BRAE Earth (“BRAE”) is a limited company based in London, England. We run this website (www.brae.earth) and its subdomains.

We use third party services to publish work, keep in touch with people and understand how we can do both of these things better. Here you can find out what these services are and how we handle data for visitors to our websites, user research participants, potential and existing clients, and job applicants. This page was last updated on 12 March 2023. 

Our websites

What data we collect

Through our Squarespace website analytics, we collect the following information about visitors to our websites:

• Timestamp of visit

• Country of visit

• Referrer

• Operating system

• Browser

• Pages visited during session

Why we collect website data

Our website analytics allows us to see how people are using our sites and improve their experience.

How long we keep website data

We anonymise the data we collect and store it indefinitely, so we can see how use of our website changes over time.

Where website data is processed and stored

Our main site is hosted on Squarespace, Their approach to customer data is outlined in their privacy policy.

Opt-out of collection

You can opt out of our analytics by turning on Do Not Track in your browser. Find out how to do this for Google Chrome, Firefox, Safari, Internet Explorer and Microsoft Edge.

Research participants

Research is an important part of our work: it helps us understand people’s needs and build better products and services.

At the moment, we do not conduct any research with people under the age of 18.

What data we collect

Participant information

We collect the following information from research participants:

• Full name

• Telephone number

• Email address

Research material

• Interview recordings (audio or video)

• Quotes

• Notes

• Photos

Why we collect this data

We collect participant information to identify participants, and arrange sessions and follow-ups.

All research participants are given a consent form that outlines what the research involves, what information will be recorded and how it will be used. If the participant is happy to proceed we ask them to sign the form to confirm this.

We collect research material to reference during project work.

How long we keep research data

Participant information is deleted at the end of the project.

We scan signed consent forms and shred paper copies, then store consent forms on Microsoft Sharepoint and keep these for 6 years. All notes and digital files are destroyed or deleted 2 years after the research session. We delete any personal information provided to us from the research recruiter when the project has finished.

Where research data is processed and stored

Research material is separated from any identifiable information, such as consent forms, while we are working with it.

We use Notion to track participants with no identifying information, unless consent has been given. Any notes we gather during research sessions are stored securely. Any digital files (like audio, photos and videos) are stored on Microsoft Sharepoint and are only accessed by BRAE team members involved in the research. We may send audio of the research session to a transcriber if necessary. We review the privacy notices of the companies we use for this and ask for explicit consent from participants in our consent forms.

We may use research materials like quotes, photos, audio or video clips, in presentations to clients. We will only do this if we have consent from participants. We don’t connect this information to participants’ names.

Sometimes we may publish quotes from research sessions. We only do this if we have specific consent from the participant and any personally identifiable information has been removed. We will only publish audio, photos and video from a research session if a participant has given consent and has signed a model release form.

Opt-out of collection

Participants are able to withdraw their information from a project at any time. To do this, contact Hello@brae.earth

Potential and existing clients

What data we collect

We may collect the following information about our potential and existing clients:

• Name

• Company

• Email address

• Phone number

• Job title

• Company address

• Working hours

• Testimonials

Why we collect this data

We use this information to create and manage client relationships.

Testimonials may be used on our website for promotional purposes.

How long we keep this data

We keep information about potential clients for 3 years from last contact, and information about existing clients for 4 years from last contact.

Testimonials are kept for 10 years.

Where data about potential and existing clients is processed

We use the following services to store and process this data:

• Microsoft, including Mail and Drive

• BRAE workspace on Slack (privacy policy)

• Miro (privacy policy) 

Job applicants

What data we collect

We collect the following information about people who apply to join our team

• Full name

• CV and supporting information

• Email address

• Covering letter

• References

• Phone number

• Recruitment platform profile

• Notes from interviews

We don’t collect any special category data or ask for any background checks as part of the application process.

Why we collect recruitment data

Recruitment data is used to assess suitability for a role and communicate with candidates.

How long we keep recruitment data

We keep candidate data and approach them only with a legitimate interest of a job role.

Where recruitment data is processed and stored

We use services to help us find people to join our team. At the moment, these include:

• LinkedIn (Privacy policy)

(If you want to exercise your rights on a particular service, please refer to its privacy policy for more information.)

We store CVs on Microsoft Sharepoint. Only team members involved in the recruitment process have access to recruitment platform accounts, CVs and emails.

Potential collaborators and BRAE Collective members

What data we collect

We collect the following information about people who express an interest in working on future projects (as contractors/employees):

• Full name

• Email address

• Reasons for wanting to work with IF

• Relevant skills and experience

• Availability and day rate

• Interest in permanent roles

• Any specific support required for interview

We don’t collect any special category data or ask for any background checks as part of the application process.

Why we collect data about potential collaborators

Data about potential collaborators is used to assess suitability for permanent and contract roles on a rolling basis.

How long we keep data about potential collaborators

Data about potential collaborators is deleted after 2 years, unless requested by the potential collaborator to be deleted beforehand.

Where data about potential collaborators is processed and stored

We store applications on Google Drive. Only team members involved in the recruitment process have access to data collected about potential collaborators.

Things we don’t do

BRAE doesn’t participate in the following data processing activities:

• Buying or selling marketing lists

• Entering into data sharing agreements with other organisations

• Telephone marketing

• Postal marketing

• CCTV surveillance (apart from CCTV systems run by the buildings in which we work)

We don’t use “soft opt-in“, meaning you won’t receive any marketing communications from us unless you’ve specifically agreed to it.

Keeping data secure

We carefully choose our services and tools at BRAE. It’s important that they follow good security practices, like HTTPS, two-factor authentication and the ability to set a strong password. We’ve reviewed the privacy policies and security practices of everything we use.

When a new team member joins BRAE, we explain best practices for keeping their devices secure, maintaining the security of their online accounts and working outside our offices.  Infrastructure we maintain ourselves, like our Digital Ocean servers, are secured using these best practices. Only specific members of the team can access these servers.

Data breaches

In the event of a data breach, we are required to notify the Information Commissioner’s Office. We will do so following their guidance.

Data transfer outside the EEA

We have reviewed the privacy policies of third party services we use. They provide adequate protections when information is shared outside of the European Economic Area.

Exemptions

There are exemptions to data protection regulations that may require us to share data about you, including requests by law enforcement. A full list of exemptions are listed on the ICO website – this also applies to data held about you by third party services we use.

Reviewing how we use data

Every quarter, we review our documentation of the data we handle and third party services we use. This helps us continuously improve our processes and hold ourselves to account. We will update this document as necessary.

Your rights and getting in touch

The General Data Protection Regulation gives EU citizens the following rights:

• Right to be informed

• Right of access

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to data portability

• Right to object

• Rights related to automated decision-making, including profiling

To exercise any of these rights, please contact us at hello@brae.earth. You can find information specific to the services we use or our activities in the relevant sections of this document. We will respond to all requests within 28 days of receiving them. If you aren’t satisfied by our response, you can contact the Information Commissioner’s Office.

This page was last updated on 12 March 2024.