The British Council is the United Kingdom’s international organisation for cultural relations and educational opportunities.
We collect and use personal data to offer people information, products and services. This policy will apply in all locations where we operate, to all forms of information and to all systems used to collect, store, process or transfer information.
The British Council applies the UK Data Protection Act 2018 as a global privacy standard together with local data protection law in the countries where it operates. In countries where the UK Data Protection Act 2018 conflicts with local law, local law that meets internationally accepted privacy principles will take precedence.
The British Council is committed to:
- performing privacy impact assessments to protect the privacy and rights and freedoms of its customers, staff and relevant wider stakeholders
- protecting the confidentiality, integrity, availability and resilience of the information it collects, stores, transfers and processes in accordance with UK law and international good practice, and to meeting its legal requirements and contractual obligations
- explaining why it needs personal information, only asking for the personal information it needs and only sharing personal information within the British Council and with other organisations as necessary or where the person concerned has given their consent
- clearly and openly communicating to its customers, staff and relevant wider stakeholders the purposes for processing their personal information, including the legal bases for processing and limiting the purposes to only what has been communicated or where there is a legal obligation
- allowing people to exercise their rights in respect of the personal information it holds on them, including the right to complain if they believe their information has been mishandled
- not keeping personal information for longer than necessary
- taking measures to protect the rights and freedoms of individuals whose personal information may be transferred to countries with differing data protection laws
- ensuring that actual or suspected breaches of information security are reported and investigated
- assessing the maturity of its information security controls annually
- applying these standards to its supply chain and delivery partners.
We will provide adequate and appropriate resources to implement this global policy statement and will ensure it is communicated and understood.
The British Council will review this global policy statement annually to reflect new legal and regulatory developments and ensure good practice.
This policy was approved by Scott McDonald, Chief Executive, in April 2023 and is due for review in March 2024