This statement details the British Council’s policy on data protection and privacy.

The British Council collects and uses certain types of personal information about people (data subjects) with whom it deals in order to operate. These include current, past and prospective employees, suppliers, students, visitors, and others with whom it communicates. Examples of personal information include names, photographs, contact details, gender, and age.

In addition, it may occasionally be required by law to collect and use certain types of personal information to comply with the requirements of government departments for business data (e.g. health and safety statistics). Personal information must be dealt with properly irrespective of how it is collected, recorded and used – whether on paper, electronically or recorded on other media. There are safeguards to ensure this in the United Kingdom’s Data Protection Act 1998 (the Act).

The British Council regards the lawful and correct treatment of personal information as important to successful operations, and to the maintenance of confidence between it and those with whom it deals. This policy will operate in all of the British Council’s offices both in the UK and overseas.

We will ensure that our staff and those acting on our behalf obtain, use and disclose personal information lawfully and correctly. To this end we fully endorse and adhere to the principles of data protection, as set out in the Act.

Specifically, the principles require that personal information shall:

• be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met
• be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
• be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed
• be accurate and, where necessary, kept up-to-date
• not be kept for longer than is necessary for that purpose or those purposes
• be processed in accordance with the rights of the individual under the Act
• have in place appropriate technical and organizational measures against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal information
• not be transferred to a country or territory outside the European Economic Area ( the countries of the European Union plus Norway, Liechtenstein and Iceland) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data or unless specific agreement has been sought from the individuals concerned.

The British Council will, through the use of appropriate and consistent management and application of controls:

• observe the conditions in the Act regarding the fair collection and use of information
• meet its legal obligations to specify the purposes for which personal information d is used, this information being set out in the British Council’s data protection notification particulars which can be found on the Information Commissioner’s website at www.dpr.gov.uk
• collect and process appropriate information, only to the extent that it is needed to fulfill our operational needs or to comply with a legal requirement
• ensure the quality and accuracy of information
• apply checks to determine the length of time information is held
• ensure that the rights of people about whom information is held, are able to be fully exercised under the Act
• take appropriate technical and organizational security measures to safeguard personal information
• ensure that personal information is not transferred outside the EEA without suitable safeguards or agreement from the individual.

The British Council will ensure that there is someone with specific overall responsibility for data protection. Currently, the nominated person is the Data Protection Officer who can be contacted at data.protection@britishcouncil.org.

The British Council will ensure that staff and external parties working on the Council’s behalf who manage and handle personal information understand that they are contractually responsible for following good data protection practice. Guidance for good data protection practice is provided in the Council’s data protection standards - contact data.protection@britishcouncil.org for further information on this.

The British Council will ensure that its staff are appropriately trained to handle personal information.

The British Council will ensure that anyone wanting to make enquiries about handling personal information knows what to do. The publication and distribution of this statement and Data Protection Standards will achieve this.

The British Council will regularly review the way it processes personal information in light of compliance with the Act.

Cookies

A cookie is a piece of data stored on a user's hard drive containing information about the user. We use cookies on our website to store passwords, so that it is not necessary to provide a password for every visit to our website. We also use cookies to track the interests of our users so that we can subsequently enhance their experience on our website.. Once you close your browser, the cookie is deactivated. If your browser rejects a cookie, you may still use our website.

IP addresses

We use IP addresses to analyze trends, administer the website, track users' movements, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This website contains links to other websites. Please note that we are not responsible for the privacy practices of other websites. This privacy statement applies solely to information collected by this website.

Security

We take all appropriate steps to protect your information both online and off-line. If you would like information on our security procedures please contact us at dataprotection@britishcouncil.org.

Correcting/updating personal information:

If your personal information changes or if you no longer wish to receive our service, please let us know and we will correct, update or remove your details. This can be done by contacting the office/department where you initially signed up for the service.

Your Consent

By using our website you consent to the collection and use of your personal information in the manner set out above. If we change or modify our privacy policy we shall post these changes on this page.