Privacy Policy

Privacy Policy

GDPR Compliance

The General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union (EU) that took effect in May 2018. The GDPR imposes obligations on organisations that control or process relevant personal data in order to safeguard rights to privacy.

The GDPR applies to any personally identifiable information (PII) in the widest sense of the word. Not just data such as name, address, birth date, social security numbers and banking information, but also referenced information linked to an individual such as photographs, social media posts, preferences and location. Although GDPR is limited to the EU, World Research Alliance – deemed the Data Controller – adopts the same principles world-wide.

Principles

  • We do not collect sensitive personal data, unless for a specific, explicit and legitimate purpose and with the consent of the data subject. We do not keep this data for longer than the purpose requires.
  • We diligently protect sensitive personal data with a strict security protocol on how we store, share and process it in a lawful and transparent manner.
  • We do not tamper with data we collect through designs that deliver the optimum quality possible.
  • We inform individuals who share their personal data about the type of information we have on file and as far is practical enable them to review and delete their personally identifiable data.

ICO Certification

ICO Logo

ICO (Information Commissioner’s Office) is a non-departmental public body that reports to the United Kingdom Parliament and is aligned with the Department for Digital, Media, Culture and Sport.

The function of the ICO is to oversee and uphold data protection laws within the UK. ICO responsibilities include advising and advocating for best practices, managing breach reports, conducting audits and advisory visits, addressing complaints, and monitoring compliance.

The legal jurisdiction of the ICO extends across a range of legislations, including:

  • Data Protection Act.
  • Freedom of Information Act.
  • Environmental Information Regulations
  • INSPIRE Regulation.
  • Privacy and Electronic Communications Regulations.
  • General Data Protection Regulation (GDPR).
  • NIS Regulations.
  • Investigatory Powers Act
  • eIDAS Regulation.
  • Re-use of Public Sector Information Regulations.

UK organisations must comply with the data protection laws. Failure may lead to huge fines of up to £17.5 million or 4% of the company’s annual turnover.