Cambridge Security Initiative


Privacy Policy


 Introduction

The Cambridge Security Initiative is committed to protecting the privacy and security of personal data. This Privacy Policy explains the types of personal data we may collect about you when you interact with us. It also explains how we store and handle that data and keep it safe.

‘Personal data’ is information relating to you as a living, identifiable individual.

‘Processing’ your data includes various operations that may be carried out on your data, including collecting, recording, organising, using, disclosing, storing, and deleting it.

The law requires us:

To process your data in a lawful, fair, and transparent way;

To only collect your data for explicit and legitimate purposes;

To only collect data that is relevant, and limited to the purpose(s) we have told you about;

To ensure that your data is accurate and up to date;

To ensure that your data is only kept as long as necessary for the purpose(s) we have told you about;

To ensure that appropriate security measures are used to protect your data.

The following sections will answer any questions you have, but if not, please contact us.

We will likely need to update this Privacy Policy from time to time, and you are welcome to come back and check this at any time or contact us by any of the means shown below.

1. What is The Cambridge Security Initiative?

The Cambridge Security Initiative (CSi) is a charitable organization (Charity Reg No. 1175201), the objects of which are to advance education in relation to international security and intelligence issues. CSi runs several programmes: a 4-week academic summer programme, The International Security and Intelligence Programme (ISI) and CSi Conference, and a 2-week academic programme for professionals, International Security and Intelligence Professional Programme (ISI-Pro).

2. Explaining the legal basis we rely on

The law on data protection sets out a number of different reasons or conditions for which an organisation may collect and process your personal data. When collecting your personal data, we will always make clear to you which data is necessary for each purpose. Most commonly, we will process your data on the following lawful grounds:

Consent

In specific situations, we can collect and process your data with your consent. The use of consent will generally be limited to circumstances in which we need to collect and process special category data and where no other legal basis is applicable, for example, medical information in relation to requests for support in respect of a disability or counselling services, and nationality information in support of a student’s visa application. The minimum age limit for participants of ISI is 18 years. The minimum age limit to be considered for employment by the CSI, or otherwise interacting with the CSi in ways that would involve the collection of personal data, is 18 years. We may also rely on your consent to send you electronic communications detailing certain events and opportunities which we consider may be of interest to you.

Contractual Obligations
In certain situations, we need your personal data to fulfill our contractual duties. For example, course applicants and students must provide personal information so we can process their applications, manage students during the course, and offer other support and domestic services. Likewise, job applicants and employees need to supply details about their qualifications, and we will process their bank information to make payments.
Legal Compliance
If required by law, we may need to collect and process your data. This could include employment information for reporting earnings to tax authorities or proof of student attendance to meet visa requirements.
We might also share personal data with law enforcement and similar agencies to fulfill our legal obligations under UK and international laws, such as Safeguarding and Prevent in the UK, or to assist in investigating fraud or other criminal activities affecting the Cambridge Security Initiative.

Legitimate Interests

In specific situations, we will process your data to achieve legitimate interests, aims, and objectives as an organisation. For example, we will keep records of ISI alumni and associates of the Cambridge Security Initiative so we can keep you informed and invite you to events that we consider will be of interest to you. We will keep donors and supporters informed of new developments that you might wish to support. Where we do so, that processing will be carried out with appropriate safeguards, and in a manner that respects your rights, freedoms, and interests. We may also use your data, typically in an emergency, where this is necessary to protect your vital interests or someone else’s vital interests.

Special category data

‘Special categories’ of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. We aim to collect and process special category data as little as possible. Generally, we will only collect information on your health where we are legally obliged or in order to keep you safe. This is to uphold our duty of care and to ensure the safeguarding of students, applicants, employees, delegates, and visitors. Other special categories of data may be revealed to us by students during the course of their studies.

The Special Categories of personal data consist of data revealing:

racial or ethnic origin;

political opinions;

religious or philosophical beliefs;

trade union membership.

They also consist of the processing of:

genetic data;

biometric data (e.g., fingerprints) for the purpose of uniquely identifying someone;

data concerning health;

data concerning someone’s sex life or sexual orientation.

We may process special categories of personal data in the following circumstances:

With your explicit written consent; or

Where it is necessary in the substantial public interest, and further conditions are met;

Where the processing is necessary for archiving purposes in the public interest, or for scientific or historical research purposes, or statistical purposes, subject to further safeguards for your fundamental rights and interests specified in law;

Where there is a legal obligation.

Further legal controls apply to data relating to criminal convictions and allegations of criminal activity. We may process such data on the same grounds as those identified for “special categories” referred to above.

3. When we collect your personal data:

Data that we collect includes names, contact details, medical and financial information, education, qualifications and references, passport details and nationality, awards and achievements, and is collected during various periods and interactions. The data collection could be in electronic or paper format.

We will collect your data:

When you are a student of ISI;

When you apply to ISI or request information;

When you are an alumnus/alumna of ISI or a supporter of The Cambridge Security Initiative;

When you are an employee of The Cambridge Security Initiative, or an applicant for a vacancy;

When you have a formal association with The Cambridge Security Initiative, which is not one of employment;

When you are employed by The Cambridge Security Initiative as a contractor;

When you visit The Cambridge Security Initiative as a speaker, delegate, researcher, or as a guest at a conference or event;

When you communicate or engage with The Cambridge Security Initiative by letter, email, or other means, including social media, and

When you access or engage with our website.

Often, we receive your personal data directly from you. In addition, we may receive data from your university, employer, or other third parties. We may also produce personal data relating to you in the course of our relationship with you.

4. How and why we collect your personal data

The Cambridge Security Initiative collects personal data in order to manage its functions as a charity, to provide agreed courses of study, to manage personnel and to fulfil legal and other obligations.

For example:

Copies of passports, right to work, and visa information may be collected by us to enable us to comply with UK Immigration and Visa requirements;

Financial data, such as student loan references, account numbers and sort codes, NI number, tax codes and payments information are collected by us to enable us to manage accounts, fees and payroll;

Information that you provide to us about any disabilities or health conditions you have, and about your age, ethnicity, gender, religion and belief, and/or sexual orientation may be used for equality monitoring purposes, as well as to fulfil our obligations to make reasonable adjustments pursuant to our legal obligations under the Equality Act 2010;

When you visit our website, we may collect your IP address, page visited, web browser, any search criteria entered, previous web page visited, and other technical information. This information is used for web server monitoring and to deliver the best visitor experience;

We may collect your social media username if you interact with us through those channels, to help us respond to your comments, questions, and feedback;

When we interact with you, we may also collect notes from our conversations with you, and details of any complaints or comments you make.

Our use of cookies

We use cookies on our website, which track your activity when you visit our website. We use the information gathered to improve our website and user experience. Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. If you would prefer to restrict, block, or delete cookies from us, or indeed any other website, you can use your browser preferences to do so. If you wish to opt out of all Google Analytics tracking, then you can do so here.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see which cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

5. What are your rights over your personal data?

Subject to certain conditions and exceptions set out in UK data protection law, you have:

The right to request access to a copy of your data, as well as to be informed of various information about how your data is being used;

The right to have any inaccuracies in your data corrected, which may include the right to have any incomplete data completed;

The right to have your personal data erased in certain circumstances;

The right to have the processing of your data suspended, for example if you want us to establish the accuracy of the data we are processing;

The right to receive a copy of data you have provided to us, and have that transmitted to another data controller (for example, another University or College);

The right to object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing;

The right to object to the processing of your information if we are relying on a ‘legitimate interest’ for the processing or where the processing is necessary for the performance of a task carried out in the public interest. The lawful basis for any particular processing activity we carry out is set out in our detailed table of processing activities, which we will provide on request;

The right to object to any automated decision-making about you which produces legal effects or otherwise significantly affects you;

Where the lawful basis for processing your data is consent, you have the right to withdraw your consent at any time. When you tell us you wish to exercise your right, we will stop further processing of such data. This will not affect the validity of any lawful processing of your data up until the time when you withdraw your consent. You may withdraw your consent by contacting The Cambridge Security Initiative’s Data Protection Officer using the contact details below.

Some of these rights are not automatic, and we reserve the right to discuss the basis of your request with us before taking action. Further guidance on your rights is available from the Information Commissioner’s Office. You may also wish to contact The Cambridge Security Initiative if you are considering how or whether to exercise your rights.

You have the right to complain to the UK’s supervisory office for data protection, the Information Commissioner’s Office if you believe that your data has been processed unlawfully. To protect the confidentiality of your information and the interests of the Cambridge Security Initiative, we will ask you to verify your identity before proceeding with any request to exercise the above rights. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to request such information.

6. Data retention

Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected. Retention periods may increase as a result of changes in legislation and in the circumstances of legal proceedings, it may be necessary to suspend the deletion of personal data. At the end of the retention period, your data may be deleted completely, put beyond use or anonymised.

We may retain anonymised statistical data indefinitely to enable us to report on such matters as diversity and equality, or the incidents of complaints. Anonymous data is no longer personal data, and as such is not subject to data protection legislation requirements. For your security, we use all appropriate organisational and technical security controls to safeguard your data.

7. Sharing your data

We do not, and will not, sell your data to third parties. We will only share it with third parties if we are allowed or required to do so by law. Where information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the relevant purpose.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies and are only permitted to process your personal data for specific purposes in accordance with our instructions.

8. Protecting your data outside the EEA

Occasionally, we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA). The EEA includes all EU Member countries as well as Iceland, Liechtenstein, and Norway.

We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA, but we will only do so if an adequacy decision of the European Commission is in place, or appropriate data protection safeguards have been put in place, or it is otherwise lawful to transfer the data. For example, this might be required when we store data in a Cloud Service or engage international firms to carry out data processing activities on our behalf.

9. The use of personal data for marketing purposes

We will only send you electronic communications where we have your consent. In relation to other marketing activities, including postal and telephone communications, and analysis or profiling of contacts to ensure appropriate messages are provided, we have a legitimate interest in carrying out these activities and do so with appropriate consideration of and regard for your rights. You are free to opt out of hearing from us at any time. You can stop communications from The Cambridge Security Initiative by contacting us using the information below.

10. How to complain about our processing of your data

If you feel that your data has been handled incorrectly or you are unhappy with the way we have dealt with your query regarding the way we use your personal data, you have the right to complain to the Information Commissioner’s Office (ICO), which regulates the use of information in the UK.

You can call them on 0303 123 1113 or go online to www.ico.org.uk/concerns

If you are based outside the UK, you have the right to complain to the relevant data protection supervisory authority in your country.

If you would like to discuss any aspect of this policy or the way The Cambridge Security Initiative processes your information, please contact The Cambridge Security Initiative at isioperations@thecsi.org.uk.

 

This version of the Privacy Policy was confirmed on October 3, 2025.