At EDSK, we take your privacy seriously. This policy covers the collection, storage, use, disclosure and disposal of personal information collected by EDSK during our operations such as conducting research or running events. The policy provides details about the personal information that we collect, how we use that information, your rights regarding the information that we hold about you and how to contact us or make a complaint.
Our organisation name is EDSK and our registered office is 35 Oakhill Avenue, Pinner, Middlesex HA5 3DL. We are a non-profit company limited by guarantee (company number 11795717).
EDSK is classed as a ‘data controller’ with respect to the personal information that it processes.
What personal information do we collect?
We collect as little data as possible about each individual or organisation to carry out our work. These individuals and organisations include supporters, stakeholders, sponsors, donors and suppliers. The information that we collect includes names, job titles, organisation names and contact details (e-mail, phone number, address and postcode).
Where relevant, we also collect financial details from donors and suppliers related to donations from individuals and organisations as well as the provision of goods and services.
We collect this information in several ways:
- directly from individuals (including through signing up to receive our newsletter);
- identifying stakeholders, journalists and media outlets with an interest in topics relevant to EDSK’s operations using publicly available information;
- recommendations from our stakeholders;
- registration to attend any of our events, either as a speaker or attendee;
- through financial transactions with individuals and organisations.
How do we use personal information?
We use your personal information in the following ways:
- delivering marketing and events communication;
- maintaining our database of contacts;
- updating stakeholders about relevant news, reports and events;
- communicating with journalists and media outlets about relevant news, events and reports;
- processing donations and maintaining relationships with donors (both individuals and organisations);
- the provision of goods and services.
What is the legal basis for processing personal information?
We process personal information for the purposes described in this policy on the basis that it is in both our and your legitimate interests that you would reasonably expect this processing. In addition, our processing of personal information does not materially impact your rights, freedoms or interests.
Where we have a contractual relationship with you, we may process your personal information as necessary for arranging and delivering that contract.
What do we do with your data?
We only collect personal information for the purposes described in this policy. EDSK does not collect or hold sensitive personal data beyond that which is publicly available.
All the personal data that we handle is processed by staff who are based in the UK and we do not carry out any automated decision making which is likely to affect your rights, freedoms or interests. All EDSK staff are subject to an obligation of confidentiality and are aware of our data protection obligations.
We take appropriate measures to safeguard the personal information that you provide to us. This includes the use of payment forms on our website that meet industry standards for security and data protection. For more information about their privacy and security procedures please visit the Stripe website (https://stripe.com/gb/privacy) and PayPal website (https://www.paypal.com/uk/webapps/mpp/ua/privacy-full). If you would like to make a payment to us by either cheque or BACS / online transfer then please contact us at firstname.lastname@example.org.
You remain responsible for the security of your computer and other electronic devices through which you can communicate with EDSK. We are not responsible for any breach of privacy or data security resulting from the failure of any individual or organisation to prevent unauthorised access to their electronic devices or personal information.
How do we share your personal information?
We only share your personal information under the following circumstances:
- Event sponsors: we share the names, organisations and job titles of prospective attendees at an event with the organisation(s) who sponsored the event.
- Service providers: we share information with third-party service companies to provide certain services. This will include IT infrastructure companies and IT support service providers. These companies are authorised to use your personal information only as necessary to provide their services to us.
- Law enforcement agencies or other legal authorities: we will share personal information if required by applicable law.
Your personal information is held by our mailing list provider – MailChimp. This information is not shared with any other organisation apart from in the circumstances listed above. By signing up to our newsletter you are agreeing to the terms and conditions of MailChimp.com (https://mailchimp.com/legal/terms/).
MailChimp is located in the U.S. and is certified under the EU-US Privacy Shield Framework. This protects the fundamental rights of anyone in the EU whose personal data is transferred to the US for commercial purposes.
If you wish to unsubscribe from our mailing list at any time, you can do so by clicking the ‘unsubscribe’ link at the bottom of any email we send you. Alternatively, you can send your name and email address to email@example.com with the word ‘Unsubscribe’ in the subject line or body of the email.
How long do we keep your data?
We will only use and store information for so long as it is required for the purpose(s) that it was collected. How long your personal information will be stored for depends on the information in question and what it is being used for. For example, we will keep personal information about donors for the duration of our relationship with you.
Any information that is no longer required by EDSK is permanently deleted. You are able to request the deletion of your data at any time, as described later in this policy. We also never store credit or debit card information.
Where we have a contractual relationship with an individual or organisation, we are required to retain this information for seven years.
Cookies files are downloaded to an electronic device when particular websites are accessed by users, and these files allow the website to identify that user on subsequent visits.
The only cookies in use on our site are related to Google Analytics. Google Analytics allows the owner of a website to track visitors to their website and monitor how visitors use the website. Google Analytics collects information anonymously and reports overall trends, without disclosing personal information on any individual visitor. By using our site, you are consenting to Google Analytics collecting this information and sending it to us for use and storage. You can opt out of Google Analytics, which will not affect your visit to our site. Further information can be found here: https://tools.google.com/dlpage/gaoptout.
Links to other websites
What are your rights in relation to the personal information we hold?
Under data protection laws you have several rights. These include the right to:
- access your personal information;
- require us to correct any mistakes in the information that we hold;
- require the deletion of personal information in certain situations;
- request the personal information that you have provided to us in an accessible format;
- transmit your personal information to a third party in certain situations;
- object at any time to the processing of your personal information for direct marketing or other forms of electronic communication;
- restrict our processing of your personal information in certain circumstances.
Please note that there are some exceptions to the rights listed above and there may be situations where we are unable to comply with your request (e.g. if your request puts the privacy of another individual or organisation at risk).
If you would like to exercise any of your rights, please contact us at firstname.lastname@example.org. When you contact us, you will need to give us sufficient information about you for us to verify that you are the individual or organisation that the personal information relates to. We aim to reply to you exercising your rights within 30 days although we cannot be held responsible if certain circumstances do not allow us to respond within this timeframe.
If you wish to complain about how we have handled your personal data, you can contact us to have the matter investigated at email@example.com.
If you are not satisfied with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office (details can be found at www.ico.org.uk).