Privacy Policy

The Advanced Research and Invention Agency (“ARIA”/”we”/”our”/”us”) is committed to protecting the privacy and security of your personal information. 

This policy sets out the basis on which we will collect your personal data, and how that data will be used. 

This policy applies to personal data we collect when you use our website (the “Website”) or otherwise interact with us. 

Please read this privacy policy carefully to understand how we will treat your personal data. We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data without consent, this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used.   

If you have any questions or require any further information regarding our use of your personal data, please contact us using the contact us form.

About us

ARIA is the data controller in respect of your personal data. This means we are responsible for deciding how we hold and use personal data about you. 

Who this policy applies to

The information we collect depends on the context of your interactions with us. In this policy, we consider the following groups of people:

  1. Visitors to the Website 
  2. Website visitors who complete a contact form (including the subscription options)  
  3. interact with us in any other way as a supplier or business contact 

You may fall into one or more of these groups, and these categories may change over time. The information we collect, and the way it is used, will depend on which of these groups you fall into. This policy does not apply where you are applying to work for us. Please see our Privacy Policy for Job Applicants for further information on how your personal data will be used during the recruitment process.

What information we collect and how we will use it

Visiting the website

The personal data we collect from you as a visitor to the Website includes:

  • your Internet Protocol (IP) address, and details of which version of web browser you used, crash logs, hardware settings, browser language
  • cookies and similar technology
  • location information  

This data is automatically collected and stored in our server logs when you interact with the Website. Collecting this data enables us to improve user experience of the Website, for example to provide you with tailored content. It also helps us to understand how the Website is used, by analysing the traffic we receive, and to maintain and protect the security of the Website and products. Our Cookie Policy explains this in more detail and can be found here.

The legal basis for collecting the information from cookies is your consent to cookie use (other than in respect of strictly necessary cookies in respect of which our legal basis is our legitimate interest in providing the Website to you) and our legitimate interest in improving the Website and protecting our rights.

Filling out our contact form

We may collect the following information when you use our contact form to raise a query with us.  

  • Your first and last name, email address, job title, place of work and subscription preferences: as required for the contact form.
  • Any feedback, questions or comments you send to us: to enable us to respond to your questions and provide information to you.

Collecting this data enables us to communicate with you in response to your completion of a contact form.  

Our legal basis for collecting this information is to enable us to respond to you, and our legitimate interest in responding to questions in relation to our services and protecting our rights If you sign up to receive updates (i.e. marketing communications) from ARIA  our legal basis is with your consent when you sign up.   

Interacting with us as a supplier or business contact

We may collect or use the following information about you when we interact with you (or the organisation you represent) as a supplier or business contact.  

  • Your name, title, email address, phone number and organisation that you represent (including the address of the organisation that you represent), as well as bank details. 

Collecting this data enables us to receive products and/or services from you or the organisation that you represent.  Our legal basis for collecting this information is either our legitimate interest to allow us to receive products and/or services from the organisation that you represent or performance of a contract with you. 

Our legal basis for processing your data

The legal basis for processing personal data on the Website is your consent when subscribing to our mailing list or accepting the use of cookies on the Website (except strictly necessary cookies) and our legitimate interest in responding to questions in relation to our services, or in relation to our business relationship and protecting our rights. 

What we do with your data

The data we collect may be shared with our professional advisors and our technology suppliers, for example our hosting provider. We require all our technology suppliers to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our technology suppliers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions. 

We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.

The data we collect with Google Analytics cookies is transferred and stored with Google where we analyse it with Google Analytics software (Universal Analytics). We do not allow Google to use or share this data for their own purposes.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

How long we keep your data

We will only retain your personal data for as long as it is needed for the purposes set out in this document or for as long as the law requires us to.

We will:

  • keep your email data until you unsubscribe.
  • keep your feedback data for 2 years.
  • delete access log data which contain your IP address after 120 days.
  • keep your business contact details during our business relationship and as required afterwards for business records purpose

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at all stages, both while it’s processed and when it’s stored.

The personal data we collect from or about you may be transferred to, processed and stored, at destinations outside the UK (for example, the US).  

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection as it has in the UK. 

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.

We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.

Other websites

The Website may contain links to another website. This policy only applies to the Website so when you follow a link to other websites you should read their own privacy policies. 

Unsubscribing (opting out)

You will receive updates (i.e. marketing communications) from us if you have requested information from us. You can ask us to stop sending you updates at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these updates, this will not apply to personal data that you otherwise provided to us as part of the contact form. 

Your rights

Under certain circumstances, by law you have the right to:

  • be informed about how your data is being used and how it is kept.
  • get access to your personal data (known as a data subject access request).
  • update any incorrect data about you or have your data erased.
  • stop or restrict processing of your data.
  • port your data to reuse it for different services.
  • withdraw consent where we are relying on consent to process your data.
  • object to how your data is processed in certain circumstances.

Most information will be provided free of charge. However, we may charge an administrative fee in some circumstances, for example if:

  • a large amount of information is being requested; or 
  • the request will take a lot of time and effort to process.

Any charges we make will be justified, transparent and kept to a minimum.

You should:

  • outline your request as clearly as possible;
  • provide any dates, if relevant;
  • give names and organisations, if relevant; and 
  • state the format in which you would like this information (hard copy or electronic).

We may need request further information from you to help us confirm your identity and ensure your right to exercise any of your rights. 

In return we will:

  • respond to acknowledge your request has been received.
  • act on your request within one month, as required by data protection legislation. If the request is particularly complex and will take longer to resolve, we will write to tell you this.
  • write to tell you if your request is not applicable, and provide reasons why.

We may also refuse to comply with your request if it is manifestly unfounded or excessive.

How to contact us and complaints

If you have any questions about this policy or how we handle your personal data, please contact us or email our Data Compliance Officer at dco@aria.org.uk. 

If for any reason you are not happy with the way we have handled your personal data, please contact us via our contact form. 

If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office at: casework@ico.org.uk. 

Changes to this policy

We keep this policy under regular review and will post any updates on the Website. 

This policy was last updated in August 2023.