What personal data do we collect
If we are collecting data for marketing purposes we only collect basic personal data about you which may however include name, address, email, phone number, country of business location, role and company as well as some information which tells us whether you opened an email or clicked on a link within the email. Where you are using a system which we have provided to your employer we will hold data relevant to the provision of this service as per the terms of our contract for provision of the product or service, in this case our agreement is normally with your employer and you should raise any privacy concerns directly with them. We may also hold contact information about individuals who contact us by phone or email for any unspecified reason.
Why we need your data
We need to know your basic personal data in order to either provide you with access to a product or service you have bought from us, provide you with support for these products and services or provide you with on-going information about products which we believe will assist you. We will not collect any personal data from you we do not need in order to provide and oversee this service to you. You can unsubscribe at any time via phone or email, or by clicking the unsubscribe link in any marketing email we send you.
What we do with your data
We may also use personal data for any or all of the following:
- To enable us to meet all legal and statutory obligations
- To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time with the aim of ensuring that all children and adults-at-risk are provided with safe environments;
- To administer the business
- To fundraise and promote the interests of the business
- To manage our employees
- To maintain our own accounts and records;
- To seek your views or comments;
- To notify you of changes to our services and events
- To send you communications which you have requested and that may be of interest to you.
- We will process data about role holders for legal, personnel, administrative and management purposes and to enable us to meet our legal obligations, for example to pay role-holders, “Role Holders” includes volunteers, employees, contractors, agents, staff, retirees, temporary employees, beneficiaries, workers, treasurers and other role holders.
We also use various services such as email, backup and hosting which may store personal data, and in some cases this data may be stored overseas – however we ensure that these services are supplied only by reputable companies who have robust data protection and security policies in place, and we review our supplier relationships regularly.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. We are certified under BSI 27001:2013 which is the international Information Security standard, this requires us to have appropriate measures in place to protect all personal data which we store.
Legitimate Interest for use of personal data
We have undertaken a Legitimate Interest Assessment as required by the Information Commissioner’s Office. On the basis of our assessment we are confident in relying on legitimate interest as a justification for our processing of personal data .
Our Legitimate Interests are summarised here.
How long we keep your data
Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information. After you inform us that you don’t wish to hear from us again we may retain the minimum amount of information which we need to ensure that you don’t get included in future campaigns – for example we may retain your email address to allow effective cross checking.
If you feel that the information we process on you is incorrect you can request to see this information and have it corrected or deleted. You can download a subject matter request form here If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by calling or emailing firstname.lastname@example.org.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office https://ico.org.uk/
Your rights and your personal data
You have the following rights with respect to your personal data: –
(When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights)
- The right to access information we hold on you
- At any point you can contact us to request the information we hold on you as well as why we have that information, who has access to the information and where we obtained the information from. Once we have received your request we will respond within one month.
- There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee .
- The right to correct and update the information we hold on you
- If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
- The right to have your information erased
- If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold.
- When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purpose(s)).
- The right to object to processing of your data
- You have the right to request that we stop processing your data. Upon receiving the request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims.
- The right to data portability
- You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
- The right to withdraw your consent to the processing at any time for any processing of data to which consent was sought.
- You can withdraw your consent easily by telephone, email, or by post
- The right to object to the processing of personal data where applicable.
- The right to lodge a complaint with the Information Commissioners Office.
You can download a subject matter request form here
Note – you don’t need to use the form provided and you can submit requests by letter or email. We may contact you to ask for additional information when we receive your request.