This Privacy Notice describes how the Federation Against Copyright Theft and FACT Worldwide (“FACT”, “we”, “us”, or “our”) collects, uses, shares and retains personal information when you use our website (www.fact-uk.org.uk) or otherwise interact with us.

FACT is a data controller established in England and Wales. We process personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

If you have any questions about this Privacy Notice, please contact us using the details below.

1. Data Protection Contact
FACT is located at:

Regal House
70 London Road
Twickenham
Middlesex
TW1 3QS

Email: [email protected]

FACT has an appointed internal data protection lead responsible for overseeing privacy and data protection compliance. FACT is not required to appoint a statutory Data Protection Officer under Article 37 UK GDPR.

2. Personal Data We Collect
We collect personal data directly from you when you interact with us.

A. Memberships, Clients and Certifications
If you apply to become a member, client or certified organisation, we may collect:

  • Name
  • Email address
  • Business address
  • Telephone number
  • Company information relevant to FACT services

We use this information to:

  • Administer membership or certification
  • Provide contracted services
  • Communicate with you
  • Ensure compliance with applicable UK laws

Lawful basis: Article 6(1)(b) UK GDPR (performance of a contract) and Article 6(1)(f) UK GDPR (legitimate interests in administering our organisation and services).

B. Events and Conferences
If you register for an event (including in-person events, conferences, training or webinars), we may collect:

  • Name
  • Email address
  • Postal address
  • Organisation and role

We use this information to manage event attendance and provide event-related communications.

Lawful basis: Article 6(1)(b) UK GDPR (contractual necessity where registration forms a contract) and/or Article 6(1)(f) UK GDPR (legitimate interests in delivering professional events).

C. Communications With Us
If you contact us by email, telephone or post, we may collect the information you provide.

We use this information to:

  • Respond to enquiries
  • Maintain records of correspondence
  • Manage complaints

Lawful basis: Article 6(1)(f) UK GDPR (legitimate interests in operating and improving our services and responding to enquiries).

3. Marketing Communications
We may send you information about FACT services, publications, events or activities.

Where required under the Privacy and Electronic Communications Regulations (PECR), we will obtain your consent before sending marketing communications. In other cases, we may rely on legitimate interests where permitted by law (for example, where you are an existing member or client and have not opted out).

You may opt out at any time by:

  • Clicking the unsubscribe link in any marketing email; or
  • Emailing [email protected] with “OPT OUT” in the subject line.

Opting out of marketing communications does not affect service-related communications.

4. How We Share Personal Data
We do not sell personal data.

We may share personal data in the following circumstances:

A. Service Providers
We may share information with trusted third-party providers who support our operations (e.g. IT systems, database hosting, event platforms).

All third-party processors are contractually bound under Article 28 UK GDPR to process personal data only on our instructions and to implement appropriate security measures.

B. Legal and Regulatory Obligations
We may disclose personal data where required to comply with:

  • Legal obligations
  • Court orders
  • Law enforcement requests

Such processing is carried out under Article 6(1)(c) UK GDPR (legal obligation) or Article 6(1)(f) UK GDPR (legitimate interests in protecting legal rights).

C. Business Reorganisation
In the event of a merger, restructuring or asset transfer, personal data may be transferred where legally permitted.

Any such transfer would remain subject to UK GDPR and appropriate confidentiality safeguards.

5. International Transfers
FACT primarily stores and processes personal data within the United Kingdom.

However, some of our third-party service providers (for example, email, cloud storage, and communications providers) may process personal data outside the United Kingdom. Where this occurs, FACT ensures that appropriate safeguards are in place in accordance with UK GDPR. These safeguards may include:

  • Transfers to countries recognised by the UK Government as providing an adequate level of data protection;
  • The UK International Data Transfer Agreement (IDTA);
  • The UK Addendum to the EU Standard Contractual Clauses; or
  • Transfers to organisations participating in the UK Extension to the EU–US Data Privacy Framework (where applicable).

We take reasonable steps to ensure that personal data remains protected to UK GDPR standards wherever it is processed.

6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, regulatory, tax, accounting or reporting requirements.

Membership and client data is retained for the duration of the relationship and for an appropriate period afterwards where required for legitimate business or legal purposes.

Where personal data is no longer required, it is securely deleted or anonymised.

7. Your Rights Under UK GDPR
Under UK GDPR, you have the right to:

  • Access your personal data
  • Request rectification of inaccurate data
  • Request erasure (in certain circumstances)
  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Withdraw consent where processing is based on consent
  • Request data portability
  • Object to direct marketing

To exercise your rights, contact: [email protected]

You also have the right to lodge a complaint with the UK supervisory authority: the Information Commissioner’s Office (ICO). Details are available at www.ico.org.uk.

We will respond to requests within one month unless an extension is lawfully permitted.

8. Security of Personal Data
FACT implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction.

While we take reasonable steps to protect personal data, no internet transmission can be guaranteed to be completely secure.

9. Updates to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in legal requirements or our processing practices. Where changes are material, we will take reasonable steps to notify you, such as by posting a prominent notice on our website.