Privacy Policy

This Application collects some personal data from its users.

This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications Regulations 2003 (PECR), as amended by the Data (Use and Access) Act 2025 (DUAA).

This document can be printed for reference using the print command in any browser’s settings.

Last updated: 20 May 2026

Owner and Data Controller

The ERA Foundation The IET, 2 Savoy Place London, WC2R 0BL

Owner contact email: [email protected]

The Owner is the data controller responsible for your personal data.

Types of data collected

Among the types of personal data that this Application collects, by itself or through third parties, are: trackers, usage data, email address, first name and last name.

Complete details on each type of personal data collected are provided in the dedicated sections of this privacy policy, or by specific explanation texts displayed before the data is collected.

Personal data may be freely provided by the user or, in the case of usage data, collected automatically when using this Application.

Unless specified otherwise, all data requested by this Application is mandatory, and failure to provide it may make it impossible for the Application to provide its services. Where this Application specifically states that some data is not mandatory, users are free not to provide that data without consequence to the availability or functioning of the service.

Users who are uncertain about which personal data is mandatory are welcome to contact the Owner.

Any use of cookies, or of other tracking tools, by this Application or by the owners of third-party services used by this Application serves the purpose of providing the service requested by the user, in addition to any other purposes described in this document and in the cookie section below.

Users are responsible for any third-party personal data obtained, published or shared through this Application.

How and where data is processed

Methods of processing

The Owner takes appropriate technical and organisational measures to prevent unauthorised access, disclosure, modification or destruction of the data.

Data processing is carried out using computers and IT-enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to the Owner, the data may in some cases be accessible to certain people involved in the operation of this Application (for example administration, sales, marketing, legal or system administration) or to external parties appointed, where necessary, as data processors by the Owner. These may include third-party technical service providers, mail carriers, hosting providers, IT companies and communications agencies. An updated list of these parties may be requested from the Owner at any time.

Place of processing

The data is processed at the Owner’s operating offices and at any other place where the parties involved in the processing are located.

Depending on the user’s location, data transfers may involve transferring the user’s data to a country other than their own. Where personal data is transferred outside the UK, the Owner ensures an appropriate level of protection by relying on a UK adequacy regulation (a “data bridge”), the UK International Data Transfer Agreement, the International Data Transfer Addendum to the EU Standard Contractual Clauses, or another transfer mechanism permitted under the UK GDPR. Users can request further details of the safeguards applied by contacting the Owner.

Retention

Unless specified otherwise in this document, personal data is processed and stored for as long as required by the purpose for which it was collected, and may be retained for longer where this is necessary to meet a legal obligation or where the user has given consent.

Once the retention period expires, personal data is deleted. The right of access, the right to erasure, the right to rectification and the right to data portability therefore cannot be enforced after the retention period has expired.

Lawful bases for processing

The Owner may process personal data relating to users where one of the following applies:

  • the user has given consent for one or more specific purposes
  • processing is necessary for the performance of a contract with the user, or to take steps at the user’s request before entering into a contract
  • processing is necessary for compliance with a legal obligation to which the Owner is subject
  • processing is necessary for a task carried out in the public interest or in the exercise of official authority vested in the Owner
  • processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party, except where those interests are overridden by the user’s interests or fundamental rights

The Owner may also rely on a “recognised legitimate interest” as defined under the UK GDPR following the Data (Use and Access) Act 2025, where the relevant conditions are met.

The Owner will gladly clarify the specific lawful basis that applies to any particular processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Purposes of processing

Data concerning the user is collected to allow the Owner to provide its service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its users or third parties), and detect any malicious or fraudulent activity. The specific purposes are:

  • Analytics. Understanding how users interact with this Application in order to improve the service and its content.
  • Contacting the user. Responding to enquiries and managing communications submitted through forms.
  • Hosting and back-end infrastructure. Hosting data and files necessary to run this Application.
  • Traffic optimisation and distribution. Improving the performance, delivery and security of this Application, for example through a content delivery network.

To complete before publishing: name the actual third-party services used for each purpose (for example the analytics tool, hosting provider and CDN), and the lawful basis and retention period for each. Generic placeholders are not sufficient under the UK GDPR’s transparency requirements.

Cookies and similar technologies

This Application uses cookies and similar technologies. The PECR rules, as amended by the Data (Use and Access) Act 2025, apply as follows:

  • Strictly necessary cookies are used to provide the service you have requested and do not require consent.
  • Low-risk statistical and analytics cookies may now be set without prior consent, provided the Owner gives you clear information about their use and a prominent, easy way to opt out. The Owner relies on this exemption only where applicable.
  • Advertising, profiling, social media and other tracking cookies continue to require your prior consent. These are set only where you have given consent, which you can withdraw at any time.

You can manage your preferences at any time through the cookie settings on this Application, or through your browser settings and any global privacy control your browser supports.

To complete before publishing: link to your cookie banner / preference centre and, ideally, maintain a separate cookie notice listing each cookie, its provider, purpose, type and duration.

Your rights under the UK GDPR

You have the following rights regarding your personal data, to the extent permitted by law:

  • Withdraw consent. Where processing is based on consent, you may withdraw it at any time.
  • Object to processing. You may object where processing is based on a legal basis other than consent. Where data is processed for direct marketing, you may object at any time, free of charge and without giving a reason, and the Owner will stop processing it for that purpose.
  • Access your data. You may ask whether your data is being processed and obtain a copy of it.
  • Rectification. You may ask for inaccurate data to be corrected and incomplete data to be completed.
  • Erasure. You may ask for your data to be deleted in certain circumstances.
  • Restriction. You may ask the Owner to restrict processing in certain circumstances, in which case the data will only be stored.
  • Data portability. You may receive your data in a structured, commonly used and machine-readable format and, where technically feasible, have it transmitted to another controller.
  • Rights relating to automated decision-making. You have rights in relation to decisions based solely on automated processing that produce legal or similarly significant effects, including the right to request human review where applicable.
  • Complain. You have the right to complain to the Owner and to the Information Commissioner’s Office (see below).

How to exercise your rights

Any request to exercise these rights can be sent to the Owner using the contact details at the top of this document. Requests are free of charge and the Owner will respond as soon as possible, and in any event within one month of receipt. This period may be extended by up to a further two months where the request is complex or numerous, in which case the Owner will tell you within one month and explain the reasons.

So that the Owner can respond, it must be able to verify your identity. The Owner will not respond to a request where it is unable to confirm that the personal data held relates to you. You do not need to create an account to make a request. Any personal data collected to verify a request will be used only for that purpose.

If you are a parent or guardian, you may make a request on behalf of a child in your care.

Complaints

If you are concerned about how the Owner handles your personal data, please contact the Owner first using the details at the top of this document, so the matter can be addressed directly. The Owner will acknowledge your complaint, investigate it, respond in plain and accessible language, and tell you the expected timeframe.

If you remain dissatisfied, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Helpline: 0303 123 1113 Website: https://ico.org.uk/make-a-complaint/

Additional information

Legal action

The user’s personal data may be used for legal purposes by the Owner in court, or in the stages leading to possible legal action, arising from improper use of this Application or the related services. The user acknowledges that the Owner may be required to disclose personal data at the request of public authorities.

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (system logs), or use other personal data such as the IP address, for this purpose.

Information not contained in this policy

Further details concerning the collection or processing of personal data may be requested from the Owner at any time, using the contact details at the top of this document.

Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying users on this page, and where appropriate within this Application or by sending a notice to the contact information available to the Owner. Please check this page regularly, noting the date of the last modification at the top. Where changes affect processing carried out on the basis of consent, the Owner will obtain fresh consent where required.

Definitions and legal references

  • Personal data. Any information that relates to an identified or identifiable living individual.
  • Usage data. Information collected automatically through this Application (or third-party services), which can include the IP addresses or domain names of the computers used, the URIs requested, the time of the request, the method used, the size of the file received in response, browser and operating system details, and other data about the device and connection.
  • User. The individual using this Application who, unless otherwise specified, is the data subject.
  • Data subject. The individual to whom the personal data relates.
  • Data processor. A person or organisation that processes personal data on behalf of the controller.
  • Cookie / tracker. Small data sets or other technologies used to monitor, store or recognise a user across this Application.
  • Controller. The ERA Foundation, which determines the purposes and means of processing.

Legal references

This privacy policy has been prepared with reference to the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and the Data (Use and Access) Act 2025.

This document is a template prepared as a starting point and is not legal advice. Before publishing, the placeholders above should be completed with the Application’s actual processors, lawful bases and retention periods, and the policy should be reviewed by a suitably qualified data protection professional.