Definitions and Interpretation
The following words and expressions have the following meanings unless inconsistent with the context:
“Compliance Officer” – Natalie Grainger who can be contacted by post at Suite 1 Innovation House, East Service Road, Raynesway, Derby, DE21 7BF or by email at email@example.com.
“Cookies” – a small amount of data sent from the server, which is then stored on your computer’s hard disc drive;
“DPA” – Data Protection Act 1998 as amended from time to time;
“GDPR” – General Data Protection Regulations
“Process” or “Processing”
“Sensitive Personal Data” – as defined by the DPA and GDPR
“We”, “Us” or “Our” – NWG Network, a company registered in England and Wales with company number 6557851 whose registered office is at Suite 2 Innovation House, East Service Road, Raynesway, Derby, DE21 7BF and who may be contacted on firstname.lastname@example.org; and
“You”, “Your” – an individual, company, or firm accessing our Site.
References to any statute or statutory provision include, unless the context otherwise requires, a reference to the statute or statutory provision as modified or re-enacted and in force from time to time, and any subordinate legislation made from time to time under the relevant statute or statutory provision.
References to “persons” include natural persons, firms, partnerships, companies, corporations, associations and organisations, (in each case whether or not having separate legal personality).
Use of any gender includes the other genders.
Words in the singular include the plural and words in the plural include the singular.
Any reference to “writing” or any cognate expression includes communications by post and email but not facsimile or text messages.
The headings to Conditions do not affect the interpretation of these Conditions.
Any phrase introduced by the term “include”, “including”, “in particular” or any similar expression will be construed as illustrative and will not limit the sense of the words preceding that term.
Who are we?
The NWG Exploitation Response Unit takes your privacy seriously. This notice outlines the use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”) For the purpose of DPA and GDPR we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to NWG Network, Suite 2 Innovation House, East Service Road, Raynesway, Derby. DE21 7BF.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
The Personal Information We Collect
Personal information includes details such as your name, date of birth, email address, postal address, telephone number, as well as information you provide in any communications between us. You will have given us this information whilst registering on our mailing list, using our website, placing an order on our website, attending an event or training, seeking advice and support or any of the other ways to interact with us.
You will also provide us with personal information when you interact with us through others: this could be if you book onto an event via Eventbrite, use Paypal or Sagepay to pay for a product/service and provide your consent for your personal information to be shared with us.
When you visit our website we collect information to help us to understand how our stakeholders use the site, and to make improvements. This information consists of your IP address, your internet browser, when you visited and which pages you visited or downloaded during your visit. We cannot use this information to find out further personal information about you.
We aim to ensure that our communications to you are relevant and timely. To enable us to do this, we may also analyse publicly available geographic, demographic and other information relating to you to better understand your interests and preferences.
How do we process your personal data?
The NWG complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We will process your personal data based on your consent, and/or because we need to use it in order to fulfil a contract with you (e.g because you have subscribed to our Membership, and/or legitimate interest).
Legitimate interest means that the reason that we are processing information is because there is a valid reason for the NWG to do so. This could include making improvements to our services, to manage relationships with our supporters and to comply with relevant legislation. Whenever we process your information in this way, we ensure that we consider your rights and interests.
We will never sell or swap your details. We may share your information with trusted third parties in the process of managing your engagement with us, such as payment processors for donations, to partners who manage our events.
We use your personal data for the following purposes:
* To enable us to provide support and advice for the benefit of those working with children and young people within the field of child sexual exploitation and/or modern slavery as in our constitution;
* To administer membership subscriptions and activities;
* To fundraise and promote the interests of the charity;
* To manage our recruitment processes, employees and volunteers;
* To maintain our own accounts and records;
* To inform you of news, events, activities and services offered by NWG;
* Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their services that you may be interested in. If you do not want us to use your data for our [or third parties’] use, you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data, or you can do so by writing to us at our postal address or sending us an email to email@example.com at any time.
What is the legal basis for processing your personal data?
* Explicit consent of the data subject so that we can keep you informed about news, events, activities and services offered by NWG.
* Processing is necessary for carrying out legal obligations in relation to employment, social security or social protection, employment law, or a collective agreement, or contract.
* Sharing of information with partners or third parties is only done so where consent has been provided.
* However, we may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk.
Please be advised that we do not reveal information about identifiable individuals to our stakeholders, but we may, on occasion, provide them with aggregate statistical information about our visitors.
The Use of Trusted Partners and Suppliers
We use external companies such as Eventbrite to collect or process personal data on our behalf. We undertake checks on these companies before we work with them and put agreements in place that require them to comply with data protection legislation and ensure that they have appropriate controls in place to secure your information.
Controlling the use of your data
If you have given us consent to use your data for a purpose you can revoke or vary that consent at any time. If you do not want us to use your data or want to vary the consent that you have provided you can write to us at Suite 2, Innovation House, East Service Road, Raynesway, Derby. DE21 7BF or email us at firstname.lastname@example.org at any time.
Where we store and transfer your data?
As part of the services offered to you, for example through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
We do not use or disclose sensitive personal data, such as race, religion, or political affiliations, without your explicit consent.
Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the website.
You have the right to opt out of our processing your personal data for marketing purposes by contacting us at email@example.com
The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data while you are transmitting it to our site; any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
* The right to request a copy of your personal data which NWG holds about you; where possible this will be provided within 30 days of request. If an extension is required due to the complexity of the request, then this will be agreed in writing by both parties;
* The right to request that NWG corrects any personal data if it is found to be inaccurate or out of date;
* The right to request your personal data is erased where it is no longer necessary for NWG to retain such data;
* The right to withdraw your consent to the processing at any time
* The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
* The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
* The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
* The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries of complaints please in the first instance contact the Business & Executive Administrator, NWG, Suite 1 Innovation House, East Service Road, Raynesway, Derby. DE21 7BF or by email to firstname.lastname@example.org
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/
Version 01 / May 2018