1. Introduction

Prospero Space Fellowship (hereafter referred to as “we”, “us”, “our”) is registered in Scotland with company number SC725151. Our registered office (and correspondence address) is 64a Cumberland Street, Edinburgh, EH3 6RE, Scotland.

We are the data controller of the personal data that we collect from you when you provide personal data to us.

We are committed to safeguarding the personal data you provide to us through this website.

This Privacy Policy sets out how we collect and use your personal data and your rights in relation to that personal data.

2. Data Sources

We collect data from the following sources:

• from you directly when you contact us in writing, by email, in person, by telephone, through our website, at meetings with us or by any other method, including where you apply to join the Prospero Space Fellowship as a mentor or mentee;
• from other organisations which have referred you to us, for example, your university or employer;
• online public sources (such as LinkedIn) or registers.

We may additionally collected your personal data when you attend hosted events, such as the annual retreat, and when we add you to our mailing lists to receive news about us.

3. The personal data we may collect

We may collect the following types of personal data:

• your contact information– information that enables us to identify and contact you (e.g. name, address, email address and telephone number);
• identification information – e.g. passport details, information from a third-party AML check provider, Companies House information;
• your education and work experience – e.g. degree information and positions, roles and responsibilities;
• your use of our website– information about the pages you look at and how you use them;
• correspondence between us – this will include letters and emails, SMS and other electronic communication and may in some cases include an audio recording of telephone conversations;
• your IP address information – your computer’s IP address allows us to track your usage of our website.

We do not expect to collect any special category personal data from you. If any such collection becomes necessary for you to take part in any programme we run we will inform you in writing as to how that personal data will be processed by us.

4. Using your personal data

We only ever use your personal data if and to the extent that applicable law allows.

Therefore, we will only process your personal data if:

• it is necessary for the performance of a contract with you or the organisation you work for;
• it is necessary in connection with a legal obligation;
• you have given your consent (where necessary) to such use or the organisation you work for has obtained your consent (where necessary) to share your personal data with us; or
• if we (or a third party) have a legitimate interest which is not overridden by your interests or your rights and freedoms. Such legitimate interests include operating the Prospero Space Fellowship and connecting mentors and mentees, and internees (and potential internees) with companies offering internships.

Please note, therefore, that we may use your personal data to:

• comply with our legal obligations;
• deliver services to you and/or the organisation for whom you work;
• run our business (e.g., carry out administrative or operational processes);
• improve the services and products that we offer to you or the organisation for whom you work;
• to operate the Prospero Space Fellowship in accordance with its stated aims (as set out on our website);
• send you marketing materials and invite you to events (where any relevant consents have been given); or
• process and respond to requests, enquiries or complaints received from you.

5. Keeping your personal data

We will only ever keep personal data about you for as long as is necessary to address the purpose for which it was collected. This includes complying with any legal, regulatory, accounting or reporting requirements. To find out more about our personal data retention and destruction policy, please contact us.  We will review your personal data periodically (usually annually) to ensure it is still necessary to be retained for the purpose for which it was collected.

6. Sharing your personal data with third parties

There are times when we may need to share your personal data with third parties. Those third parties may include:

• companies with whom you may have acquired an internship;
• individuals with whom you may have a mentor or mentee relationship;
• government agencies and other similar regulatory and official third parties; and
• those who provide services on our behalf and may need access to your information, for example an IT supplier may have access to your personal data when providing IT support or hosted cloud services, or a mailing company may process the personal data of our contacts for us.

We may also share your personal data with third parties where:

• we have your consent to doing so or the organisation for whom you work has consented for us to do so;
• we have appropriate contractual arrangements in place with those third parties (including our professional advisers and auditors and suppliers to whom we outsource certain support services such as word processing);
• we are under a legal, regulatory or professional obligation to do so (for example, to comply with anti-money laundering requirements);
• we transfer the administration or operation of the programme we operate to a third party; or
• it is appropriate to disclose the information to parties with whom we have promotional arrangements (such as the annual retreat), and we have your consent to do so.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

Please note that we will never send marketing communications via SMS or call you without your specific consent, and we will not pass on or sell your details to a third party.

7. Transferring your personal data internationally

If the operation of the programme requires us to transfer your personal data outside of the United Kingdom we will ensure that any such transfer is subject to relevant data protection laws and appropriate mechanisms to ensure a similar degree of protection is afforded to it, including for example through the use of approved Standard Contractual Clauses.

Please contact us if you want further information in relation to the specific mechanism used by us when transferring your personal data outside of the United Kingdom.

8. Keeping your personal data secure

To keep your personal data secure, we use a variety of technical and organisational measures. We will always take appropriate steps to protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss consistent with applicable data protection law. These include:

• secure access to our offices;
• secure lockable desks and cupboards;
• secure methods of information disposal, including the shredding of paper documents and the secure deletion of electronic information;
• secure policies for the use of electronic equipment;
• firewalls and encryption;
• ensuring that all employees are trained in the importance of data security; and
• satisfactory password protection where appropriate.

All our partners, staff and third-party service providers who have access to confidential information (including personal data) are subject to confidentiality obligations.

Please always be aware that information sent over the internet is rarely completely secure and whilst we will always take the most appropriate steps to protect your personal data, we cannot guarantee the security of your personal data where transmitted electronically and accept no responsibility for any damage or loss caused.

9. Your rights

You have, in most cases, the following rights in relation to the personal data that we hold about you:

• the right to request rectification of personal data that is inaccurate or incomplete;
• the right to the erasure of your personal data (sometimes referred to as the “right to be forgotten”);
• the right to object to, or restrict, the way in which we are dealing with and using your personal data; and
• the right to request that your personal data be provided to you in a secure and suitable format for re-use (known as the “right to portability”).

      Please note, however, that there may be limitations placed upon this by circumstances, such as when we need to retain data for legal purposes or to perform our services for you.

      You have the right to make what is known as a “subject access request” to find out details of the personal data that we hold about you and the uses to which it is put. Such requests can be made in any form, but it is easier and safer if they are made to us in writing. We may need to ask you for further information and identification to help us to comply with this request.

      You have the right to withdraw consent that you may have provided to collect, process, and transfer your personal data for a specific purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally consented to unless we have another legitimate basis for doing so.

You will not, in general, have to pay a fee to exercise any of your individual rights set out in this Privacy Policy unless the use you make of this provision becomes excessive, and we are entitled in law to make such a charge.

You have the right lodge a complaint with the Information Commissioner’s Office (https://www.ico.org.uk/global/contact-us/email/).

More information about these rights can be found at https://ico.org.uk/for-the-public/. If you have any questions about these rights, or you would like to exercise any of them, please contact us.

10. Links to other sites

Our website may contain links that will direct you to other websites or services that are operated and controlled by third parties. We have no control over these third parties, and your use of their websites and features are subject to their own privacy policies. We cannot be held responsible for any third-party website’s privacy practices or business practices.

11. Cookies

Our website uses cookies. These are small files created and stored on your browser or your computer’s hard drive by websites that you visit to help the website operate properly, grant appropriate access to previous users and monitor website traffic. Cookies are generally only visible to the website that serves them and not to other websites.

Cookies are used on our website to ‘remember’ information so that it can be passed from page to page and to collect website statistics. This data collected can help to improve our website and the services that we offer.

You can, if you wish, delete or disable cookies within your browser. The process will usually be explained in your internet browser’s ‘Help’ menu. Please be aware, however, that if you disable cookies then, whilst you may be able to browse all of our website, some of the cookies we use may be essential for the website to operate and some features may, therefore, not be available to you. Unless you have adjusted your browser settings so that it will refuse cookies, our system will issue cookies as soon as you visit our website.

12. Changes to this policy

We reserve the right to change the terms of this Privacy Policy at any time by prominently posting notice of the amendment on this website. To the extent permitted by law, these changes will apply from the time they are posted.

13. Further information

If you are not happy with the way in which we have processed or dealt with your personal data or responded to your question, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found at https://ico.org.uk/concerns or telephone 0303 123 1113.