This policy was updated on May 24 2018.
1. Information About Us
www.eastsideprojects.org is operated by Eastside Projects Limited, a not for profit limited company registered in England and Wales, company number 6402007.
We have appointed a Data Protection Officer to ensure that we process your personal data in an open, accurate and legal manner. If you have any questions regarding your information you can contact us at email@example.com, or 86 Heath Mill Lane, Birmingham, B9 4AR.
2. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
In simpler terms this means any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but also less obvious information such as identification numbers, electronic location data, and other online identifiers.
3. When do we collect data?
We collect certain information from you in order to provide the service/s you request from us. We will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
We gather your information when you
– Sign up to our mailing list
– Join as an ESP member
– Sign up to volunteer with us or apply to one of our opportunities
– Make a donation
– Make a purchase from us
– Complete one of our surveys
– Book for one of our events
– Participate in one of our projects
4. What data do we collect?
We only collect information that is necessary to carry out our business – this is limited according to the type of service you require. This might include.
– Prefix and name
– Home, delivery and billing addresses and postcodes
– Email address
– Telephone number(s)
– Education and employment history
– Payment card number, expiry date, issue no and name of card holder– We may collect but will not hold payment card information. Dependant on the ordering method, payment card information is either online – entered onto a secure online payment provider by the cardholder – or in person – taken via a chip and pin terminal.
– Correspondence- if you contact us we may keep a record of that correspondence.
– IP addresses – when you visit our site, we will automatically receive your IP address, a unique identifier for your computer or other access device.
– Cookies -As with the majority of websites, we collect cookies to enhance user experience and to enable our site to properly function.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We may collect Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). This data is only used as part of any Aggregated Data we collect, to fulfil certain reporting requirements of our funders.
5. Who accesses my data?
We never pass on, sell or swap your data for marketing purposes to third parties. Data that is forwarded to third parties, is only used to provide you with our services.
In order to prevent unauthorised access or disclosure of your information, we have put in place suitable physical, electronic and managerial procedures to protect and secure information that is collected online.
Access to your information is restricted in our premises. Only employees who need the information to perform a specific job are granted access to personally identifiable information.
We may share your personal information with third party service providers that we use to complete services and to manage our infrastructure. We do not sell or disclose your personal information to governments, marketing or advertising services, other clients or anyone else except as outlined in this statement or as may be required by law.
Some service providers (such as Mailchimp) may have access to your data in order to perform services (such as payment processing and emailing) on our behalf. We ensure that anyone who provides these services meets our standards for data security. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing.
In exceptional circumstances, we may be asked to communicate personal information to law enforcement agencies, national security agencies, courts or other public bodies in any jurisdiction where we are subject to the law, regardless of where personal information is stored. If we receive a production order, warrant, subpoena or other enforceable demand, we will comply as required by law.
If we receive a request to provide information voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications and our legal obligations prior to deciding whether to communicate personal information. In any case where the information in question was collected from or on behalf of a client, we will consult with you before proceeding unless prohibited by law.
We may proactively communicate personal information to law enforcement or other third parties if necessary to investigate or report a violation of the law or a contractual agreement, or if otherwise appropriate and permitted by law.
6. What do we do with your data?
Eastside Projects must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in Eastside Projects’ legitimate business interests to use it. These uses may include:
To help us design our website and improve your experience, we may collect information about the way you use and access our website. We collect information about each visitor, including IP address, the length of time spent on the website and the order in which pages are visited. This data is also used as part of any Aggregated Data we collect, to fulfil certain reporting requirements of our funders.
If you sign up to our mailing lists we will collect your name, email address and postal address. With your permission and/or where permitted by law, Eastside Projects may use this data for marketing purposes, which may include contacting you by email with information and news about the activities you have expressed an interest in.
You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. We will not share your information with anyone else unless you have given your consent when signing up to the mailing list.
If you express an interest in volunteering with Eastside Projects we will collect your name, email address, phone number and date of birth. We will also ask whether you are a student and, if you are, where you study. Eastside Projects may use some of this data for marketing purposes, which may include contacting you by email with news about our activities and volunteering opportunities. We will never share your details without your consent, you will not be sent any unlawful marketing or spam and you will always have the opportunity to opt-out. We may use anonymised aggregated data in applications and reports to funders.
We will keep your data on file for up to two years, after which time we will ask you if you would still like to be on the volunteers list – if we do not hear from you we will assume you no longer consent to us holding your information and will remove your data from our records. You can ask us to delete data we hold at any time.
Volunteers will be asked to complete an anonymised equal opportunities questionnaire once they are inducted. Participation is voluntary, but we may use aggregated data collected to monitor progress against diversity targets and when reporting to funders.
When you sign up to join ESP we will collect your name, email address, website, phone number, date of birth and demographic information. We will also ask about your educational experience and where you studied. Eastside Projects may use this data for marketing purposes, which may include contacting you by email with news about our activities and the ESP programme. We will never share your details without your consent, you will not be sent any unlawful marketing or spam and you will always have the opportunity to opt-out. We may use anonymised aggregated data in applications and reports to funders.
7. Your Access Rights
You have a right to access the personal information that is held about you. To obtain a copy of the personal information Eastside Projects holds about you, please email us at firstname.lastname@example.org.
Providing your information to us is voluntary. The purpose for collecting personal information is to enable us to provide our products and services to you.
Whenever our legitimate basis for collecting and using personal information is your consent, you can withdraw or modify your consent for future collection or use of your personal information at any time, and we will explain the consequences of doing so.
If we use your personal information for sales or marketing purposes, you can ask us to stop at any time and we will do so.
We keep personal information as long as you are a client of ours or as long as we need to keep it to comply with our legal obligations.
The personal information we collect comes directly from you, in which case you are in control of its accuracy. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated.
8. How can you make a complaint?
We are commited to investigating and resolving complaints about our collection or use of your personal information. To make a complaint, contact us at email@example.com
9. Notification of Changes to This Policy