Privacy Policy
[Note that this Privacy Policy follows current ICO Guidelines]
- Introduction
This is our Privacy Policy (together with our terms of use for all/any digital assets and any other documents referred to in it). It applies to our website at www.habitatforhumanity.org.uk (“the Website”) our Empty Space Spotter App (“the App”) and our Empty Spaces to Homes Platform [www.tbc] (“the Platform”). The Website, App and Platform are collectively referred to as “digital assets”. This Privacy Policy describes the type of personal data that we collect from you (“you/your”) through the use of our digital assets, how that personal data, and also non-personal data, is used or disclosed by us and the safeguards we use to protect it
This Privacy Policy has been crafted in an effort to be as clear and concise as possible. Please read it carefully to understand our policies regarding your personal data and how we will treat it. By using or accessing our digital assets, you agree to the collection, use and disclosure of personal data in accordance with this Privacy Policy. [This Privacy Policy was last updated on {to be updated at least annually}]. Please check back regularly to keep informed of updates to this Privacy Policy.
Please read this Privacy Policy carefully. Your acceptance of our Privacy Policy is deemed to occur upon your first use of our digital assets. If you do not accept and agree with this Privacy Policy, you must stop using our digital assets immediately.
If you have any comments on this Privacy Policy, please email them to emptyspacespotter@habitatforhumanity.org.uk
Who we are
2.1 Here are the details that we as ‘data controller’ are required to give to you in accordance with Data Protection Legislation, including the retained EU law version of the EU’s General Data Protection Regulation ((EU) 2016/679) (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (as amended), and any other applicable or updated law which relates to the protection of individuals rights with regard to the processing of personal data):
2.1.1 Our Website address is: www.habitatforhumanity.org.uk
2.1.2 Our Organisational name is: Habitat for Humanity GB (registered charity no: [1043641])
- Our registered address is: [1A Royal Parade, Tilford Road, Hindhead. GU26 6TD]
What we collect
3.1 We collect, use, transfer and process the following data about you including:
3.1.1 personal data you put into forms, when entering a competition, promotion or surveys [anything else?] via our digital assets at any time. This includes personal data provided at the time of registering to use our digital assets, subscribing to our organisation, creating an account on any of our digital assets, posting material or requesting further services
3.1.2 requests that marketing material be sent to you;
3.1.3 personal data you provide via our social media platforms; and
3.1.4 personal and non/personal data you provide to us when you contact us by email, phone or otherwise.
3.2 We also ask for your personal data when you report a problem with any of our digital assets or provide other feedback and we will collect the following personal and non-personal data to enable us to communicate with you;
3.2.1 a record of any correspondence between us;
3.2.2 details of transactions you carry out through our digital assets;
3.2.3 details of your visits to our digital assets and the resources you use;
3.2.4 any personal data that you upload to our digital assets and any other form of interaction data you provide; and
3.2.5 information about your computer (e.g., your IP address, browser, operating system etc) for system administration and to report aggregate information to any advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual
3.3 Please note that we do not store credit card details and we do not share any financial details with any third parties without your consent
3.4 Depending on your circumstances and the digital assets selected the personal data we gather about you includes: your name; address; email address; phone number; financial information; personal identification information and any further personal data as required as part of the service or product provided or which you share through our digital assets
Cookies
4.1 We use cookies to distinguish users and improve the user experience of our website. Please look at our Cookie Policy for more cookie information.
5. How we use what we collect
5.1 We use personal and non-personal data about you to:
5.1.1 present digital assets and content effectively to you;
5.1.2 provide information on and allow you to use, all or any of the digital assets that you request, or (with your consent) any identified as being of interest to you to personalise your experience;
5.1.3 allow you to use our interactive digital assets if you want to;
5.1.4 to administer a contest, promotion, survey or other digital assets feature;
5.1.5 tell you about changes;
5.1.6 we will contact you electronically about similar digital assets and offerings to those previously of interest to you unless you tell us that you do not wish to receive such information the link contained in our email messages or by contacting us at any time via emptyspacespotter@habitatforhumanity.org.uk
5.1.7 with your prior consent, tell you about other organisational news that might interest you; and
5.1.8 allow selected third parties to contact you directly. We will ask for your consent each time, before passing on your details, and will not do so unless your consent is given
5.2 In some instances, it will be appropriate for us to combine your personal and non-personal data with other information that we hold about you, such as combining your name with your geographic location or your browsing history
5.3 If you do want to be contacted for marketing purposes to help us keep you informed about our work, you can tick the consent box that you will find on screen when we collect your personal data. You can unsubscribe or change your preferences at any time via the link contained in our email messages or by contacting us via emptyspacespotter@habitatforhumanity.org.uk
5.4 Please note: we don’t identify individuals to our Supporters/Advertisers (if any), but we give them aggregate information to help them reach their target audience, and we use information we have collected to display advertisements to that audience
5.5 Please note, that if you no longer wish for us to process your personal data for marketing purposes, you can contact us at emptyspacespotter@habitatforhumanity.org.uk and we will update our systems. However, in doing so you acknowledge that this limits the information we can provide to you. In some cases, the collection and retention of personal data is a statutory or contractual requirement. Please see point 7 for further details on retention of personal data.
5.7 In addition to 5.1 we will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
5.7.1 Where we need to perform the contract we are about to enter into or have entered into with you
5.7.2 Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
5.7.3 Where we need to comply with a legal or regulatory obligation
5.8 We do not rely on consent as a legal basis for processing your personal data other than in relation to our marketing communications or sending third party direct marketing communications to you via email, post, phone or text message. You have the right to withdraw consent to marketing at any time by updating your contact preferences, and we will move your data to our “unsubscribe list” or via the link contained in our email messages or by contacting us at any time via emptyspacespotter@habitatforhumanity.org.uk. However, you acknowledge this will limit our ability to provide the best possible communications to you
5.9 As already indicated above, with your consent we will use your data for marketing purposes that will lead to us contacting you by email, post, phone or text message with appropriate information and news. We agree that we will not do anything that we have not agreed to under this Privacy Policy, and we will not send you any unsolicited marketing or spam. We will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the Data Protection Legislation.
5.10 Any and all photographs uploaded to Empty Space Spotter containing images of people will be deleted.
5.11 Misuse of the Empty Space Spotter app by way of uploading inappropriate images will be deleted. If images uploaded are deemed illegal, we withhold the right to pass all received data to relevant authorities and issue an app ban.
6. Where we store your data
6.1 As required, we will transfer your collected data to third parties for storage outside the UK in connection with the above purposes. For example, your personal data will be processed outside the UK to fulfil your order and/or be processed to administer payment [If relevant or likely to become relevant]
6.2 By giving us your personal data, you agree to this arrangement. Where such processing takes place, appropriate controls, such as the adoption of agreements containing appropriate standard contractual clauses are in place to ensure that your personal data is protected to the same standard as if it were in the UK. We will do what we reasonably can to keep your data secure, and up to date and in accordance with this Privacy Policy
6.3 Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our digital assets. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our written instructions, and they are subject to a duty of confidentiality
6.4 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so
6.5 We have implemented security measures such as a firewall and other cyber security to protect any data and maintain a high level of security
6.6 Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet is not completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet and you take the risk that any sending of that data turns out to be not secure despite our efforts
Retention of Data
7.1 We will not collect more personal data than we need for the purposes set out in Paragraph 5. We will retain such personal data for the life of your contractual arrangement with us and for a period of up to seven years after your relationship with us has ended. We are however required to retain personal data for a longer period of time to ensure we comply with our regulatory and legislative requirements. We regularly review our data retention obligations to ensure we do not keep personal data for longer than we are legally obliged to any period longer than required to carry out the purposes set out in Paragraph 5. Please see our retention periods below
Purpose for collecting your Personal data: Marketing to help you with your legal needs by sending you insights, information and exclusive offers to help you grow and protect your business.
Type of personal data being held or processed: Name, email address, telephone numbers. Postal address where provided by data subject.
Lawful basis for processing: Consent
Retention Period: 3 years from date of signing up to marketing.
Purpose for collecting your Personal data: Prospective Donor (who has made zero payment)
Type of personal data being held or processed: Name, email address, telephone numbers, job role, postal address
Lawful basis for processing: Contract – pre-contractual steps
Retention Period: 5 years since day of last contact
Purpose for collecting your Personal data: Donor Contractual Arrangement/Terms of Engagement
Type of personal data being held or processed: Name, email address, telephone numbers, job role, postal address.
Lawful basis for processing: Contract
Retention Period: Minimum of 7 years – Since last day of contact
7.2 We do not store bank/credit card details, other than storing them momentarily on the Platform until they have been dispatched to our payments provider [If Toolkit has a pay option]
Disclosing your personal data
8.1 We are allowed to disclose your personal data in the following cases:
8.1.1 if we want to merge our organisation, we can disclose it to the potential merging organisation, any subsidiaries, or ultimate holding organisations as defined in Section 1159 of the UK Companies Act 2006
8.1.2 we can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights;
8.1.3 in connection with legal proceedings (including prospective proceedings);
8.1.4 in order to establish or defend our legal rights; and
8.1.5 we can exchange personal data with others to protect against fraud or credit risks.
8.2 We may at any time engage third parties to assist us in carrying out certain functions on our behalf. These include companies to assist with payment processing, search engine facilities, advertising and technology services. We only share the appropriate level of personal and non-personal data to enable the supplier to provide their services. Where your personal data is required to be shared, we will take all reasonable steps to ensure your data is handled safely and securely and in accordance with our and the suppliers’ obligations under Data Protection Legislation.
8.3 Companies who have access to personal and non-personal data include: Habitat for Humanity Great Britain.
Web hosting: [HFHGB website is built on wordpress, hosted by Kinsta]
Survey Platforms: Formstack
Online reviews platform:
e-Signing provider: Adobe
CRM: Blackbaud / Raisers Edge
Compliance Tool: We host on Kinsta which uses Google Cloud which should have highest standards of security and compliance.
Client communications and data analysis: Office 365
Other providers include: SMS alerts, IT and software and machine learning development, Online advertising management
Data analysis for the website would be Google Analytics
*** These are examples – there may be others that require inclusion
We may change these companies, so we expect you to check this page from time to time.
Your rights
9.1 You have a number of rights under the Data Protection Legislation;
9.1.1 The right to request a copy of the personal data we hold on you. When you request this personal data, this is known as a Subject Access Request (SAR). In most cases, this will be free of charge however in limited circumstances we apply an administration charge. For example, where repeated requests are made;
9.1.2 The right to have personal data we hold about you transferred securely to another service provider in an electronic form;
9.1.3 The right to have inaccurate personal data corrected and additional personal data added to your record;
9.1.4 The right to request any out of date personal data erased once there’s no business need or legal requirement for us to hold it;
9.1.5 The right to object to or restrict your personal data being processed, in limited circumstances and only when we don’t have legitimate grounds for processing your personal data;
9.1.6 The right to object to personal data being used to send you marketing material. As mentioned above, we will only send you marketing material where you have given your consent to do so. You can remove your consent at any time
9.1.7 You can ask us not to use your data for marketing. You can do this by not ticking the relevant boxes on our forms, or by contacting us at any time
9.1.8 To exercise any of these rights please contact emptyspacespotter@habitatforhumanity.org.uk
Security
10.1 We are committed to ensuring your personal data is protected and held securely. However, the internet is not a secure medium and we cannot accept responsibility for the security of an email during transmission or non-delivery of that email.
Making a complaint
11.1 If you believe we have not processed any of your personal data in accordance with Data Protection Legislation or you have been affected by non-compliance you can make a complaint to:
Designated person detailsWeb developer: freelance – Mohisn Rasool (Sebta)
11.2 If you are not satisfied with our response, you can raise a complaint with the UK’s Information Commissioner’s Office, the UK’s independent authority set up to enforce Data Protection Legislation. For further information on exercising your rights on organisations processing your personal data, please click here. https://ico.org.uk/your-data-matters/your-right-of-access/
Links to other websites
12.1 Please note that our digital assets terms of use and our policies will not apply to other websites that you get to via a link from any of our digital assets
12.2 Our digital assets may, from time to time, contain links to and from the website of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. We have no control over how your data is collected, stored or used by other websites and we advise you to check their privacy policy before providing any data to them
Changes
13.1 If we change our Privacy Policy, we will post the changes on this page. If we decide to, we will email you.
Automated decision-making tools
14.1 In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge such decisions under the Data Protection Legislation, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us
14.2 The right described in section 14.1 does not apply in the following circumstances:
14.2.1 the decision is necessary for the entry into, or performance of, a contract between you and us;
14.2.2 the decision is authorised by law; or
14.2.3 you have given your explicit consent.
14.3 Where we use your personal data for profiling purposes, the following shall apply:
14.3.1 Clear information explaining the profiling will be provided, including its significance and the likely consequences;
14.3.2 Appropriate mathematical or statistical procedures will be used;
14.3.3 Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and
14.3.4 All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling
Terms and Conditions
15.1 Please also visit our digital assets terms of use section establishing the use, disclaimers, and limitations of liability governing the use of our digital assets
Your consent
16.1 By ticking applicable boxes on signing up to any or all of our digital assets, you consent to our Privacy Policy.
Dispute Resolution
17.1 The Parties will use their best efforts to negotiate in good faith and settle any dispute that may arise out of or relate to this Privacy Policy or any breach of it
17.2 If any such dispute cannot be settled amicably through ordinary negotiations between the parties, or either or both is or are unwilling to engage in this process, either party may propose to the other in writing that structured negotiations be entered into with the assistance of a fully accredited mediator before resorting to litigation
17.3 If the parties are unable to agree upon a mediator, or if the mediator agreed upon is unable or unwilling to act and an alternative mediator cannot be agreed, any party may within 14 days of the date of knowledge of either event apply to us to appoint a mediator
17.4 Within 14 days of the appointment of the mediator (either by mutual agreement of the parties or by Habitat for Humanity GB in accordance with their mediation procedure), the parties will meet with the mediator to agree the procedure to be adopted for the mediation, unless otherwise agreed between the parties and the mediator
17.5 All negotiations connected with the relevant dispute(s) will be conducted in confidence and without prejudice to the rights of the parties in any further proceedings
17.6 If the parties agree on a resolution of the dispute at mediation, the agreement shall be reduced to writing and, once signed by the duly authorised representatives of both parties, shall be final and binding on them
17.7 If the parties fail to resolve the dispute(s) within 60 days (or such longer term as may be agreed between the parties) of the mediator being appointed, or if either party withdraws from the mediation procedure, then either party may exercise any right to seek a remedy through arbitration by an arbitrator to be appointed by us
17.8 Any dispute shall not affect the parties’ ongoing obligations under this Privacy Policy