Privacy and cookies

The Sainsbury Laboratory is committed to protecting and respecting your privacy.

Privacy Notice

The Sainsbury Laboratory (TSL)
Last updated: 13th March 2026

1. Introduction

The Sainsbury Laboratory (“TSL”, “we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Notice explains how we collect, use, store and protect personal data obtained through our website and related web forms, in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations (PECR)

This notice applies to visitors to our website (www.tsl.ac.uk) and individuals who interact with us through it.

2. Who We Are

The Sainsbury Laboratory is the data controller for personal data collected through this website.

Address:
The Sainsbury Laboratory
Norwich Research Park
Colney
Norwich
NR4 7UH

Data Protection Adviser:
Email: dpa@tsl.ac.uk

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide Directly

You may provide personal data when you:

  • Apply for a job through our website
  • Apply for a TSL Summer School
  • Register for a seminar, symposium or event (physical or online)
  • Submit enquiries via website forms

This may include:

  • Name
  • Email address
  • Postal address
  • Organisation and job title
  • Application materials (e.g. CV, supporting statements)
  • Event preferences
  • Any other information you choose to provide

3.2 Technical and Usage Information

When you visit our website, we may automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Pages visited and usage data
  • Date and time of access

This information is used for system administration, security, and analytics purposes.

3.3 Cookies and Analytics

We use cookies and similar technologies to:

  • Ensure website functionality
  • Analyse website traffic (Google Analytics)
  • Support advertising and remarketing (Google and Facebook Pixel)

Further details are provided in our Cookie section below.

4. How We Use Your Personal Data and Our Lawful Bases

Under UK GDPR, we must have a lawful basis for each processing activity.

We rely on the following lawful bases:

Activity

Purpose

Lawful basis

Comments

Retention

Recruitment Applications

Managing recruitment processes.

Article 6(1)(b) – Processing necessary for taking steps at your request prior to entering into a contract.

Article 6(1)(f) – Legitimate interests in managing and administering recruitment.

Where special category data is provided voluntarily (e.g. equality monitoring), processing is carried out in accordance with Schedule 1 of the Data Protection Act 2018.

6 months following completion of the recruitment process

Summer Schools and Event Registrations

Administering applications and attendance.

Article 6(1)(b) – Performance of a contract or pre-contractual steps.

Article 6(1)(f) – Legitimate interests in administering academic events.

6 months after the event or programme completion (unless otherwise specified).

Website Analytics

Understanding how our website is used and improving user experience.

Article 6(1)(a) – Consent (via cookie banner, where required under PECR).

You may withdraw your consent at any time via your browser settings or cookie controls.

Advertising and Remarketing (Google / Facebook Pixel)

Delivering relevant advertisements to individuals who have previously visited our website.

Article 6(1)(a) – Consent (via cookie consent mechanism, as required under PECR).

These cookies are not deployed without your prior consent.

Website Security and Administration

Protecting our systems and preventing misuse.

Article 6(1)(f) – Legitimate interests in maintaining website security and integrity.

We have conducted a balancing assessment to ensure that our interests do not override your fundamental rights and freedoms.

5. Sharing Your Personal Data

We may share personal data with:

  • IT hosting and website service providers
  • Google (analytics and advertising services)
  • Meta (Facebook Pixel services)
  • Professional advisers (where necessary)
  • Regulators or authorities where required by law

All processors are contractually required to process personal data securely and in accordance with UK data protection law.

We do not sell personal data.

6. International Transfers

Some third-party service providers (such as Google, Meta) may process personal data outside the UK.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTAs)
  • Adequacy regulations
  • Standard contractual clauses with risk assessments

7. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected and in accordance with our retention schedule.

Examples include:

  • Recruitment data: 6 months after completion of process
  • Event registrations: 6 months after event
  • Summer School applications: 6 months after programme completion
  • Analytics data: in accordance with Google Analytics retention settings

You may request deletion of your data at any time, subject to legal or regulatory obligations.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (in certain circumstances)
  • Restrict processing
  • Object to processing based on legitimate interests
  • Data portability (where applicable)
  • Withdraw consent at any time (where consent is relied upon)

Some rights may be limited where exemptions apply under the Data Protection Act 2018.

To exercise your rights, please contact: dpa@tsl.ac.uk

We will respond within one month.

9. Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure electronic storage
  • Access controls
  • Role-based permissions
  • Secure transmission protocols

While we take appropriate security measures, transmission of information over the internet is not completely secure.

10. Cookies

Cookies are small text files placed on your device to enable website functionality and analytics.

You can:

  • Refuse cookies via browser settings
  • Withdraw consent via our cookie management tool
  • Opt out of Google Analytics using Google’s browser add-on

Further information about cookies can be found at www.allaboutcookies.org.

11. Social Media

If you interact with our social media accounts, we may engage with your content within those platforms. We do not extract contact details for separate marketing purposes without your consent.

We may review anonymised engagement analytics provided by the platforms.

12. Links to Other Websites

Our website may contain links to external websites. We are not responsible for their privacy practices. Please review their privacy notices separately.

13. Changes to This Privacy Notice

We may update this Privacy Notice periodically. The latest version will always be available on our website.