Gates Connect | Privacy Policy

Last updated: 14.10.2025
Next review date: 14.10.2026

 

  1. Introduction

Gates Connect (“we”, “our”, “us”) is the online community platform for Gates Cambridge Scholars (“Scholar in residence”, “Scholar elect”, “alumni Scholar”, operated by the Gates Cambridge Trust, which is the Data Controller for your personal data.

 

This Privacy Policy explains how we collect, use, store, share and protect your personal data when you use Gates Connect. It supplements, and should be read alongside, the Gates Cambridge Privacy & Cookies Policy. Nothing in this notice overrides or contradicts the Trust’s existing commitments to data protection.

 

By using Gates Connect, you acknowledge that your personal data will be processed in accordance with this policy.

 

  1. Scope

This policy applies to:

  • Registered users of the Gates Connect platform
  • Visitors to any publicly accessible pages of the Gates Connect platform
  • Administrative, moderation and support personnel who access user data for operational purposes

 

This policy does not cover all processing activities undertaken by the Gates Cambridge Trust, for example, data collected through the scholarship application process, except where that data interacts directly with Gates Connect.  You can view our other data protection policies here: https://www.gatescambridge.org/data-protection/.

 

  1. Data we collect

We collect and process the following categories of data:

 

a) Information you provide directly
  • Name, email address, profile picture, biographical information and institutional affiliation
  • Academic and professional information (e.g. subject area, cohort, publications, employment history)
  • Posts, comments, messages, uploaded files, and group memberships
  • Event registrations, RSVPs, and attendance information
  • Communication preferences and feedback responses

 

b) Information collected automatically
  • IP address, browser type, operating system, and device identifiers
  • Login timestamps, pages visited, feature usage and navigation patterns
  • Cookies and similar tracking technologies (see Section 7 below)
  • System logs and diagnostic information

 

c) Information from third parties or integrations
  • Authentication or identity information from linked accounts (e.g. institution or ORCID login)
  • Analytics or technical data from service providers supporting Gates Connect
  • Embedded content (e.g. videos, maps) which may collect usage information via third parties

 

d) Service Provider
  • This service is operated under contract by Aluminati Network Group Ltd. (Aluminati) acting under instruction as our Data Processor under the Data Protection Acts 1998 and 2018. Aluminati will process personal data strictly for the purposes of operating this service.
  • Aluminati is registered with the Information Commissioner under membership number Z8393842.

 

  1. How we use your data

We process personal data to:

 

  • Provide and operate the Gates Connect platform and community features
  • Manage accounts, profiles, and user-generated content
  • Facilitate communication and networking among Scholars
  • Send platform updates, event invitations, newsletters and notifications (based on your preferences)
  • Monitor and improve site functionality, performance and security
  • Detect and prevent fraud, abuse or misuse of the platform
  • Comply with legal or regulatory obligations

 

  1. Legal basis for processing

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we rely on the following lawful bases for processing:

 

  • Performance of a contract – to provide you with access to the Gates Connect platform and related services
  • Legitimate interests – for administrative, operational and security purposes, and to improve user experience
  • Consent – where you have given explicit consent (e.g. for optional communications or analytics cookies)
  • Legal obligation – to comply with legal requirements

 

  1. Sharing your data

Where necessary, we may share your personal data as follows:

  • Within Gates Cambridge Trust: among authorised staff, administrators and moderators who require access to operate the platform
  • With service providers: third-party organisations providing hosting, technical support, analytics or communications services, under contract and subject to confidentiality obligations
  • With other users: profile information, posts and interactions you choose to make public or share within groups
  • With authorities: where required by law or to respond to lawful requests

 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

We do not sell your personal data to third parties.

 

  1. Cookies and tracking

Gates Connect uses cookies and similar technologies to operate effectively, enhance user experience and analyse usage. These may include:

 

  • Essential cookies – required for login sessions, authentication and site security
  • Functional cookies – to remember user preferences
  • Analytics cookies – to monitor site usage and performance

 

Cookies used on Gates Connect are encrypted and do not store personally identifiable information. You can manage or delete cookies through your browser settings, although this may affect platform functionality.

For further detail, see the Gates Cambridge Privacy & Cookies Policy.

 

  1. Data retention

We retain personal data only for as long as necessary for the purposes outlined above, and in line with the Gates Cambridge Trust’s retention policies. Typical retention periods include:

  • Account and profile data – retained until you request deletion or your account becomes inactive
  • User-generated content – retained while the content remains published or archived
  • System and analytics logs – retained for a limited period and anonymised where possible

 

When data is no longer required, it will be securely deleted or anonymised.

 

  1. Security

We apply appropriate technical and organisational measures to safeguard your personal data, including:

  • Encryption of data in transit and at rest (where applicable)
  • Role-based access controls and secure authentication
  • Regular monitoring, backups and vulnerability testing
  • Staff training and confidentiality undertakings
  • Limiting access to your personal data to those who have a genuine business need to access it
  • Ensuring that those who process your personal data only do so in an authorised manner and are subject a duty of confidentiality

 

We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

  1. Your rights

Under UK data protection law, you have the right to:

 

  • Access a copy of your personal data
  • Request correction of inaccurate or incomplete information we hold about you
  • Request erasure of your personal data (“right to be forgotten”)
  • Restrict or object to certain types of processing (where we are relying on a legitimate interest as a basis for that particular use of your personal data)
  • Object to the processing of your personal data for direct marketing purposes
  • Request transfer of your personal data to another controller (data portability)
  • Withdraw consent where processing is based on consent
  • Request restriction of processing of your personal data

 

To exercise these rights, contact us at alumni@gatescambridge.org. We may need to verify your identity before processing your request.

 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

  1. International data transfers

As Gates Connect may be accessed globally, your personal data may be transferred outside the UK. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms recognised under UK data protection law.

 

  1. Children and minors

Gates Connect is intended for users aged 16 and over.
If we become aware that we have collected personal data from someone under 16 without appropriate consent, we will delete it promptly.

 

  1. Complaints

Please contact us if you have any queries or concerns about our use of your personal data (see section 16 below for our contact details). We will acknowledge all complaints within 30 days and shall respond without undue delay.

 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your personal data has been mishandled.

 

  1. Updating your personal data

 

We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, for example your surname or address (see section 16 below).

 

  1. Updates to this policy

We may update this Privacy Policy periodically to reflect changes in technology, legal requirements, or operational needs.


Any material updates will be communicated via email or platform notification, and the “Last updated” date above will be amended accordingly.

 

  1. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact: alumni@gatescambridge.org

 



Gates Connect Social Sign In: Privacy Notice

This privacy notice provides you with details of how we (Aluminati Network Group Ltd) collect, process and store your personal data when you access the Aluminate service (the ‘Service’) via this third-party application (‘App’).

LAWFUL BASIS AND PURPOSE OF PROCESSING

Aluminati processes your data in order to perform its contract, with the institution or organisation, to provide you with the Service. We will process your information for the following purposes;

  • To verify your details in order to provide you with access to the Service
  • To improve your onboarding experience onto the Service
  • To increase your accessibility to the Service

We will only use your personal data for the purposes listed above unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.

By accessing the Service through this App, you agree to the collection and use of information in accordance with this privacy policy.

If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (www.ico.org.uk) however we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

Email: privacy@aluminati.net

Tel: 01638 676 232

WHAT PERSONAL DATA WE COLLECT

Personal data is any information capable of identifying an individual and does not include anonymised data. We may ask you to provide us with or automatically collect certain personally identifiable information that can be used to contact or identify you, including:

  • Identity & Contact Data may include your first name and last name
  • Contact Data may include your email address
  • Technical Data may include your cookie data, information such as your device's internet protocol address (e.g., IP address), browser type, browser version, the time and date of your visit, unique device identifiers and other diagnostic data

We do not collect any sensitive data about you including details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health, criminal convictions and offences.

YOUR RIGHTS

For data processed under the lawful basis of ‘performance of a contract’, you;

  • DO have the right to; be informed, request access, data portability, data rectification, restriction processing, erasure if there is no overriding ‘legitimate interest’ for continuing to process the data
  • DO NOT have the right to object

To exercise these rights please email privacy@aluminati.net. We will likely have to request information from you to confirm your identity in order to ensure we are following instructions from the actual data subject concerned. No fee is payable for the exercise of these rights unless the request is clearly unfounded, repetitive or excessive in which case we may also legally refuse your request.

For more information on individual rights under the GDPR, go to the following site: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

You have the right to lodge a complaint to the supervisory authority (the Information Commissioners Office); if you believe we are processing your data unfairly.

DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with third parties including:

  • Our service providers who provide IT, hosting and system administration services
  • Professional advisers including lawyers, bankers, auditors, insurers, financial advisers and corporate finance advisers who provide consultancy, banking, legal, insurance, accounting and financial services
  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
  • Third parties to whom we sell, transfer, or merge parts of our business or our assets
  • We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

INTERNATIONAL TRANSFERS

We make active efforts to engage in service providers who are based within the European Economic Area (EEA). Where this is not possible, we may need to engage service providers resulting in your personal data being transferred outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
  • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

In addition to the above, your data may be temporarily transferred outside of the EEA during the course of our staff travelling abroad with personal data (for example meeting contact information and emails). There are appropriate safeguards in place to ensure the protection of your data - including encryption rendering the data unreadable in the case of loss or theft.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

We will only retain personal data for as long as we need to fulfil the specified purposes we have collected it for as well as for satisfying legal, accounting, audit, or reporting requirements.

By law, for tax purposes, we have to keep certain data about our customers for six years after they cease being customers.

COOKIES & THIRD PARTY LINKS

We use cookies as described in the section above on how we use your data. If you choose to disable cookies in your browser certain parts of our service will cease to function.

Links from our website or other communications may link to third-party destinations over whom we have no control and do not take responsibility for their privacy statements or behaviours. Please read the privacy notice of these sites to understand their data policies.

Name and contact details of the data controller and data protection officer
Data Controller: Aluminati Network Group Ltd.
Address: Hyperion House, The Oaks, Newmarket, Suffolk, CB8 7XN
Data Protection Officer: Daniel Watts
Contact Details: privacy@aluminati.net