NOC Privacy Notices

NOC privacy notice for applicants for jobs at NOC

The National Oceanography Centre (NOC) is committed to protecting the privacy and security of your personal information and being transparent about what we do with it.

This NOC Recruitment Privacy Notice relates to personal information submitted by you, to NOC as part of the application process for jobs at NOC. We use this information to assess your suitability for jobs you have applied for and (where applicable) to progress and conclude the recruitment process.

Overview

This Privacy Notice describes the categories of Personal Data that we collect, how we use your Personal Data, how we secure your Personal Data, when we may disclose your Personal Data to third parties, and when we may transfer your Personal Data outside of your home jurisdiction. This Privacy Notice also describes your rights regarding the Personal Data that we hold about you including how you can access, correct, and request erasure of your personal data.

We will only process your Personal Data in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the Personal Data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.

NOC is required by law to provide you with the information in this notice. This notice has been designed to meet the requirements of the UK Data Protection Act 2018 (DPA) (“UK GDPR”) and the UK General Data Protection Regulation (collectively referred to in this Privacy Notice as Data Protection Law).

What personal information does NOC process?

For the purposes of this Privacy Notice, Personal Data means any information about an identifiable individual (“Personal Data”). Personal Data excludes anonymous or de-identified data that is not associated with a particular individual. In connection with your application to work with NOC, we may collect, store, and process the following categories of Personal Data:

You will be asked to set up a user account via NOC’s website and provide us with:

• your name
• contact details
• information about your entitlement to work in the UK
• diversity information
• details of your qualifications, skills, experience and employment history
• qualification and training information
• other information relevant to the role

If your personal information and CV have been submitted by a trusted third party, your details will be uploaded on to the recruitment portal by that third party.

If you progress through the recruitment process, then we may also collect the following information:

• information from referees
• information on Disclosure and Barring Service (DBS) checks including the outcome of the checks (see section below on Collection and Use of Special Categories of Personal Data and Criminal Conviction Data).
• Information required for us to conduct right to work checks and the outcome of those checks.
• Occupational health information (see section below on Collection and Use of Special Categories of Personal Data and Criminal Conviction Data).

How will NOC collect personal information?

Data is collected through the recruitment portal, from CVs, from correspondence with you, through interviews, meetings or other assessments and from information that you provide to us (via our third-party provider) as part of our pre-employment screening process and right to work checks.

We will collect the majority of the Personal Data that we process directly from you. Third parties may also provide your Personal Data to us, such as former employers (named referees), employment agencies, official bodies (such as criminal record bureau), certified identity document validation technology providers and medical professionals. NOC operates CCTV systems at its Southampton and Liverpool sites. For further information regarding the use of CCTV, please refer to NOC’s General Privacy Notice.

Data is stored in a range of different places, in NOC’s recruitment portal, its business information system, and across other IT systems (including the organisation's network drives and email system).

How will NOC use information collected about you?

We will use the personal information we collect about you to:

• Assess your skills, qualifications, and suitability for the role.

• Carry out background and reference checks, where applicable.

• Communicate with you about the recruitment process.

• Keep records related to our hiring processes.

• Comply with legal or regulatory requirements.

It is in our legitimate interests to decide whether to appoint you to the role since it would be beneficial to our business to appoint a suitable candidate to that role. We also need to process your personal information to decide whether to enter into a contract of employment with you.

Having received the information submitted by you, we will then process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then carry out our pre-employment screening checks (including right to work, DBS, occupational health and references) before confirming your appointment.

Collection and Use of Special Categories of Personal Data and Criminal Conviction Data

The following special categories of Personal Data are considered sensitive under Data Protection Law and may receive special protection:

• Racial or ethnic origin.

• Political opinions.

• Religious or philosophical beliefs.

• Trade union membership.

• Genetic data.

• Biometric data.

• Data concerning health.

• Data concerning sex life or sexual orientation.

Data relating to criminal convictions and offences also receive special protection under Data Protection Law. Criminal convictions data means Personal Data relating to criminal convictions and offences, including Personal Data relating to criminal allegations and proceedings (“Criminal Convictions Data”).

We may collect and process the following special categories of Personal Data for the following legitimate business purposes, to carry out our obligations under law, or as applicable law otherwise permits:

• We use information about disability to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during an interview.
• We use information about disability as part of our guaranteed interview scheme for those meeting the requirements.
• We use information about racial or ethnic origin, religious or philosophical beliefs, disability or sexual orientation to ensure meaningful equal opportunity monitoring and reporting.
• We ask you to submit health information as part of our Occupational Health screening process.

We carry out criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. As NOC is reliant on government funding and has access to (and manages) government assets NOC will seek a basic disclosure of your criminal records history to assess your suitability.

NOC has in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data

We will always treat Special Categories of Personal Data and Criminal Convictions Data as confidential, and we will only share such data where there is a specific and legitimate purpose for sharing the data. As set out below, we have implemented appropriate physical, technical, and organisational security measures designed to secure your Personal Data against accidental loss and unauthorised access, use, alteration, or disclosure.

We will not use Special Category Personal Data or Criminal Convictions data for new, different or incompatible purposes from those disclosed.

We will only retain special categories of Personal Data for as long as necessary to fulfil the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes.

If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Data Sharing

We will only disclose your Personal Data to third parties where required by law or to our employees, contractors, designated agents, or third-party service providers who require such information to assist us with administering the recruitment process, including third-party service providers who provide services to us or on our behalf. Third-party service providers include an external cloud-based system which manages job applicants’ data, a pre-employment screening service provider, and other data storage or hosting providers. These third-party service providers may be located outside of your home jurisdiction.

We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your Personal Data consistent with our policies and any data security obligations applicable to NOC. We do not permit our third-party service providers who process your Personal Data on our behalf to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes in accordance with our instructions.

For some roles requiring specific scientific or technical expertise and where the skillset within NOC is not sufficient to make a full assessment of candidate’s suitability for a role NOC may involve external people with the suitable expertise to help with the recruitment process (for example we may ask an external qualified person from a University to review applications alongside NOC personnel or to assist with the interview process). It is in NOC’s legitimate interest to use suitably qualified external expertise to identify and secure the most suitable candidate for a specific role. Such external people will be required to treat your details in strictest confidence and abide by NOC information security standards.

With your permission, we may contact references provided by you to undertake pre-offer reference checks.

International transfers of information

We may, on occasion decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed, and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.

However, we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the International Data Transfer Agreement and Addendum.

Data Security

We have implemented appropriate physical, technical, and organizational security measures designed to secure your Personal Data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to Personal Data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

Data Retention

Except as otherwise permitted or required by applicable law or regulation (for example Home Office VISA requirements), we will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it, so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and so that we can demonstrate that we have conducted the recruitment exercise in a fair and transparent way.

Personal Data held in the recruitment portal will be held for 12 months following no activity on your recruitment portal account (please note that logging into your account is included as activity). At this point your account will be de-activated by anonymizing your information and the secure deletion of all documents attached to your account. At any time, you also have the option to deactivate your account yourself when logged in, this will also anonymise all data held in the recruitment portal. Within the 12 month period, if you consent, NOC may also contact you to inform you of other NOC job vacancies that we consider you may be interested in.

If you are offered and have accepted the role the additional data that NOC collects such as pre-employment screening information will be stored on a staff file, and once you have been onboarded and commenced your role this will become part of your personnel file. This data will be retained in line with our retention policies on staff information, you can see a link to the NOC staff privacy notice here NOC Privacy Notices | National Oceanography Centre

Under some circumstances we may anonymize your Personal Data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

Rights of Access, Correction, Erasure, and Objection

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during the application process. By law you may have the right to request access to, correct, and erase the Personal Data that we hold about you, or object to the processing of your Personal Data under certain circumstances. If you want to review, verify, correct, or request erasure of your Personal Data, object to the processing of your Personal Data please contact us at noc_governance@noc.ac.uk. Any such communication must be in writing.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the Personal Data that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Data that we hold about you, or we may have destroyed, erased, or made your Personal Data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Right to Withdraw Consent

Where you have provided your consent to the collection, processing, or transfer of your Personal Data, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at noc_governance@noc.ac.uk.

Changes to This Privacy Notice

From time to time, we may need to change this privacy notice, for example, if we introduce new data into the recruitment process and we encourage you to check this privacy notice from time to time. We may process your Personal Data without your knowledge or consent where required by applicable law or regulation.

Contact Us

If you have any questions about our processing of your Personal Data or would like to make an access or other request, please contact noc_governance@noc.ac.uk.

If you are not happy with the response you receive, then you can raise your concern with the relevant statutory body:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Alternatively, you can visit the ICO’s website https://ico.org.uk/.

Last updated: 01/09/2025

• Document Name: Privacy Notice – Job Applicants

NOC privacy notice for NOC staff

The National Oceanography Centre (NOC) is committed to protecting the privacy and security of your personal information and being transparent about what we do with it.
 

This privacy notice describes how NOC collect and process data about you during and after your employment. This Privacy Notice applies to current and former employees only.

Overview

This Privacy Notice describes the categories of Personal Data that we collect, how we use your Personal Data, how we secure your Personal Data, when we may disclose your Personal Data to third parties, and when we may transfer your Personal Data outside of your home jurisdiction. This Privacy Notice also describes your rights regarding the Personal Data that we hold about you including how you can access, correct, and request erasure of your personal data.

We will only process your Personal Data in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the Personal Data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.

NOC is required by law to provide you with the information in this notice. This notice has been designed to meet the requirements of the UK Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (“UK GDPR”) (collectively referred to in this Privacy Notice as Data Protection Law).

What personal information does NOC process?

For the purposes of this Privacy Notice, Personal Data means any information about an identifiable individual (“Personal Data”). Personal Data excludes anonymous or de-identified data that is not associated with a particular individual. To carry out our activities and obligations as an employer, we may collect, store, and process the following categories of Personal Data, which we require to administer the employment relationship with you:

• information provided by you such as your name, address and contact details, including email address and telephone number, date of birth and gender.
• the terms and conditions of your employment.
• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with NOC.
• information about your pay and benefits.
• details of your bank account and national insurance number.
• marital and dependent status, when needed to administer benefits such as health insurance or pension benefits.
• wage and benefit information.
• information about your next of kin and emergency contacts.
• information about your nationality and entitlement to work in the UK.
• professional memberships
• information from references.
• Photograph
• information on Disclosure and Barring Service (DBS) checks including the outcome of the checks (see section below on Collection and Use of Special Categories of Personal Data and Criminal Conviction Data).
• details of your work pattern (days of work and working hours).
• details of periods of leave taken by you, including holiday, sickness and other absence, and the reasons for the leave.
• details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence.
• performance management information, including annual appraisals, performance development reviews (PDR) and ratings, training you have participated in, performance improvement plans and related correspondence.
• information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments (see section below on Collection and Use of Special Categories of Personal Data and Criminal Conviction Data).
• equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief (see section below on Collection and Use of Special Categories of Personal Data and Criminal Conviction Data).
• other personal details included in a CV, resume, application form or cover letter or that you otherwise voluntarily provide to us.
• other relevant information as applicable required by NOC in order to ensure we fulfil our obligations as an employer.
  • images captured on CCTV, Body Worn Video (Southampton site only) and Automatic numberplate recognition (Southampton site only). Further information on NOC’s use of CCTV can be found in the Surveillance Camera Procedure Policy.

The Personal Data listed in this Privacy Notice is required in order for us to administer the employment relationship. Failure to provide or allow us to process mandatory Personal Data may affect our ability to accomplish the purposes stated in this Privacy Notice.

NOC collects this information in a variety of ways.

For example, data is collected through application forms and CVs; obtained from your

passport or other identity documents; from forms completed by you at the start of or during employment (such as benefit nomination forms); from correspondence with you; or through interviews, meetings or other assessments.

We will collect the majority of the Personal Data that we process directly from you. In limited circumstances third parties may provide your Personal Data to us, such as former employers, official bodies (such as regulators or criminal record bureaus) and medical professionals.

You are able to directly update some of the information held on your record on NOC’s

Business Information System and to view the other fields in your record.

Data is stored in a range of different places, including in your electronic personnel file, in NOC’s Business Information System, and across other IT systems (including the organisation's network drives and email system).

Use of Personal Data

We only process your Personal Data where Data Protection Law permits or requires it, including where the processing is necessary for the performance of our employment contract with you, where the processing is necessary to comply with a legal obligation that applies to us as your employer, for our legitimate interests or the legitimate interests of third parties, to protect your vital interests, or with your consent if applicable law requires consent. We may process your Personal Data for the following legitimate business purposes and for the purposes of performing the employment contract with you:

• Employee administration (including payroll and benefits administration).
• Business management and planning.
• Processing employee work-related claims (for example, insurance and worker's compensation claims).
• Accounting and auditing.
• Conducting performance reviews and determining performance requirements.
• Assessing qualifications for a particular job or task.
• Internal or external investigations.
• Gathering evidence for disciplinary action or termination.
• Complying with applicable law.
• Education, training, and development requirements.
• Health administration services.
• Complying with health and safety obligations.
• In connection with your access to NOC premises.

We will only process your Personal Data for the purposes we collected it for or for compatible purposes. If we need to process your Personal Data for an incompatible purpose, we will provide notice to you and, if required by law, seek your consent. We may process your Personal Data without your knowledge or consent where required by applicable law or regulation.

We may also process your Personal Data for our own legitimate interests, including for the following purposes:

• To prevent fraud.
• To prevent or detect unlawful acts
• To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.
• To conduct data analytics analyses to review and better understand employee retention and attrition rates.

You will not be subject to decisions based on automated data processing without your prior consent.

Collection and Use of Special Categories of Personal Data and Criminal Conviction Data

The following special categories of Personal Data are considered sensitive under Data Protection Law and may receive special protection:

• Racial or ethnic origin.
• Political opinions.
• Religious or philosophical beliefs.
• Trade union membership.
• Genetic data.
• Biometric data.
• Data concerning health.
• Data concerning sex life or sexual orientation.

Data relating to criminal convictions and offences also receive special protection under Data Protection Law. Criminal convictions data means Personal Data relating to criminal convictions and offences, including Personal Data relating to criminal allegations and proceedings (“Criminal Convictions Data”).

We may collect and process the following special categories of Personal Data and Criminal Convictions Data when you voluntarily provide them for the following legitimate business purposes, to carry out our obligations under employment law, for the performance of the employment contract, or as applicable law otherwise permits:

• Trade union membership information where you choose to provide this information.
• Physical or mental health information or disability status to comply with health and safety obligations in the workplace, to make appropriate workplace accommodations, as part of sickness absence monitoring, for the purposes of occupational health and to administer benefits.
• Race or ethnic origin, religious affiliation, health information and sexual orientation to ensure meaningful equal opportunity monitoring and reporting.
• Criminal convictions data may be collected as part of the recruitment process this will be retained for no longer than 6 months however a record of whether the check was satisfactory or unsatisfactory will be recorded in your employment record.

Where we have a legitimate need to process special categories of Personal Data for purposes not identified above, we will only do so only after providing you with notice and, if required by law, obtaining your prior, express consent.

We will always treat Special Categories of Personal Data and Criminal Convictions Data as confidential, and we will only share such data internally where there is a specific and legitimate purpose for sharing the data. As set out below, we have implemented appropriate physical, technical, and organisational security measures designed to secure your Personal Data against accidental loss and unauthorised access, use, alteration, or disclosure.

We will not use Special Category Personal Data or Criminal Convictions data for new, different or incompatible purposes from those disclosed when it was first obtained unless we have informed you of the new purposes and you have consented (where necessary).

We will only retain special categories of Personal Data for as long as necessary to fulfil the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes.

Data Sharing

We will only disclose your Personal Data to third parties where required by law or to our employees, contractors, designated agents, or third-party service providers who require such information to assist us with administering the employment relationship with you, including third-party service providers who provide services to us or on our behalf. Third-party service providers may include, but are not limited to, payroll processors, benefits administration providers, and data storage or hosting providers. These third-party service providers may be located outside of your home jurisdiction.

We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your Personal Data consistent with our policies and any data security obligations applicable to us as your employer. We do not permit our third-party service providers who process your Personal Data on our behalf to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes in accordance with our instructions.

We may also disclose your Personal Data for the following additional purposes where permitted or required by applicable law:

• To comply with legal obligations or valid legal processes such as search warrants, or court orders. When we disclose your Personal Data to comply with a legal obligation or legal process, we will take reasonable steps to ensure that we only disclose the minimum Personal Data necessary for the specific purpose and circumstances.
• To protect the rights and property of NOC.
• During emergency situations or where necessary to protect the safety of persons.
• Where the Personal Data is publicly available.
• If a business transfer or change in ownership occurs and the disclosure is necessary to complete the transaction. In these circumstances, we will limit data sharing to what is absolutely necessary, and we will anonymise the data where possible.
• For additional purposes with your consent (where such consent is required by law).
• Your data could also be shared with employee representatives in the context of collective consultation on a redundancy or merger, if such a situation were to arise. This would be limited to the information needed for the purposes of consultation, such as your name, role and length of service.
• Relevant data (e.g. mobile number) may also be shared for the purposes of the organisation’s business continuity plan or serious incident procedures.
• Your data may also be shared for the purposes of audit or compliance purposes including grant funded activity

International transfers of information

We may, on occasion decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed, and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.

However, we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the International Data Transfer Agreement and Addendum.

Data Security

We have implemented appropriate physical, technical, and organizational security measures designed to secure your Personal Data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to Personal Data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

Data Retention

Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for Personal Data, we consider applicable legal requirements, the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes we process your Personal Data for, and whether we can achieve those purposes through other means. We specify the retention periods for your Personal Data in our data retention policy.

Under some circumstances we may anonymize your Personal Data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent. Once you are no longer an employee of the company, we will retain and securely destroy your Personal Data in accordance with our document retention policy and applicable laws and regulations.

Rights of Access, Correction, Erasure, and Objection

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your employment. By law you may have the right to request access to, correct, and erase the Personal Data that we hold about you, or object to the processing of your Personal Data under certain circumstances. You may also have the right to request that we transfer your Personal Data to another party. If you want to review, verify, correct, or request erasure of your Personal Data, object to the processing of your Personal data, or request that we transfer a copy of your Personal Data to another party, please contact us at noc_governance@noc.ac.uk. Any such communication must be in writing.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the Personal Data that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Data that we hold about you, or we may have destroyed, erased, or made your Personal Data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Right to Withdraw Consent

Where you have provided your consent to the collection, processing, or transfer of your Personal Data, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at noc_governance@noc.ac.uk.

Changes to This Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates. If we would like to use your previously collected Personal Data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your Personal Data for a new or unrelated purpose. We may process your Personal Data without your knowledge or consent where required by applicable law or regulation.

Contact Us

If you have any questions about our processing of your Personal Data or would like to make an access or other request, please contact noc_governance@noc.ac.uk.

If you are not happy with the response you receive, then you can raise your concern with the relevant statutory body:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Alternatively, you can visit the ICO’s website https://ico.org.uk/.

Last updated: 04/12/2025

• Document Name: Privacy Notice – All NOC Staff 

NOC privacy notice for NOC visitors

NOC is committed to protecting the privacy and security of your personal information and being transparent about what we do with it, no matter how you interact with us. That’s whether you want to work for or with NOC, donate, use NOC’s services, provide services to NOC, attend NOC events or ask to learn more about what we do.

This notice applies to all NOC websites, our use of emails and communications for marketing purposes, and any other methods that NOC uses for collecting information. It covers what personal data NOC collects and the reasons why it is collected, what we do with your personal data, and what rights you have.

NOC is required by law to provide you with the information in this notice. This notice has been designed to meet the requirements of the UK Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (collectively referred to in this Privacy Notice as Data Protection Law) and the Privacy and Electronic Communications Regulation (2003).

This notice, together with our cookies policy tells you about how we collect, use, and protect your personal information.

NOC has separate privacy notices for job applicants and employees these notices can be found here NOC Privacy Notices | National Oceanography Centre

If you have any queries about our Privacy Notice, please get in touch with our Legal and Governance team noc_governance@noc.ac.uk.

Who is NOC?

In this notice whenever you see the word NOC it refers to the National Oceanography Centre and the National Oceanography Centre Innovations Ltd.

National Oceanography Centre Innovations Ltd is a trading subsidiary of the National Oceanography Centre. National Oceanography Centre Innovations Ltd provides commercial products and services relating to marine science and technology, data information products, and facilities. All of its profits are passed to the National Oceanography Centre.

National Oceanography Centre Innovations is wholly owned and controlled by the National Oceanography Centre, the majority of company directors, are National Oceanography Centre employees and Trustees and the company shares many of the National Oceanography Centre’s head office functions such as marketing, legal, finance and HR

The full legal information for each entity is:

The National Oceanography Centre a private company limited by guarantee with company registration number 11444362 and a registered charity in England and Wales with charity number 1185265 and in Scotland with charity number SC049896.

National Oceanography Centre Innovations Limited is a registered Company (Company number 12250763)

Both companies are registered in England and Wales with registered offices at National Oceanography Centre, European Way, Southampton, United Kingdom, SO14 3ZH.

How and when NOC will collect information about you

NOC may collect and store information about you when you interact with NOC. For example, this could be when you:

• support our work through a donation.
  • work with NOC as a non-employee (for example as a student, secondee, fellow, associate, intern or work experience).
  • register for an event.
  • attend an event.
  • register to receive a newsletter or ask to receive other information.
  • enter into a contract with NOC.
  • use NOC’s services.
  • contact NOC.
  • provide services to NOC.
  • attend NOC’s premises.

When you interact with NOC on social media platforms such as Facebook, Twitter, or LinkedIn we may also obtain some personal information about you. The information we receive will depend on the privacy preferences you have set on each platform and the privacy policies of each platform. To change your settings on these platforms, please refer to their privacy notices.

What information do we collect?

When you engage with NOC by phone, mail, in person or online, we may collect personal information about you. Depending on the circumstances this may include your name, address, email address, telephone number, date of birth, job title, employer details and details of your education and career, financial details, identity and right to work information, why you are interested in NOC and other information relating to you personally which you may choose to provide to us.

Data Protection Law recognises that certain types of personal information are more sensitive. This is known as 'sensitive' or 'special category' personal information and covers information revealing racial or ethnic origin, religious or philosophical beliefs and political opinions, trade union membership, genetic or biometric data, information concerning health or data concerning a person's sex life or sexual orientation.

Sensitive information will only be collected where necessary, for example, we may need to collect health information from you in order to make reasonable adjustments should you attend an event or visit NOC premises. Clear notices will be provided at the time we collect this information, stating what information is needed, and why.

If you're under 16

NOC sometimes receives limited data about children, and we will collect data about children for events that we organise specifically for young people. If you are aged under 16, you must get your parent/guardian’s permission before you provide any personal information to us.

How and why NOC will use your information:

We will use your personal information for the following purposes:

• Donation processing: We will process personal information you provide in order to administer any one-off or on-going donations you make, to verify any financial transactions and to claim Gift Aid.
• Responding to a request: If you contact us with a query, we may use your personal information to provide you with a response.
• Communication: to communicate with our supporters and customers, including marketing and promotion
• Monitoring and Evaluating: We may use your information in order to improve current and future delivery of our services.
• Working with NOC (Non-Employees including Students Secondees, Fellows, Associates, Intern and Work Experience): we will use your personal information to administer any non-employee arrangements including to enable your access to NOC premises or systems (where applicable) and for security purposes. We may also collect and use your personal information to support visa applications where NOC is a sponsor and we may ask you to provide evidence of your right to live and work in the UK.
• Transactional purposes: We will need to use your personal information in order to carry out our obligations arising from any contracts entered into between you and us for goods or services.
• Providing and developing our website: We may use your personal information to help provide you with access to our website, personalise your experience, and improve and develop it further.
• Administration and relationship management: We may use your personal information to record and deal with a complaint, record a request from you, to update you about (or otherwise administer) an event you are attending or services that you have requested, to keep a record of your relationship with NOC and for other essential internal record keeping purposes.
• Prevention of crime: We may record your image on CCTV (at all NOC premises) or Body Worn Video (at our Southampton site only) which we use to prevent crime and keep our people and the public safe.
• Car Parking: NOC uses automatic numberplate recognition to manage access to its car parking facilities (at its Southampton site only).
• Protecting your vital interests: In rare cases NOC may process your personal information where we reasonably think that there is a risk of serious harm to you or someone else.
• Market research and surveys: We may invite you to participate in surveys or market research to help us improve our website, fundraising, services, and strategic development. Participation is always voluntary, and no individuals will be identified as a result of this research, unless you consent to us publishing your feedback.
• Legal, compliance and audit: We may process your personal information for audit purposes, where required for NOC to ensure compliance with legal and regulatory and other obligations (including EU funded grant activities), to carry out due diligence (for example before you supply goods or services to NOC) and for the purposes of obtaining legal advice or for legal proceedings.
• Business Continuity or Serious Incident Procedures: We may use your contact details to inform you of serious incidents at NOC premises or at NOC events, this will be in the interest of your safety and in accordance with NOC’s business continuity and serious incident procedures.
• Maintaining Historical Records: To ensure we have an ongoing record of NOC’s activities, which may be of interest and importance in the future.

Lawful Basis for Processing Your Personal Data

Data Protection Law requires us to identify the lawful basis under which we collect and use your personal information. Depending on why we process your data one, or sometimes more than one of the following bases may be relevant.

• Legitimate Interest - processing where we consider it is in the legitimate interest of NOC to process your data. We will always balance any potential impact on you and your rights against the identified legitimate interests.
• Consent – where you have given your consent for NOC to use your personal data for a particular purpose.
• Legal obligation – where the processing of personal data is required to ensure compliance with a legal obligation.
• Contract - where the processing of personal data is required to meet our contractual obligations.
• Vital Interest – in rare cases we may process personal data under the basis of vital interests where necessary to protect life.

Special Category Data

Where NOC processes special category information such as health data, we need an additional legal basis to do so. We may do this under:

• Explicit consent
• Employment, social security and social protection
• To carry out our legal obligations or in accordance with legal rights
• Vital interests
• Archiving, research and statistics

Using your information for marketing

We may send you communications about our work and how you can help us to protect and understand the oceans. As well as sharing our latest news, we may contact you about events and fundraising for NOC, our campaigns, and the many ways you can shape our work by post or phone (unless you have previously told us that you do not want to be contacted in this way). We rely on legitimate interest for this processing as we believe that NOC has a legitimate interest in promoting the charity.

We will send marketing information email if you have consented to receive information this way. You can stop us sending you email communications at any time by clicking the unsubscribe link at the bottom of the email. This can take up to 28 days to take effect.

We will only contact you about how you can support NOC by phone, if you have agreed for us to contact you in this manner, or if you are an existing donor.

NOC may send you information about our work and how you can support NOC by mail unless you have told us that you would prefer not to hear from us in that way.

To opt out of postal mailings, or telephone contact, please email giving@noc.ac.uk.

Who does NOC share information with?

NOC will only use your information for the purposes for which it was obtained. We will not sell or share your personal information with any third party for their own purposes.

We will only share your data for the following purposes:

Third party suppliers: We may need to share your information with service providers who help us to deliver our services and projects for example event organisers, payment providers, IT software providers (in relation to IT systems used by NOC). These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing data protection clauses.

Where legally required: We will comply with requests where disclosure is required by law, for example, we may disclose your personal information to the government for tax purposes. We may share information with law enforcement agencies for the prevention and detection of crime and where we consider it necessary to protect NOC’s property or the personal safety of its staff or visitors to its premises or website.

We always aim to ensure that personal information is only used by those third parties for lawful purposes in accordance with this Privacy Notice.

Visual imagery data

Publicity Photographs and/or video/digital images

NOC may take photographs of individuals for security and identification purposes (for example photo ID for those visiting the premises). Photographs taken for these purposes will be with the consent of the individual.

NOC may use images or videos for publicity purposes, such as on our social media or external website, or on event advertisement. NOC relies on legitimate interests for this activity as we believe that NOC has a legitimate interest in promoting the charity[SB1] .

During public events, appropriate signage will be in place to advise attendees if photographs or video recordings are taking place. NOC has procedures in place to allow individuals to opt out of their image being taken when filming and photography takes place at such events.

For any under 18s any individual photographs will be used only where a parent/guardian has consented for such use (in compliance with NOC’s Safeguarding Policy).

Closed Circuit Television (CCTV), Body Worn Video (BWV) and Automatic Numberplate Recognition (ANPR).

NOC uses CCTV (at all NOC locations), BWV and ANPR (at its Southampton site only) to:

• Assist in the detection, prevention and deterrence of crime and disorder in the area, including:
  • Countering terrorism
  • Helping to identify, apprehend and prosecute offenders,
  • Provide the police, other agencies and NOC with evidence to take criminal and civil action to court,
• To prevent and respond effectively to all forms of harassment and public disorder,
• To help reduce the fear of crime and provide reassurance to the public,
• To improve communication and the operational response of security patrols in and around the areas where surveillance cameras operate,
• To create a safer environment,
• To gather evidence by a fair and accountable method which can then be used for external and internal investigations,
• To assist in monitoring any Emergency Planning Operations,
• To provide emergency services assistance,
• To assist in monitoring health & safety.
• Maintaining security that aligns with the International Ships and Port Facility Security (ISPS) Code

CCTV footage and BWV will not be used for any other purposes and its use will be reviewed regularly. CCTV and BWV images will be retained for no longer than 30 days, after which they will be disposed of, unless there is an ongoing reason to keep them for the purposes named above. CCTV and BWV images are stored securely and can only be accessed by authorised individuals. With the exception of law enforcement bodies in the instance of crime, auditors or NOC insurance companies in the instance of damage to property, images will not be provided to third parties.

NOC uses ANPR at its Southampton site to manage access to its car parking facilities. This technology will be used to read your car registration number if you attempt to access the restricted car parking areas at NOC’s Southampton site. Your numberplate will be checked against a database and will allow access to the car parking facility where the registration number matches the database. To access these restricted areas, you will be asked to provide your numberplate details.

NOC complies with the Surveillance Camera Code of Practice.

How we protect your information

NOC takes the security of your data seriously. NOC has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees or representatives in the performance of their duties on a need-to-know basis.

Where NOC engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

NOC does not process your card or bank details when making donations through our website. Any debit or credit card details which we receive on our website are passed securely our payment processing partner, according to the Payment Card Industry Security Standards.

Please note that payments made indirectly, for example through Just Giving, have Separate Terms (Donations made through Just Giving have their own Terms and Privacy Policies (see www.justgiving.com ).

Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent this way, we cannot guarantee the security of data transmitted to our site.

How long will we keep your information?

We will keep your personal information in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to six years after a particular transaction).

If you request that we stop processing your personal information for the purpose of marketing, we may in some instances need to add your details to a suppression file to enable us to comply with your request not to be contacted.

In respect of other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.

Heritage information

The National Oceanography Centre as it is known today dates back to precursor institutions, each with long histories. As a national institution, it was formed in 1949 as the National Institute of Oceanography (NIO) and its operations based in Liverpool stem from the Liverpool Observatory founded in 1843, as a result we hold many historic records.

To ensure we have an ongoing record of NOC’s activities, which may be of interest and importance in the future, we keep certain information for heritage purposes.

This includes information about activities carried out by our people.

International transfers of information

We may, on occasion decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed, and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.

However, we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the International Data Transfer Agreement and Addendum.

Your rights to your personal information

Data Protection Law gives you certain rights over your data and how we use it. These include the right to:

• access to the personal information we hold about you, known as a subject access request.
• object to our processing of your personal information.
• object to your information being used for marketing purposes.
• restrict the processing of your personal information.
• obtain a copy of your personal data in a portable format so that you can reuse it.
• rectify your personal information if you believe it is incorrect – we want to ensure that all information we hold about you is accurate and up to date so please do let us know if anything changes.
• request the erasure of your personal information (please note that in certain circumstances we may need to retain your data for a specified period to comply with our legal obligations).

If you wish to exercise these rights, please contact NOC’s Legal and Governance team on governance@noc.ac.uk. We will consider each request in accordance with Data Protection Law and we may ask you to provide confirmation of your identity.

Please also provide any additional information that is relevant to the nature of your contact with us, as this will help us to locate your records.

You can find more information about your rights under Data Protection Law from the Information Commissioner’s Office.

How to make a complaint or raise a concern

If you would like more information, or to make a formal complaint about our approach to data protection, or raise privacy concerns please contact the Legal and Governance team governance@noc.ac.uk

If you are not happy with the response you receive, then you can raise your concern with the relevant statutory body:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Alternatively, you can visit the ICO’s website.

Changes to our Privacy Notice

Our Privacy Notice may change from time to time, so please check this page occasionally to see if we have included any updates or changes, and that you are happy with them.

Last updated: 04/12/2025

General Privacy Notice

NOC privacy notice for suppliers and customers

NOC is committed to protecting the privacy and security of your personal information and being transparent about what we do with it, no matter how you interact with us. That’s whether you want to work for or with NOC, donate, use NOC’s services, provide services to NOC, attend NOC events or ask to learn more about what we do.

This notice applies to all NOC websites, our use of emails and communications for marketing purposes, and any other methods that NOC uses for collecting information. It covers what personal data NOC collects and the reasons why it is collected, what we do with your personal data, and what rights you have.

NOC is required by law to provide you with the information in this notice. This notice has been designed to meet the requirements of the UK Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (collectively referred to in this Privacy Notice as Data Protection Law) and the Privacy and Electronic Communications Regulation (2003).

This notice, together with our cookies policy tells you about how we collect, use, and protect your personal information.

NOC has separate privacy notices for job applicants and employees these notices can be found here NOC Privacy Notices | National Oceanography Centre

If you have any queries about our Privacy Notice, please get in touch with our Legal and Governance team noc_governance@noc.ac.uk.

Who is NOC?

In this notice whenever you see the word NOC it refers to the National Oceanography Centre and the National Oceanography Centre Innovations Ltd.

National Oceanography Centre Innovations Ltd is a trading subsidiary of the National Oceanography Centre. National Oceanography Centre Innovations Ltd provides commercial products and services relating to marine science and technology, data information products, and facilities. All of its profits are passed to the National Oceanography Centre.

National Oceanography Centre Innovations is wholly owned and controlled by the National Oceanography Centre, the majority of company directors, are National Oceanography Centre employees and Trustees and the company shares many of the National Oceanography Centre’s head office functions such as marketing, legal, finance and HR

The full legal information for each entity is:

The National Oceanography Centre a private company limited by guarantee with company registration number 11444362 and a registered charity in England and Wales with charity number 1185265 and in Scotland with charity number SC049896.

National Oceanography Centre Innovations Limited is a registered Company (Company number 12250763)

Both companies are registered in England and Wales with registered offices at National Oceanography Centre, European Way, Southampton, United Kingdom, SO14 3ZH.

How and when NOC will collect information about you

NOC may collect and store information about you when you interact with NOC. For example, this could be when you:

• support our work through a donation.
  • work with NOC as a non-employee (for example as a student, secondee, fellow, associate, intern or work experience).
  • register for an event.
  • attend an event.
  • register to receive a newsletter or ask to receive other information.
  • enter into a contract with NOC.
  • use NOC’s services.
  • contact NOC.
  • provide services to NOC.
  • attend NOC’s premises.

When you interact with NOC on social media platforms such as Facebook, Twitter, or LinkedIn we may also obtain some personal information about you. The information we receive will depend on the privacy preferences you have set on each platform and the privacy policies of each platform. To change your settings on these platforms, please refer to their privacy notices.

What information do we collect?

When you engage with NOC by phone, mail, in person or online, we may collect personal information about you. Depending on the circumstances this may include your name, address, email address, telephone number, date of birth, job title, employer details and details of your education and career, financial details, identity and right to work information, why you are interested in NOC and other information relating to you personally which you may choose to provide to us.

Data Protection Law recognises that certain types of personal information are more sensitive. This is known as 'sensitive' or 'special category' personal information and covers information revealing racial or ethnic origin, religious or philosophical beliefs and political opinions, trade union membership, genetic or biometric data, information concerning health or data concerning a person's sex life or sexual orientation.

Sensitive information will only be collected where necessary, for example, we may need to collect health information from you in order to make reasonable adjustments should you attend an event or visit NOC premises. Clear notices will be provided at the time we collect this information, stating what information is needed, and why.

If you're under 16

NOC sometimes receives limited data about children, and we will collect data about children for events that we organise specifically for young people. If you are aged under 16, you must get your parent/guardian’s permission before you provide any personal information to us.

How and why NOC will use your information:

We will use your personal information for the following purposes:

• Donation processing: We will process personal information you provide in order to administer any one-off or on-going donations you make, to verify any financial transactions and to claim Gift Aid.
• Responding to a request: If you contact us with a query, we may use your personal information to provide you with a response.
• Communication: to communicate with our supporters and customers, including marketing and promotion
• Monitoring and Evaluating: We may use your information in order to improve current and future delivery of our services.
• Working with NOC (Non-Employees including Students Secondees, Fellows, Associates, Intern and Work Experience): we will use your personal information to administer any non-employee arrangements including to enable your access to NOC premises or systems (where applicable) and for security purposes. We may also collect and use your personal information to support visa applications where NOC is a sponsor and we may ask you to provide evidence of your right to live and work in the UK.
• Transactional purposes: We will need to use your personal information in order to carry out our obligations arising from any contracts entered into between you and us for goods or services.
• Providing and developing our website: We may use your personal information to help provide you with access to our website, personalise your experience, and improve and develop it further.
• Administration and relationship management: We may use your personal information to record and deal with a complaint, record a request from you, to update you about (or otherwise administer) an event you are attending or services that you have requested, to keep a record of your relationship with NOC and for other essential internal record keeping purposes.
• Prevention of crime: We may record your image on CCTV (at all NOC premises) or Body Worn Video (at our Southampton site only) which we use to prevent crime and keep our people and the public safe.
• Car Parking: NOC uses automatic numberplate recognition to manage access to its car parking facilities (at its Southampton site only).
• Protecting your vital interests: In rare cases NOC may process your personal information where we reasonably think that there is a risk of serious harm to you or someone else.
• Market research and surveys: We may invite you to participate in surveys or market research to help us improve our website, fundraising, services, and strategic development. Participation is always voluntary, and no individuals will be identified as a result of this research, unless you consent to us publishing your feedback.
• Legal, compliance and audit: We may process your personal information for audit purposes, where required for NOC to ensure compliance with legal and regulatory and other obligations (including EU funded grant activities), to carry out due diligence (for example before you supply goods or services to NOC) and for the purposes of obtaining legal advice or for legal proceedings.
• Business Continuity or Serious Incident Procedures: We may use your contact details to inform you of serious incidents at NOC premises or at NOC events, this will be in the interest of your safety and in accordance with NOC’s business continuity and serious incident procedures.
• Maintaining Historical Records: To ensure we have an ongoing record of NOC’s activities, which may be of interest and importance in the future.

Lawful Basis for Processing Your Personal Data

Data Protection Law requires us to identify the lawful basis under which we collect and use your personal information. Depending on why we process your data one, or sometimes more than one of the following bases may be relevant.

• Legitimate Interest - processing where we consider it is in the legitimate interest of NOC to process your data. We will always balance any potential impact on you and your rights against the identified legitimate interests.
• Consent – where you have given your consent for NOC to use your personal data for a particular purpose.
• Legal obligation – where the processing of personal data is required to ensure compliance with a legal obligation.
• Contract - where the processing of personal data is required to meet our contractual obligations.
• Vital Interest – in rare cases we may process personal data under the basis of vital interests where necessary to protect life.

Special Category Data

Where NOC processes special category information such as health data, we need an additional legal basis to do so. We may do this under:

• Explicit consent
• Employment, social security and social protection
• To carry out our legal obligations or in accordance with legal rights
• Vital interests
• Archiving, research and statistics

Using your information for marketing

We may send you communications about our work and how you can help us to protect and understand the oceans. As well as sharing our latest news, we may contact you about events and fundraising for NOC, our campaigns, and the many ways you can shape our work by post or phone (unless you have previously told us that you do not want to be contacted in this way). We rely on legitimate interest for this processing as we believe that NOC has a legitimate interest in promoting the charity.

We will send marketing information email if you have consented to receive information this way. You can stop us sending you email communications at any time by clicking the unsubscribe link at the bottom of the email. This can take up to 28 days to take effect.

We will only contact you about how you can support NOC by phone, if you have agreed for us to contact you in this manner, or if you are an existing donor.

NOC may send you information about our work and how you can support NOC by mail unless you have told us that you would prefer not to hear from us in that way.

To opt out of postal mailings, or telephone contact, please email giving@noc.ac.uk.

Who does NOC share information with?

NOC will only use your information for the purposes for which it was obtained. We will not sell or share your personal information with any third party for their own purposes.

We will only share your data for the following purposes:

Third party suppliers: We may need to share your information with service providers who help us to deliver our services and projects for example event organisers, payment providers, IT software providers (in relation to IT systems used by NOC). These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing data protection clauses.

Where legally required: We will comply with requests where disclosure is required by law, for example, we may disclose your personal information to the government for tax purposes. We may share information with law enforcement agencies for the prevention and detection of crime and where we consider it necessary to protect NOC’s property or the personal safety of its staff or visitors to its premises or website.

We always aim to ensure that personal information is only used by those third parties for lawful purposes in accordance with this Privacy Notice.

Visual imagery data

Publicity Photographs and/or video/digital images

NOC may take photographs of individuals for security and identification purposes (for example photo ID for those visiting the premises). Photographs taken for these purposes will be with the consent of the individual.

NOC may use images or videos for publicity purposes, such as on our social media or external website, or on event advertisement. NOC relies on legitimate interests for this activity as we believe that NOC has a legitimate interest in promoting the charity[SB1] .

During public events, appropriate signage will be in place to advise attendees if photographs or video recordings are taking place. NOC has procedures in place to allow individuals to opt out of their image being taken when filming and photography takes place at such events.

For any under 18s any individual photographs will be used only where a parent/guardian has consented for such use (in compliance with NOC’s Safeguarding Policy).

Closed Circuit Television (CCTV), Body Worn Video (BWV) and Automatic Numberplate Recognition (ANPR).

NOC uses CCTV (at all NOC locations), BWV and ANPR (at its Southampton site only) to:

• Assist in the detection, prevention and deterrence of crime and disorder in the area, including:
  • Countering terrorism
  • Helping to identify, apprehend and prosecute offenders,
  • Provide the police, other agencies and NOC with evidence to take criminal and civil action to court,
• To prevent and respond effectively to all forms of harassment and public disorder,
• To help reduce the fear of crime and provide reassurance to the public,
• To improve communication and the operational response of security patrols in and around the areas where surveillance cameras operate,
• To create a safer environment,
• To gather evidence by a fair and accountable method which can then be used for external and internal investigations,
• To assist in monitoring any Emergency Planning Operations,
• To provide emergency services assistance,
• To assist in monitoring health & safety.
• Maintaining security that aligns with the International Ships and Port Facility Security (ISPS) Code

CCTV footage and BWV will not be used for any other purposes and its use will be reviewed regularly. CCTV and BWV images will be retained for no longer than 30 days, after which they will be disposed of, unless there is an ongoing reason to keep them for the purposes named above. CCTV and BWV images are stored securely and can only be accessed by authorised individuals. With the exception of law enforcement bodies in the instance of crime, auditors or NOC insurance companies in the instance of damage to property, images will not be provided to third parties.

NOC uses ANPR at its Southampton site to manage access to its car parking facilities. This technology will be used to read your car registration number if you attempt to access the restricted car parking areas at NOC’s Southampton site. Your numberplate will be checked against a database and will allow access to the car parking facility where the registration number matches the database. To access these restricted areas, you will be asked to provide your numberplate details.

NOC complies with the Surveillance Camera Code of Practice.

How we protect your information

NOC takes the security of your data seriously. NOC has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees or representatives in the performance of their duties on a need-to-know basis.

Where NOC engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

NOC does not process your card or bank details when making donations through our website. Any debit or credit card details which we receive on our website are passed securely our payment processing partner, according to the Payment Card Industry Security Standards.

Please note that payments made indirectly, for example through Just Giving, have Separate Terms (Donations made through Just Giving have their own Terms and Privacy Policies (see www.justgiving.com ).

Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent this way, we cannot guarantee the security of data transmitted to our site.

How long will we keep your information?

We will keep your personal information in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to six years after a particular transaction).

If you request that we stop processing your personal information for the purpose of marketing, we may in some instances need to add your details to a suppression file to enable us to comply with your request not to be contacted.

In respect of other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.

Heritage information

The National Oceanography Centre as it is known today dates back to precursor institutions, each with long histories. As a national institution, it was formed in 1949 as the National Institute of Oceanography (NIO) and its operations based in Liverpool stem from the Liverpool Observatory founded in 1843, as a result we hold many historic records.

To ensure we have an ongoing record of NOC’s activities, which may be of interest and importance in the future, we keep certain information for heritage purposes.

This includes information about activities carried out by our people.

International transfers of information

We may, on occasion decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed, and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.

However, we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the International Data Transfer Agreement and Addendum.

Your rights to your personal information

Data Protection Law gives you certain rights over your data and how we use it. These include the right to:

• access to the personal information we hold about you, known as a subject access request.
• object to our processing of your personal information.
• object to your information being used for marketing purposes.
• restrict the processing of your personal information.
• obtain a copy of your personal data in a portable format so that you can reuse it.
• rectify your personal information if you believe it is incorrect – we want to ensure that all information we hold about you is accurate and up to date so please do let us know if anything changes.
• request the erasure of your personal information (please note that in certain circumstances we may need to retain your data for a specified period to comply with our legal obligations).

If you wish to exercise these rights, please contact NOC’s Legal and Governance team on governance@noc.ac.uk. We will consider each request in accordance with Data Protection Law and we may ask you to provide confirmation of your identity.

Please also provide any additional information that is relevant to the nature of your contact with us, as this will help us to locate your records.

You can find more information about your rights under Data Protection Law from the Information Commissioner’s Office.

How to make a complaint or raise a concern

If you would like more information, or to make a formal complaint about our approach to data protection, or raise privacy concerns please contact the Legal and Governance team governance@noc.ac.uk

If you are not happy with the response you receive, then you can raise your concern with the relevant statutory body:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Alternatively, you can visit the ICO’s website.

Changes to our Privacy Notice

Our Privacy Notice may change from time to time, so please check this page occasionally to see if we have included any updates or changes, and that you are happy with them.

Last updated: 04/12/2025

General Privacy Notice

NOC privacy notice for donors and fundraising

NOC is committed to protecting the privacy and security of your personal information and being transparent about what we do with it, no matter how you interact with us. That’s whether you want to work for or with NOC, donate, use NOC’s services, provide services to NOC, attend NOC events or ask to learn more about what we do.

This notice applies to all NOC websites, our use of emails and communications for marketing purposes, and any other methods that NOC uses for collecting information. It covers what personal data NOC collects and the reasons why it is collected, what we do with your personal data, and what rights you have.

NOC is required by law to provide you with the information in this notice. This notice has been designed to meet the requirements of the UK Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (collectively referred to in this Privacy Notice as Data Protection Law) and the Privacy and Electronic Communications Regulation (2003).

This notice, together with our cookies policy tells you about how we collect, use, and protect your personal information.

NOC has separate privacy notices for job applicants and employees these notices can be found here NOC Privacy Notices | National Oceanography Centre

If you have any queries about our Privacy Notice, please get in touch with our Legal and Governance team noc_governance@noc.ac.uk.

Who is NOC?

In this notice whenever you see the word NOC it refers to the National Oceanography Centre and the National Oceanography Centre Innovations Ltd.

National Oceanography Centre Innovations Ltd is a trading subsidiary of the National Oceanography Centre. National Oceanography Centre Innovations Ltd provides commercial products and services relating to marine science and technology, data information products, and facilities. All of its profits are passed to the National Oceanography Centre.

National Oceanography Centre Innovations is wholly owned and controlled by the National Oceanography Centre, the majority of company directors, are National Oceanography Centre employees and Trustees and the company shares many of the National Oceanography Centre’s head office functions such as marketing, legal, finance and HR

The full legal information for each entity is:

The National Oceanography Centre a private company limited by guarantee with company registration number 11444362 and a registered charity in England and Wales with charity number 1185265 and in Scotland with charity number SC049896.

National Oceanography Centre Innovations Limited is a registered Company (Company number 12250763)

Both companies are registered in England and Wales with registered offices at National Oceanography Centre, European Way, Southampton, United Kingdom, SO14 3ZH.

How and when NOC will collect information about you

NOC may collect and store information about you when you interact with NOC. For example, this could be when you:

• support our work through a donation.
  • work with NOC as a non-employee (for example as a student, secondee, fellow, associate, intern or work experience).
  • register for an event.
  • attend an event.
  • register to receive a newsletter or ask to receive other information.
  • enter into a contract with NOC.
  • use NOC’s services.
  • contact NOC.
  • provide services to NOC.
  • attend NOC’s premises.

When you interact with NOC on social media platforms such as Facebook, Twitter, or LinkedIn we may also obtain some personal information about you. The information we receive will depend on the privacy preferences you have set on each platform and the privacy policies of each platform. To change your settings on these platforms, please refer to their privacy notices.

What information do we collect?

When you engage with NOC by phone, mail, in person or online, we may collect personal information about you. Depending on the circumstances this may include your name, address, email address, telephone number, date of birth, job title, employer details and details of your education and career, financial details, identity and right to work information, why you are interested in NOC and other information relating to you personally which you may choose to provide to us.

Data Protection Law recognises that certain types of personal information are more sensitive. This is known as 'sensitive' or 'special category' personal information and covers information revealing racial or ethnic origin, religious or philosophical beliefs and political opinions, trade union membership, genetic or biometric data, information concerning health or data concerning a person's sex life or sexual orientation.

Sensitive information will only be collected where necessary, for example, we may need to collect health information from you in order to make reasonable adjustments should you attend an event or visit NOC premises. Clear notices will be provided at the time we collect this information, stating what information is needed, and why.

If you're under 16

NOC sometimes receives limited data about children, and we will collect data about children for events that we organise specifically for young people. If you are aged under 16, you must get your parent/guardian’s permission before you provide any personal information to us.

How and why NOC will use your information:

We will use your personal information for the following purposes:

• Donation processing: We will process personal information you provide in order to administer any one-off or on-going donations you make, to verify any financial transactions and to claim Gift Aid.
• Responding to a request: If you contact us with a query, we may use your personal information to provide you with a response.
• Communication: to communicate with our supporters and customers, including marketing and promotion
• Monitoring and Evaluating: We may use your information in order to improve current and future delivery of our services.
• Working with NOC (Non-Employees including Students Secondees, Fellows, Associates, Intern and Work Experience): we will use your personal information to administer any non-employee arrangements including to enable your access to NOC premises or systems (where applicable) and for security purposes. We may also collect and use your personal information to support visa applications where NOC is a sponsor and we may ask you to provide evidence of your right to live and work in the UK.
• Transactional purposes: We will need to use your personal information in order to carry out our obligations arising from any contracts entered into between you and us for goods or services.
• Providing and developing our website: We may use your personal information to help provide you with access to our website, personalise your experience, and improve and develop it further.
• Administration and relationship management: We may use your personal information to record and deal with a complaint, record a request from you, to update you about (or otherwise administer) an event you are attending or services that you have requested, to keep a record of your relationship with NOC and for other essential internal record keeping purposes.
• Prevention of crime: We may record your image on CCTV (at all NOC premises) or Body Worn Video (at our Southampton site only) which we use to prevent crime and keep our people and the public safe.
• Car Parking: NOC uses automatic numberplate recognition to manage access to its car parking facilities (at its Southampton site only).
• Protecting your vital interests: In rare cases NOC may process your personal information where we reasonably think that there is a risk of serious harm to you or someone else.
• Market research and surveys: We may invite you to participate in surveys or market research to help us improve our website, fundraising, services, and strategic development. Participation is always voluntary, and no individuals will be identified as a result of this research, unless you consent to us publishing your feedback.
• Legal, compliance and audit: We may process your personal information for audit purposes, where required for NOC to ensure compliance with legal and regulatory and other obligations (including EU funded grant activities), to carry out due diligence (for example before you supply goods or services to NOC) and for the purposes of obtaining legal advice or for legal proceedings.
• Business Continuity or Serious Incident Procedures: We may use your contact details to inform you of serious incidents at NOC premises or at NOC events, this will be in the interest of your safety and in accordance with NOC’s business continuity and serious incident procedures.
• Maintaining Historical Records: To ensure we have an ongoing record of NOC’s activities, which may be of interest and importance in the future.

Lawful Basis for Processing Your Personal Data

Data Protection Law requires us to identify the lawful basis under which we collect and use your personal information. Depending on why we process your data one, or sometimes more than one of the following bases may be relevant.

• Legitimate Interest - processing where we consider it is in the legitimate interest of NOC to process your data. We will always balance any potential impact on you and your rights against the identified legitimate interests.
• Consent – where you have given your consent for NOC to use your personal data for a particular purpose.
• Legal obligation – where the processing of personal data is required to ensure compliance with a legal obligation.
• Contract - where the processing of personal data is required to meet our contractual obligations.
• Vital Interest – in rare cases we may process personal data under the basis of vital interests where necessary to protect life.

Special Category Data

Where NOC processes special category information such as health data, we need an additional legal basis to do so. We may do this under:

• Explicit consent
• Employment, social security and social protection
• To carry out our legal obligations or in accordance with legal rights
• Vital interests
• Archiving, research and statistics

Using your information for marketing

We may send you communications about our work and how you can help us to protect and understand the oceans. As well as sharing our latest news, we may contact you about events and fundraising for NOC, our campaigns, and the many ways you can shape our work by post or phone (unless you have previously told us that you do not want to be contacted in this way). We rely on legitimate interest for this processing as we believe that NOC has a legitimate interest in promoting the charity.

We will send marketing information email if you have consented to receive information this way. You can stop us sending you email communications at any time by clicking the unsubscribe link at the bottom of the email. This can take up to 28 days to take effect.

We will only contact you about how you can support NOC by phone, if you have agreed for us to contact you in this manner, or if you are an existing donor.

NOC may send you information about our work and how you can support NOC by mail unless you have told us that you would prefer not to hear from us in that way.

To opt out of postal mailings, or telephone contact, please email giving@noc.ac.uk.

Who does NOC share information with?

NOC will only use your information for the purposes for which it was obtained. We will not sell or share your personal information with any third party for their own purposes.

We will only share your data for the following purposes:

Third party suppliers: We may need to share your information with service providers who help us to deliver our services and projects for example event organisers, payment providers, IT software providers (in relation to IT systems used by NOC). These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing data protection clauses.

Where legally required: We will comply with requests where disclosure is required by law, for example, we may disclose your personal information to the government for tax purposes. We may share information with law enforcement agencies for the prevention and detection of crime and where we consider it necessary to protect NOC’s property or the personal safety of its staff or visitors to its premises or website.

We always aim to ensure that personal information is only used by those third parties for lawful purposes in accordance with this Privacy Notice.

Visual imagery data

Publicity Photographs and/or video/digital images

NOC may take photographs of individuals for security and identification purposes (for example photo ID for those visiting the premises). Photographs taken for these purposes will be with the consent of the individual.

NOC may use images or videos for publicity purposes, such as on our social media or external website, or on event advertisement. NOC relies on legitimate interests for this activity as we believe that NOC has a legitimate interest in promoting the charity[SB1] .

During public events, appropriate signage will be in place to advise attendees if photographs or video recordings are taking place. NOC has procedures in place to allow individuals to opt out of their image being taken when filming and photography takes place at such events.

For any under 18s any individual photographs will be used only where a parent/guardian has consented for such use (in compliance with NOC’s Safeguarding Policy).

Closed Circuit Television (CCTV), Body Worn Video (BWV) and Automatic Numberplate Recognition (ANPR).

NOC uses CCTV (at all NOC locations), BWV and ANPR (at its Southampton site only) to:

• Assist in the detection, prevention and deterrence of crime and disorder in the area, including:
  • Countering terrorism
  • Helping to identify, apprehend and prosecute offenders,
  • Provide the police, other agencies and NOC with evidence to take criminal and civil action to court,
• To prevent and respond effectively to all forms of harassment and public disorder,
• To help reduce the fear of crime and provide reassurance to the public,
• To improve communication and the operational response of security patrols in and around the areas where surveillance cameras operate,
• To create a safer environment,
• To gather evidence by a fair and accountable method which can then be used for external and internal investigations,
• To assist in monitoring any Emergency Planning Operations,
• To provide emergency services assistance,
• To assist in monitoring health & safety.
• Maintaining security that aligns with the International Ships and Port Facility Security (ISPS) Code

CCTV footage and BWV will not be used for any other purposes and its use will be reviewed regularly. CCTV and BWV images will be retained for no longer than 30 days, after which they will be disposed of, unless there is an ongoing reason to keep them for the purposes named above. CCTV and BWV images are stored securely and can only be accessed by authorised individuals. With the exception of law enforcement bodies in the instance of crime, auditors or NOC insurance companies in the instance of damage to property, images will not be provided to third parties.

NOC uses ANPR at its Southampton site to manage access to its car parking facilities. This technology will be used to read your car registration number if you attempt to access the restricted car parking areas at NOC’s Southampton site. Your numberplate will be checked against a database and will allow access to the car parking facility where the registration number matches the database. To access these restricted areas, you will be asked to provide your numberplate details.

NOC complies with the Surveillance Camera Code of Practice.

How we protect your information

NOC takes the security of your data seriously. NOC has internal policies and controls in place to ensure that your data is always secure, not lost, accidentally destroyed, misused or disclosed, and is only accessed as required by its employees or representatives in the performance of their duties on a need-to-know basis.

Where NOC engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

NOC does not process your card or bank details when making donations through our website. Any debit or credit card details which we receive on our website are passed securely our payment processing partner, according to the Payment Card Industry Security Standards.

Please note that payments made indirectly, for example through Just Giving, have Separate Terms (Donations made through Just Giving have their own Terms and Privacy Policies (see www.justgiving.com ).

Unfortunately, the transmission of information using the internet is not completely secure. Although we do our best to protect your personal information sent this way, we cannot guarantee the security of data transmitted to our site.

How long will we keep your information?

We will keep your personal information in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to six years after a particular transaction).

If you request that we stop processing your personal information for the purpose of marketing, we may in some instances need to add your details to a suppression file to enable us to comply with your request not to be contacted.

In respect of other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.

Heritage information

The National Oceanography Centre as it is known today dates back to precursor institutions, each with long histories. As a national institution, it was formed in 1949 as the National Institute of Oceanography (NIO) and its operations based in Liverpool stem from the Liverpool Observatory founded in 1843, as a result we hold many historic records.

To ensure we have an ongoing record of NOC’s activities, which may be of interest and importance in the future, we keep certain information for heritage purposes.

This includes information about activities carried out by our people.

International transfers of information

We may, on occasion decide to use the services of a supplier outside the European Economic Area (EEA), which means that your personal information is transferred, processed, and stored outside the EEA. You should be aware that, in general, legal protection for personal information in countries outside the EEA may not be equivalent to the level of protection provided in the EEA.

However, we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the International Data Transfer Agreement and Addendum.

Your rights to your personal information

Data Protection Law gives you certain rights over your data and how we use it. These include the right to:

• access to the personal information we hold about you, known as a subject access request.
• object to our processing of your personal information.
• object to your information being used for marketing purposes.
• restrict the processing of your personal information.
• obtain a copy of your personal data in a portable format so that you can reuse it.
• rectify your personal information if you believe it is incorrect – we want to ensure that all information we hold about you is accurate and up to date so please do let us know if anything changes.
• request the erasure of your personal information (please note that in certain circumstances we may need to retain your data for a specified period to comply with our legal obligations).

If you wish to exercise these rights, please contact NOC’s Legal and Governance team on governance@noc.ac.uk. We will consider each request in accordance with Data Protection Law and we may ask you to provide confirmation of your identity.

Please also provide any additional information that is relevant to the nature of your contact with us, as this will help us to locate your records.

You can find more information about your rights under Data Protection Law from the Information Commissioner’s Office.

How to make a complaint or raise a concern

If you would like more information, or to make a formal complaint about our approach to data protection, or raise privacy concerns please contact the Legal and Governance team governance@noc.ac.uk

If you are not happy with the response you receive, then you can raise your concern with the relevant statutory body:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Alternatively, you can visit the ICO’s website.

Changes to our Privacy Notice

Our Privacy Notice may change from time to time, so please check this page occasionally to see if we have included any updates or changes, and that you are happy with them.

Last updated: 04/12/2025

General Privacy Notice