may share our research, which may contain personal data, with ISD Germany, ISD US, and with other third parties we have engaged on a project where it is necessary for our legitimate interests (or those of a third party) and the data subjects’ interests and fundamental rights do not override those interests. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We will not pass on your personal data to any third party for the purpose of marketing unless we have obtained your consent to do so. We may also disclose your personal data to third parties in the event that we sell or buy any business or assets (in which case we may disclose your personal data to the prospective seller or buyer of such business or assets) or if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers and subscribers will be one of the transferred assets.

4. How do you stop marketing information being sent to you?

We will only send you our newsletter and/or other marketing information to you if you have opted in to receive them. If you have opted in to receive our newsletter and/or any other marketing information from us, you can ask that our newsletter and/or other marketing information is no longer sent to you by emailing us at [email protected] or clicking on the appropriate link in the footer of any of our marketing emails. It may take up to 15 days to remove you from our marketing lists.

5. Security and International Transfers

We will take all reasonable steps to protect your personal data. However, the Internet is global and no data transmitted via the Internet can be guaranteed by us to be completely secure during transmission. We cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default. It is possible that the information you provide to us will be temporarily transferred via a route outside the European Economic Area (EEA) as it passes between you and us. Third parties based outside the EEA may be involved in initiatives, resources or programmes you have signed up to and, where that is the case, their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA we will, subject to our comments below, ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. The transfer is to a third party located in a country that has been deemed to provide an adequate level of protection for personal data by the European Commission.
  2. The transfer is subject to use of a contract approved by the European Commission which gives personal data the same protection it has in Europe.

In the absence of an adequacy decision in respect of the relevant country, or appropriate safeguards as detailed above, we will not transfer your personal data outside of the EEA unless we have a lawful basis for doing so (for example, because you have explicitly consented to the proposed transfer).

6. Your rights

If you have given your consent to receive our newsletter and/or any other marketing information, you may withdraw your consent at any time. Please see section 4 above for further information on how to do this. You have a legal right to see a copy of the personal data that we keep about you, subject to certain exemptions. Requests for such information should be made by email to [email protected]. In some circumstances you may also have a right to:

  1. rectify or erase any personal data we hold about you;
  2. restrict our processing of your personal data;
  3. object to us processing your personal data;
  4. data portability in respect of your personal data.

In accordance with applicable data protection legislation, we follow security procedures when we process your personal data. We may therefore request proof of your identity before disclosing certain information to you or acting on any requests pursuant to this section 6. Please contact us at the above address if you have any reason to believe that information we hold about you is inaccurate.

7. How long do we retain your personal data?

We only retain your personal data for as long as we need it for the purpose for which is was collected. Whilst taking in to consideration our legal obligations, we will on an ongoing basis: review the length of time we retain your personal data; consider the purpose or purposes for which we hold your personal data for in deciding whether (and for how long) to retain it; securely delete your personal data if it is no longer needed for such purpose or purposes; and update, archive or securely delete your personal data if it goes out of date. Information on how long we retain certain data is set out below. Alternatively, please contact us at [email protected] for further information. If we are booking travel and/or accommodation on your behalf, your Travel Data will be retained until the conclusion of the relevant event you are attending and/or participating at. If you have opted-in to receive our newsletter and/or marketing information, you can opt out at any time. If you have signed up to one of our initiatives, resources or programmes, the length of time that we retain your personal data will depend on the relevant initiative, resource or programme.

8. Cookies

Our website uses “cookies” to ensure you receive the best possible visitor experience. Cookies are small files which are sent by a web server to an individual’s computer which are then stored on that computer’s hard drive. A cookie contains text, and is like an identification card which can only be translated by the server it originated from. Cookies cannot tell us information such as your email address, which we can only collect where you tell us, for example if you submit an enquiry to us. Our website uses the following cookies for the following purposes:

Google Analytics

Statistics

Usage

We use Google Analytics for website statistics. Read more

Sharing data

For more information, please read the Google Analytics Privacy Statement.

Statistics

Name
Expiration
2 years
Function
Store and count pageviews
Name
Expiration
1 day
Function
Store and count pageviews
Name
Expiration
1 minute
Function
Store a unique user ID
Name
Expiration
1 year
Function
Store and count pageviews

Stripe

Functional

Usage

We use Stripe for payment processing. Read more

Sharing data

For more information, please read the Stripe Privacy Statement.

Functional

Name
Expiration
1 year
Function
Provide fraud prevention
Name
Expiration
30 minutes
Function
Provide fraud prevention

WordPress

Functional

Usage

We use WordPress for website development. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
Expiration
session
Function
Read if cookies can be placed
Name
Expiration
persistent
Function
Store user preferences
Name
Expiration
persistent
Function
Store logged in users

MailChimp

Marketing

Usage

We use MailChimp for mailing list subscriptions. Read more

Sharing data

For more information, please read the MailChimp Privacy Statement.

Marketing

Name
Expiration
1 year
Function
Store if a message has been dismissed
Name
Expiration
1 month
Function
Store which page was visited first
Name
Expiration
Function
Name
Expiration
2 weeks
Function
Store and track the email campaign
Name
Expiration
2 weeks
Function
Store and track the email campaign

WooCommerce

Functional

Usage

We use WooCommerce for webshop management. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
Expiration
session
Function
Store items in shopping cart
Name
Expiration
1 day
Function
Store items in shopping cart
Name
Expiration
session
Function
Store performed actions on the website
Name
Expiration
session
Function
Store items in shopping cart
Name
Expiration
session
Function
Store performed actions on the website
Name
Expiration
persistent
Function

YouTube

Marketing

Usage

We use YouTube for video display. Read more

Sharing data

For more information, please read the YouTube Privacy Statement.

Marketing

Name
Expiration
session
Function
Store location data
Name
Expiration
6 months
Function
Provide ad delivery or retargeting
Name
Expiration
session
Function
Store and track interaction
Name
Expiration
8 months
Function
Store user preferences

Complianz

Functional

Usage

We use Complianz for cookie consent management. Read more

Sharing data

This data is not shared with third parties. For more information, please read the Complianz Privacy Statement.

Functional

Name
Expiration
365 days
Function
Store accepted cookie policy ID
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store anonymized statistics
Name
Expiration
365 days
Function
Read to determine which cookie banner to show
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store if a message has been dismissed
Name
Expiration
365 days
Function
Store if a message has been dismissed
Name
Expiration
365 days
Function
Store accepted cookie policy ID
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store if the cookie banner has been dismissed
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences

TikTok

Marketing

Usage

We use TikTok for video display. Read more

Sharing data

For more information, please read the TikTok Privacy Statement.

Marketing

Name
Expiration
session
Function
Store data on the performance of content
Name
Expiration
session
Function
Read if cookies can be placed
Name
Expiration
session
Function
Store if the user has seen embedded content
Name
Expiration
3 months
Function
Store if the user has seen embedded content
Name
Expiration
session
Function
Provide protection against hackers
Name
Expiration
session
Function
Provide protection against hackers
Name
Expiration
1 year
Function
Provide protection against hackers
Name
Expiration
1 year
Function
Store if the user has seen embedded content
Name
Expiration
1 year
Function
Store if the user has seen embedded content
Name
Expiration
1 year
Function
Store if the user has seen embedded content
Name
Expiration
session
Function
Store if the user has seen embedded content
Name
Expiration
session
Function
Store a unique session ID
Name
Expiration
session
Function
Store referring website
Name
Expiration
session
Function
Store if the user has seen embedded content
Name
Expiration
session
Function
Provide functions across pages
Name
Expiration
session
Function
Store if the user has seen embedded content
Name
Expiration
persistent
Function
Provide load balancing functionality
Name
Expiration
persistent
Function
Store a unique user ID
Name
Expiration
persistent
Function
Store a unique session ID
Name
Expiration
persistent
Function
Store first visit to the site
Name
Expiration
persistent
Function
Name
Expiration
persistent
Function
Store configuration
Name
Expiration
persistent
Function
Store configuration

Wistia

Statistics

Usage

We use Wistia for video display. Read more

Sharing data

For more information, please read the Wistia Privacy Statement.

Purpose pending investigation

Name
wistia
Expiration
Function

Statistics

Name
Expiration
persistent
Function
Store if the user has seen embedded content

CloudFlare

Functional

Usage

We use CloudFlare for content distribution network (CDN) services. Read more

Sharing data

For more information, please read the CloudFlare Privacy Statement.

Functional

Name
Expiration
30 minutes
Function
Read and filter requests from bots
Name
cf_clearance
Expiration
Function

PHP

Functional

Usage

We use PHP for website development. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
Expiration
Function
Provide functions across pages

Google Adsense

Marketing

Usage

We use Google Adsense for showing advertisements. Read more

Sharing data

For more information, please read the Google Adsense Privacy Statement.

Marketing

Name
Expiration
persistent
Function
Store and track conversions
Name
Expiration
persistent
Function
Provide ad delivery or retargeting

Adobe Fonts

Marketing

Usage

We use Adobe Fonts for display of webfonts. Read more

Sharing data

For more information, please read the Adobe Fonts Privacy Statement.

Marketing

Name
Expiration
expires immediately
Function
Read user IP address

Google Fonts

Marketing

Usage

We use Google Fonts for display of webfonts. Read more

Sharing data

For more information, please read the Google Fonts Privacy Statement.

Marketing

Name
Expiration
expires immediately
Function
Read user IP address

Facebook

Marketing, Functional

Usage

We use Facebook for display of recent social posts and/or social share buttons. Read more

Sharing data

For more information, please read the Facebook Privacy Statement.

Marketing

Name
Expiration
2 years
Function
Store last visit
Name
Expiration
1 year
Function
Store account details
Name
Expiration
3 months
Function
Store a unique session ID
Name
Expiration
3 months
Function
Provide ad delivery or retargeting
Name
Expiration
90 days
Function
Store logged in users
Name
Expiration
3 months
Function
Store and track visits across websites
Name
Expiration
2 years
Function
Provide fraud prevention
Name
Expiration
30 days
Function
Store a unique user ID
Name
Expiration
2 years
Function
Store browser details
Name
Expiration
1 year
Function
Store account details

Functional

Name
Expiration
1 week
Function
Read screen resolution
Name
Expiration
90 days
Function
Provide fraud prevention
Name
Expiration
session
Function
Store and track if the browser tab is active

Twitter

Functional, Marketing

Usage

We use Twitter for display of recent social posts and/or social share buttons. Read more

Sharing data

For more information, please read the Twitter Privacy Statement.

Functional

Name
Expiration
persistent
Function
Provide load balancing functionality

Marketing

Name
Expiration
persistent
Function
Store if the user has seen embedded content

Miscellaneous

Purpose pending investigation

Usage

Sharing data

Sharing of data is pending investigation

Purpose pending investigation

Name
tco_ui
Expiration
Function
Name
csLastPath
Expiration
Function
Name
passworkLocale
Expiration
Function
Name
CornerstonePane
Expiration
Function
Name
Expiration
Function
Name
cs_options_help_text
Expiration
Function
Name
tco_inspector-elements
Expiration
Function
Name
_hjSessionRejected
Expiration
Function
Name
loglevel
Expiration
Function
Name
debug
Expiration
Function
Name
wpEmojiSettingsSupports
Expiration
Function
Name
itsecPromoProUpgrade
Expiration
Function
Name
itsecBecomingSolid
Expiration
Function
Name
sbjs_migrations
Expiration
Function
Name
sbjs_current_add
Expiration
Function
Name
sbjs_first_add
Expiration
Function
Name
sbjs_current
Expiration
Function
Name
sbjs_first
Expiration
Function
Name
sbjs_udata
Expiration
Function
Name
sbjs_session
Expiration
Function
Name
ssLayersShown
Expiration
Function
Name
ssPanelHeight
Expiration
Function
Name
ssPanelTop
Expiration
Function
Name
ssPanelLeft
Expiration
Function
Name
cmplz_cookie_data
Expiration
365 days
Function

Most internet browsers allow you to prevent cookies being stored on your computer. Alternatively, you may be able to configure your browser to accept all cookies or to notify you when a cookie is offered by our server. You may also be able to delete all cookies currently stored on your web browser. Unless you change your browser settings you will automatically accept cookies from our website. We may also collect information about where you are on the Internet (e.g. the URL you came from, IP address, and domain types like .co.uk and .com), your browser type, the country where your computer is located, the pages of our website that were viewed during your visit and any search terms that you entered on our website. We will use this information to administer our website, for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes) and as part of our efforts to keep our website safe and secure. For further information about cookies and how they are used, please visit www.aboutcookies.org.

You can re-set your consent below:

9. What about third party websites that you can access via our website?

Our website contains links to other websites which are outside our control and are not covered by this Privacy and Cookies Policy. If you access other websites using the links provided, the operators of those websites may collect personal data from you which will be used in accordance with their respective privacy policies which you should read. We are not liable for the practices of such third party website operators in respect of your personal data. You acknowledge that any information that you post using our social media facilities will be viewable by anybody who visits those websites and that such information is also subject to the relevant provider’s privacy policy. You are advised to consult each such privacy policy to see how they will use your data.

ISD proudly complies with the requirements of the Cyber Essentials scheme