Privacy Policy Statement - General Data Protection Regulation (GDPR)

GDPR data protection

15th May 2018

By Kieron Tarling

Goods for Good has been working towards being fully compliant with the General Data Protection Regulation (GDPR) and as we approach the 25th May deadline, GOODS FOR GOOD is focused on the implementation period of its GDPR compliance programme.  Our team has been meeting regularly to ensure that our policies and procedures on data protection are compliant with the requirements of the Regulation. 

 

 GOODS FOR GOOD will take whatever action is necessary to ensure that we handle all personal data in a manner compliant with the Regulation.  We will be publishing our updated Privacy Policy based on changes that we’ve implemented, and this will be rolled out before May 25th, 2018. 

 

GOODS FOR GOOD takes all information security seriously including that of personal data regardless as to whether GOODS FOR GOOD is considered a processor or controller. 

 

GOODS FOR GOOD may obtain data about individuals (personal data) in connection with the provision of services to our clients. Unless we specifically agree otherwise, then GOODS FOR GOOD acts as the owner/controller of personal data and retains the responsibility to address data protection laws to the extent applicable to us.  

 

With respect to the administration of the client\supplier relationship (invoicing, archiving, checking for possible conflicts of interest, marketing and knowledge services) and the hosting of data (client, contact, time recording, invoice, cash flow data, etc.) as well as all data in connection with client-related activities (files, documents, emails, data provided by clients, etc.), then GOODS FOR GOOD may receive support from other volunteer and 3rd Party resources.  

 

For the purpose of administering the client\supplier relationship, client-related activities, marketing, business development and knowledge management, GOODS FOR GOOD may also disclose client data to other partners of Goods for Good and selected third parties.  

 

GOODS FOR GOOD employees and volunteers who work with data will be required to take Data Privacy training.  

 

Information Security  

GOODS FOR GOOD has various procedures in place to manage risk including patch and change management procedures, and network vulnerability scans.  Where we do use information systems these are predominantly cloud-based solutions provided by well know and reputable providers.  

 

GOODS FOR GOOD employees and volunteers are required to take Information Security training empowering their responsibilities to work safely and securely.  Remote/laptop users are required to have multi-factor authentication to access GOODS FOR GOOD’s systems.  

 

Data transfer  

Goods for Good implements standard contractual clauses and other measures to address cross-border data transfer restrictions in data protection laws.  

 

Dealing with data breaches  

A formal incident response and breach notification programme is in place with defined responsibilities and escalation paths.  

 

___________________________________________

 

Here is the updated Privacy Policy Information 

 

 

Privacy policy and cookies

“This Privacy Policy governs the manner in which Goods for Good collects, uses, maintains and discloses information collected from users (each, a "User") of the http://www.goodsforgood.org.uk website ("Site").

 

Personal identification information

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, subscribe to the newsletter, fill out a form, donate money and in connection with other activities, services, features or resources we make available on our Site.

Users may be asked for, as appropriate, name, email address, phone number. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

 

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site.

Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilised and other similar information.

 

Web browser cookies

Our Site may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them.

Users may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

Find out more about cookies on www.allaboutcookies.org

 

How we use collected information

Goods for Good collects and uses Users personal information for the following purposes:

 

To personalize user experience

We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.

 

To improve our Site

We continually strive to improve our website offerings based on the information and feedback we receive from you.

 

To improve customer service

Your information helps us:

 - To more effectively respond to your customer service requests and support needs

- To administer a content, promotion, survey or other Site feature

- To send Users information they agreed to receive about topics we think will be of interest to them

- To send periodic emails

 

The email address Users provide will only be used to respond to their inquiries, and/or other requests or questions. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.

 

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

 

Sharing your personal information

We do not sell, trade, or rent Users personal identification information to others.

We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

 

We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys.

 

We may share your information with these third parties for those limited purposes provided that you have given us your permission.

 

Internet-based transfers 

Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. 

This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation.

By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way. 

 

Third party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties.

 

We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site.

 

In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies.

 

Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.

 

Changes to this privacy policy

Goods for Good has the discretion to update this privacy policy at any time. When we do, we will send you an email.

We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.

 

You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

 

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site.

Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

 

What are your rights to your information?

We will respond to requests to access and correct (if necessary) your personal information as soon as possible.

You have the following options regarding accessing, correcting or limiting the use or disclosure of your personal information:

 

Subject Access Requests (SAR):

You have the right to see what personal data we hold about you.  To obtain a copy of the personal information we hold about you, please email pivacy@goodsforgood.org.uk 

Please put in the subject line: SUBJECT ACCESS REQUEST.

You can also ask for an SAR by writing to us at:

 

The Privacy Office

Goods for Good

212 Bullhead Road
Hertfordshire
WD61RH

 

Please send via recorded delivery, Goods For Good will not be responsible for requests lost or delayed in the post.

Requests will be processed free of charge for a maximum of two (2) requests in any 12 month period. Please note that we reserve the right to charge a fee for any further requests.

 

Limiting use or disclosure:

If you want to limit our use or the disclosure of your information to third parties, please contact our Privacy Officer at privacy@goodsforgood.org.uk  However, please note that by limiting the use of your personal information by us, or its disclosure to third parties, you may also limit our ability to provide you with our Services.

 

Retention:

We will retain your information only for as long as you remain active in our organisation as a supplier/volunteer/donor or other, or as needed to provide you our Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our legal rights.

 

Newsletter:

If you subscribe to our newsletter(s), we will use your name and email address to send you the newsletter. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, or by contacting the Privacy Officer at privacy@goodsforgood.org.uk  

 

Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

 

Goods for Good

212 Bullhead Road
Hertfordshire
WD61RH

 

The Privacy Officer:

privacy@goodsforgood.org.uk

 

The CEO:

Rosalind@goodsforgood.org.uk

Tel: 01582 540521
Mobile: +44 7866 429 807

 

Version 2 of this privacy policy is effective as of 16 May 2018.