GBCC as a Data Controller - PRIVACY NOTICE

Great Britain-China Centre as a Data Controller

1. Who we are
The Great Britain China Centre 
15 Belgrave Square 

The Great Britain-China Centre (GBCC) was established in 1974 by the UK Foreign and Commonwealth Office to advance the rule of law and political dialogue with China. GBCC works with partners in the government, academic, business and legal sectors to support legal and policy reform efforts in China that are in line with international standards and rule of law principles. 
GBCC is the controller for the personal information we process, unless otherwise stated.

2. What data we process and why
Most of the personal information we process is provided to us directly by you for one of the following reasons:
• You wish to participate in or attend an event organised by us
• You subscribe to our e-newsletter
• You have applied for a job, volunteering position or educational grant
• You have made an information request to us

GBCC will hold the minimum personal data necessary to enable it to perform its function and it will not hold it for longer than necessary for the purposes for which it was collected. Every effort will be made to ensure that data held is accurate, up to date and that inaccuracies are corrected without unnecessary delay. All personal data will be fairly obtained in accordance with the Privacy Statements and lawfully processed in accordance under the General Data Protection Regulation (GDPR) rules.

3. Legal basis for the processing
We process this data because you have provided your consent for us to do so. We may also process your data under the following legal bases (Legal basis ‘(e) Public Task’ does not apply):
(a) Consent: you have given us clear consent to process your personal data for a specific purpose
(b) Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract with you
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations)
(d) Vital interests: the processing is necessary to protect someone’s life
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless your rights as the data subject override those legitimate interests.

4. What we do with it

In addition to processing this data because you have provided consent for us to do so, there may be other circumstances in which we may lawfully share your data with third parties where, for example, we are required to do so by law, by court order, or to prevent fraud or other crimes. Where we share data, however, we shall do so in accordance with applicable data protection laws.

5. How long we keep your data

We will retain your personal data for only as long as it is necessary or for as long as we are legally required to do so and in line with our Retention Schedule.
Your rights
In certain circumstances you have the right to:
object – request that your data is not processed for certain purposes
erasure - request that your personal data is erased where one of the statutory grounds applies
data portability – the right to obtain and reuse your personal data for your own purposes across different services in certain circumstances
restrict processing - request that the processing of your personal data is restricted in certain circumstances – for example, where accuracy is contested
rectification - request that any inaccuracies in your personal data are rectified without delay. Request that any incomplete personal data is completed, including by means of a supplementary statement
access - request information about how your personal data is processed and to request a copy of that personal data

If your personal data is processed on the basis of consent, you have the right to: 
withdraw consent to the processing of your personal data at any time

6. How to contact us
If you have any questions about anything in this notice, or if you consider that your personal data has been misused or mishandled contact us
You can also contact our Data Protection Officer at the Foreign and Commonwealth Office:
Data Protection Officer 
Knowledge Management Department 
Knowledge and Technology Directorate 
Room K4.02 
Foreign and Commonwealth Office 
King Charles Street 
Email:  Tel: 020 7008 1500

6.1 Complaints
You may also make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office 
Wycliffe House 
Water Lane 
Cheshire SK9 5AF 
Email:  Tel: 0303 123 1113

7. Changes to this notice
We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified data at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date. We will publish changes to our privacy notice on our website.