Privacy policy.
BRAE Earth (“BRAE”) is a limited company based in London, England. We run this website (www.brae.earth) and its subdomains.
We use third party services to publish work, keep in touch with people and understand how we can do both of these things better. Here you can find out what these services are and how we handle data for visitors to our websites, user research participants, potential and existing clients, and job applicants. This page was last updated on 12 March 2023.
Our websites
What data we collect
Through our Squarespace website analytics, we collect the following information about visitors to our websites:
Timestamp of visit
Country of visit
Referrer
Operating system
Browser
Pages visited during session
Why we collect website data
Our website analytics allows us to see how people are using our sites and improve their experience.
How long we keep website data
We anonymise the data we collect and store it indefinitely, so we can see how use of our website changes over time.
Where website data is processed and stored
Our main site is hosted on Squarespace, Their approach to customer data is outlined in their privacy policy.
Opt-out of collection
You can opt out of our analytics by turning on Do Not Track in your browser. Find out how to do this for Google Chrome, Firefox, Safari, Internet Explorer and Microsoft Edge.
Research participants
Research is an important part of our work: it helps us understand people’s needs and build better products and services.
At the moment, we do not conduct any research with people under the age of 18.
What data we collect
Participant information
We collect the following information from research participants:
Full name
Telephone number
Email address
Research material
Interview recordings (audio or video)
Quotes
Notes
Photos
Why we collect this data
We collect participant information to identify participants, and arrange sessions and follow-ups.
All research participants are given a consent form that outlines what the research involves, what information will be recorded and how it will be used. If the participant is happy to proceed we ask them to sign the form to confirm this.
We collect research material to reference during project work.
How long we keep research data
Participant information is deleted at the end of the project.
We scan signed consent forms and shred paper copies, then store consent forms on Microsoft Sharepoint and keep these for 6 years. All notes and digital files are destroyed or deleted 2 years after the research session. We delete any personal information provided to us from the research recruiter when the project has finished.
Where research data is processed and stored
Research material is separated from any identifiable information, such as consent forms, while we are working with it.
We use Notion to track participants with no identifying information, unless consent has been given. Any notes we gather during research sessions are stored securely. Any digital files (like audio, photos and videos) are stored on Microsoft Sharepoint and are only accessed by BRAE team members involved in the research. We may send audio of the research session to a transcriber if necessary. We review the privacy notices of the companies we use for this and ask for explicit consent from participants in our consent forms.
We may use research materials like quotes, photos, audio or video clips, in presentations to clients. We will only do this if we have consent from participants. We don’t connect this information to participants’ names.
Sometimes we may publish quotes from research sessions. We only do this if we have specific consent from the participant and any personally identifiable information has been removed. We will only publish audio, photos and video from a research session if a participant has given consent and has signed a model release form.
Opt-out of collection
Participants are able to withdraw their information from a project at any time. To do this, contact Hello@brae.earth
Potential and existing clients
What data we collect
We may collect the following information about our potential and existing clients:
Name
Company
Email address
Phone number
Job title
Company address
Working hours
Testimonials
Why we collect this data
We use this information to create and manage client relationships.
Testimonials may be used on our website for promotional purposes.
How long we keep this data
We keep information about potential clients for 3 years from last contact, and information about existing clients for 4 years from last contact.
Testimonials are kept for 10 years.
Where data about potential and existing clients is processed
We use the following services to store and process this data:
Microsoft, including Mail and Drive
BRAE workspace on Slack (privacy policy)
Miro (privacy policy)
Job applicants
What data we collect
We collect the following information about people who apply to join our team
Full name
CV and supporting information
Email address
Covering letter
References
Phone number
Recruitment platform profile
Notes from interviews
We don’t collect any special category data or ask for any background checks as part of the application process.
Why we collect recruitment data
Recruitment data is used to assess suitability for a role and communicate with candidates.
How long we keep recruitment data
We keep candidate data and approach them only with a legitimate interest of a job role.
Where recruitment data is processed and stored
We use services to help us find people to join our team. At the moment, these include:
(If you want to exercise your rights on a particular service, please refer to its privacy policy for more information.)
We store CVs on Microsoft Sharepoint. Only team members involved in the recruitment process have access to recruitment platform accounts, CVs and emails.
Potential collaborators and BRAE Collective members
What data we collect
We collect the following information about people who express an interest in working on future projects (as contractors/employees):
Full name
Email address
Reasons for wanting to work with IF
Relevant skills and experience
Availability and day rate
Interest in permanent roles
Any specific support required for interview
We don’t collect any special category data or ask for any background checks as part of the application process.
Why we collect data about potential collaborators
Data about potential collaborators is used to assess suitability for permanent and contract roles on a rolling basis.
How long we keep data about potential collaborators
Data about potential collaborators is deleted after 2 years, unless requested by the potential collaborator to be deleted beforehand.
Where data about potential collaborators is processed and stored
We store applications on Google Drive. Only team members involved in the recruitment process have access to data collected about potential collaborators.
Things we don’t do
BRAE doesn’t participate in the following data processing activities:
Buying or selling marketing lists
Entering into data sharing agreements with other organisations
Telephone marketing
Postal marketing
CCTV surveillance (apart from CCTV systems run by the buildings in which we work)
We don’t use “soft opt-in“, meaning you won’t receive any marketing communications from us unless you’ve specifically agreed to it.
Keeping data secure
We carefully choose our services and tools at BRAE. It’s important that they follow good security practices, like HTTPS, two-factor authentication and the ability to set a strong password. We’ve reviewed the privacy policies and security practices of everything we use.
When a new team member joins BRAE, we explain best practices for keeping their devices secure, maintaining the security of their online accounts and working outside our offices. Infrastructure we maintain ourselves, like our Digital Ocean servers, are secured using these best practices. Only specific members of the team can access these servers.
Data breaches
In the event of a data breach, we are required to notify the Information Commissioner’s Office. We will do so following their guidance.
Data transfer outside the EEA
We have reviewed the privacy policies of third party services we use. They provide adequate protections when information is shared outside of the European Economic Area.
Exemptions
There are exemptions to data protection regulations that may require us to share data about you, including requests by law enforcement. A full list of exemptions are listed on the ICO website – this also applies to data held about you by third party services we use.
Reviewing how we use data
Every quarter, we review our documentation of the data we handle and third party services we use. This helps us continuously improve our processes and hold ourselves to account. We will update this document as necessary.
Your rights and getting in touch
The General Data Protection Regulation gives EU citizens the following rights:
To exercise any of these rights, please contact us at hello@brae.earth. You can find information specific to the services we use or our activities in the relevant sections of this document. We will respond to all requests within 28 days of receiving them. If you aren’t satisfied by our response, you can contact the Information Commissioner’s Office.
This page was last updated on 12 March 2024.