Privacy notice

The Møller Institute (“The Company” “We” “Us” “Our”) is a trading name of Møller Institute Limited, a limited liability company registered in England and Wales with registered number 02746545. Our registered office is Møller Institute, Storey’s Way, Cambridge, CB3 0DE.

This privacy notice explains how we use the personal information we collect from you or that you provide to us.

By visiting our website (www.mollerinstituite.com) and engaging with us to carry out services you acknowledge that we will use personal data as set out in this policy and , where applicable,  agree to the practices described in this policy.

What information do we collect about you?

If you engage us to carry out services for you, we will gather personal information from you such as your name, address, telephone numbers and email address. We will also gather information relating to your organisation and your requirements. We collect information from staff employed by your organisation, including delegates attending our courses and events, online or in person. These requirements may mean we need to collect personal information about other employees from your organisation as required to provide the services.

This information is obtained from you through Møller Institute forms you may complete, discussions with you, including online registrations, letters and emails.

Where you provide us with information about your staff and delegates you must share this privacy notice with them.

The types of personal data we collect about you

Personal data means any information about an individual from which that person can be identified.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes (first name, last name, any previous names, username or similar identifier, marital status, title, date of birth and gender).
  • Contact Data includes (billing address, delivery address, email address and telephone numbers).
  • Financial Data includes (bank account and payment card details).
  • Transaction Data includes (details about payments to and from you and other details of products and services you have purchased from us).
  • Technical Data includes (internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website).
  • Profile Data includes (your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses).
  • Usage Data includes (information about how you interact with and use our website, products and services).
  • Marketing and Communications Data includes (your preferences in receiving marketing from us and our third parties and your communication preferences).

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

Why do we need to collect and use your personal data?

The main legal basis, specifically allowed for under the UK General Data Protection Regulation (“UK GDPR”), for processing your data is for the proper performance of our contract with you. The information we collect is essential for us to be able to carry out the services you require from us effectively. We cannot, for example, provide a bespoke executive education programmes without the full relevant information on the participants, nor could we provide our premium venue service for your events without knowing all the pertinent details.

The law also permits us to use personal data where we have a legal or regulatory obligation and where there is a legitimate interest.

How we use your personal data

Legal basis

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

  • Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
  • Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

Where is your information processed?

All your information is processed in the UK. If in future it were to be processed elsewhere in the European Union you should know that all EU countries are bound by EU GDPR.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

With whom might we share your information?

We will not share your information for marketing purposes with any other organisations. To deliver our services to you effectively we may share relevant details with approved third parties that we engage for specialised delivery on our education programmes. In such a case we will have contracted with them to ensure that the nature and purpose of the processing is clear, that they are subject to a duty of confidentiality, and they will only act in accordance with our written instructions.

We may share your personal information with our parent organisation, Churchill College, University of Cambridge. In such a circumstance, Churchill College would also have provided an assurance that they would keep your data safe and that they are subject to UK GDPR.

Data retention

How do we retain your information?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

The legal requirement for keeping records for tax purposes is 6 years.

Data disposal

Upon expiry of the data retention periods your data will be securely deleted or anonymised so it is no longer associated with you.

You have the right to request the deletion of your personal data. We will comply with this request subject to the restrictions of our contractual and legal requirements or legitimate interests as described above.

Your legal rights?

Under UK GDPR, you have the following rights as data subjects:

  • Right to be informed – about the collection and use of your data, which is a purpose of this Privacy Policy document;
  • Right of access – to your personal information. If you would like to receive a copy of the personal information we hold for you, you may make a data subject access request to our Compliance Team (see details below);
  • Right to rectification – if the data we hold is inaccurate or incomplete. You can ask for information to be removed if there is no compelling reason for the Møller Institute to continue to have it;
  • Right to request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right to restrict processing – this enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
    • If you want us to establish the data’s accuracy;
    • Where our use of the data is unlawful, but you do not want us to erase it;
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to data portability – for your own purposes in certain circumstances;
  • Right to object – to the Møller Institute processing your data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  • You also have the right to object any time to the processing of your personal data for direct marketing purposes.

Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated on 24/05/2024.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

Cookies

Cookies are small pieces of data, stored in text files, which are stored on your computer or other device when websites are loaded in a browser. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits (using a ‘persistent cookie’). Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on that site (‘third party cookies’).

We use some third-party cookies to help us understand how visitors use our site and what interests them. However, we do not collect or store any data that can personally identify the visitor to our site. If you would like more information about the specific cookies, we use please do get in touch with [email protected].

For more information about cookies generally visit www.allaboutcookies.org.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

What can I do if I have a complaint about how my personal data is processed?

Protecting your personal information is important to us. If you are unhappy with how we have handled your information we would encourage you first to get in touch with our Director of Finance and Shared Services to see if the complaint can be resolved amicably. You have a right to lodge a complaint with the supervisory authority for data protection.

In the UK this is the ICO:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Tel. +44 (0)303 123 1113

How can I contact you?

If you have any questions about our Privacy Policy or information we hold about you, please get in touch:

  • By email: [email protected]
  • By phone: +44 (0)1223 465500
  • In writing: Compliance, Møller Institute, Storey’s Way, Cambridge, CB3 0DE

Employees

Note we have a separate Privacy Notice for employees, which can be requested using the above contact details.

Prospective employees

Under the UK General Data Protection Regulation (“UK GDPR”) we are required to provide you with specific information relating to your personal data that we collect from you and use during the recruitment process.

Why we need to collect, process, and hold your data?

There are a number of reasons why we need to collect, process and hold your data:

  1. as your potential employer, we will have legitimate interests in collecting and using data in order to communicate with during the recruitment process and to assess suitability for the role you applied for;
  2. we may need details in order to establish, exercise or defend a legal claim.

What personal data do we need from you?

During the recruitment process we will only collect, store and process the personal data included within the application form or curriculum vitae.

Who has access to your personal data?

We are committed to restricting access to personal data to just those individuals who may need it to meet their, or, the company’s obligation. For us this means the potential Line Manager, HR and Marketing (CV only).

Who do we share your personal data with outside of the company?

During the recruitment process, we will not share your data with any third parties outside of the company.

How long do we retain your personal data?

We will retain all personal data for the duration of the recruitment process and then for a further six months to enable us to establish, exercise or defend a legal claim. After six months, all data will be deleted, unless you allow us to retain your data for 12 months in order that we can contact you if another suitable role arises.

What to do if you believe that the information we have collected and are using is incorrect?

It is important for both you, and us, that we hold up to date and accurate information, and, that the accuracy is maintained. If you become aware of any inaccuracies, or you change your contact details, it is your responsibility to bring this to our attention as quickly as possible.

What to do if you have a concern or complaint about how we store, use, or share your personal data?

Initially, we would encourage you to raise this with the Director of Finance and Shared Services who should be able to resolve the matter quickly and informally. In the unlikely event that we have been unable to address your concern internally, you may call the Information Commissioner’s Office helpline on 0303 123 1113.

Useful information

Responsibility for data protection at the Møller Institute is the Compliance Team.