Cambridge Security Initiative


Privacy Policy


Privacy Policy

 

Compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Last updated: 30 October 2025 | Next review: October 2026

1. Introduction

The Cambridge Security Initiative (“CSi”, “we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you engage with us through our website or participate in our programmes and related activities. We comply fully with the UK GDPR and the Data Protection Act 2018.

2. Data Controller

Data Controller: Cambridge Security Initiative (CSi)

Registered Charity No. 1175201

Email: isioperations@thecsi.org.uk

Data Protection Officer (DPO): dataprotection@thecsi.org.uk

3. What Personal Data We Collect

  • Identity Data: name, title, date of birth, nationality.
  • Contact Data: email address, telephone number, postal address.
  • Professional and Academic Data: employment history, qualifications, institutional affiliations.
  • Financial Data: payment details relating to tuition fees or donations.
  • Technical Data: IP address, browser type, operating system, and cookies.
  • Usage Data: information about your interaction with our website and digital services.
  • Special Category Data: information relating to health or accessibility requirements, processed only with your explicit consent.

4. How We Use Your Data

We use personal data to:

  • Administer and deliver academic and professional programmes.
  • Manage event registrations and communications.
  • Process payments and other transactions.
  • Comply with legal and regulatory obligations.
  • Improve our services and website functionality.

Lawful bases for processing: Consent, Contract, Legal Obligation, and Legitimate Interests.

5. Data Retention

We retain personal data only as long as necessary for the purposes collected, in line with legal and operational requirements.

Category Retention Period
Programme participants Up to 3 years after completion
Donors and partners Up to 5 years after last engagement
Website and communications data Up to 2 years

After these periods, data will be securely deleted or anonymised.

6. Cookies and Online Tracking

Our website uses cookies to ensure proper functionality and to collect anonymised usage analytics.

  • Essential cookies enable core functionality.
  • Analytical cookies help us understand website performance.
  • Preference cookies remember user settings.

Non-essential cookies are used only with your consent. You may adjust cookie preferences in your browser or our Cookie Policy.

7. Sharing Your Data

We may share your personal data with:

  • Partner institutions involved in programme delivery.
  • Service providers offering IT, web, or administrative support.
  • Professional advisers (legal, financial, compliance).
  • Regulators or public authorities when legally required.

All third parties are required to handle personal data securely and in compliance with the UK GDPR.

8. International Data Transfers

If personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or an adequacy decision ensuring data protection compliance.

9. Your Rights

Under the UK GDPR, you have the right to:

  • Access your personal data.
  • Request correction of inaccurate data.
  • Request deletion (“right to be forgotten”).
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent at any time (where processing is based on consent).

To exercise these rights, contact us at isioperations@thecsi.org.uk. You may also lodge a complaint with the Information Commissioner’s Office (ICO).

10. Data Security

We employ appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or destruction, including encryption, secure servers, and restricted access.

11. Automated Decision-Making

CSi does not perform automated decision-making or profiling that produces legal or significant effects on individuals.

12. Children’s Data

Our programmes and services are intended for adults aged 18 and over. We do not knowingly collect data from minors, and any such data identified will be promptly deleted.

13. Changes to This Policy

We review this Privacy Policy regularly. Updates will be published on this page, and significant changes will be notified by email where appropriate.

14. Contact

For all data protection enquiries, please contact:

Cambridge Security Initiative (CSi)

Email: isioperations@thecsi.org.uk

Data Protection Officer: dpo@thecsi.org.uk

ICO website: www.ico.org.uk

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

© 2025 Cambridge Security Initiative. Registered Charity No. 1175201.