CO Research Trust Privacy Policy

At CO Research Trust, we respect your privacy and are committed to protecting your personal data. In this policy, we explain how we collect and use your personal information when you visit our websites (, use our services or otherwise contact us.

Please note that links from our website may take you to external websites which are not operated by us or covered by this policy. We recommend that you check their privacy policies before submitting any personal information to other sites.

About Us

We are CO Research Trust (charity number 1110624) and we’re based at Aldwych House, Winchester Street, Andover, Hampshire SP10 2EA.

We are the data controller for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) which means that we decide how and why we use your personal data within our organisation.

If you have any questions about your privacy on our website, or our use of your personal data, please Contact Us.

What personal information do we collect, and how do we use it?

You are not required (by law or by any contract with us) to provide personal information to us via our website. We will only require you to provide personal information to us where it is necessary for us to provide you with a service at your request.

Information you provide to us

We may receive personal information about you whenever you use our site or contact us, including by doing the following:

  • Submitting an enquiry or funding application form to us,
  • Commenting, reviewing or posting content on our site or social media,
  • Subscribing to our newsletter and/or email notifications,
  • Using and browsing our site,
  • Telephoning, writing by post or emailing us.

This information may include the following:

  • Information to identify you, such as your full name, date of birth, age, gender, organisation, occupation and employer, where relevant
  • Contact information, such as your postal address, email address and telephone number
  • Additional information relevant to your use of our site and services, such as your marketing preferences, survey responses and feedback

We have a legitimate interest in efficiently and effectively managing and operating our organisation, and improving the services that we offer, to give you the best experience that we can. We may sometimes need to use your personal information to do this. We also need to use this information to perform our obligations when we enter into contracts with you. We will use your information so that we can:

Provide you with information about our organisation, services, the work we do and your contracts with us

  • Assist you in answering any questions or queries you may have submitted
  • Subscribe you to any email newsletter operated through the website, providing that this was made clear to you and your express permission was granted
  • Invite you to CO Research Trust-run events
  • Verify your identity
  • Deal with any complaints you may have
  • Administer funding applications and enquiries about financial support
  • Contact you about any changes that we make to our organisation and the work we do
  • Improve the ways that we work, including the performance of our systems, processes and our people
  • Administer our website, including troubleshooting problems, analysing statistics, conducting research and tests and keeping the site secure


We collect personal data for the purposes of recruitment to ensure that our recruitment processes are transparent and unbiased. We implement a ‘blind recruitment’ process to achieve this.

The information we collect may include the following:

  • Contact details such as your name, addresses, telephone numbers, email addresses
  • Referee names and contact details
  • Information you provide to us in your CV, application form, and/or cover letter

If you provide unsolicited personal data to us, for example if you submit your CV on a speculative basis, we will delete the personal data and inform you of this. We do not encourage individuals to submit unsolicited personal data for recruitment purposes.

We may also collect more sensitive personal information, or ‘special category’ information from you. This may include information about:

  • Racial or ethnic origin
  • Political, religious or philosophical beliefs
  • Health and medical information
  • Sexual orientation

Any special category information you provide to us will not be shared with the internal recruiter until the shortlisting process occurs. This means we can positively select minority candidates where possible to be finalised for interview. We are committed to the aim of ensuring that everyone who applies to work here receives fair treatment. We are an equal opportunities employer and welcome applications from all suitably qualified individuals regardless of race, gender/expression, sex, disability, sexual orientation, religion or belief, age, marital status or civil partnership or pregnancy/parental leave.

The above data will be held for 6 months after the job advertisement closes. This means that we can follow up with candidates other than the successful individual should an opportunity arise to discuss the position in question or any other opportunity. Following this, data submitted by unsuccessful candidates will be deleted, and successful candidate data will be retained for employment purposes.

Should it be required (for instance due to sickness), we will notify candidates via email that we need to retain their data for an extended period (which will be specified in this communication) and request consent for this. You should assume you are an unsuccessful candidate if we do not contact you within 2 weeks of the application closing date.


If you have previously contacted us, the event organisers, or your contact information is in the public domain and we believe our event is appropriate to your interests and network, we may send you invitations to events.

If you do not wish to be contacted by us about events in the future, please contact us.

If you RSVP to an event, we have a legitimate interest in managing your personal data. This personal data may include:

  • Your name and contact details, such as your email address
  • Your job title and company
  • Accessibility requirements
  • Dietary requirements.

We may use this information for the following purposes:

  • Sending event notifications and updates in advance of an event
  • Creating lists of attendees (which will include your name, job title and company only)
  • Name badges
  • Social media updates
  • Photography and marketing

We may retain information we hold about you in relation to an event for up to 3 months after the event has taken place. During this time we may send a summary or event follow-up by email to subscribers to our newsletter.

Contact and communication with the CO Research Trust

Users contacting the CO Research Trust directly or via this website do so at their own discretion and their consent is required for the provision of any personal details requested.

Should you provide the CO Research Trust with personal information, it is kept private and stored securely until a time it is no longer required or has no use, as detailed in the General Data Protection Regulations (GDPR).

Promoting our organisation

We may use the personal information that we hold about you (such as your name and email address) to identify and tell you about information and services that we think may be of interest to you. This includes our newsletter.

If we have given you or your organisation funding in the past, we may also contact you with information about similar financial support available.

We have a legitimate interest to use your personal information in this way to promote our organisation and further our cause, but you may contact us at any time to let us know if you do not wish to receive these messages.

We will not use your personal contact details for marketing purposes unless you have given us consent to do so, and you may withdraw your consent or update your preferences at any time by contacting us.

Email newsletters

The CO Research Trust operates an email newsletter programme, used to inform subscribers about the CO Research Trust’s activities. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion/by opting in. Some subscriptions may be manually processed through prior written agreement with the user. If you wish to be removed from any (or all) mailing list/s, please unsubscribe via the latest email you received, or contact the CO Research Trust to ensure this is done manually.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003 and GDPR. All personal details relating to subscriptions are held securely and in accordance with the GDPR. No personal details are passed on to third parties or shared with companies / people outside of the organisation that operates this website.

Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is not a comprehensive list]. This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed at the footer of each email. If an automated un-subscription system is unavailable, clear instructions on how to unsubscribe will be detailed instead.”

Information we collect on our website

We collect information using cookies and other similar technologies to help distinguish you from other users of our website, including using Google Analytics. These can streamline your online experience by saving you from re-inputting some information and also allow us to make improvements to our website. For more information about how and why we use cookies, please take a look through our Cookie Policy.

When you visit our website, we may collect the following information:

  • Which pages you view and which links you follow
  • Your IP address and general location
  • Details of the hardware and software that you are using to access the site
  • Any passwords that you use on our website
  • If you choose to log in using a third party, we will record your login provider
  • A device identifier (cookie or IP address) for fraud prevention
  • Details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, web logs and other communication data
  • Where your visit to our website originates from advertising sources, we record the source of each visit. This is purely to allow us to assess the effectiveness of these adverts and is not used for visitor profiling of any kind

Our website is not intended for children and we do not knowingly collect data relating to children.

Keeping in touch

We need to use your personal information whenever you contact us, whether via the website, email, phone or post, including if you tag us in any posts or otherwise engage with us on social media. We also need to use your information to let you know about any important changes to our organisation or policies (including this privacy policy). We have a legitimate interest to use your information in this way and, in some cases, this may be necessary for our performance of a contract with you or to comply with our legal obligations.

Information we receive about you from other sources

Sometimes you will have given your consent for other websites, services or third parties to provide information to us.

This could include information we receive about you if you use any of the other websites that we operate or the other services that we provide, in which case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this website. We will also have told you for what purpose we will share and combine your data.

It could also include information from third parties that we work with to provide our services, such as technical support companies and advertising companies. Whenever we receive information about you from other third parties, we will let you know what information we have received and how and why we intend to use it.

How else might we use your personal data?

In some cases, we may collect personal information about you from other sources.

This may include:

  • Publicly available information from sources such as Companies House and the Electoral Roll
  • Information you have shared publicly, including on social media
  • Information from third party databases, such as credit reference agencies

We may use your information where it is necessary for us to do so in order to meet our legal obligations or to detect and prevent fraud, money-laundering and other crimes. We may also use your information where it is necessary to protect your interests, or the interests of others, or in accordance with our legal obligations. This may include in the event of criminality such as identity theft, piracy or fraud.

We will only use your personal information for the purposes we collected it for (as explained in this policy) unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Who do we share your personal information with?

We share the information that you provide to us with our staff so that we can manage our organisation and provide our services to you. We may also share your information with selected third parties, such as:

  • Our web hosting provider, Grasp Support to host the website and related services and applications
  • Third-party event organisers
  • Third-party marketing providers, such as photographers at our events
  • Payment service providers, for making and receiving payments
  • Contact management systems to send emails, instant messages, social media messages and SMS messages
  • Our trusted professional advisers such as lawyers and accountants, where appropriate

We may disclose your information to other third parties where we believe that the disclosure is:

  • Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings
  • Necessary to protect the safety of our employees, our property or the public
  • Necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction
  • Proportionate as part of a merger, business or asset sale (in the event that this happens we may share your information with the prospective seller or buyer involved)

We do not pass your data to our partners/members without express consent.

How long do we keep your personal information?

We will only store your personal information for as long as we need it for the purposes it was collected for. Where we provide you with any service, we need to retain the information we hold about you for at least as long as we continue to provide that service to you.

If you are a user of our website or we have otherwise been in contact with you, we may retain the information we hold about you for a period of up to 3 years.

Thereafter, and in all other circumstances, we will only keep your information for as long as is strictly necessary to allow us to achieve the original purpose for which that information was collected, or for as long as may be expressly stated in this privacy policy.

Protecting your personal information

We put in place appropriate security measures to keep your personal data secure and to prevent unauthorised access. For example, we:

  • Manage a single CO Research Trust database, overseen by our Senior Management Team and data protection officer, the Head of Charitable Operations.
  • Purchase or gather publicly available data to manage with legitimate interest - only for single purpose business-to-business contact (for example an invitation to an event with relevant content to your interests).
  • Require informed consent from individuals for inclusion on our long-term single database/mailing lists; this consent is recorded.
  • Carry out information risk assessment and apply mitigation measures to keep data safe.
  • Provide GDPR training to all of our staff.
  • For newsletters and events we manage lists which comply with GDPR regulations, including deleting data once its specific purpose expired (for example once an event has completed).
  • Manage data collected by the website via Google Analytics. This third-party service complies with GDPR requirements.
  • Manage our finances to comply with GDPR requirements and access to this is limited to our Finance team.
  • Keep data up to date by regularly reviewing data lists and writing to contacts on an annual basis to ensure they wish to remain in contact with us.

Information that you provide via our website is hosted with Grasp Support on secure third party servers in the UK. We try to ensure that all information you provide to us via the website is transferred securely – always check for the padlock symbol in your browser and “https” in the URL before submitting information. However, the transmission of information via the internet is not completely secure and, although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website.

What rights do you have?

You have a number of rights in respect of your personal data. If you would like any further information or to exercise any of your rights, please contact us. In most cases, we will not charge you any fee if you wish to exercise any of these rights.

The right to be informed

We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it. We have written this policy to comply with this right, but please contact us if you require further information.

The right to access your personal data

You have the right to ask us to confirm whether or not we hold any of your personal data. If we do, you have the right to access a copy of your data, as well as information about how, and why, we use it. In order to prevent your data being disclosed to someone who is not authorised to access it, we may have to verify your identity before we provide you with a copy of the data that we hold.

The first copy of your information that you request from us will be provided free of charge, if you require further copies we may charge an administrative fee to cover our costs. Please contact us if you wish to request access to our data.

The right to correct any inaccurate or incomplete personal data

If the information that we hold about you is inaccurate or incomplete, you have the right to require us to correct that data (or complete it by supplementing it with other information).

The right to be forgotten

You have the right to require us to delete or destroy your personal data in the following circumstances:

  • The information is no longer needed for the purposes we collected it for
  • Where we rely on your consent, and you withdraw that consent
  • You object to us using your information for marketing purposes, or for our legitimate interests, and we have no overriding reason to keep using it
  • We have used your information unlawfully
  • We are required by law to delete your information

If these situations apply, you may contact us to request that we erase your data from our systems.

The right to have your data transferred to you or a third party in a common format

Where your personal data is processed by automated means, you may have the right to obtain a copy of your personal data in a structured, commonly used and machine-readable format, and to ask us to transfer this data to another organisation in a safe and secure way.

You have the right to object to direct marketing

You can ask us at any time to stop using your information for direct marketing purposes, even if we do not rely on your consent to do this. You may exercise this right by following the instructions in any of the emails that we send to you, or by contacting us.

The right to object to us using your information for our own legitimate interests

Sometimes, we use your personal information to achieve goals that will help our organisation – these are our legitimate interests, and they are explained in more detail in this policy.

We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object to our use of your data in these ways. If you do object to this, unless we have a compelling reason to continue we will stop using your personal data for these purposes.

You have the right to restrict how we use your personal data

You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:

  • You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify or update this
  • You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection
  • We have used your information unlawfully, but you do not want us to delete it
  • We no longer need to use the information, but you need it for a legal claim

You have rights related to automated-decision making and profiling

You have the right not to be subject to decisions made based on automated decision-making, including profiling, which will have a legal effect upon you or otherwise significantly affect you. We do not currently use any automated decision-making or undertake any profiling of our customers or other individuals.

Changes to our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

This version was last updated on 31/05/2021 and historic versions can be obtained by contacting us.


If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO. If you are based in another European Union member state, you may instead lodge a complaint with the supervisory authority in your country.

Contact Us

If you wish to speak to us regarding your privacy, or our use of your personal data, please contact us using the following details:

Post: CO Research Trust, Winchester Street, Andover, Hampshire SP10 2EA


Telephone: 01264 351133