Logo

IMPACT

    Privacy Policy

    Last updated: 17th November 2025

    What this policy covers

    This Privacy Policy explains:

    • what personal data we collect when you visit this website or contact us
    • how and why we use your personal data
    • when we may share your personal data
    • how we keep your data safe and how long we keep it
    • your rights in relation to your personal data

    This policy applies only to this website. If you follow links to other sites, their own privacy policies will apply.

    3. What personal data we collect

    We may collect and process the following categories of personal data:

    3.1 Information you provide directly

    Contact form / email enquiries

    When you contact us via the “Contact Us” form or by email, we may collect:

    • Name
    • Email address
    • Organisation (if provided)
    • Any other information you choose to include in your message

    Mailing list / newsletter

    If you subscribe to our mailing list, we may collect:

    • Name
    • Email address
    • Your preferences (e.g. types of updates you wish to receive)

    3.2 Information collected automatically

    When you visit our website, we may automatically collect:

    • IP address
    • Browser type and version
    • Device type and operating system
    • Referring website
    • Pages viewed and the date/time of visits
    • Approximate location (country/region), where available

    This information may be collected through cookies and similar technologies (see our Cookies Policy for more details).

    4. How we use your personal data

    We may use your personal data for the following purposes:

    • To respond to your enquiries and provide information you request from us.
    • To send you updates about the IMPACT Study, events, publications, or related activities when you subscribe to our mailing list (and only with your consent where required).
    • To manage and improve our website, including monitoring usage, troubleshooting, and protecting against misuse or security threats.
    • To meet legal, regulatory, or reporting obligations, for example to our funders or oversight bodies (using aggregated or anonymised data wherever possible).

    We do not sell your personal data to third parties.

    5. Legal bases for processing (where applicable)

    Where data protection law applies , we rely on one or more of the following legal bases:

    • Consent: when you subscribe to our mailing list or consent to cookies that are not strictly necessary.
    • Legitimate interests: for responding to enquiries, managing the website, and improving our services, where these interests are not overridden by your rights and freedoms.
    • Legal obligation or public task: where we must retain or share information to meet legal, regulatory, or research governance requirements.

    6. Who we share your data with

    We may share your personal data with:

    • Research partners involved in the IMPACT Study, where necessary to respond to your enquiry or manage the project.
    • Service providers who support our website and IT infrastructure (for example, web hosting companies, mailing list providers, analytics providers). These providers act as data processors and are contractually required to protect your data and use it only in accordance with our instructions.
    • Funders and oversight bodies (such as ethics committees or sponsors) in aggregated or anonymised form where possible.
    • Regulators, law enforcement, or courts where required to comply with legal obligations or to protect our rights and the rights of others.

    Some of these recipients may be located outside your country. Where required by law, we take steps to ensure appropriate safeguards for international data transfers.

    7. How we keep your data secure

    We take appropriate technical and organisational measures to protect your personal data, including:

    • secure servers and hosting environments
    • restricted access to personal data on a need-to-know basis
    • password protection and, where applicable, encryption and secure connections (HTTPS)
    • regular updates to software and security patches

    8. How long we keep your data

    We retain personal data only for as long as necessary to fulfill the purposes described in this policy or to comply with legal, accounting, or reporting requirements. Retention periods may vary depending on:

    • the nature of your interaction (enquiry, mailing list, research contact)
    • regulatory or funder requirements
    • our research governance policies

    When data is no longer needed, we will securely delete or anonymise it.

    9. Your rights

    Depending on the data protection laws that apply in your country or region, you may have some or all of the following rights:

    • Right of access – to request a copy of the personal data we hold about you.
    • Right to rectification – to ask us to correct inaccurate or incomplete data.
    • Right to erasure – to request deletion of your personal data in certain circumstances.
    • Right to restrict processing – to ask us to limit how we use your data.
    • Right to data portability – to request a copy of your data in a commonly used format.
    • Right to object – to object to certain types of processing, including direct marketing.
    • Right to withdraw consent – where processing is based on consent, you can withdraw it at any time.

    To exercise any of these rights, please contact us at ieda.vargas@kcl.ac.uk, Seeromanie.harding@kcl.ac.uk, simon.anderson@cavehill.uwi.edu. We may need to verify your identity before responding.

    10. Changes to this Privacy Policy

    We may update this Privacy Policy from time to time, for example to reflect changes in our practices or in applicable laws. The “Last updated” date at the top of this page will be revised when changes are made.

    We encourage you to review this policy periodically to stay informed about how we protect your personal data.