This statement sets out how the Francis Crick Institute (the "Crick", "we" or "us") will use and protect your personal information.
We may gather data about you from your use of our website, if you apply for a position with us, when you visit or attend an event at the Crick, or if you contact or correspond with us.
This Privacy Notice applies to personal information which the Crick processes relating to people who have:
It does not cover any personal information which we may process in the context of our research activities. Please contact our Data Protection Lead Dan Fitz at data-protection@crick.ac.uk if you have any questions about our research activities.
28 January 2022
Dan Fitz, General Counsel and Company Secretary
We collect personal information about visitors to our website, www.crick.ac.uk, if they fill out a form on our website, participate in a survey or register for an event.
Our website places cookies (text files) on your computer which can identify your browser and automatically collect information about how you use our website.
We use the information provided by cookies to determine the number of people visiting our site. It also helps us to better understand how people find and use our website. With this information we can continually improve our website and service.
Please remember that if you use a link to go from our website to another website or if you request a service from a third party this Privacy Notice will no longer apply once you have left this website. Your browsing and interaction on any other website is subject to that website’s own rules and policies.
Our cookies store the following data:
You will generally have to provide consent for cookies to be placed on your computer and for the use and storage of personal information relating to you provided by the cookies. You can withdraw your consent at any time by updating your cookie settings. In circumstances where consent is not needed for cookies to be placed on your computer (for example, where a cookie is needed for the operation of our website or for the provision of a service to you), the use and storage of any personal information provided by the cookies will be based on legitimate interests. The legitimate interests we are pursuing are the operation of our website and promotion of our research and activities.
When you subscribe to emails from us, we will ask for your:
We will collect this information when you subscribe to our mailing lists. By subscribing to our mailing lists you will be automatically subscribed to receive email updates. Our use and storage of your personal information for email marketing is based on your consent. This means that you will only receive emails and information that you have asked to receive. You can withdraw your consent or change your email marketing preferences at any time, by following the 'unsubscribe' link on any of our emails or contacting us at info@crick.ac.uk.
If you unsubscribe from our emails or withdraw your consent for us to contact you, we will store your information for a period of two years to ensure that you no longer receive emails from us.
When you apply for a position at the Crick we will collect recruitment information such as your CV, notes of interviews, decisions to offer employment, background information, security screening (and re-screening where necessary) and third party references, and the results of your criminal records check if applicable.
When you apply for a work experience placement at the Crick, we will collect information such as name, email address, address, date of birth, diversity information, education information and teachers' references.
When you register to attend one of our events (including via our third party provider, Eventbrite), we will ask for your:
We will collect this information when you enrol to attend an event. Our use and storage of personal information is based on consent. We use personal information solely for the purposes of administering the event. We may need to share personal information with third party organisations where it is necessary to administer the event (for example, with an external venue).
We often take photographs at our events and those photos may be used on our website, social media, in our newsletters or other internal or external communications. Our use of photos in which you are clearly identifiable is based on your consent. If you are featured in a photo you will be asked to sign a consent form at the event. We will let attendees know if a photographer is present and you may appear in a general or crowd shot without us obtaining explicit consent. If you attend an event with a photographer and you don’t wish to be photographed, please speak to a member of Crick staff and we'll give you a sticker to wear - this lets the photographer know.
We may record your image on CCTV if you visit our institute. We use CCTV to protect our employees and our property.
If you are visiting our events space we will collect and keep a limited record of your information, so that we can support the NHS Test and Trace service and help prevent the spread of COVID-19. The Government has asked organisations to do this in order to keep our visitors and staff safe.
We may require you to pre-register to attend the event (including via our third party provider, EventBrite) or to complete a form on arrival. You can also check in by scanning the NHS QR code poster via your NHS COVID-19 app.
The following information will be collected:
The Crick as the data controller for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time we hold the information. If that information is requested by the NHS Test and Trace service (which is part of the Department for Health and Social Care), the service would at this point be responsible for compliance with data protection legislation for that period of time. NHS Test and Trace as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the Crick, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
NHS Test and Trace, as part of its guidance, has recommended that we retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them. For example, if other visitors at the events space subsequently tested positive, NHS Test and Trace can request the log of visitor and staff details on a particular day.
Under Government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing it will be destroyed by us 21 days after the date of your visit.
However, the Government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.
Your information will always be stored and used in compliance with the relevant data protection legislation. The use of your information is covered by the UK General Data Protection Regulations Article 6 (1) (f) – legitimate interests of the Crick. The legitimate interest in this case is the interest of the Crick in co-operating with NHS Test and Trace in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.
Collection of information from or about children under the age of 18 requires the consent of their parent or guardian.
We use third party providers, for example to help to manage our email marketing or to help undertake pre-employment security screening checks. Some of these providers are based outside the UK or Europe (e.g. in the US) and so your personal information may be transferred to countries where the data protection and privacy laws do not offer the same level of protection as the UK.
Where we use a provider based outside the UK, we will take steps to ensure appropriate safeguards are in place to protect your personal information . Please contact us if you would like more information about these safeguards.
We aim to ensure that we maintain a safe and healthy working environment for co-workers working at 1 Midland Road (“the Building”) Because of the current pandemic, we now require all persons, including staff, who access the Building to undergo regular testing for COVID-19. The Crick will carry out the testing.
If you undergo testing, we will collect the following personal data about you:
We carry out this testing under the lawful basis of legitimate interest.
We will share your test results with Public Health England. If you test positive our HR team will ask you for the locations within the building and the names of the individuals you have been in contact with for more than 15 minutes and within less than 2m. Those individuals will be notified that they’ve been in close contact.
If you are undergoing testing at the Crick and have any questions about your data, please email data-protection@crick.ac.uk.
The Crick is assisting Wellcome and Sanger in setting up a self-swab testing programme for individuals returning to work in Wellcome’s and Sanger's buildings. The Crick will carry out the testing.
If you undergo testing, to carry out our obligations under our contracts with Wellcome and Sanger and the information and services they request, we will collect the following personal data about you:
The Crick will only use this data for the purposes of performing a COVID-19 diagnostic test. The Crick will share this data and results with either Wellcome or Sanger (your sample source). We will share all test results with Public Health England.
If we process your personal data, you have a number of rights. You may request a copy of the personal data we hold about you and you may object to our processing of it including where we use it for direct marketing. You can also ask us to rectify it, restrict the way in which we process it or erase it from our records. You have the right to access your personal data and details of how we process it.
Where we use or store personal information relating to you, you have the following rights:
Where we use your information for a specific purpose on the basis of consent you have the right to withdraw consent for that purpose at any time.
If you believe your data protection rights have been breached, you may have the right to claim compensation if you have suffered damage as a result.
Please be aware that these rights are not always absolute and there may be some situations in which you cannot exercise them or they are not relevant. To help you understand how they work, we have provided link to the Information Commissioner's Office's guidance on each of the rights.
Our policy is only to retain information for as long as it is required for the purpose or purposes for which we use it. We will determine how long to retain different data based on the following requirements:
We do not make use of automated decision making or profiling.
We ensure there are appropriate technical and organisational controls in place to protect your personal details. Our network is protected and routinely monitored.
You can contact us at any time using the details below if you have any queries or concerns about how the Crick handles personal information.
If we are unable to resolve your concerns about our handling of personal information, you have the right to complain to the Information Commissioner's Office.
Please read this notice carefully and contact us if you have any queries by emailing us at: data-protection@crick.ac.uk.
Or by writing to: General Counsel, The Francis Crick Institute, 1 Midland Road, London NW1 1AT
This privacy notice may change from time to time so we recommend that you review it periodically.
We will place any updates on this webpage.
