Privacy Policy

Who we are

Analogue is a nonprofit organisation whose charitable mission is to identify and support early-stage research and creative work — including work that is not yet widely recognised — and to connect that work with the people and institutions able to support it.

Our team operates from the United States and the European Union, and we work with contractors and grantees in other countries. Personal data may be accessed from, or transferred between, these locations, subject to the safeguards described under “International transfers” below. The Analogue Group is the data controller for the personal data described in this policy, which means we decide why and how it is processed. We have assessed whether we are required to appoint a Data Protection Officer under Article 37 GDPR and determined that we are not, as our core activities do not consist of large-scale systematic monitoring of individuals or large-scale processing of special category data.

Information we collect

Information you give us. When you apply, are nominated, register for an event, or correspond with us, we collect the information you provide — for example your name, contact details, professional affiliation, and details of your work, project, or proposal.

Information we gather from public sources. As part of identifying promising research and creative work, we review publicly available sources — such as institutional pages, publications, public professional profiles, and similar materials — and may compile relevant information into a profile of a researcher and their work. GDPR Article 14 requires controllers to notify individuals when their data is collected from third-party sources. However, Article 14(5) limits that obligation in two circumstances that are directly relevant to our scouting activities: first, where the data subject already has the information (Article 14(5)(a)), which covers professional information that researchers have themselves published on institutional pages, in journals, or on public professional profiles on social media and elsewhere; and second, where providing individual notice would involve disproportionate effort (Article 14(5)(b)). In the latter case, the appropriate measure in lieu of individual notice is to make this information publicly available, which this policy does. We rely on both for our scouting activities.

Information collected automatically. When you visit our website we collect limited, aggregate usage information through privacy-focused analytics, as described under “Cookies and analytics.”

Communication records. We keep records of correspondence with you, such as emails and messages about your application, your work, or potential opportunities.

Why we use your data

We use personal data to:

• Operate our application, nomination, and selection processes, and administer programmes and grants;
• Identify, evaluate, and support research, projects, and creative work in line with our charitable mission;
• Introduce researchers, projects, and proposals to funders, philanthropic partners, advisers, and collaborators who may be in a position to support them, in furtherance of our charitable mission of identifying and supporting early-stage research and creative work;
• Facilitate connections, convenings, and collaboration across the initiatives operating on the Analogue platform, where doing so serves the purposes for which the information was collected;
• Communicate with you, including responding to enquiries and sending information you have asked for;
• Comply with our legal and regulatory obligations.

Where the GDPR applies, our legal bases are: your consent (for example, optional communications); our legitimate interests in pursuing our charitable mission, including identifying and supporting research and connecting it with potential supporters (balanced against your rights, and assessed before relying on this basis); the performance of a contract or pre-contractual steps (for example, reviewing an application or administering an awarded grant); and compliance with legal obligations. Where we rely on legitimate interests, you have the right to object, as described under “Your rights.” We maintain a written Legitimate Interests Assessment (LIA) documenting our balancing analysis for each processing activity where legitimate interests is the stated legal basis. The LIA for our researcher scouting activities is available to data subjects on request.

Who we share data with

Funders, philanthropic partners, reviewers, selection committee members, and programme partners. Because our charitable mission involves connecting promising research with the people and institutions able to support it, we may share information about researchers and their work — including information gathered from public sources — with current or prospective funders and partners for the purpose of evaluating, funding, or supporting that work. We share only what is reasonably necessary for that purpose, and we expect recipients to treat non-public materials confidentially.

Service providers. We use third-party providers (for example, for hosting, communications, and analytics) who process personal data on our behalf, under written agreements that require them to protect it and use it only for the purposes we specify. These written agreements constitute Data Processing Agreements (DPAs) compliant with Article 28 GDPR. Before engaging any new processor, we verify that an appropriate DPA is in place. A list of our current sub-processors is available on request.

Legal and regulatory. We may disclose personal data where required by law, or to protect our rights, safety, or property and those of others.

We do not sell personal data or share it for commercial purposes.

Convenings and salons

We host convenings, including off-record discussion salons. Information about who participates in these gatherings, and what is discussed, is used internally by the Analogue team to make the content of these convenings available and to inform our work. We do not publish or externally share attendee lists or the content of off-record sessions except with participants’ agreement.

How long we keep data

We keep personal data only for as long as necessary for the purposes described in this policy, or as required to meet legal, accounting, or reporting obligations. When data is no longer needed, we delete it or anonymise it. Information gathered from public sources may be deleted where it is no longer relevant, where we make no contact within a reasonable period, or where retaining it is no longer necessary for our mission.

By way of guidance, our typical retention periods are:

• Unsuccessful applicants: retained for [2 years] after a final decision, to allow for re-application and to defend any challenge to our process.
• Active grantees and programme participants: retained for the duration of the grant and for [7 years] afterwards, to meet accounting, audit, and legal obligations.
• Researchers identified through scouting: up to [12 months] from collection if no contact is made; [3 years] from last contact if an active relationship develops.
• Website analytics: aggregate data retained on a rolling [12-month] basis.

International transfers and US privacy laws

Our team operates from the United States, and we work with contractors and grantees in other countries. As a result, personal data may be accessed from or transferred between these locations. Where personal data is transferred out of the European Economic Area or the United Kingdom, we put appropriate safeguards in place — such as the European Commission’s Standard Contractual Clauses or transfers to recipients in jurisdictions recognised as providing adequate protection. These safeguards also apply to transfers within our own organisation.

If you are a California resident, you may have additional rights under the CCPA/CPRA, including the right to know what personal information we collect, the right to delete it, and the right to opt out of certain disclosures. As a nonprofit, some CCPA provisions do not apply to us, but we honour access, correction, and deletion requests from California residents where we are able. Residents of Colorado, Virginia, and other U.S. states with applicable privacy laws may exercise equivalent rights by contacting us.

Cookies and analytics

We use Umami, a privacy-focused analytics tool, to understand how our website is used. It collects only aggregate, anonymised usage information and does not use cookies or track individual visitors across websites — see Metric definitions for the full list of information collected. We do not use advertising or third-party tracking cookies.

Children

Our services are directed to researchers and professionals and are not intended for children. We do not knowingly collect personal data from children.

Special categories of data

We do not seek to collect special categories of personal data (such as data revealing health, race or ethnicity, religious beliefs, or political opinions), and we ask that you not provide such information unless we specifically request it for a stated purpose.

Your rights

Depending on where you are located, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• request deletion of your data;
• restrict or object to certain processing, including processing based on our legitimate interests;
• request a copy of certain data in a portable format;
• withdraw consent where we rely on it; and
• lodge a complaint with your local data-protection supervisory authority.

To exercise any of these rights, contact us using the details below. We will respond to requests within one month. Where a request is complex or we receive a high volume, we may extend this by a further two months, in which case we will notify you within the first month. We do not charge a fee unless requests are manifestly unfounded or excessive.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, notify you.

Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or disclosure. No method of transmission or storage is completely secure, but we take reasonable steps to protect the information we process. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and will notify affected individuals without undue delay where the risk is assessed as high.

Contact

If you have questions about this Privacy Policy or about how your personal data is used, please contact:

If you have questions about this policy or how we handle your personal data, please contact us using the details above.