Please read this notice carefully. It sets out how we use your personal data and your rights as a data subject. This Privacy Notice applies to personal data of support workers, donors and users of the Greater Change website or mobile application:
Personal data is information about an identifiable individual; anonymous or anonymised data about an individual is not personal data. This Privacy Notice applies when we control the purposes for which your personal data is collected and used; it does not apply when we process personal data on behalf of someone else who controls how your personal data is used.
Data Protection law obliges us to:
1. use your personal data lawfully, fairly and in a transparent way;
2. collect your personal data only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
3. collect and hold personal data which is relevant to the purposes we have told you about and limited only to those purposes;
4. keep your personal data accurate and up to date;
5. keep your personal data only for as long as is necessary for the purposes we have told you about; and
6. keep your personal data securely.
From you: We collect personal data from you when you:
- make a donation;
- communicate with us, by email, letter or phone;
- digital forms completed via our website, mobile application or online surveys;
- and update your information or give us further information.
Other Sources: We obtain personal data from other sources. Those sources include:
- other websites;
- search information providers such as Google;
- and public registers.
The types of personal data we collect and use, the purposes for which we use your personal data, and the lawful bases we rely on to allow us to use your personal data in that way are set out below.Where the lawful basis is our legitimate interests or the legitimate interests of a third party, we have also indicated what those interests are.We may have more than one lawful basis for using your personal data.
Special Categories of Personal Data: We do not collect data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
Criminal convictions and offenses: We do not collect any data about criminal convictions and offenses.
We will use your personal data only for the purposes for which we collected it, unless:
1. we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose; or
2. we anonymise your personal data and use it for research or statistical purposes. For an explanation as to how use of your personal data for a new purpose is compatible with the original purpose, please email us email@example.com
If we intend to use your personal data for an unrelated purpose, we will contact you to explain the legal basis which allows us to use your personal data for that unrelated purpose.
If we use we use your personal data for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes and we impose the safeguards required by the law, those purposes are treated as being compatible with the original purpose.
[If you have consented for us to do so, we may send marketing materials to you at your home or work address. You have the right to opt out of this at any time. Please see the Your Rights section of this document.] Otherwise, we will not send marketing materials to you at your email address or by text or fax unless we have your specific consent (which you can withdraw at any time).
We do not use information about you for the purposes of automated decision making.
We may share your personal data with:
· [anyone we have mentioned when informing you about how we use your personal data;
· [any business with which we merge;]
· anyone we engage to process personal data for us, such as the provider of our IT systems.
· if necessary to obtain advice, to our professional advisers who owe an obligation of confidence to us;
· to law enforcement agencies, if we know of think that you or your employer are/is engaged in any illegal activity;
· anyone, if necessary to comply with any law or regulation and
· anyone, if necessary to enforce our rights or to protect our property or to protect the rights or property of anyone else.
We may transfer your personal data outside the European Union (the EU), but we will not do so unless:
1. we transfer it to a country which the European Commission has decided ensures an adequate level of protection for personal data or if the recipient has entered into the Standard Contractual Clauses published by the European Commission. If you wish to see a copy of the Standard Contractual Clauses, please email us at firstname.lastname@example.org write to Greater Change, Buxton Court, 3 West Way ,Oxford OX2 0JB;
2. we transfer your personal data to an entity in the United States which participates in the Privacy Shield. That obliges the US entity to protect personal data shared between the Europe and the US. For more information please see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
3. you have given your explicit consent to the transfer of your personal data outside the EU. (If you have given that consent you may withdraw it at any time by emailing us at email@example.com write to Greater Change, Buxton Court,
3 West Way, Oxford OX2 0JB;
4. we cannot perform a contract with you without making that transfer;
5. we cannot take steps you have requested us to take without making that transfer;
6. we cannot enter into or perform a contract with someone else and which is in your interests without making that transfer;
7. the transfer is necessary for important reasons of public interest; or
8. the transfer is necessary for the establishment, exercise or defence of legal claims.
Your personal data may be accessed by our staff when they are outside the EU, but the same safeguards will apply as though our staff were accessing your personal data from within the EU.
We have appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will process your personal data on only on our instructions and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will tell the Information Commissioner’s Office and you of a breach of security involving your personal data if the law obliges us to do so.
We will keep your personal data about you only for so long as is necessary to achieve the purpose for which we have collected that data, or as required by law, or as required for in order to meet any legal, accounting, or reporting requirements.
The law requires us to keep information about our customers (including their contact details, details of their identity, financial information and information about transactions with them for six years after they cease being customers.
When deciding what is the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from any unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, you can ask us to delete your personal data. Please see the Your Rights section of this document.
If we anonymise your personal data, it will no longer be personal data and we may use it indefinitely.
In certain circumstances, you have the right to:
Request access to your personal data: You have the right to receive confirmation of whether or not we are holding or using your personal data and, if we are, to obtain a copy of your personal data.
Request the correction of your personal data: You have the right to have any incomplete or inaccurate personal data we hold about you corrected. We may need to verify the accuracy of any new data you provide.
Request the erasure of your personal data (the right to be forgotten): You have the right to ask us to delete or remove personal data where we have no good reason to continue using it.
You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to our using it (see below), where we may have used your personal data unlawfully or where we are required to erase your personal data to comply with the law. We may not always be able to comply with your request for erasure for legal reasons which we will inform you about if you request erasure.
Request a restriction on the processing of your personal data: You have the right to ask us to suspend the processing of your personal data in the following circumstances:
a) if you want us to establish the data's accuracy;
b) where our use of your personal data is unlawful but you do not want us to erase it;
c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
Object to the processing of your personal data: You have the right to object, where we are relying on our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data and that those grounds override your rights and freedoms.
Object to the use of your personal data for direct marketing purposes: You have the right to object where we are processing your personal data for direct marketing purposes.
Withdraw consent: Where you have given consent to our using your personal data for a specific purpose, you have the right to withdraw that consent at any time. Your withdrawal of consent will not affect the lawfulness of any use of your personal data based on your consent before you withdraw consent.
Request the transfer of your personal data (data portability): You have the right, where you provided your personal data to us, you gave consent to our using your personal data or we used that personal data to perform a contract with you and we have processed that data by automated means, to receive the personal data you have provided to us and to have us transmit that data to another person, if it is feasible to do so.
If you want to exercise any of the above rights please email us at firstname.lastname@example.org
We try to respond to all legitimate requests within a month. It may take us longer than a month if your request is complicated or you have made a number of requests. In this case, we will notify you and keep you updated.
Normally you will not have to pay a fee to access your personal data or to exercise any other right, but, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any other right. This is to ensure that personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
You may decide not to give us any personal data, but if you do not provide data which is necessary for us to provide a service or to verify your identity we may not be able to provide and you may not be able to use that service or we may not be able to comply with any request to exercise your rights if we are unsure about your identity.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those third-party websites and we are not responsible for their privacy policies or statements.
This Privacy Notice does not apply to any website operated by a third party. If you visit a third party website, please read its Privacy Notice or privacy statement to find out how it uses your personal data.
We take any complaints we receive very seriously. Please bring it to our attention if you think that our collection or use of your personal data is unfair, misleading or inappropriate. We also welcome any suggestions for improving our procedures. This Privacy Notice was drafted with brevity and clarity in mind. It does not provide exhaustive details of our collection and use of personal data, but please feel free to contact us if you want any additional information or further explanation. You have the right to make a complaint about the way we have used your personal data to the UK Information Commissioner’s Office (the ICO) at The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or www.ico.org.ukbut please give us a chance to address your concerns before you contact the ICO.
[If you want to ask us about this Privacy Notice, please email us at email@example.com write to Greater Change, Buxton Court, 3 West Way ,Oxford OX2 0JBwww.ico.org.ukbut please give us a chance to address your concerns before you contact the ICO.
We keep this Privacy Notice under review. It was last updated on 16/09/2019 It is important that your personal data is accurate and up to date.
Please let us know if your personal data changes.