Privacy policy



This statement sets out how the Francis Crick Institute (the "Crick", "we" or "us") will use and protect your personal information.

We may gather data about you from your use of our website, if you apply for a position with us, when you visit or attend an event at the Crick, or if you contact or correspond with us.

This Privacy Notice applies to personal information which the Crick processes relating to people who have:

  • applied for a position with us;
  • agreed to receive marketing information from us;
  • have been invited to or taken part in Crick events;
  • accessed our website;
  • been tested by us for COVID-19.

It does not cover any personal information which we may process in the context of our research activities. Please contact our Data Protection Lead Dan Fitz at if you have any questions about our research activities.

Last updated

28 January 2022

Related information

Cookies statement

Terms and conditions

Contact us

Dan Fitz, General Counsel and Company Secretary

How the Crick may gather and use your personal information

Website visitors

We collect personal information about visitors to our website,, if they fill out a form on our website, participate in a survey or register for an event.

Our website places cookies (text files) on your computer which can identify your browser and automatically collect information about how you use our website.

We use the information provided by cookies to determine the number of people visiting our site. It also helps us to better understand how people find and use our website. With this information we can continually improve our website and service.

Please remember that if you use a link to go from our website to another website or if you request a service from a third party this Privacy Notice will no longer apply once you have left this website. Your browsing and interaction on any other website is subject to that website’s own rules and policies.

Our cookies store the following data:

  • time of visit, pages visited, and time spent on each page of the website
  • interactions with site-specific widgets
  • referring site details (such as the URL a user came through to arrive at the website)
  • type of web browser
  • type of operating system (OS)
  • flash version, JavaScript support, screen resolution, and screen colour processing ability
  • network location and IP address
  • document downloads
  • clicks on links leading to external websites
  • errors when users fill out forms
  • clicks on videos
  • 'scroll depth' (how far you scroll up or down on a page).

You will generally have to provide consent for cookies to be placed on your computer and for the use and storage of personal information relating to you provided by the cookies. You can withdraw your consent at any time by updating your cookie settings. In circumstances where consent is not needed for cookies to be placed on your computer (for example, where a cookie is needed for the operation of our website or for the provision of a service to you), the use and storage of any personal information provided by the cookies will be based on legitimate interests. The legitimate interests we are pursuing are the operation of our website and promotion of our research and activities.

Email subscribers

When you subscribe to emails from us, we will ask for your:

  • name
  • email address
  • content preferences so we can tailor messages better to your interests.

We will collect this information when you subscribe to our mailing lists. By subscribing to our mailing lists you will be automatically subscribed to receive email updates. Our use and storage of your personal information for email marketing is based on your consent. This means that you will only receive emails and information that you have asked to receive. You can withdraw your consent or change your email marketing preferences at any time, by following the 'unsubscribe' link on any of our emails or contacting us at

If you unsubscribe from our emails or withdraw your consent for us to contact you, we will store your information for a period of two years to ensure that you no longer receive emails from us.


When you apply for a position at the Crick we will collect recruitment information such as your CV, notes of interviews, decisions to offer employment, background information, security screening (and re-screening where necessary) and third party references, and the results of your criminal records check if applicable. 

Work experience

When you apply for a work experience placement at the Crick, we will collect information such as name, email address, address, date of birth, diversity information, education information and teachers' references.

Event attendees

When you register to attend one of our events (including via our third party provider, Eventbrite), we will ask for your:

  • name
  • email address
  • other relevant information as determined on an event-by-event basis, for example job title or work-related email address.

We will collect this information when you enrol to attend an event. Our use and storage of personal information is based on consent. We use personal information solely for the purposes of administering the event. We may need to share personal information with third party organisations where it is necessary to administer the event (for example, with an external venue).

We often take photographs at our events and those photos may be used on our website, social media, in our newsletters or other internal or external communications. Our use of photos in which you are clearly identifiable is based on your consent. If you are featured in a photo you will be asked to sign a consent form at the event. We will let attendees know if a photographer is present and you may appear in a general or crowd shot without us obtaining explicit consent. If you attend an event with a photographer and you don’t wish to be photographed, please speak to a member of Crick staff and we'll give you a sticker to wear - this lets the photographer know.

We may record your image on CCTV if you visit our institute. We use CCTV to protect our employees and our property.

Event attendees and NHS Test and Trace

If you are visiting our events space we will collect and keep a limited record of your information, so that we can support the NHS Test and Trace service and help prevent the spread of COVID-19. The Government has asked organisations to do this in order to keep our visitors and staff safe.

We may require you to pre-register to attend the event (including via our third party provider, EventBrite) or to complete a form on arrival. You can also check in by scanning the NHS QR code poster via your NHS COVID-19 app.

The following information will be collected:

  • name
  • contact phone number
  • email address 
  • date of visit
  • time of visit

The Crick as the data controller for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time we hold the information. If that information is requested by the NHS Test and Trace service (which is part of the Department for Health and Social Care), the service would at this point be responsible for compliance with data protection legislation for that period of time. NHS Test and Trace as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the Crick, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.

NHS Test and Trace, as part of its guidance, has recommended that we retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them. For example, if other visitors at the events space subsequently tested positive, NHS Test and Trace can request the log of visitor and staff details on a particular day.

Under Government guidance, the information we collect may include information which we would not ordinarily collect from you and which we therefore collect only for the purpose of contact tracing. Information of this type will not be used for other purposes, and NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). In addition, where the information is only collected for the purpose of contact tracing it will be destroyed by us 21 days after the date of your visit.

However, the Government guidance may also cover information that we would usually collect and hold onto as part of our ordinary dealings with you (perhaps, for example, your name and phone number). Where this is the case, this information only will continue to be held after 21 days and we will use it as we usually would, unless and until you tell us not to.

Your information will always be stored and used in compliance with the relevant data protection legislation. The use of your information is covered by the UK General Data Protection Regulations Article 6 (1) (f) – legitimate interests of the Crick. The legitimate interest in this case is the interest of the Crick in co-operating with NHS Test and Trace in order to help maintain a safe operating environment and to help fight any local outbreak of coronavirus.

Collection of information from or about children under the age of 18 requires the consent of their parent or guardian.


Data sharing

We use third party providers, for example to help to manage our email marketing or to help undertake pre-employment security screening checks. Some of these providers are based outside the UK or Europe (e.g. in the US) and so your personal information may be transferred to countries where the data protection and privacy laws do not offer the  same level of protection as the UK.

Where we use a provider based outside the UK, we will take steps to ensure appropriate safeguards are in place to protect your personal information . Please contact us if you would like more information about these safeguards.

Crick as a COVID-19 testing facility

Crick coworker testing

We aim to ensure that we maintain a safe and healthy working environment for co-workers working at 1 Midland Road (“the Building”) Because of the current pandemic, we now require all persons, including staff, who access the Building to undergo regular testing for COVID-19. The Crick will carry out the testing.

If you undergo testing, we will collect the following personal data about you:

  • name
  • date of birth;
  • phone number;
  • email address;
  • address;
  • sex;
  • NHS number;
  • a sample or combination of samples, e.g. nose and throat swab.

We carry out this testing under the lawful basis of legitimate interest. 

We will share your test results with Public Health England. If you test positive our HR team will ask you for the locations within the building and the names of the individuals you have been in contact with for more than 15 minutes and within less than 2m. Those individuals will be notified that they’ve been in close contact.

If you are undergoing testing at the Crick and have any questions about your data, please email

Wellcome Trust and Wellcome Sanger Institute testing

The Crick is assisting Wellcome and Sanger in setting up a self-swab testing programme for individuals returning to work in Wellcome’s and Sanger's buildings. The Crick will carry out the testing.

If you undergo testing, to carry out our obligations under our contracts with Wellcome and Sanger and the information and services they request, we will collect the following personal data about you:

  • name
  • date of birth;
  • phone number;
  • email address;
  • address;
  • sex;
  • NHS number;
  • a sample or combination of samples, e.g. nose and throat swab.

The Crick will only use this data for the purposes of performing a COVID-19 diagnostic test. The Crick will share this data and results with either Wellcome or Sanger (your sample source). We will share all test results with Public Health England.

Your rights

If we process your personal data, you have a number of rights. You may request a copy of the personal data we hold about you and you may object to our processing of it including where we use it for direct marketing. You can also ask us to rectify it, restrict the way in which we process it or erase it from our records. You have the right to access your personal data and details of how we process it.

Where we use or store personal information relating to you, you have the following rights:

  • the right to be informed personal information relating to you is being used or stored (which is what this privacy notice is for)
  • the right to access personal information relating to you which we use or hold
  • the right to object to direct marketing (by using the unsubscribe button on our emails)
  • the right to object to processing carried out on the basis of legitimate interests
  • the right to erasure of information relating to you that we use or hold (only in some circumstances)
  • the right of data portability
  • the right to have your data rectified if its inaccurate
  • the right to have your data restricted or blocked from processing.

Where we use your information for a specific purpose on the basis of consent you have the right to withdraw consent for that purpose at any time. 

If you believe your data protection rights have been breached, you may have the right to claim compensation if you have suffered damage as a result.

Please be aware that these rights are not always absolute and there may be some situations in which you cannot exercise them or they are not relevant. To help you understand how they work, we have provided link to the Information Commissioner's Office's guidance on each of the rights.

Our policy is only to retain information for as long as it is required for the purpose or purposes for which we use it. We will determine how long to retain different data based on the following requirements:

  • how long the information is needed for;
  • the purpose or purposes it is used for;
  • legal and regulatory requirements.

We do not make use of automated decision making or profiling.

Security of information

We ensure there are appropriate technical and organisational controls in place to protect your personal details. Our network is protected and routinely monitored.


You can contact us at any time using the details below if you have any queries or concerns about how the Crick handles personal information.

If we are unable to resolve your concerns about our handling of personal information, you have the right to complain to the Information Commissioner's Office.

Contact details

Please read this notice carefully and contact us if you have any queries by emailing us at:

Or by writing to: General Counsel, The Francis Crick Institute, 1 Midland Road, London NW1 1AT

This privacy notice may change from time to time so we recommend that you review it periodically.

We will place any updates on this webpage.

Sign up for our newsletters

Join our mailing lists to receive updates about our latest research and to hear about our free public events and exhibitions.  If you would like to find out more about how we manage your personal information please see our privacy policy.