My Rights provides and is responsible for the My Rights website. When you use our website and provide information to us, My Rights is the data controller of your personal information and we are registered with the Information Commissioner’s Office with registration number ZA306307. My Rights is a not-for-profit company limited by guarantee (company registration number: 10969084). We welcome you to get in touch with us to discuss your information at any time.
The EU General Data Protection Regulation (GDPR)
The EU’s General Data Protection Regulation (GDPR) replaced the EU member state implementations of the 1995 Data Protection Directive (DPD) on 25 May 2018. The UK Data Protection Act (DPA) 1998 was also replaced by the Data Protection Act 2018 when this received Royal Assent on 23 May 2018. My Rights aims to be compliant with the GDPR and DPA 2018 at all times in managing your personal data.
SECURITY OF YOUR Personal DATA
We take the security of your personal data very seriously. We use appropriate procedures and technical security measures (including encryption and archiving techniques) to safeguard your data across our computer systems, networks and website.
HOW LONG WE KEEP YOUR Personal data
To make sure we meet our legal data protection and privacy obligations, we only hold on to your personal information for as long as we need it for the purposes for which we collected it (see ‘How we use your personal data’ below). We regularly review the length of time we keep personal data; securely delete information that is no longer needed; and update, archive or securely delete information when it goes out of date.
MANAGING YOUR Personal Data
“Personal data” is defined in Article 4(1) of the GDPR as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
We need to keep the information we gather about you accurate and up-to-date. Please let us know if you think any of the information we hold on you may be inaccurate. You have the following rights in respect of the personal information we hold about you:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us via the ‘CONTACT’ button in the main menu above and we will comply with your request where your rights have been exercised in accordance with applicable laws.
- You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us via the ‘CONTACT’ button in the main menu above and we will comply with your request where your rights have been exercised in accordance with applicable laws.
- You have the right to opt-out of updates or marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.If you have any worries or complaints about the way we use your information, please do not hesitate to get in touch with us by contacting us via the ‘CONTACT’ button in the main menu above or emailing us at firstname.lastname@example.org. We will do our best to put things right in a timely way. And if, for whatever reason, you feel we’re not meeting the high standards we expect of ourselves, you are within your rights to tell the UK Information Commissioner’s Office (ICO).
Information we collect and how we collect it
We process personal information to enable us to deliver and promote our services, to maintain our accounts and records and to support and manage our staff. To do this we collect:
- Information you provide to us. For example, via our website when you make a referral or provide us with feedback about our services or when you agree to participate in research we are undertaking;
- Information from your social media account but only where it is relevant and you have given us permission to use it. For example, posts, pictures and video footage you share about us on sites such as Facebook and Twitter.
- Unique technical information that identifies the devices you use to access our website. This is to help us understand how people find out about us and access our services.
How we use your Personal Data
We use the information we collect for the following purposes:
- To provide data about who is using our services and measuring the effectiveness of our services. For example, we may want to understand how many children aged 10-16 have used our services in a calendar year, what help they were seeking, and if, in their view, we helped them. This sort of information never includes us disclosing names, addresses or contact details to anyone outside our organisation.
- For specific research purposes. Where we are seeking information for the purposes of targeted research, we will make it clear to you what the research project is, any partners we are working with on the project, the purposes of the information we are seeking, how it will be stored and used by us and any of our partners and will only use information given to us with your consent.
- To send you email marketing about our training dates and training packages if you have said you would be interested in receiving marketing about our training.
- To send you our newsletters. This is by subscription only. If you have requested updates from us, we may contact you to ask if you want to take part in market research or share your experience of our service with us for promotional or other purposes (which are always voluntary).
- To tell your story and/or promote our work where you have consented to this. We would never disclose your full name, address or contact details to the public.
- To contact you about any submission or content you provide. This includes where you have told us about your story or have shared it on social media or you have set up an online fundraising page and agreed we may contact you.
- To personalise our communications with you. This includes reviewing the information we hold about you in order to understand your preferences and to create a profile about you so that we can contact you with communications which are relevant to you or support your needs in a more bespoke way. For example, if you have told us that you live in a particular area then we may use that information to ensure that we only send you information about activities in the area in which you live. This allows us to serve you better and with greater personalisation.
- To remember your preferences when you use our websites.
- To reply to any questions, suggestions, issues or complaints you have contacted us about.
- To maintain our websites and to identify and fix any issues with our websites.
- To allow us to better understand who is using our services or wants to access them.
- To gather statistics about our work, our website and what you think of our communications, training, events or activities, to see if what we do is interesting to people and meets their needs.
Who we share your PErsonal Data with
We will never sell your personal information. We also never share your personal information with other parties for their own marketing purposes.
Your information may be disclosed to:
- our professional advisors including our lawyers and technology consultants when they need it to give us their professional advice.
- The Police, local authorities, Her Majesty’s Revenue and Customs (HMRC), the courts and any other government authority if they ask us to do so (but only if us doing so is lawful). We may also share the information we collect where we are legally obliged to do so, e.g. to comply with a court order.
- Social media – Any social media posts or comments you send to us will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) and could be made public. Other people control these platforms – we do not control them and we are not responsible for this sharing. So before you make any posts or comments, please check the social media platform’s terms and privacy policies so you understand how they will use your information, what information they will place in the public domain, and how you can stop them from doing so if you are unhappy about it.
INTERNATIONAL TRANSFER OF YOUR INFORMATION
Sometimes the information we collect may be transferred to suppliers who may store and use such data at premises in other countries. This means that when we collect your personal information, we may share it with our suppliers and partners who may process your personal information in countries outside the UK. Where we allow a supplier to process your personal information outside of the United Kingdom, we will ensure that we create and maintain appropriate safeguards with our suppliers so that your personal information is subject to the same standards and protections as apply to us when we are processing your personal information in the UK, namely by ensuring that suppliers and partners are certified as providing an adequate level of protection over your personal data under the Privacy Shield Framework.
LEGAL BASIS FOR PROCESSING
The legal basis on which we collect and process the personal data described above depends on the personal information concerned and the specific context in which we collect it.
We will only use your personal data where we:
- Have your consent to do so (or where a person cannot consent, do so on a best interests basis in accordance with the law);
- Need the personal information to deliver a service to you or perform a contract with you;
- Need to process your personal information for our legitimate interests and only where our legitimate interests are not overridden by your data protection interests or fundamental rights and freedoms.
- Have a legal obligation to collect personal information from you, or need the personal information to protect your vital interests or those of another person.If we ask you to provide personal information to comply with a legal requirement or to deliver a service or to perform a contract with you, we will make this clear at the relevant time, and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your personal information).Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are and are set out in the ‘HOW WE USE YOUR INFORMATION’ section above.If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the ‘CONTACT’ button in the main menu above or email email@example.com.
We will need to update this policy from time to time. Whenever we make material changes, we will endeavour to tell you in advance via our news or updates. If you continue to share information with us or use our websites after we’ve changed our policy, we’ll take it that you accept the changes.