ISD Privacy Notice

Cyber Security Certification Badge
About this Notice:

The Institute for Strategic Dialogue (“ISD”) is a network of globally focused, independent counter-extremism “think and do tanks” dedicated to safeguarding democracy and reversing the rising tide of hate, extremism and disinformation worldwide. ISD strives to adhere to the highest standards of data protection applicable to ensure lawful and fair processing of personal data.

This Notice explains how your personal data may be processed when you visit and browse our website, interact with us by sharing your information on our website, through phone, over email or when you interact with our social media channels and at our events. This Notice does not address ISD’s other personal data processing operations, for example where we provide services to you on the basis of a contract between us. Additional policies and procedures addressing these processes are in place and we provide information to data subjects at the point of data collection or subsequently, as required by law.

For detailed information on how we process your data at the time of recruitment please visit: https://www.isdglobal.org/wp-content/uploads/2025/04/Information-Notice-for-ISDs-Recruitment-Process.pdf

For detailed information on how we process personal data obtained for research for our project work please contact our Data Protection Officer at dpo@isdglobal.org.

Data Controller:

ISD is a global think and do tank comprising of ISD US, ISD UK, ISD Germany, ISD France and ISD Jordan.

This website is operated by ISD UK which is a limited company in England (number 06581421). We are the Data Controller in respect of all personal data collected via our website. We are registered as a data controller with the Information Commissioner’s Office (“ICO”) and our registration number is ZA306601. Our sister organisation Institute for Strategic Dialogue gGmbH (ISD Germany) acts as our EU representative.

For any queries or complaints about how we process your personal data, please write to us at:

ISD UK

3rd Floor,
45 Albemarle Street,
Mayfair, London, W1S 4JL

You may also contact our Data Protection Officer (DPO) at privacy@isdglobal.org to know more about our data processing activities and your rights as a data subject.

Information we process about you:

Data we collect about you.

We collect personal data when you visit our website and social media channels, subscribe to our newsletters, donate to our organisation, write to us about any queries, attend events organised by us, or by signing up to any initiatives, resources or programmes provided by us. We also collect basic information through cookies imbedded in our website. We may also collect personal data about you through social media channels and other public sources for our research activities and projects. The personal data we may collect, store or process about you for different purposes includes:

A. Data collected when you write to us.

When you write to us to ask questions or raise concerns about our activities, we ask you to provide your name, contact information (such as phone number and email address) to respond to your query. We process your this and the additional personal information that you may provide on the basis of our legitimate interests to respond to your request. You may also contact us over the phone or by writing to us through our social media channels. We will only store your personal data for as long as it is necessary to answer your query and to create a record of the request internally.

B. Data collected when you subscribe to our newsletter or attend our events.

If you subscribe to our newsletter(s) to get more information about our services and activities, we will process your name and email address to send you our newsletter on a bi-monthly basis. We will process your personal data on the basis of your consent. You can unsubscribe from the newsletter(s) at any time through the link provided in every newsletter. We only store your data for as long as the newsletter subscription is active. We use Mailchimp to distribute our newsletter and have entered into appropriate agreements to ensure that we transfer your data in accordance with the applicable data protection laws. For UK/EU data subjects, we do not send any marketing related information without your explicit consent.

You may also interact with ISD by signing up for our online and in person events. For such events we ask you to provide personal data such as your name, contact information (such as phone number and email address), financial information (for paid events) and travel information (such as passport/visa information for in person events if we book your travel). We request you to provide this information in order to sign you up for our events and process this information on the basis of our contract with you. We will only process this information for as long as it is necessary to organise and conclude our events and promptly delete such information thereafter.

C. Data collected from partners or third-party organisations.

You may write to us to express your interest in the services we provide or to work with our organisation and its initiatives. We will process personal data such as your name, contact details (phone number, email address, work address) in order to respond to your business queries. We will do this in order to initiate a contract with you.

In order to maintain our business relationships, we may also reach out to our partners to gather feedback or to collaborate on future projects. We will process such data on the basis of our contractual relationships with you and with your prior consent.

D. Data collected when you donate to us.

ISD is a charitable organisation that relies on donations to fund our services and initiatives. You may donate to us through our website or by reaching out to us separately. When you donate you us, we process your personal data such as name, email address, location, and financial information in order to accept and process your donations on the basis of our contract with you.

We maintain a copy of your past donations in our internal database for identifying donors and maintaining our donor database for our legitimate interests. You may write to us if you wish to have your name removed from our internal database. We process your financial information as part of our contract with you and delete such information after the donation process is over. We do not sell any information about our donors to third parties or marketing agencies.

We use Stripe to process donations made on our website. Stripe only uses your financial information to process your payment. We have entered into appropriate agreements to ensure that we transfer your data in accordance with the applicable data protection laws.

E. ISD Research Activities

As ‘think and do’ tanks, ISD undertakes research and other initiatives on issues of hate, extremism, and disinformation which require us to process personal data and sensitive personal data. We collect personal data through various channels including social media by using multiple techniques like data scraping and the official application programming interface APIs of such platforms. ISD collects personal information like names, social media account information (including handles and posts), location, work/social affiliation and sensitive personal data like information about your race or ethnic origins, political opinions, sex life or sexual orientation, religious beliefs, health information, etc in order to conduct analysis and prepare reports for our projects. The personal data we collect from platforms includes information which users have knowingly published.

Such data is collected on a project-to-project basis with strict guidelines to ensure that no personal data is collected without a valid legal basis, any excessive or erroneous personal data collected is immediately deleted from our systems and the data is processed through secured channels by authorized and trained individuals.

ISD does not publish research based on personal data that is irrelevant to our research, nor is personal data shared with third parties without appropriate data protection safeguards. Most data published or shared with a third party is aggregated, anonymised, or altered to prevent identification of a natural person. ISD may only share such personal data with third parties for the performance of our contracts or to fulfil our legal obligations.

ISD maintains individual information notices for each project where we act as data controllers. These information notices contain information about the personal data we collect for a project, the legal basis for processing, the retention period, the security practices, and our data sharing obligations. Due to the sensitive and confidential nature of our projects we are unable to publish this information on our website. You may contact our DPO on dpo@isdglobal.org to request a copy of a particular information notice for a research project.

ISD may use techniques involving artificial intelligence to analyse social media data in order to conduct research. We ensure that the reasons for applying these techniques, the methodology used to analyse data, and the conclusions drawn from our analysis are presented clearly and fully in each report and information notice.

Third Party Data Processing and International Transfer

ISD is an organisation comprising of ISD-US, ISD UK, ISD Germany, ISD France and ISD Jordan. As a globally run operation, ISD may share your data within its group organisations to provide services to you. ISD group entities have entered into appropriate agreements to govern the processing of personal information within the organisation and have executed Standard Contractual Clauses (SCCs) to transfer personal data to jurisdictions outside the European Economic Area (EEA) region that do not have adequacy status.

To provide services, answer queries raised by you and to perform technical and administrative functions ISD may use the services of third-party providers. These processors include providers that help us manage administrative, CRM and financial functions, maintain website security etc. ISD will only disclose such personal data to third parties as is strictly necessary to provide the third-party service (e.g., to respond to a support request).

ISD has implemented strict due diligence protocols to ensure that any third-party provider it engages with processes data in accordance with the applicable data protection laws. To the extent that ISD transfers personal data to third parties located outside the EEA, ISD will ensure that (i) the third party is located in a state that has been recognized by the EU Commission as having an equivalent level of data protection, or (ii) ISD has entered into an agreement and has concluded “Standard Data Protection Clauses (SCCs)” with the third party in accordance with the applicable data protection laws. You may write to ISD to obtain a list of third-party providers currently engaged by ISD and a copy of the transfer safeguards adopted, if any.

ISD may share your personal data with public authorities or law enforcement agencies if required by law or legal process, or to protect ISD’s rights.

We may also disclose your personal data to third parties in the event that we sell or buy any business or assets (in which case we may disclose your personal data to the prospective seller or buyer of such business or assets) or if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers and subscribers will be one of the transferred assets.

ISD may share your personal data with third party organisations or experts who are engaged with us to assist in our research projects and educational programmes. ISD enters into appropriate agreements with all parties engaged for such projects and ensures that they follow the strict standards of data protection ISD requires from its partners.

ISD also uses social media channels to promote our work and provide more information about our organization. Personal data processed by such social media channels are governed by their privacy notices where they may act as controllers. These privacy notices may be subject to revision from time to time. Please read the respective notices of LinkedIn, Instagram, BlueSky and Facebook carefully before sharing any personal data. ISD does not take responsibility for any comments or engagement on our social media channels made by third parties.

Data Retention

ISD shall not retain your personal data for longer than it is necessary to fulfil the purpose for which it was processed.

We will collect your personal data for sharing newsletters based on your consent and promptly delete such information upon your request. We collect your personal data when you write to us with any queries. We will retain this data till your query has been successfully resolved.

We may also process your personal data in the form of cookies. The retention period for all cookies is mentioned below.

ISD maintains a detailed Institutional Data Retention Schedule to comply with the legal and contractual requirements of data retention. We may retain a copy of your personal data in our files to comply with our legal obligations, resolve disputes, maintain appropriate business records, or to protect our rights. You may write to us to obtain further information about our retention practices.

Information Security

At ISD we are committed to protecting your personal data and take reasonable steps to ensure that your data is processed securely. Our security practices include robust access controls, inbuilt encryption on ISD managed devices, regular security assessments, and continuous monitoring for threats conducted by our SOC. We maintain high availability through our cloud backup solution, and critical incident plan (including disaster recovery and business continuity), ensuring minimal downtime.
We protect data during transmission by using strong encryption protocols such as TLS (Transport Layer Security) to secure network communications and prevent unauthorised access or interception.

We also conduct robust due diligence checks and require third parties to ensure to use appropriate measures to protect the confidentiality and security of personal data.

ISD employees and contractors are provided thorough training to ensure the protection of your personal data.

We ensure the certification and assurance of our processes and products by adhering to recognised industry standards and obtaining relevant certifications, such as Cyber Essentials accreditation.

Your Data Subject Rights

Where ISD processes your personal data, you may have the right:

  • to be informed as to whether ISD holds data about you.
  • to access that data.
  • to have inaccurate data corrected
  • to have your data deleted.
  • to obtain the restriction of processing.
  • to receive your data in a “portable” form.
  • to object to data processing.
  • to receive an explanation about any automated decision making and/or profiling, and to challenge those decisions where appropriate.

You can seek to exercise these rights via email to our Data Protection Officer at dpo@isdglobal.org or write to us at ISD UK Offices - 3rd Floor, 45 Albemarle Street, Mayfair, London, W1S 4JL, UK. You also have the right to lodge concerns or complaints with the UK Information Commissioner’s Office . Data subjects covered by EU law may also be entitled to lodge complaints with the data protection supervisory authority in their country of residence.

Information about Marketing Activities

ISD does not send marketing information to you without your prior consent. We will only send you our newsletter and/or other marketing information to you if you have opted in to receive them. You can opt out of such services by writing to us at info@isdglobal.org or clicking on the appropriate link in the footer of any of our marketing emails. It may take up to 15 days to remove you from our marketing lists.

Children’s Data

Our website is not intended for children, and we do not knowingly collect data relating to children. If any such data is invariably collected, we delete it promptly upon discovery. If you think that we may have collected any data related to children, please write to us at dpo@isdglobal.org.

Website Information and Cookies

ISD’s website is hosted with Kinsta, a managed WordPress provider, and uses Cloudflare as a CDN and security layer.

As part of its security and performance optimisation, Cloudflare may collect information such as your IP address, browser type, and general location. This data is processed solely for security purposes and performance monitoring. ISD and Cloudflare do not use this information to identify individuals or track user behaviour.

ISD uses Fathom Analytics to collect basic website usage data. Fathom is a privacy-first tool that does not use cookies and does not collect personal data.

Some third-party services on our website, such as embedded video players, may use cookies. Cookies are small text files stored on your device by your web browser. They help websites support certain features, remember preferences, and in some cases, enable tracking. We do not place non-essential cookies without your consent. You can select which types of cookies you allow through our cookie banner. The table below explains the categories of cookies used on our website and their purpose.

Set preferences

You can change your cookie preferences any time by clicking the button above. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away.

In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. Listed below are the links to the support documents on how to manage and delete cookies from the major web browsers.

Chrome: https://support.google.com/accounts/answer/32050

Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US

Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

If you are using any other web browser, please visit your browser’s official support documents.

Changes and revisions

We may update this Notice in future. We will maintain an accessible record of any such changes.

Notice published: 20.05.2020

Notice updated: 09.05.2025

ISD proudly complies with the requirements of the Cyber Essentials scheme