15th May 2018
Goods for Good has been working towards being fully compliant with the General Data Protection Regulation (GDPR) and as we approach the 25th May deadline, GOODS FOR GOOD is focused on the implementation period of its GDPR compliance programme. Our team has been meeting regularly to ensure that our policies and procedures on data protection are compliant with the requirements of the Regulation.
GOODS FOR GOOD takes all information security seriously including that of personal data regardless as to whether GOODS FOR GOOD is considered a processor or controller.
GOODS FOR GOOD may obtain data about individuals (personal data) in connection with the provision of services to our clients. Unless we specifically agree otherwise, then GOODS FOR GOOD acts as the owner/controller of personal data and retains the responsibility to address data protection laws to the extent applicable to us.
With respect to the administration of the client\supplier relationship (invoicing, archiving, checking for possible conflicts of interest, marketing and knowledge services) and the hosting of data (client, contact, time recording, invoice, cash flow data, etc.) as well as all data in connection with client-related activities (files, documents, emails, data provided by clients, etc.), then GOODS FOR GOOD may receive support from other volunteer and 3rd Party resources.
For the purpose of administering the client\supplier relationship, client-related activities, marketing, business development and knowledge management, GOODS FOR GOOD may also disclose client data to other partners of Goods for Good and selected third parties.
GOODS FOR GOOD employees and volunteers who work with data will be required to take Data Privacy training.
GOODS FOR GOOD has various procedures in place to manage risk including patch and change management procedures, and network vulnerability scans. Where we do use information systems these are predominantly cloud-based solutions provided by well know and reputable providers.
GOODS FOR GOOD employees and volunteers are required to take Information Security training empowering their responsibilities to work safely and securely. Remote/laptop users are required to have multi-factor authentication to access GOODS FOR GOOD’s systems.
Goods for Good implements standard contractual clauses and other measures to address cross-border data transfer restrictions in data protection laws.
Dealing with data breaches
A formal incident response and breach notification programme is in place with defined responsibilities and escalation paths.
Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, subscribe to the newsletter, fill out a form, donate money and in connection with other activities, services, features or resources we make available on our Site.
Users may be asked for, as appropriate, name, email address, phone number. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site.
Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilised and other similar information.
Web browser cookies
Our Site may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them.
Find out more about cookies on www.allaboutcookies.org
How we use collected information
Goods for Good collects and uses Users personal information for the following purposes:
To personalize user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
To improve our Site
We continually strive to improve our website offerings based on the information and feedback we receive from you.
To improve customer service
Your information helps us:
- To more effectively respond to your customer service requests and support needs
- To administer a content, promotion, survey or other Site feature
- To send Users information they agreed to receive about topics we think will be of interest to them
- To send periodic emails
The email address Users provide will only be used to respond to their inquiries, and/or other requests or questions. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others.
We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys.
We may share your information with these third parties for those limited purposes provided that you have given us your permission.
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis.
This means for instance that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation.
By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
Third party websites
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties.
We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site.
In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies.
Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.
We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site.
Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
What are your rights to your information?
We will respond to requests to access and correct (if necessary) your personal information as soon as possible.
You have the following options regarding accessing, correcting or limiting the use or disclosure of your personal information:
Subject Access Requests (SAR):
You have the right to see what personal data we hold about you. To obtain a copy of the personal information we hold about you, please email email@example.com
Please put in the subject line: SUBJECT ACCESS REQUEST.
You can also ask for an SAR by writing to us at:
The Privacy Office
Goods for Good
212 Bullhead Road
Please send via recorded delivery, Goods For Good will not be responsible for requests lost or delayed in the post.
Requests will be processed free of charge for a maximum of two (2) requests in any 12 month period. Please note that we reserve the right to charge a fee for any further requests.
Limiting use or disclosure:
If you want to limit our use or the disclosure of your information to third parties, please contact our Privacy Officer at firstname.lastname@example.org However, please note that by limiting the use of your personal information by us, or its disclosure to third parties, you may also limit our ability to provide you with our Services.
We will retain your information only for as long as you remain active in our organisation as a supplier/volunteer/donor or other, or as needed to provide you our Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our legal rights.
If you subscribe to our newsletter(s), we will use your name and email address to send you the newsletter. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, or by contacting the Privacy Officer at email@example.com
Goods for Good
212 Bullhead Road
The Privacy Officer:
Tel: 01582 540521
Mobile: +44 7866 429 807