Privacy Notice
Last updated: March 2026
The International Pandemic Preparedness Secretariat (IPPS) is an independent body hosted by the Wellcome Trust in London, United Kingdom. While we work and communicate independently of the Wellcome Trust, we operate under the Wellcome Trust’s financial and legal framework. Our staff are legally employees of the Wellcome Trust and use Wellcome’s I.T. infrastructure for internal purposes.
This policy explains how we collect, use and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018.
-
Who we are
IPPS is the data controller for personal data collected through this website (ippsecretariat.org).
Our host organisation, the Wellcome Trust, provides IT infrastructure and security support for internal communications but does not process or manage the external personal data that we hold.
You can contact us at:
Email: info@ippsecretariat.org
Postal address: International Pandemic Preparedness Secretariat, c/o Wellcome Trust, 215 Euston Road, London NW1 2BE, United Kingdom.
If you make a request related to the data we store, we have one month to respond to you.
-
What data we collect
We only collect personal data that you choose to provide, such as:
- Name(s), email address and organisation (for newsletter subscriptions)
- Organisation and professional details (if provided in correspondence)
We also collect limited technical information automatically when you visit our website, such as your IP address, browser type and device information. This helps us understand how our website is used and to keep it secure.
We do not collect special category or sensitive personal data through this website.
-
How we use your data
We use your personal data to:
- Send you updates, newsletters and information about our work (if you subscribe)
- Respond to your messages or enquiries
- Understand data collected via surveys and questionnaires
- Maintain contact lists and stakeholder records relevant to our mandate
Our legal basis for processing is consent (for newsletters, surveys and communications) or legitimate interest (for responding to enquiries and maintaining professional engagement).
Every newsletter we send contains an opt-out link at the base of the email if you wish to stop receiving them.
-
How we store and protect your data
Personal data provided through newsletter sign-ups is securely stored in Mailchimp, which we procure directly from Intuit Mailchimp. Mailchimp is based in the United States and certified under the EU–U.S. Data Privacy Framework, which provides appropriate safeguards for international data transfers. For more information, please see Mailchimp’s privacy notice here.
We may also collect data via forms or surveys hosted by Microsoft Forms. Microsoft states that Forms is fully compliant based on GDPR requirements. For more information, please see Microsoft’s information page here.
Our staff email accounts and internal systems operate on Wellcome’s secure IT infrastructure, which complies with Wellcome’s data protection and cybersecurity standards. You can find more information about Wellcome’s privacy policies here.
Our website is hosted and distributed through Amazon Web Services (AWS) infrastructure, specifically Amazon CloudFront. This service may collect limited technical data such as IP addresses, browser types and access times to ensure site security and performance. These logs are stored securely and retained for a limited period before automatic deletion.
We use Google Analytics to understand how visitors use our website. Google Analytics uses cookies to collect information in an anonymised form, including visitor numbers, page views and how visitors found our site. This information helps us improve our website and communications. Data collected by Google Analytics may be processed outside the UK and European Economic Area, including in the United States. You can opt out of Google Analytics tracking by adjusting your browser settings or using Google’s opt-out browser add-on.
We do not sell personal data under any circumstances. We will not share your personal data with third parties unless required by law.
-
Data retention and disposal
The IPPS is a time-limited organisation, due to sunset at the end of 2026 ahead of formal closure in March 2027.
All personal data held by the IPPS will be securely disposed of by 31 March 2027, unless legal or archival obligations require earlier deletion.
Data will not be transferred to any successor organisation without prior notice and, where required, renewed consent.
-
Your data protection rights
Under the UK GDPR, you have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Withdraw your consent at any time
- Object to or restrict certain types of processing
To exercise these rights, please contact us at info@ippsecretariat.org.
If you are dissatisfied with our response regarding your privacy or data, you have the right to complain to the Information Commissioner’s Office. You can find more information here.
-
Cookies
Our website may use minimal cookies to ensure basic functionality and collect anonymous usage statistics. You can adjust your browser settings to refuse cookies if you prefer.
-
Updates to this policy
We may update this policy occasionally. Any changes will be posted in the change log below and the last updated date will be revised.
Change log
none