1. Introduction

    1. We, the OpenBright Foundation (‘OpenBright’ or ‘the Foundation’) are committed to protecting your privacy and personal information. Personal information relating to you from which you can be identified that we collect or which you provide is called personal data (‘Personal Data’)
    2. This privacy policy (‘Privacy Policy’) tells you about the Personal Data we collect; how we handle or process such Personal Data and who we may share it with. This Privacy Policy also provides information on your legal rights in relation to your Personal Data.
    3. We collect and process your Personal Data in accordance with applicable law. This includes, without limitation, the UK Data Protection Act 2018 (‘DPA’) and other applicable UK laws that regulate the collection, processing and privacy of your Personal Data (together, ‘Data Protection Law’).  

  2. Personal Data we collect

    1. OpenBright collects information about you when you use our website, for example information facilitated by the use of ‘cookie‘ technology. ‘Cookies’ are designed to enhance your online visit and permit you to access the full service within the website.
    2. We will collect, store and process information about you if you voluntarily provide us with information when you complete the contact form or online application form. The Personal Data we collect includes your name, email address and information about your course of study and your research proposal. We may also collect Personal Data which you otherwise provide to us from time to time, for example, during a telephone call, email communication or social media message.

  3. How we use your Personal Data

    We may use your Personal Data for one or more of the following purposes:
    1. to find out more about use of our website and make improvements;
    2. to communicate with you (at your request); 
    3. to process and evaluate grant applications;
    4. to administer grants; 
    5. to enforce and/or defend any of our legal claims or rights; and/or
    6. for any other purpose required by applicable law, regulation, the order of any court or regulatory authority.

  4. The lawful grounds on which we collect and process your Personal Data

    1. We process your Personal Data for the above purposes relying on one or more of the following lawful grounds:

      1. where you have freely provided your specific, informed and unambiguous consent for particular purposes; 
      2. where we need to perform obligations under a grant agreement with you, or to take steps at your request before entering into a grant agreement; 
      3. where we need to use your Personal Data for legitimate purposes relevant to us being able to assess grant applications, award grants, administer the Foundation, keep records of its work and respond to queries and communications it receives. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your other legal rights and freedoms and, in particular, your right of privacy; 
      4. where we need to protect your vital interests or those of someone else (such as in a medical emergency); and/or
      5. where we need to collect, process or hold your Personal Data to comply with a legal obligation.

  5. Who we share your personal information with

    Information you share with us will be kept confidential. Other than that, we may disclose certain information about you as follows:
    1. Third Parties – Your personal data may be shared with our suppliers and those we work with who help us run our activities and awards (‘Third Parties’). Those Third Parties may process your personal data on our behalf solely in accordance with our instructions and pursuant to a written contract. For example, we use suppliers for webhosting, email delivery, customer relationship management, web fonts and other services. We work with Third Parties such as universities to confirm your eligibility to receive a grant award. This is necessary for the purpose of performing our grant making and necessary for the purposes of our legitimate interests. When none of the above applies, we will seek your permission (consent) to share your personal data with a Third Party.
    2. Advisors – We may disclose your personal data to our professional advisors that are usually regulated by a competent authority (lawyers, accountants, etc.) where that proves necessary. This is necessary for the purposes of the legitimate interests that we pursue (that are to properly run our activities).
    3. Authorities – We may disclose your personal data to the court service or regulators or law enforcement agencies in connection with proceedings or investigations where we are legally compelled to do so. We would do this if we need to comply with a legal obligation or when in pursuit of our legitimate interests (that are to protect our organisation).

  6. Storing Personal Data

    1. We will maintain appropriate safeguards to ensure the security, integrity, accuracy and privacy of the Personal Data you have provided.
    2. We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot completely guarantee the security of all data sent to us (including Personal Data).
    3. Personal Data will be stored on our systems for as long as is necessary for the relevant activity, as required by law or as long as is set out in any relevant grant agreement you hold with us.

  7. International transfers

    1. Countries outside of the United Kingdom or European Economic Area (EEA) do not always offer the same levels of protection to your personal data as you enjoy here, so Data Protection Law generally restricts the transfer of personal data outside the UK (and EU/EEA) unless the destination country’s own laws protect personal data to standards approved under UK/EU law or there are other appropriate safeguards in place to protect such data.
    2. Your personal data will usually only be processed by us in the UK. If, in exceptional circumstances, we do send your personal data outside the UK or EEA, this will only be done with your consent or if there’s an applicable legal exemption. Otherwise, we will take appropriate measures to ensure that any personal data we send overseas is duly protected in accordance with Data Protection Law.

  8. Your rights

    Under Data Protection Law you have a number of important rights free of charge. In summary, those include rights to:

    1. access to your Personal Data and to certain other supplementary information that this Privacy Policy is already designed to address;
    2. require us to correct any mistakes in your Personal Data which we hold;
    3. require the erasure of Personal Data concerning you in certain situations;
    4. object at any time to processing of Personal Data concerning you for direct marketing;
    5. object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
    6. object in certain other situations to our continued processing of your Personal Data; and
    7. otherwise restrict our processing of your Personal Data in certain circumstances.

  9. Use of ‘cookies’ on our website

    1. Like many other websites, this website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. We use cookies to compile visitor statistics such as how many people have visited our website, what type of technology they are using (for example, Mac or Windows which helps to identify when our site isn’t working as it should for particular technologies), how long they spend on the site, what page they look at etc.

    2. This website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses ‘cookies’ to monitor how our website is being used so we can make improvements. Our use of Google Analytics requires us to pass to Google your IP address (but no other information) – Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. In particular, Google may use the data collected to contextualise and personalise the ads of its own advertising network. Related information:
      Google’s privacy policy
      How Google uses this information

    3. It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, we suggest consulting the ‘Help’ section of your browser or taking a look at the guidance on cookies published on the Information Commissioner’s Office website which covers commonly used browsers. Turning cookies off may result in a loss of functionality when using our website

  10. 16 or Under

    We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you access our website.

  11. Links to other websites

    This website may contain links to other websites run by other organisations. This Privacy Policy applies only to this website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. In addition, if you linked to this website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

  12. Accessing and updating your Personal Data

    The accuracy of your Personal Data is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: info@openbright.org.uk

  13. Queries and review of this Privacy Policy

    1. We may change this Privacy Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. 
    2. Any questions regarding this Privacy Policy or wish to make a further request relating to how we use your Personal Data as described above, please contact: info@openbright.org.uk 
    3. OpenBright keeps this Privacy Policy under regular review. This Privacy Policy was last updated in November 2021.