Privacy policy

Protecting your data – how we comply with the General Data Protection Regulation (GDPR)

We take your privacy seriously and any information we hold about you whether held on our internal computer network or in written form is secure and accessible only to authorised PHG Foundation staff.  We ensure we have robust measures in place for processing all data in a secure and protected manner.

Purposes for which we process data

We process personal data to enable us to undertake the services we provide to you and to our other clients (individuals, companies and organisations). We use this information to keep you informed about our events, to provide newsletters and updates on what the Foundation is doing.

As an organisation, we also process personal data in relation to our staff (and associated family members), others who provide business services to us and those who visit our offices.

Parties with whom we may share data

We only share personal data with a third party where they are involved in supporting us in maintaining the services we provide you e.g. sending newsletters, invitations to participate in events, or to keep you informed about other activities in support of our mission to ‘Make science work for health’.

As an organisation, we only share data in relation to our employee or business contacts where it is necessary to carry out legitimate business processes such as making payments to suppliers, the payment of salaries and contributions to employee benefits.

What we do to meet the requirements of the GDPR

  • We review our key business functions regularly to check we are processing personal data securely and in accordance with the regulations.
  • We only share data with third parties when there is a clear business need to do so.
  • We work with those third parties to ensure that data is passed to them in a secure manner.
  • We provide staff training to make sure that our people process your personal data safely.
  • We communicate through our website and contracts to ensure people are aware of what we do with their data and how to contact us if they have any queries regarding this.
  • As a part of the University of Cambridge who provide our IT systems and infrastructure we are confident that robust measures are in place to protect the data we process. This includes hardware safeguards, access controls, solutions for combating spam, malware and viruses, as well as monitoring software and the carrying out regular tests to check the defences that are in place from a cyber-attack.

Where we use services provided by third parties, we satisfy ourselves that they understand the obligations on them to protect our data and process it in a lawful manner. In some instances, the use of these services will involve the movement of data to and from countries outside the UK and EEA.

Our Administration Manager and Business and Operations Manager act as our first ports of call for any enquiries you may have about how we look after your data, including any concerns you may have.  You can contact either by email on