Privacy Policy 2018

 

GMCVO Databases is a subsidiary of GMCVO as such we have a joint policy covering the whole organisation. Please read the full policy and statement below

 

---

GMCVO and its subsidiaries take your data rights very seriously and as such this privacy statement details what we record, why we record it, where we store it and how you can request changes to it.

We do not, and never will, sell your data for marketing purposes. We will only use it in the manner you have allowed us to, so we can deliver the services you have requested.

---

 

Our privacy statement

This privacy statement tells you what to expect when we collect personal information.

 

Who are we?

In this policy, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to GMCVO (a working name for Greater Manchester Council for Voluntary Organisations), its subsidiaries and all projects.

All profits from non-funded ventures go back into the parent charity (GMCVO) to assist with other projects that support voluntary, community and social enterprise (VCSE) organisations in providing much needed services to residents and communities in the Greater Manchester city region.

 

Your acceptance of this policy

By using our websites, social media pages, accessing an event, accessing a service or providing your information you consent to our collection and use of the information you provide in the way(s) set out in this policy. If you do not agree to this policy please do not use our sites, social media pages or services.

 

Changes to this privacy statement

We regularly review our privacy statement. Any updates will be posted on our website and will apply from when they are updated on the website. Anyone that we are in contact with will be informed if there are major changes.

 

What is personal data?

‘Personal data’ means any information that identifies a living person. This can include name, address, phone number or email address.

It also covers our use of any personal information you provide to us. This may be by phone, text message (SMS), email, social media, letter and other correspondence, and in person. It can include IP addresses and other technical identifying information.

 

What is sensitive personal data?

‘Sensitive personal data’ is data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.

 

Contents:

• People we collect information on
• Why we hold your data
• How we collect data
• Complying with the Data Protection Act
• Marketing communication preferences
• Note on email marketing
• Giving your data to other organisations
• Sensitive data
• Job applicants, current and former GMCVO employees
• Your data on our website
• E-newsletters
• Website hosting
• People who contact us through social media
• Accessing information held about you
• Changing your communication preferences
• Asking for your data to be deleted
• The remit of this policy
• How to contact us

 

People we collect information on

We need to collect and use your personal data if you contact us for any reason, including if you are a:

• Member of GMCVO.
• Member of our online community.
• Stakeholder and partner.
• Visitor to any of our websites.
• Someone who connects with us through social media platforms.
• Someone who accesses one of our funded projects
• Someone who trades with our trading companies
• Volunteer or prospective volunteer.
• Employee or prospective employee of GMCVO.
• Supplier or prospective supplier to GMCVO and its subsidiaries.
• Journalist, member of the media or someone who publishes or broadcasts to the public.
• MP, other parliamentarian or representative including councillors.
• Person within the voluntary community who works with us.
• Person from an organisation that wishes to work with us or ask us for support or information

 

Why we hold your data

We hold your details to:

• Communicate with you as a stakeholder, partner or user of our services.
• Respond to your enquiry or request for information.
• Provide you with the service or membership you have requested.
• Process sales or donations and verify financial transactions.
• Provide a personalised service to you when you visit our websites. This includes the use of cookies if you agree to their use. This could include customising the content and/or layout of our pages for individual users.
• Keep a record of any contact we have with you.
• Enable third parties, working for us, to carry out technical or logistical functions for us.
• To carry out research on the demographics, background and interest of our stakeholders, partners and users of our services. This is to get a better understanding of you and to improve our services.
• Tell you about the things you have told us you are interested in – if you have given us permission to inform you of relevant areas of interest.
• Help you with any problems you may be experiencing with a form or our website. We may also do this if you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form.
• Prevent or detect fraud.

 

How we collect data

We may collect and store information about you whenever you interact with us. For example, when you book a room through St Thomas Centre, register for an event, apply to become a member, subscribe to one of our mailings or submit an enquiry. Other examples include if you register for our services, apply for a job or volunteering opportunity, or otherwise give us any other personal information.

We may also receive information about you from third parties for a specific purpose. However, this will only happen if you have given them permission to share your information.

 

Complying with the Data Protection Act

Data Protection Act principles require us to process personal data fairly and lawfully. We will offer you choices about the way you are contacted. We will also be clear about how we will use your information. We will make sure that the reason for collecting information is lawful.

As required by law, we have informed the Information Commissioner’s Office (ICO) why we collect and process data.

We only hold data about you that is enough for our purpose and that of our funders, nothing more.

We work to make sure the data we hold is accurate and up to date. Accuracy is checked when data is recorded, for example through confirmation pages.

We only hold personal data as long as necessary. However, we may need to keep personal data on you even if you have requested no further contact. This is so that we can make sure we don’t contact you about an activity. For example, it means we won’t include you when we send promotional communications to people in a particular geographic area.

We have systems in place to safeguard your personal data. Access to written and electronic personal data is restricted and has a level of security depending on the sensitivity of the data. No sensitive data linked to a person’s name or address is transported off-site from our offices unless it is either securely locked, password protected or encrypted.

 

Marketing communication preferences

If you have given us permission to contact you about news and information, our work or ways to support us, we will make sure that you can opt out of receiving marketing communications. At the first reasonable opportunity, you will be offered the chance to opt out of hearing from us and any of its subsidiaries. You will be able to say ‘no’ to contact by mail, telephone, text or email.

If at a later date you complete another form, giving different contact preferences, we will use those you have given most recently.

Every time we contact you in the future we will give you the chance to update your communication preferences.

 

Note on email marketing

Emails and text messages are also covered by the Privacy and Electronic Communications Regulations. Every time your email address or mobile telephone number is recorded, you will be offered email / text updates. You will have to tick a box to agree to your details being used for marketing emails / texts.

Also, any marketing emails / texts sent by GMCVO will include the opportunity to unsubscribe from future emails / texts.

 

Giving your data to other organisations

We use third parties to handle some of our services on our behalf, as allowed under the Data Protection Act. These organisations are only allowed to use your personal information for the specific purpose they have been contracted for. For example, this could be to process and store the data we hold on you.

• Ambition for Ageing participants personal data may be disclosed to GMCVO and other Ambition for Ageing partners and that they will be required to complete and submit an anonymised Common Monitoring Framework monitoring form to enable ECORYS to monitor their activity within the Programme
• GM Health and Social Care Partnership and of VCSE participants will be shared by each member of the GM VCSE Devolution Reference Group with other members of the GM VCSE Devolution Reference Group.
• Greater Manchester Talent Match programme beneficiaries’ data will be shared with partner organisations.  It may include incidental details of Talent Coaches and others involved in the delivery of the programme. A list of our partner organisations can be found here: https://gmtalentmatch.org.uk/get-support-now
• Access to Growth. The information provided will be held by GMCVO and will be shared with Access the Foundation for Social Enterprise and KeyFund

We have also stated in our Information Commissioner’s Officer (ICO) registration that we will not transfer data outside the European Economic Area.

We always transfer your personal data securely – through a secure FTP (File Transfer Protocol) website, or as a password-protected file.

We will never swap or sell your data to another organisation for them to use for marketing purposes.

 

Sensitive data 

If you access certain projects we may record the following;

Talent Match:
Gender, ethnic group, religion, mental and physical health details, criminal convictions and sexuality.

We have legitimate interests for collecting sensitive data. It helps us to achieve one or more of our charitable aims. For example, we can demonstrate we are not discriminating against any section of society. None of this data will be used in a way that could harm you as an individual and will only be used for anonymised statistical reporting.

 

Use of media and consent

Media consent applies to

• Photographs
• Video footage
• Still images taken from video
• Sound recordings
• Quotes and case studies submitted (spoken or written, including web form submissions)
• It applies whether or not we took the material, commissioned it or it was submitted by a third party.

If you give consent to the use of media, we may use it as follows

• on our website or other websites
• on social media and video-hosting platforms (for example Twitter, Facebook, Instagram and YouTube)
• in our information materials, such as leaflets, presentations, posters or fundraising material
• for broadcast and radio interviews
• for written press articles

 

Expiry of consent

Material will only be used, printed or published for as long as consent has been given.

• Consent can be withdrawn at any time in which case every effort will be made to withdraw from use and they will not be used in the future.
• Consent will be normally for a minimum of ten years but may be renewed with you.
• After expiry of consent photographs, videos or audio recordings etc. will be;
  • Deleted from photographic libraries or other storage and not reused in publications etc.
  • Withdrawn from use from web use and other similar environments.
• We are unable to guarantee that we can withdraw from use images, videos or quotes that have been published prior to withdrawal of consent although all reasonable steps will be taken to do so.
• We will take all reasonable steps to make sure that content used for our web sites, publications and materials is not used by third parties without our permission. However, we cannot guarantee that third parties will always request our consent
• At some of our events other photographers not employed or associated with us may take and distribute photographs etc. These may be journalists, other event attendees or casual passers-by. The use of these images etc. are beyond our control.

 

Job applicants, current and former GMCVO employees

When people apply to work at GMCVO, we use the information they supply to us to process their application and to monitor recruitment statistics. When we want to disclose information to a third party, we will not do so without telling the person in advance unless the disclosure is required by law. For example, we may need to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Service.

Personal information about unsuccessful candidates will be held for 3 months after the recruitment exercise has finished. It will then be securely destroyed or deleted. We keep de-personalised statistical information about applicants to help inform our recruitment activities. However, no individuals can be identified from that data.

Once a person has taken up employment with us, we will compile a personnel file about their employment. The information in this file will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with us has ended, we will keep the file as required by our retention schedule and then securely destroy or delete it.

 

Your data on our website

If you use any of the email facilities or forms on any of our sites, we will capture your email address, your name and, where relevant, your postal address. This means we can respond to your request, enquiry or order. We will ask if you want to opt in to being contacted in the future by mail, telephone, email or text.

If you use any of the secure forms on our sites, your credit card information is only used to complete that transaction. All such forms are secure and cannot be accessed by anyone other than the members of staff involved in completing the transaction.

Information is automatically provided on your browsing behaviour through the use of cookies on our sites. This information does not enable us to identify you personally. However, it does allow us to track usage of our sites so that we can improve them.

We use standard third-party web analytics services (such as Google Analytics) to collect anonymous information about your computer, including your IP address, operating system and browser type. This includes for example the number of users viewing pages on the site, but it does not identify you individually. This means we can monitor and report on the effectiveness of the site and help us improve it. If visitors want to post a comment on our sites, we require visitors to enter a name and email address.

We may temporarily retain any data that you provide on the website, even if you do not complete your enquiry. Such contact details and data may be used to contact you to enquire if you require any assistance but for no other purpose.

 

E-newsletters

We use CiviCRM to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies. This includes clear gifs to help us monitor and improve our e-newsletter.

 

Website hosting

We use a third-party service to host our websites. These sites are hosted with:

Machine Networks – Europarc Innovation Centre, Innovation Way, Grimsby, North East Lincolnshire, DN37 9TT who have a datacentre in Manchester.

 

People who contact us through social media

If you send us a private or direct message through social media, the message will be stored in line with our data retention policy. It will not be shared with any other organisations.

 

Accessing information held about you

We will assist you if you want to see the information we hold about you. A request should be made in writing, by letter or by email, to [email protected]. In most cases, we will reply to a request within a month. We may need to extend this period for particularly complex requests.

Incorrect data can be changed, blocked or destroyed. You also have a right to prevent us processing your data for marketing or if it is likely to cause distress.

If you have already requested and received this information, there will need to be a reasonable period of time before you can request the information again.

 

Changing your communication preferences

You can change your communication preferences at any time. You can choose whether we contact you by mail, telephone, email or text message. You can also choose whether or not you receive information on certain activities of GMCVO. Just contact us – by phone on 0161 277 1000, in writing or by email to [email protected] or https://www.gmcvo.org.uk/contact

 

Asking for your data to be deleted

You can ask us to stop using your personal data at any time. However, we may keep the personal data of people who have requested no further contact. This is so that we can make sure we don’t include them in any future activity. We may also need to keep data about activities, events etc. to demonstrate outcomes to funders. However if requested we will anonymise the data held on our systems.

 

The remit of this policy

This privacy notice does not cover information gathered on other websites outside our control.

 

How to contact us

Requests for information about our privacy statement can be emailed to data protection team at:

[email protected]

or by writing to:

Data Protection Compliance Team
GMCVO
St Thomas Centre
Ardwick Green North
Manchester
M12 6FZ
United Kingdom

For a more detailed list of what information we collect and how it is used you can visit the Information Commissioner’s Office (ICO) website and view our registry entry. Our registration number is Z6753563