1. What kind of information do we collect?
Sign-up details: If you register or sign up for a heat pump viewing in your area, events, newsletters or publications on the site, we will ask you for personal information such as your name, contact details including email address and occupation.
Feedback and surveys: We may also ask you for feedback about Nesta or to complete surveys.
Research: We may ask you to participate in research we are conducting and we may contact you to ask for further information about you or your experiences or opinions.
2. What do we do with information we collect and what is our legal basis for this?
Sign-up details: We will use your details to connect you with opportunities to go and view a working heat pump in your area. These details will be shared with independent third parties and the legal basis for us doing so will be your consent. You do not need to give us your details but, if you do not, we will not be able to facilitate a viewing of any heat pumps in your area. You can chose to withdraw your consent at any point and we will update our records accordingly.
If you sign-up for us to send you newsletters, publications and other information about Nesta, our partners and activities (see “Marketing” section below), we will use your personal information to send these to you. Our legal basis for doing this is your consent. You have the right to withdraw this consent at any time, as explained in the “Marketing” section below. If you are given the opportunity to sign-up, register for an event, or programme, or to create a personal profile through Facebook or Twitter, Facebook and Twitter will make your email address registered to your Facebook or Twitter account available to Nesta, and Nesta will use the email address to enable you to log in to the particular platform. Our legitimate interest in doing this is the use of third party platforms for business efficiency and ease of registration for users.
Third party processors: We may use third party platforms and processors to deliver newsletters, process applications, event registrations, tickets or publication sales, payments, surveys and feedback, and any request to update your data contact preferences. In using these third parties, we are pursuing our legitimate interest to use third party technology to achieve greater efficiency within our organisation. To balance our interests against yours, we enter into legally binding contractual arrangements with these third parties and take steps to ensure these third parties maintain appropriate technical and organisational measures to keep your personal information secure.
Feedback and surveys: If you agree to give us feedback or complete a survey, we will use the information to improve our work and activities. We usually use Alchemer to process surveys, and they only process your information on our instructions.
*Please note that no personal identifiable information is collected as part of the event feedback survey process.
Research: If you agree to take part in any research we will use your information for the purpose of that research project or programme. Full details of how your personal information will be used will be given to you at the time you agree to participate; this could include to inform the development of a new prize, project, programme or other initiative, being incorporated into reports or other research outcomes, and may include being publicly displayed on web pages relating to the particular research project or programme.
For all kinds of information collected: Please make sure that all personal details you provide are accurate and up to date, and let us know about any changes. Please get consent first before giving us anyone else’s information.
The nature of Nesta’s work means we often work in partnership with other organisations, however, we will not share your information with any other organisation unless we have your permission first, or we have a legitimate interest or legal requirement to do so (see section 5 below).
We may also use your information to carry out analysis and research to improve our publications, events and activities, customise our website and its content to your particular preferences, notify you of any changes to our website or to our activities that may affect you, to prevent and detect fraud and abuse, and to protect other users.
However you choose to engage with Nesta, we may retain your information for our own legitimate business interests for statistical analysis purposes, in order to review, develop and improve our business activities. In this situation, we will only keep any personal information if it is necessary to do so, and will always put in place appropriate technical and administrative safeguards, including where possible anonymising or minimising the personal information retained.
We use a third party to provide cloud based data security, storage and disaster recovery service to backup data that we hold.
3. How long will we keep your information for?
General principle: We will only keep any personal information that you provide to us for as long as is necessary to fulfil the purpose for which you gave us the information. We will securely delete information when it is no longer needed for that purpose, as explained in more detail below.
Events: If you opt to attend a viewing of a heat pump in your area, we will use your information for the purpose of facilitating that event and will only contact you for any other purpose if you have said we can. We will retain your personal information collected for the purpose of the event for 3 years for evaluation and business development purposes to help us understand our audience and reach, and to improve future events.
Consent: We keep records of consent, and any withdrawal of consent, on our files for as long as your personal information is being used in-line with that consent and for a period of 6 years after the consent is withdrawn (unless otherwise requested by you).
Research: If you agree to take part in any research your personal information will be kept for as long as it is of value to Nesta and the wider research community, and for as long as may be specified by any external research funder, patent law, legislative and other regulatory requirements. Research data shall be reviewed at least every 5 years to consider its continued value to Nesta, and personal data anonymised or pseudonymised where possible, unless to do so would affect the integrity of the research data and/or its outcomes, or its future value.To the extent that Personal Data arising from any research is embodied within a research report or other research outcome, it will be retained in perpetuity as part of the published materials.Research that supports the development of a prize, project, programme, publication or other research outcome, shall be kept for at least 5 years beyond publication or any other research outcome has been completed. If the research is funded or the subject of any other contract, your personal data may be kept for 6 years after the end of the contract or longer if the contract or funding agreement specifies, which could be up to 12 years after the contract ends.
Processing for statistical analysis purposes: This type of processing will only be undertaken whilst we retain your personal information in line with the principles explained above.
If you sign up to our mailing list we will use your details to keep you informed about latest news, blogs, programme updates, research, publications, event details, jobs and funding opportunities, and may request feedback, including our annual audience survey.
We use third party providers to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. We currently use Mailchimp, Salesforce and Eventsforce. Mailchimp and Salesforce servers are hosted in the U.S.A. All data entered onto Eventsforce is stored and managed in the UK. If you want to know more about how your information will be stored and processed see the privacy policies for SalesForce, MailChimp and Eventsforce.
If you no longer want to receive marketing communications from us, you can unsubscribe from our mailing list at any time by clicking the unsubscribe link, at the bottom of our emails or by emailing email@example.com detailing your name and email address. If you are given the opportunity to update your contact preferences in any email from us, this will link to a form hosted by Surveygizmo. If this function is not made available, please email us at the above address with your preference updates.
We use third party remarketing services to tailor advertising to you based upon your browsing history on this website, for more information see “Cookies” below.
5. Who else has access to your information?
We may share your information with our partners and companies who help us to operate this site, and, if you register to attend an event or indicate interest in any other activity detailed on the site, we may share your details with the companies/organisations and individuals who help us to fund, organise and operate the events, grant programmes and other activities. Our legal basis for doing this is to pursue our legitimate interest of being able to work collaboratively with other organisations to operate and administer the event, programme or activity. Some of these organisations may process your information in countries outside the UK, where data protection laws are not the same as in the UK. Rest assured that we will always ensure any transfer of your personal data for which we are responsible is subject to appropriate security measures to safeguard your personal data. Where transfers are necessary to countries where data protection has not yet been declared to be adequate, we rely on GDPR Article 49(1)(c) (as enacted into British law) for these transfers. Full details of these organisations, confirmation of where they would process your personal information, and details of the steps we have taken to safeguard your personal data will be provided as part of the online data collection process.
We may share your information within the Nesta group of companies, for the purposes of managing the event, grant or activity. Nesta currently provides all support and services for its subsidiary companies, therefore, our legal basis for sharing your information is to pursue the legitimate interests of shared resources and management reporting between the companies within the group. Our group companies (including the Behavioural Insights team and its own group) will not process your data outside the UK unless we notify you otherwise.
We may disclose your personal information to law enforcement or regulatory agencies if we are required to do so by law (in which case our legal basis for doing this is for compliance with a legal obligation), or to protect or defend ourselves or others against illegal or harmful activities (in which case, our legal basis for doing this is the pursuit of these legitimate interests).
This site uses a variety of types of cookies. Some are strictly necessary to enable you to move around the site or to provide certain basic features, such as logging into secure areas. There are no tracking cookies used on this website.
We take steps to protect your personal information and follow procedures designed to minimise unauthorised access or disclosure of your information. If you have a password for an account on this site, please keep this safe and do not share it with anyone else. You should also not allow anyone else to log in using your details. You are responsible for all activity on your account and must contact us immediately if you are aware of any unauthorised use of your password or other security breach.
8. Contacting us, exercising your rights and complaints
You are legally entitled to know what personal information we hold about you and how that information is processed, which includes the right to:
- ask us to correct any mistakes in your information which we hold
- ask us to delete your personal information
- ask us to stop using your personal information or restrict how we can use it, for example if you feel it is inaccurate or no longer needs to be used by Nesta
- to object to us using of your personal information
- to object to any automated decision making that we may do using your personal information
If you wish to know what information we hold about you, or wish to exercise any of your other rights as detailed above, or have any complaint about how we are using your personal information, then please email us using firstname.lastname@example.org or write to us at 58 Victoria Embankment London EC4Y 0DS UK and provide enough information to identify yourself (e.g. name and address or any registration details).
If our information is incorrect or out of date, please provide us with enough information to allow us to update it. If you want us to delete, restrict or stop using any information we hold about you, please specifically confirm the reasons why you are asking this. If you are unhappy with how we are using your information, again please explain to us the reasons and we will investigate the matter.
You can also write to the same address if you have a complaint about this policy.
If you are unhappy with how any data rights request or complaint has been dealt with you have the right to complain to the Information Commissioner:
- On the ICO website;
- By mail at Wycliff House, Water Lane, Wilmslow, Cheshire SK9 5AF, or
- By calling the helpline on 0303 123 1113.
Nesta, a company limited by guarantee registered in England and Wales with company number 7706036 and charity number 1144091.
Registered as a charity in Scotland number SC042833.
Registered office: 58 Victoria Embankment, London, EC4Y 0DS