South Asia Council for Security Policy

Privacy Policy

South Asia Council for Security Policy (SACSP)

www.sacsp.org  |  Last updated: April 2026

1. Introduction

The South Asia Council for Security Policy (“SACSP”, “we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website at [https://sacsp.org] (the “Website”) or otherwise interact with us. SACSP is currently in the process of formal registration in the United Kingdom

This Policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.  SACSP acts as the data controller for the purposes of personal data collected through this Website. We are based in London, United Kingdom.

Please read this Policy carefully. By using our Website, you acknowledge that you have read and understood how we handle your personal data. If you have any questions, you can contact us using the details in Section 13.

2. Personal Data We Collect

We collect personal data only where it is necessary and proportionate to the purposes described in this Policy. The categories of personal data we may collect include:

2.1 Data You Provide Directly

  • Name and email address, when you subscribe to our mailing list or newsletter
  • Name, email address, institutional affiliation, and the content of your message, when you contact us via our enquiry or contact form
  • Name, email address, biographical information, and submitted manuscript, when you submit a contribution for publication consideration
  • Any other information you voluntarily provide when corresponding with us

2.2 Data Collected Automatically

When you visit the Website, we may automatically collect certain technical data, including:

  • Your IP address and approximate geographic location
  • Browser type and version
  • Device type and operating system
  • Pages visited on the Website and time spent on each page
  • Referring website or search query that brought you to the Website
  • Date and time of your visit

This data is collected through cookies and similar technologies. Please see Section 10 for further information on our use of cookies.

3. How We Use Your Personal Data

We use your personal data only for the purposes for which it was collected, and only where we have a lawful basis for doing so under UK GDPR. The purposes for which we process personal data, and the corresponding lawful bases, are as follows:

  • To respond to your enquiries and correspondence — Lawful basis: legitimate interests (responding to communications directed to us)
  • To send you our newsletter, publications, and research updates, where you have subscribed — Lawful basis: consent
  • To process and consider manuscript or contribution submissions — Lawful basis: legitimate interests (managing our editorial process)
  • To analyse Website usage and improve our Website’s content and functionality — Lawful basis: legitimate interests (improving our service)
  • To comply with legal obligations to which SACSP is subject — Lawful basis: legal obligation

We will not use your personal data for automated decision-making or profiling.

4. Mailing List and Newsletter

If you subscribe to the SACSP mailing list or newsletter, we will use your name and email address to send you research updates, publication announcements, and event information. Subscription is based on your consent and is entirely voluntary.

You may withdraw your consent and unsubscribe at any time by clicking the unsubscribe link in any email we send, or by contacting us directly at [contact email]. Withdrawal of consent will not affect the lawfulness of any processing carried out prior to withdrawal.

 

5. Sharing of Personal Data

SACSP does not sell, rent, or trade your personal data to any third party. We may share your personal data only in the following limited circumstances:

  • With third party service providers who assist us in operating the Website or delivering our services (such as email distribution platforms or website hosting providers), where those providers are bound by appropriate data processing agreements and handle data only on our instructions
  • Where required by law, regulation, or court order, or where disclosure is necessary to protect the rights, property, or safety of SACSP, its staff, or others
  • In the event of a merger, restructuring, or transfer of SACSP’s activities, where personal data may be transferred to a successor organisation, subject to equivalent data protection obligations

Any third party service providers we engage are required to implement appropriate technical and organisational measures to protect your personal data and are prohibited from using it for any purpose other than those we specify.

6. International Data Transfers

SACSP is based in the United Kingdom. Where we transfer personal data outside the UK — for example, where we use a service provider whose servers are located outside the UK — we ensure that appropriate safeguards are in place in accordance with UK GDPR. These may include reliance on the UK Government’s adequacy regulations, standard contractual clauses approved by the UK Information Commissioner’s Office (ICO), or other lawful transfer mechanisms.

We will not transfer your personal data to any country or organisation that does not provide an adequate level of protection.

7. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are as follows:

  • Mailing list and newsletter subscribers: for as long as you remain subscribed, and deleted promptly upon unsubscription
  • Enquiry and contact form submissions: up to 24 months from the date of correspondence, unless ongoing engagement requires longer retention
  • Publication submissions: up to 36 months from the date of submission, to allow for the full editorial and publication cycle
  • Website analytics data: aggregated and anonymised data may be retained indefinitely; identifiable technical data is retained for no longer than 12 months

When personal data is no longer required, it is securely deleted or anonymised.

8. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights in respect of your personal data:

  • Right of access: you have the right to request a copy of the personal data we hold about you
  • Right to rectification: you have the right to request that we correct any inaccurate or incomplete personal data
  • Right to erasure: you have the right to request that we delete your personal data, subject to certain conditions
  • Right to restriction of processing: you have the right to request that we limit the way we use your personal data in certain circumstances
  • Right to data portability: where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format
  • Right to object: you have the right to object to processing based on legitimate interests, including for direct marketing purposes
  • Right to withdraw consent: where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at [contact email]. We will respond to all requests within one month of receipt, in accordance with UK GDPR. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe we have not handled your personal data lawfully. The ICO can be contacted at www.ico.org.uk or by telephone on 0303 123 1113.

9. Data Security

SACSP takes the security of your personal data seriously and implements appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include secure server infrastructure, access controls, and encrypted data transmission where applicable.

While we take reasonable steps to protect your personal data, no method of transmission over the internet or method of electronic storage is entirely secure. We cannot guarantee absolute security and encourage you to exercise caution when sharing personal information online.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware, and notify you directly where required under UK GDPR.

10. Cookies

The Website uses cookies and similar tracking technologies to improve your browsing experience and help us understand how the Website is used. Cookies are small text files stored on your device when you visit a website.

10.1 Types of Cookies We Use

  • Strictly necessary cookies: essential for the Website to function correctly. These cannot be disabled.
  • Analytics cookies: used to collect anonymised information about how visitors use the Website, such as pages visited and time spent. We use this data to improve the Website. These cookies are only set with your consent.
  • Preference cookies: used to remember your settings and preferences to improve your experience on return visits. These are only set with your consent.

10.2 Managing Cookies

On your first visit to the Website, you will be asked to consent to the use of non-essential cookies via a cookie banner. You may withdraw or manage your cookie preferences at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of the Website.

For further information on managing cookies, visit www.aboutcookies.org or www.allaboutcookies.org.

 

11. Third Party Websites

Our Website may contain links to third party websites, including academic institutions, news sources, and policy organisations. This Privacy Policy applies only to the SACSP Website. We are not responsible for the privacy practices or content of any third party website and encourage you to review the privacy policies of any website you visit.

12. Children’s Privacy

The SACSP Website is not directed at children under the age of 16. We do not knowingly collect personal data from individuals under 16. If you believe we have inadvertently collected personal data from a child under 16, please contact us and we will take prompt steps to delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational circumstances. The most current version will always be available on this page, with the date of last revision noted at the top. We encourage you to review this Policy periodically. Where changes are material, we will take reasonable steps to bring them to your attention.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please contact us at:

South Asia Council for Security Policy (SACSP)

Email: [email protected]

Website: www.sacsp.org

London, United Kingdom

This Privacy Policy was last reviewed and updated in April 2026.