General Privacy Information
Groundswell are committed to keeping your data safe and being transparent about how it is being used. Below outlines our general privacy information outlining your rights, our data protection lead, purposes for processing data and how we protect your data. Below we also have detailed privacy information for our HHPA clients; volunteers; employees; donors, fundraisers & supporters; and job candidates.
Your data, your rights
We’ve provided this notice to you because your rights are important to us, and because data protection law says we must. This is all about why and how your personal data is processed by Groundswell.
- The data subject is you.
- ‘Processing’ means what we do with your data
- Data Controller is Groundswell, the organisation that is processing your personal data
Privacy information is available in this written form but can also be offered verbally. In addition to this general information, we also provide specific privacy notices: volunteers & trustees, clients, employees, job candidates, research subjects and donors & general supporters.
Privacy notices answer the following questions:
- Where is data stored?
- What information does the organisation collect?
- Why does the organisation process personal data?
- Who has access to data?
- For how long does the organisation keep data?
- What are you rights in relation to the data?
Groundswell’s data protection lead
Groundswell’s data protection lead is Steven Platts, the Chief Executive. If you feel the above questions have not been answered properly or you’d like more information, then please contact him on:
- Phone: 0207 725 2851,
- Email: email@example.com,
- Address: Groundswell, 6th Floor, St Matthews, Brixton, London, SW2 1JF
Purpose of processing data
The purpose is the intended outcome of processing data; e.g. to thank donors for support, to pay staff or to organise referrals to our services. We aim to describe clearly the purposes of processing data.
Lawful basis for processing data
We have identified a lawful basis for processing data which will be specific to the purpose and processing operations rather than a general legal reason. There are six lawful bases in total, four of which apply most commonly to Groundswell: Contractual, Legal, Legitimate Interest and Consent.
In each specific privacy notice we will explain which lawful basis we are using and why. We will explain the basis for each category of data subject in the answer to the question “why do we process personal data?”
Categories of recipients
Recipients are people or organisations outside of Groundswell that might receive your data. Sometimes there are no external recipients. When there are external recipients, we will name them and explain why we provide them with data.
Protecting your data
We take the security of your data seriously. We have internal policies and controls in place to do our best to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees when needed.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
In the modern world, some decisions are taken by computers, this is called automated decision making. None of our processes use automated decision-making. Only humans make decisions in Groundswell.
Transferring Data outside of the EEA
We may from time to time use online survey or communication tools based in the United States and as such data contained in surveys will be transferred outside of the EEA. In this situation data is transferred outside of the EEA on the basis that the survey tool provider has signed up to the EU-US Privacy Shield Framework. More information about the Privacy Shield Framework can be found here: https://www.privacyshield.gov/welcome
Right to complain to ICO
If you believe we have not complied with your data protection rights, you can report it to the Information Commissioner. You can contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.