Privacy Policy
1. Who we are
CLTR is an independent think tank with a mission to transform global resilience to extreme risks. We do this by working with governments and other institutions to improve relevant governance, processes, and decision-making.
1.1 Contact details
71-75 Shelton Street
London
WC2H 9JQ
info@longtermresilience.org
+44 20 3038 2507
1.2 Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statements of every website you visit.
2. The data we collect about you
We may collect and process the following data about you:
1. Information you give us
You may give us information about you, such as your name, address, email address and phone number, payment card information, personal description and photograph, professional affiliation and interests. This includes information you provide when you correspond with us by phone, email, other electronic means or in writing, register to use our site, register for an event, subscribe to our newsletter, purchase products or services from or via us, donate to us, participate in discussion boards or other social media functions on our site, submit information or content to our site or to other users of our site, enter a competition, promotion or survey, submit job applications and when you report a problem with our site, events, products or other services.
If you make a donation, we may obtain from you credit card, debit card, or bank account details, however this information will be held by our payment provider Paypal – not by us.
If you are enquiring about a job at CLTR, then the information may also include your CV and other information about your qualifications, job history, and your right to work.
If you use our social media features, then we may collect any personal data that you provide to us using those features in accordance with the policies for the applicable feature.
2. Information we collect about you
With regard to each of your visits to our site, we may automatically collect the following information:
Technical information, including the internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products, services or issues you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs); and methods used to browse away from the page and any phone number used to call our customer service number.
3. Information we receive from other sources
We also work closely with third parties (for example, accommodation and other travel service providers, business partners, communications partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them.
Public information – information may be available about you publicly, for example in the media.
We may also receive information about you from individuals (for example, where they communicate with you via our site or where a relative uses your computer).
If you are applying for a job at CLTR, then we may receive information from your referees and former employers.
4. Information about other people
If you provide information to us about any person other than yourself, such as your colleagues, personnel, relatives, your next of kin, your referees (if you are applying for a job), your clients, your advisers or your suppliers, you must ensure that they understand how their information will be used and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
5. Information from Clients 18 and Under
If you are aged 18 or under, you must obtain your parent or guardian’s permission beforehand to use our site, any of our telephone services, make a donation, and whenever you provide personal information to us. Users without this consent are not allowed to provide us with personal information.
6. Sensitive Personal Data
Unless we make it clear otherwise, our policy is not to ask for any sensitive personal data from you (that is information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life or details of criminal offences). You may provide us with sensitive personal data when you communicate via our site or directly with us or any third parties we put you in contact with.
If you choose to provide this sensitive personal data to us, either as part of your interaction with the site, as part of a particular service (where such information has been requested and the reasons for that are made clear to you), or for any other reason, this will mean that you have given (and we accept) your explicit consent for us, and our outsourced service providers (where applicable), to use that information for the reasons described in this privacy policy, or as explained at the time you provided that information to us.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
2.1 Keeping your data up to date
We do our best to keep your data accurate and up to date. If your data changes please contact us so we can make the appropriate changes. If you would like to see what information we hold please get in touch at any time.
We will only retain your personal data for as long as is necessary to fulfil our legal obligations or for the purposes we collected it for. If you would like more information about our retention schedules please see section 7 of this policy statement.
2.2 If you fail to provide personal data
Where we need to collect personal data by law or to provide you with a service you’ve requested and you fail to provide that data, we may not be able to provide you with that service. In this case, we may have to cancel the service but we will notify you if this is the case at the time.
3. How we use your personal data
3.1 Use cases
Our data processing policy is primarily based on the principle of consent, such as for meetings and meeting notes that we hold and process with external organisations and individuals. However we will continue to use the ‘contract’ basis for lawful data processing in relation to information provided in a contractual context. In strictly limited circumstances, specifically research and fundraising, we will apply the ‘legitimate interest’ basis for data processing. Under this basis and under carefully considered and specific purposes we may utilise publicly available data to further our mission. Examples include processing publicly available information from scientists, civil servants, and other professionals to support our research or identifying potential funders for charitable causes. Our processing aligns with the reasonable expectations of individuals in professional and philanthropic circles, where the use of publicly available information for nonprofit outreach is a standard and accepted practice.
We have carefully considered the scope of our data processing to ensure we’re using the minimum amount of data necessary to achieve our purpose. Click here to find out more about the types of lawful basis that we will rely on to process your personal data.
3.2 Opting out and/or withdrawing consent
You can opt out of receiving marketing emails at any time by clicking the Unsubscribe button at the bottom of the email or, if no button is available on the email, by contacting us at info@longtermresilienc.org. We never knowingly send our marketing material to individuals who have not personally signed up to receive them. If you do receive marketing emails from us without having signed up, please contact our Data Controller at info@longtermresilience.org.
You can also email info@longtermresilience.org to ask to delete or change any personal information we have about you and express any concerns you have about our use of your data.
3.3 Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
Please note that where required or permitted by law, we may process your personal data without your knowledge or consent in compliance with the above rules.
4. Cookies
The CLTR website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the ones that are categorised as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyse and understand how you use this website. You have the option to opt-out at any time, except those under ‘Necessary’, by selecting the ‘Consent Preferences’ icon in the bottom left corner of the web page – but please be aware that disabling some of these cookies may affect your browsing experience.
Types/categories:
Necessary: Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Functional: Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
Analytics: Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance: Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement: Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Uncategorized: Other uncategorized cookies are those that are being analysed and have not been classified into a category as yet.
5. Disclosure of your personal data
Some of the functionality on our website and operations involves us cooperating with, and sharing your Personal Information with, third parties. We have carefully selected these third parties and taken steps to ensure that when we share your Personal Information with them, it is adequately protected. Details about how we process Personal Information in conjunction with third parties is set out below:
Mailchimp – We use Mailchimp to run and operate, but not limited to, our Newsletter. When visitors to our website sign up by adding their contact details they are then stored and used for marketing, promoting and furthering CLTR reach via the Newsletter.
For more information on how Mailchimp processes Personal Information, please view the Mailchimp Privacy Policy.
Attio – We use Attio as our customer relationship management (CRM) platform to store and manage contact information and interactions with individuals associated with CLTR, such as subscribers, partners, and stakeholders. The personal data stored in Attio may include names, email addresses, phone numbers, organisational affiliations, and notes on previous communications. This information is used to facilitate our operations, outreach, and engagement activities.
For more information on how Attio processes Personal Information, please view the Attio Privacy Policy.
6. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach as per relevant legislation.
7. Data retention
We will only retain your personal data for as long as necessary to fulfil our legal obligations or for the purposes for which we collected it.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Our Retention Policy, which details retention periods for different aspects of your personal data, is included in the appendix to this document. You can also request it by contacting us at info@longtermresilience.org.
You can ask us to delete your data; see Request Erasure below for further information.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information for the retention period without further notice to you.
8. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
If you wish to exercise any of the rights set out above, please contact us at info@longtermresilience.org.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9. Access to information
UK GDPR and the Act gives you the right to access information held about you. Your right of access can be exercised in accordance with UK GDPR and the Act.
10. Where we store your personal data
The data that we collect from you is stored at our UK office and processed by third-party data processors within the European Economic Area (EEA). However, from time to time, that data may be transferred to, accessible at and stored at a destination outside the EEA, including by members of our network who are based outside the UK. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. All processing by third parties remains within the compliance and security assurance standards of the UK GDPR. By submitting personal data, you agree to this transfer, storing or processing.
We will take all steps reasonably necessary to ensure that your data is treated securely, and in accordance with this privacy policy and the requirements of the UK GDPR. We take reasonable steps to protect your personal data from loss or destruction. For example, we have contractual arrangements in place with organisations which process your personal data, and all information you provide to us is stored on our secure servers.
Where you have a username and password (or other identification information) which enables you to access certain services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
11. Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.