This policy sets out how Greenspace Information for Greater London CIC (‘GiGL’) complies with its data protection obligations as a Data Controller.
Should you wish to find out more about the information we hold about you, or about our privacy policy, please contact us:
Data controller
Greenspace Information for Greater London CIC
c/o London Wildlife Trust, Dean Bradley House, 52 Horseferry Road, SW1P 2AF
Email: gdpr@gigl.org.uk
1. Who we are
GiGL is London’s local environmental records centre. GiGL mobilises, curates and shares access to data that underpin our knowledge of London’s natural environment, in order to enable our stakeholders to make informed decisions in policy and practice. We aim to raise awareness of the benefits the natural environment provides to the capital and to ensure the protection and enhancement of London’s natural environment are at the heart of the services GiGL provide.
Any references to Greenspace Information for Greater London CIC, GiGL, or to ‘we’ or ‘us’ refer to:
Greenspace Information for Greater London CIC. We are a community interest company limited by guarantee registered in England and Wales, number 8345552.
Registered Office: 10 Queen Street Place, London EC4R 1BEA
2. Our commitment to your privacy
We are committed to keeping the personal details of all the people who interact with GiGL safe. This policy explains how and why we use your personal data, to ensure that you remain informed and in control of your information.
We use three key definitions to describe people mentioned in this policy. These are definitions used by the Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights (www.ico.org.uk)
- ‘Data subject’: this is you. As the data subject, we respect your right to control your data.
- ‘Data controller’: this is us, Greenspace Information for Greater London CIC. With your permission, we determine why and how your personal data is used (as outlined in this policy).
- ‘Data processor’: this person, or organisation, processes your data on our behalf, with your permission.
When we work with other organisations or individuals in this way, we always set up a written contract with them to protect your data. The third parties we work with at no point ‘own’ your data, so you will never hear from them independently and they will always delete your data from their systems when they have completed the task in hand. We always send your data to partner organisations securely, to minimise the risk of it being intercepted by unknown individuals and/or organisations.
We will never sell your personal data.
3. Why we collect your personal data
GiGL can only continue to make a difference for London’s natural environment with the active support of our volunteers, supporters, and partners. In order to support our aims and objectives in the most effective manner and to ensure that we communicate with you in the way that you prefer, we may collect and hold personal information about you.
We will only ever collect, store and use your personal data when we have an identified purpose and reason to do so. The ICO refers to this as a ‘lawful basis’. Further information about why we collect your personal data is outlined below.
a) To deliver GiGL services to you
We collect personal data:
- where it is necessary for a contract GiGL has with you
- to send you data outputs and services
- to send you information about events you have booked onto
The lawful basis for processing your data for these purposes is ‘contractual’.
b) To maintain the integrity of biological records
We collect personal data:
- to contact you to validate and/or verify data you have submitted, to request greater access, or further information
- as an integral part of a valid biological record ( a ‘recorder name’ in a biological record is the name of the person who saw the species, if different, the ‘determiner name’ is the person who made or confirmed the species identification)
- to acknowledge/attribute you as the creator of the record
The lawful basis for processing your data for these purposes is ‘legitimate interest’. GiGL mobilises, curates and shares access to data according to our stated aims and objectives.
We do not provide recorder names to the general public or ecological consultants but may include them in data exchanges with GiGL Partners. Biological records with your name on them will only be passed to GiGL Partners and others who have signed our Data Use Licence. All data are shared according to our Accessing Data Policy, which also sets out how we deal with sensitive species records.
c) To send you information about our work and ask for your opinion
We also collect your personal data so that we can send you information about our work that we feel will be of interest to you. From time to time, we may also use your personal data to ask for your opinion about our work.
The lawful basis for processing your data for these purposes is ‘legitimate interest’ for feedback, this is where we have identified a genuine and legitimate reason for contacting you, which crucially does not override your rights or interests.
We require ‘opt-in consent’ to send you newsletters or mailings about events and activities.
We respect your right to update the way we get in touch with you about our work at any time.
d) To enable you to volunteer with us
If you are a GiGL volunteer, we collect your personal data so that we can keep in touch with you about, for example:
- changes to planned volunteer work programmes, training, or meetings that you may be taking part in
- the positive impact you have on our work, by sending you our volunteer communications
- dedicated volunteer thank-you events
The lawful basis for processing your data for these purposes is ‘contractual’ (where administering your volunteer record) and ‘legitimate interest’ (when sending you information about our work).
4. The information we collect about you
a) Basic information
When you email us, use an online form, submit content (such as a photo) or data, enter a user profile, or access restricted pages:
- we will record your name, email address, telephone number, postal address, organisation, area of interest and other such personal information as provided
- we will only use your details for the purpose for which you provided it or directly related purposes as stated on the pages or forms where you submit it
- your details will not be added to a mailing list without your consent
- we will not use your details for any other purpose
- unless otherwise required to by law, we will not disclose any information you submit without your express permission
We also collect information about you that helps us to get to know you better. This may include:
- your preferences of how you would like us to contact you
- ways you’ve helped us through volunteering your time
- records of events you’ve attended, or activities that you’ve been involved in
Sometimes we will collect other information about you such as your date of birth and gender. When we do so, we will be very clear as to why we are collecting such information, and we will only do so with your specific consent and permission.
Most of the time, we collect this data from you directly. Sometimes this is in person; other times, it is over the telephone, in writing or through an email.
Other ways in which we collect personal data to get to know you better include:
i) Our website
Our website uses ‘cookies’ to help provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone when you browse websites. We use Google Analytics software to collect information about how you use our website. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.
For more information on our Cookies Policy, please click here.
b) Biological records and photos
Along with basic information collected at the point of data submission, a recorder name and a determiner name may be stored with a biological record. If you are submitting records on behalf of somebody else, please only submit the record if they are comfortable with their name forming part of the record.
We will attach a name to submitted photos so that if they are used we can credit you.
c) Sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about people we interact with. However, there are some situations where this will occur.
When we do so, we will be very clear as to why we are collecting such information, and we will only do so with your specific consent and permission. In these situations, we collect the data from you directly.
If you are a volunteer then we may collect extra information about you, for example:
- references
- criminal records checks
- details of emergency contacts
- medical conditions
d) Children and young people
In line with data protection law, we will not collect, store or process your personal details if you are under 13 years of age; unless we have the express permission from your parent or guardian to do so.
For further information, please see our Safeguarding Vulnerable People policy.
5. How do we store your data?
a) Security
All of the personal data we process is processed in the UK by our staff. However, for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). This will be done in accordance with guidance issued by the Information Commissioner’s Office.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
b) Payment security
Any electronic GiGL forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers. GiGL complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
c) Data retention policy
We will only use and store information for as long as it is required for the purposes it was collected for. We continually review what information we hold, and delete what is no longer required.
For further information, please see our Data Retention Policy.
6. Your rights
We respect your right to control your data. Your rights include:
a) The right to be informed
This privacy notice outlines how we capture, store and use your data. If you have any questions about any elements of this policy, please contact us.
b) The right of access
If you wish to obtain a record of the personal data we hold about you, through a Subject Access Request, we will respond within one month.
c) The right to rectification
If we have captured information about you that is inaccurate or incomplete, we will update it.
d) The right to erase
You can ask us to remove or anonymise your personal details from our records.
e) The right to restrict processing
You can ask us to stop using your personal data.
f) The right to data portability
You can ask to obtain your personal data from us for your own purposes.
g) The right to object
You can ask to be excluded from marketing activity.
h) Rights in relation to automated decision making and profiling
We respect your right not to be subject to a decision that is based on automated processing.
For more information on your individual rights, please see the Information Commissioner’s Office www.ico.org.uk.
7. Making a complaint
GiGL want to exceed your expectations in everything we do. However, we know that there may be times when we do not meet our own high standards. When this happens, we want to hear about it, in order to deal with the situation as quickly as possible and put measures in place to stop it happening again.
We take complaints very seriously and we treat them as an opportunity to develop our approach. This is why we are always very grateful to hear from people who are willing to take the time to help us improve.
Our policy is:
- To provide a fair complaints procedure that is clear and easy to use for anyone wishing to make a complaint.
- To publicise the existence of our complaints procedure so that people know how to contact us to make a complaint.
- To make sure everyone in our organisation knows what to do if a complaint is received.
- To make sure all complaints are investigated fairly and in a timely way.
- To make sure that complaints are, wherever possible, resolved and that relationships are repaired.
- To learn from complaints and feedback to help us to improve what we do.
Confidentiality
All complaint information will be handled sensitively, in line with relevant data protection requirements.
For further information on how to make a complaint, please see click here.
Information Commissioner’s Office
For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk
8. Leaving our website
We are not responsible for the privacy practices or the content of any other websites linked to our website. If you have followed a link from this website to another website you may be supplying information to a third party.
We update this policy periodically.
Last updated: May 2018