Privacy policy

Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include information which cannot be used to identify an individual (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes first name, last name, title, date of birth and gender.
• Contact Data includes email address, employer or academic institution, position, invoice address and telephone number.
• Financial Data includes bank account details.
• Transaction Data includes details about payments to and from you.
• Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Usage Data includes information about how you use our website, including any feedback you provide, and how you interact with LifeArc.
• Marketing and Communications Data includes your preferences for receiving marketing from us and your communication preferences.

We do not routinely collect Special Category Personal Data through general website use. In some of our charitable, scientific, research and partnership activities, we may process Special Category Personal Data, such as health or genetic data, where this is lawful and necessary. Where this applies, we or our partners will usually provide a separate privacy notice with more detail.

If you fail to provide personal data

Where we need to collect personal data by law, or under a contract we have or are trying to enter into with you, and you do not provide it when requested, we may not be able to fulfil the contract or your request. If this happens, we will let you know at the time.

We use different methods to collect data from and about you, including through:

• Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms/grant applications, at in-person events, or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you do any of the following:
  • Apply for grants or awards
  • Negotiate and/or enter into a contractual arrangement with us
  • Request information be sent to you
  • Sign up to participate in events
  • Ask for information on licensing opportunities
  • Supply goods or services to us
  • Give us your business card
  • Request that we contact you
  • Apply to work for us
  • Give us feedback.
• Indirect interactions (including research and health data). We may sometimes receive personal data from third parties, such as research partners, healthcare organisations, registries, recruitment providers, referees, public sources or other organisations we work with. Where this includes research or health data, it may be identifiable, coded, pseudonymised or de-identified. We will only use this data where we have a lawful basis and appropriate safeguards. In many cases, a separate privacy notice will explain this in more detail.
• Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.

Depending on how you interact with us, we may use your personal data to respond to enquiries, manage grants, partnerships, contracts and events, process job applications, improve and secure our website, meet legal obligations, and support our charitable and operational activities.

We will only use your personal data where we have a valid legal basis under UK data protection law, most commonly:

• Where we need to perform a contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.

In some cases, we rely on your consent, for example for certain marketing communications. You can withdraw consent at any time by contacting us or using the unsubscribe links in our emails. If we process Special Category Personal Data, we will only do so where an additional legal condition applies and, where appropriate, we will provide more detail in a separate privacy notice.

LifeArc uses AI-enabled tools within Microsoft 365, including Microsoft 365 Copilot, to support internal work such as drafting, summarising, analysing information and managing communications. These tools only process data users are already authorised to access and do not give access to information beyond existing permissions. We do not use them to make solely automated decisions that have legal or similarly significant effects on individuals.

We may share your personal data where needed for the purposes described in this policy, including with:

• Service providers who support our IT, website, analytics, communications, security and administration;
• Professional advisers, auditors, insurers and banks;
• Research collaborators, co-funders, reviewers, assessors and other partner organisations;
• Recruitment providers, referees and other organisations involved in recruitment;
• Regulators, authorities, courts or others where disclosure is required by law or needed to protect legal rights;
• Another charity or organisation as part of a merger, restructuring or transfer of charitable assets; and
• Other persons or organisations where you ask us to share the data or you consent.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We may use your Identity, Contact, Technical, and Usage Data to form a view on what we think you may want, or what may be of interest to you. This is how we decide which events, news, information or services may be relevant for you (we call this marketing).

If you allow it, we may show or send you marketing material online or by email. We can only use your personal data to send you marketing messages if we have either your consent or a legitimate interest. You can ask us to stop sending you marketing messages by unsubscribing via the email message or contacting our Data Protection Officer (see details below).

Third-party marketing

We will not share your personal data with any third-party company for marketing purposes, unless you specifically request that we do so.

Some of our providers, partners or collaborators may be based outside the UK, so your personal data may be transferred outside the UK.

When we transfer personal data outside the UK, we make sure appropriate safeguards are in place as required by UK data protection law. These may include UK adequacy regulations, approved contractual safeguards such as the UK Addendum or International Data Transfer Agreement, or another lawful transfer mechanism.

Please contact us if you want further information on the specific mechanism we use when transferring your personal data out of the UK.

We use social media to share updates and engage with our audiences. If you interact with us on those platforms, your personal data will also be subject to the relevant platform’s privacy policy.

You can find us on LinkedIn at: https://www.linkedin.com/company/lifearc/. For details of how LinkedIn handles personal data, please see LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

You can also find us on X at: https://x.com/lifearc1. For details of how X handles personal data, please see X’s Privacy Policy: https://x.com/en/privacy.

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We keep personal data only for as long as needed for the purposes we collected it for, including to meet legal, regulatory, contractual, audit and record-keeping requirements. Retention periods depend on the type of data, why we hold it and any legal or operational requirements.

In some cases, we may keep data for longer, for example to deal with claims, meet funding or audit requirements, or for research, archiving or statistical purposes where appropriate safeguards are in place.

When we have no ongoing need to process personal data, it will either be deleted or anonymised or, if this is not possible (for example, because the relevant personal data has been stored in backup archives), we will store it securely and isolate it.

In some circumstances you can ask us to delete your personal data: see Section 11 below for further information.

Under UK data protection law, you have rights in relation to your personal data. These rights are not absolute and may only apply in some circumstances. You may have the right to:

• Request access to your personal data (commonly known as a ‘data subject access request’), to receive a copy of the personal data we hold about you and to check it is being lawfully processed;
• Request correction of the personal data that we hold about you;
• Object to processing of your personal data. You also have the right to object where we are processing your personal data for direct marketing purposes (see also Section 6 above);
• Request erasure of your personal data where there is no good reason for us to continue to process it, or where you have exercised the right to object to processing;
• Request the restriction of processing of your personal data, for example if you want LifeArc to suspend processing of certain data to establish its accuracy or the reason for processing it;
• Request the transfer of your personal data to another party.
• Withdraw consent at any time, where we rely on consent as the lawful basis for processing.

If you want to exercise any of the rights above, please complete the online form or contact our Data Protection Officer using the details below.

Complaints

If you have a complaint about how we have handled your personal data, please contact our Data Protection Officer using the details below.

We will review your complaint and let you know if we need any more information within 30 calendar days.

If you are not satisfied with the outcome, you have the right to complain to the ICO, the UK supervisory authority for data protection issues. Please visit the ICO website for details of how to contact them.

For information about the cookies we use, please see our Cookie Policy.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

If you have questions about this policy or want to exercise your rights, please contact our Data Protection Officer:

Email: dataprivacy@lifearc.org

Postal address: Data Governance Lead, LifeArc, Lynton House, 7-12 Tavistock Square, London, WC1H 9LT

Telephone: +44 (0) 20 7391 2700.

We may change this Privacy Policy from time to time (e.g. to cover changes in the law, to add details of personal data we process, or to generally improve transparency).

This version of our Privacy Policy was updated in June 2026.