RAND Europe Privacy Statement

May 22, 2018

Introduction

This website is operated and maintained by the RAND Corporation based in the USA on behalf of both RAND Europe Community Interest Company and RAND Europe (EU) AISBL (collectively referred to in this policy as “RAND Europe”, “we” or “us”).

Your privacy is important to us and we operate in compliance with GDPR. We strive to ensure that we operate to highest standards with your data. This policy sets out how we collect information your data through this site and in your contact with us.

RAND Europe is a not-for-profit research organisation that seeks to improve policy through research. To ensure that your data is protected we have a Data Protection Officer responsible for our privacy obligations to you.

Privacy principles

  • We shall use your data lawfully, fairly and transparently.
  • We shall collect your information for specified, explicit and legitimate purposes and compatible scientific and statistical research purposes.
  • Your data collected will be minimised to what is necessary.
  • Your data held shall be accurate and otherwise deleted.
  • We restrict the time that we can identify you from your data unless it is necessary to enable us to undertake our research and we tell you this.
  • We maintain your data to high security standards.

Information we collect about you

We collect your data through this website and in other interactions we have with you.

Data collected What we use the data for How we store, share and retain the data Why we need the data Legal Justification
Data collected through this website
Information provided when subscribing to a newsletter or creating a "My RAND" profile. This is used by RAND Corporation to identify resources and content most suited to your interests. The only information we require is your email address. Any other information is voluntary, and none of it is shared with third parties. RAND Corporation will retain your "My RAND" data until you ask for it to be deleted. So we can provide our subscription services to you, bookmark content for you, and tailor products and services to better meet your needs. It is in our legitimate interest to improve and focus our services to meet our desire to deliver the best service to you.
Your email address and identity and other contact details such as your name, address and telephone number, when you provide them to us. So that we are able to contact you in relation to your interaction with the website. RAND Corporation requests your data when you order a publication or register for an event. Your data is not shared with third parties except as needed to fulfil your request (e.g, to ship a publication). RAND Corporation will retain your data on our US-hosted web server until you request to have your data removed. So we can send you publications in which you are interested, and include you in events you may wish to attend. It is in our legitimate interest to provide you with content and services you have requested.
Data we collect from job applicants
Identity and other contact details, CV details and our notes on your application. To enable us to review your experience and credentials and their alignment with current and future vacancies. This is stored in a secure cloud server in the EU. Data is shared between us and our third party provider iCIMS. Your data is stored for a maximum of three years unless you are recruited. Candidate selection. Your prior explicit consent.
Data we collect from our business contacts
Identity and other contact details. To communicate in relation to research projects that we undertake with or for you. To send you information about our research and events. Stored on local servers. Shared with RAND Corporation for back-up and disaster recovery purposes. Retained until you tell us otherwise. So we can provide our services to you and keep you updated about our research and events. It is in our legitimate interest to enable RAND to deliver its contractual obligations to you.
Data we collect from you if you take part in our research projects
Identity and other contact details. Writing, calling or emailing you to collect information from you. In certain circumstances we will associate any information you provide (through surveys, interviews or otherwise) with your identity to check the accuracy of our work. Your information will not be disclosed to third parties unless we tell you at the time of collection. Any such third parties will only be involved in the delivery of the research and will be restricted to only use the data for the project. Your information will not be used for sale or marketing purposes. So that are able to contact you to provide you with full information about any projects we would like to offer you the opportunity to take part in, to ensure that the data you provide is properly associated with you. We may also retain your details to inform you about the research project outcomes. We design our projects to minimise the time that your data is required and your identity is associated with any information you have provided us. The project materials will explain the legal justification for the collection of your data. Unless information provided states otherwise it will be in our legitimate interests to collect your data to facilitate the project and allow us to conduct the research that you have agreed to participate in.
Survey and interview responses including your views and experiences. To allow us to identify trends, experiences, opinions and draw insights from a range of relevant individuals. We will collect this data in web forms, transcribed voice and paper surveys, in voice recordings and in written interview records. These are stored on our servers which may access control and limitations on sharing outside either the UK or EU. Your information will not be disclosed to third parties unless we tell you at the time of collection. Any such third parties will only be involved in the delivery of the research and will be restricted to only use the data for the project. Your information will not be used for sale or marketing purposes. This data will form the body of information to answer our research questions. This ensures that up-to-date and relevant information is brought to bear in providing evidence to support policy and decision making. The project materials will explain the legal justification for the collection of your data. Unless information provided states otherwise it will be in our legitimate interests to collect your data to facilitate the project and allow us to conduct the research that you have agreed to participate in.
Sensitive personal data. We use this data to answer research questions that we formulate. Your information may be aggregated, used to inform our research of individual opinions or provide expert insight. We will store this information on our servers with enhanced access controls and limitations on sharing outside either the UK or EU. Your information will not be disclosed to third parties unless we expressly obtain your consent. Our projects look at sensitive topics that require research to evaluate, provide insight into and suggest improvements to organisations involved in those topics. We will normally obtain your consent to use this information unless you are taking place in a health related study for public benefit. In some cases where your information has been passed to us by third parties we will use it for research and statistical purposes where consistent with the purpose that the information was originally provided for.

Security

Your data is maintained confidentially and securely by us at all times. We will only disclose your data if you have explicitly consented for us to do so or if you are taking part in our research and have been explicitly informed before providing your data that this will happen. We only share your data with organisations and employees who are involved in delivering the service we offer you or the research you participate in. Our employees and any organisations we pass your data to are subject to legal obligation to comply with data protection law that assures the confidentiality and protection of your data.

We implement high standards of security in respect of handling your data which include the use of secure encryption of portable devices, secure file transfer, password secured data files and access control to stored information. Our technical and organisational measures are subject to continuous improvement in accordance with technological development.

Marketing

We obtain your consent before contacting you by email to provide research updates or details of events. Where we organise events that involve third parties we will obtain your further consent before passing your details to them and then only the minimum details necessary to facilitate the event. Where we have provided you with our services we will keep in contact by email to provide information about our services but will always provide you with details of how you can change your preferences about being contacted by us by email about any marketing information by contacting us at reinfo@rand.org.

Disclosure of your data

We share your data with the organisations set out as follows:

  • RAND Corporation where it is necessary for the purpose of delivering the agreed services.
  • Organisations involved in our research projects only for use in those research projects. The reasons for use in the research will be made known to you before you participate in the research or otherwise your data will only be used for research and statistical purposes consistent with the reasons you originally provided the information.

All organisations we disclose your data to operate in compliance with the law and are controlled by us in the use of your data unless we otherwise inform you. Such organisation will always be obliged to ensure the security of your information.

Overseas use

By visiting this website your data is being processed in the USA. Data collected by this website is held on secure servers owned and operated by our parent company RAND Corporation. Data you provide to RAND Europe other than through the website may be processed by RAND Corporation. Where you provide your data through this website or otherwise to RAND Europe it shall only be processed in accordance with RAND Europe’s directions pursuant to an agreement between our companies that uses the specific contractual clauses written by the European Commission. No sensitive data that you provide to RAND Europe will be processed by RAND Corporation without your explicit consent or other valid legal basis.

RAND Europe operates in accordance with EU law including GDPR. You are provided with certain rights that you may have the right to exercise through us. In summary those rights are:

  • To access, correct or erase your data
  • To object to the processing of your data
  • To request that our processing or your data is restricted
  • To request that your data be transferred
  • To withdraw your consent for us to process your data.

If you wish to exercise any of these rights please contact the RAND Europe Data Protection Officer by email at REdpo@rand.org or in writing to Data Protection Officer, RAND Europe, Westbrook Centre, Milton Road, Cambridge, CB4 1YG, UK.

Where you request information from us we will need to confirm your identity to ensure the security of your data. We will endeavour to respond within 30 days but our response time may vary depending on the complexity of your request. A fee will not normally be charged unless a request is considered to be without basis, repetitive or excessive. Where we request a fee it shall always be reasonable.

Children

It is not our intention that our website is visited by children but it is not considered that any of the information on the website is of harm to children. We do not seek to collect data from children on this website. If data is collected or we are notified of such data we shall delete it. If you have any such concerns, please contact the Data Protection Officer by email at REdpo@rand.org or in writing to Data Protection Officer, RAND Europe, Westbrook Centre, Milton Road, Cambridge, CB4 1YG, UK.

We occasionally include links to other sites. We will take every reasonable step to ensure that links provide a pleasing online experience, but we are not responsible for the privacy practices or the content of such websites.

Cookies

RAND Corporation and its partners may place cookies on your computer to enable RAND Corporation (and RAND Europe) to understand, among other things, which web pages are visited, the order in which they are visited, and which hyperlinks, if any, are clicked. RAND Corporation partners with analytics firms—including Adobe Analytics, Google Analytics, and Chartbeat, among others—which record visitors' IP addresses, operating systems (e.g., Windows or macOS), browser software (e.g., Safari, Firefox, Internet Explorer), and internet service providers. Although these data are not personally identifiable information on their own, they can be used to determine the approximate geographic location of a visitor’s point of connectivity to the internet.

You may be required to enable cookies to utilize our services. The cookie itself does not contain any personally identifiable information, and RAND Corporation does not use cookies to obtain such information. RAND Corporation will never save credit card information in cookies. Cookies are used by most major websites.

RAND Corporation uses non-personally identifiable information and information obtained through the use of cookies to improve the site. By tracking how many people visit RAND.org and where visitors go on RAND.org, we are able to determine which parts of the site users like the best, which parts need improvement, and what changes should be made. By obtaining this information, we are able to continually improve RAND.org and bring you the best online experience possible.

Likewise, when you use the RAND mobile app, RAND Corporation tracks non-personally identifiable information to understand activity, measure impact, and make informed decisions about how to improve the experience.

Changes to this policy

RAND Europe reserves the right to amend this policy at any time. Older versions of this policy are maintained and can be accessed on request to the Data Protection Officer by email at REdpo@rand.org or in writing to Data Protection Officer, RAND Europe, Westbrook Centre, Milton Road, Cambridge, CB4 1YG, UK

Contact details

If you wish to lodge a complaint in relation to the processing of your data you may contact the Information Commissioner’s Office.