Privacy Policy

Released on 21st January 2025
Privacy Notice
What does this notice cover?
Our role
What personal information do we collect?
Personal Information we collect from third parties
Other organisations and industry experts
Publicly available sources
Referees
Use of AI Systems
Sensitive Information
How do we share your personal information?
Cross-border transfer of your personal information
How do we secure your personal information?
How long do we keep your personal information?
Your personal information rights
Who we are and how you can get in touch

Privacy Notice

Last updated: February 2025

What does this notice cover?

This Privacy Notice describes how Forethought Research ("Forethought") collects, uses, processes and shares your personal information when you:
  1. visit any websites operated by us, including forethought.org and any other sites or applications containing a link to this Privacy Notice (collectively “Websites”);
  2. sign up for a newsletter, enquire about or apply for a rolea grant;
  3. engage with us by phone, email or other means; or
  4. interact with us offline (for example, when you apply for a role within our organisations or volunteer at one of our events).
It also includes a description of rights you may have over your personal information under applicable UK law.
Forethought may have other unique privacy notices that apply to specific situations. To the extent you were provided with different privacy notices that are applicable, those notices will govern our interactions with you, not this one.
If you provide us with personal information of anyone other than yourself (such as a friend or family member), please note that you are responsible for complying with all applicable privacy and data protection laws prior to providing that information to Forethought (including obtaining consent, if required).
If you have any questions, please contact us using the details in the “Who we are and how you can get in touch” section below.

Our role

Forethought is the controller responsible for your personal data as described in this Privacy Notice. This means we make decisions about how and why your information is used, and have a responsibility to make sure that your rights are protected when we do so.

What personal information do we collect?

When we refer to “personal information” and "personal data" we mean information that can be used to identify a person or can be linked directly to an individual. We may collect your personal information directly from you (including through online forms or in conversation with staff), from the devices you use to access the Websites, from third parties (for example, if a potential partner provides information as part of due diligence), and from public sources (such as LinkedIn).
We may process your personal information as follows:
Type of data
Lawful basis
Purpose of processing
Identification data: we will collect your name, email address, phone number, address, job title and employer (if applicable).
Legitimate interest
When you contact us either by phone, email, via our 'contact us' page, we will usually collect your contact details, because it’s in our legitimate interest to make sure we can properly respond to your query. We may also need to process this data when soliciting and collecting donations and to conduct donor due diligence.
(Identification data continued)
Contractual reasons
We collect this in order to deliver our services. We may also need it to take steps to enter into a contract with you, e.g. to facilitate a recruitment process in which you are involved.
(Identification data continued)
Legal obligation
We may also need to carry out proper governance on our funding and make public reports about our fundingdonations – such reports will not directly identify you, but we will use your personal information when creating them.
Biographical and background data: including information that we may ask you as part of our recruitment processes, such as details about your background and reflections that you have about yourself as a candidate.
Contractual reasons
In order to enter into or perform a contract with you, e.g. to facilitate a recruitment process in which you are involved.
(Biographical and background data continued)
Legitimate interest
To make sure you receive updated information on our activities and opportunities of interest (e.g. future events, job roles and/or research collaborations).
Marketing data: we will collect your name, email address, cookie, IP address to provide you with our news updates in line with any preferences you have told us about.
Consent
When we send you our news updates and event information because you have opted-in to receive them, we rely on your consent to contact you. When you sign up for our newsletters that we run through Mailchimp, we may track when you open emails and click links in our email campaigns through Mailchimp. We will not be able to provide you with our newsletter service if you do not provide us with this information.
(Marketing data continued)
Legitimate interest
To optimise our Website and improve our service and product offering.
Financial data: we will collect credit card details, bank account details and information.
Contractual reasons
To allow you to make a donation.
Correspondence data: we will collect any personal information you provide to us directly, such as information provided voluntarily in relation to your research or career interest in the context of potential future collaboration.
Contractual reasons
In order to enter into or perform a contract with you, e.g. to facilitate a recruitment process in which you are involved.
(Correspondence data continued)
Legitimate interest
So we can conduct research, support discussion of ideas and research, and publish related content. We may also need this to assess your suitability for our services.

Personal Information we collect from third parties

We may collect your personal information from third parties, including the following:

Other organisations and industry experts

We may collect personal data about you from our former, current and potential partners, or where such data has been provided as part of an organisational restructure, or as part of due diligence.
When identifying potential hires and research collaborators, we collaborate with other organisations and experts in our field. Those organisations and experts may pass on data to us about individuals they interact with such as job applicants, employees, or volunteers so that we can assess them as potential employees or collaborators.
We may also ask trusted informal advisors in their relevant areas to get advice, such as to get formal or informal references in recruiting.

Publicly available sources

We may collect personal information about you from publicly available sources, including social media sites (e.g., LinkedIn) or news articles. Such information may include (as relevant) your education, employment history, and credentials.
We may do this, for example, when you apply for a role within our organisation, or when conducting donor due diligence.

Referees

When you apply for a role within our organisation (including to be a trustee), we may ask you to provide us with details of individuals who can provide a reference on your behalf. If you do so, we will obtain personal data about you from these referees as part of the application process.

Use of AI Systems

We aim to make fair, consistent, and informed decisions across our organisation. We may use AI systems, including large language models, to assist us in processing personal information, including:
  • assisting with deciding which applications to advance past the initial stage of job application processes; and
  • generating transcripts of interviews.
For each of these purposes, we weigh the potential benefits against the risks and take reasonable risk mitigation steps, including ensuring that no personal information from Forethought is used to train large language models.

Sensitive Information

Certain types of personal information may be considered “sensitive” (known as 'special category data') under the UK data protection laws, such as information about your race or ethnic origins, political opinions, sex life or sexual orientation, religious beliefs, and health information. We may collect special category data, in certain circumstances. For example, we may collect:
  • if you are attending an event, your dietary and access requirements;
  • information about ethnicity and other personal characteristics, for the purposes of diversity monitoring in our recruitment processes
We will generally ask for your consent for our collection and processing of special category data, but we may also rely on other legal bases to collect and use it, for example when we need to do so for safeguarding purposes, to protect your vital interests, to obtain legal advice, or because we are subject to a legal obligation.

How do we share your personal information?

We may share your personal information with third parties as follows:
  • Business partners, suppliers, fundraisers, and subcontractors for the performance of the contract we enter into with them or you. We use third-party providers of certain services such as website hosting, website analytics, payment processing, IT maintenance, and identity checking.
  • In exceptional circumstances, we reserve the right to pass on your personal information when there is a legal or “duty of care” imperative (for example if we need to safeguard other individuals).
  • Government authorities and/or law enforcement officials if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
  • Buyers of our organisation (prospective and actual) if If all or part of our organisation is closed, combined with another organisation, or becomes its own organisation (for example, when an initiative is no longer hosted by Forethought), we will share your personal information with external advisers (such as lawyers, accountants, or financial advisers) who are helping us with this process, and withthe owners of the newly independent organisation or new host organisation. We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued under the new structureby the buyer. If you object to our use of your personal information in this way, the buyer of our business may not be able to provide services to you.

Cross-border transfer of your personal information

Forethought conducts certain activities outside the UK, and collaborates with organisations outside the UK. When we need to share your personal information with people or organisations outside the UK, including in the United States, it might be subject to data protection laws that offer less protection than under the UK data protection laws. Where this is the case, we take steps to ensure your personal information is protected, including by entering into contracts that have been approved by the relevant authorities (such as “standard contractual clauses” or an “international data transfer agreement”). If you want to learn more about this, or to get a copy of the transfer mechanism that we use, please reach out using the details given in the “Who we are and how you can get in touch” section below.

How do we secure your personal information?

We put in place organisational and technical measures to protect your personal information. These measures include taking reasonable steps to ensure our IT systems are secure and to deal with suspected data breaches. In the unlikely event of a data breach, we will take steps to minimise the loss or destruction of data and, if required by law, will notify you.
Our security measures include
  • taking reasonable steps towards the physical security of where we host our data (such as using reasonable third-party providers); and
  • using two-factor authentication to secure services where sensitive data is stored.
Although we use reasonable security measures once we have received your personal data, the transmission of data over the internet (including by email) is never completely secure. We work to protect personal information, but we cannot guarantee the security of information transmitted to or by us.

How long do we keep your personal information?

We will only keep your personal information for as long as we need it to achieve the purposes for which we collected it, to comply with our legal and regulatory obligations, to exercise our legal rights, and to protect ourselves from legal claims. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we collected your personal data, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
If we no longer need this personal information for the purposes set out in this notice, we will delete it.
In some circumstances we may carefully anonymise your personal data so that it can no longer be associated with you, and we may use this anonymised information indefinitely without notifying you. We use this anonymised information to improve the way we work and our services.

Your personal information rights

Under the UK data protection laws, you may have the right to ask us for a copy of your personal information; to correct, delete, or restrict (stop any active) use of your personal information; and in certain cases to obtain the personal information you provide to us in a “structured, machine readable format.” You can also object to the use of your personal information in some circumstances (in particular, when we don’t have to use the data to meet a contractual or other legal requirement, or when we are using the data to send you marketing emails).
Where you have given us your consent to use your personal information, you can take back that consent at any time. If you do, we will stop using your personal information immediately, unless we collected it for a different purpose (for example, the information is necessary to comply with a legal obligation). If you decide to take back your consent, this will not affect the lawfulness of our actions before you made that decision. This means that our use of your personal information before you took back your consent remains legal.
These rights may be limited, for example, if answering your request would reveal personal information about another person or if you ask us to delete information which we are required by law to keep or have important legitimate interests to keep.
You also have the right to complain to a data protection authority about how we process your personal information. In the UK, the supervisory authority is the Information Commissioner’s Office.
To exercise any of these rights, or to make a complaint to us, you can get in touch using the details set out in the “Who we are and how you can get in touch” section below.

Who we are and how you can get in touch

Forethought Research is a company limited by guarantee registered in England and Wales (company number is 16156175). Our registered address is Third Floor, 20 Old Bailey, London, United Kingdom, EC4M 7AN.
If you have questions in relation to this Privacy Notice or on how we use your personal information, please contact us at: contact@forethought.org.
Released on 21st January 2025