Braziers Park, School of Integrative Social Research (BPSISR) is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.
Since 1 May 2018, BPSISR has been asking its supporters to “opt-in” for marketing communications. This is due to a change to the rules which govern how we can communicate with you and a new regulation on personal data (the EU General Data Protection Regulation 2018) which came into force in May, 2018. Therefore we introduced a new approach that relies on you giving us your consent about how we can contact you. This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them (by email, or not).
You can decide not to receive communications or change how we contact you at any time. You can unsubscribe through any email we send you by clicking ‘unsubscribe’ at the bottom. Or, if you prefer, please contact our admin team by emailing firstname.lastname@example.org, with an appropriate heading (I.e. “Remove from Marketing” or “Subscribe to Marketing” etc.), or by writing to Braziers Park, Ipsden, South Oxfordshire, OX10 6AN, or alternatively by telephoning 01491 680221 and leaving a message including your email address, name, and your request so that we can process it effectively.
We will never sell your personal data, and will only ever share it with organisations we work with (data processors [i.e. MailChimp]) where necessary and if your data privacy and security are guaranteed.
Any questions you have in relation to this policy or how we use your personal data should be sent to email@example.com or addressed to Data Protection, Braziers Park, Ipsden, South Oxfordshire, OX10 6AN.
2. ABOUT US
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by the Braziers Park, School of Integrative Social Research (Specially Authorised Friendly Society, registered with the FCA, and Charity Commission Registered as Friends of Braziers; No. 1042429).
Both BPSISR and Friends of Braziers are based at Braziers Park, Ipsden, South Oxfordshire, OX10 6AN. For the purposes of data protection law, BPSISR are the data controller.
We collect information from members of the public who express an interest in our education programme, community life, and external bookings that we host in order to promote events that may be of interest to our membership & non-affiliated members of the public. At times, we use other Data Processors such as JotForm, Facebook, QuickBooks, EventBrite, Evensi, and MailChimp – all of whom are also bound by the EU General Data Protection Regulations. Although we will never transport your data outside of the EU, we may at times use data processors who do transfer data outside of the EEA, but only where deemed safe to do so. We will never share or transfer sensitive data (medical history, sexual orientation, political affiliations, etc.).
3. WHAT INFORMATION WE COLLECT
Personal data you provide
We collect data you provide to us in order to update you with regards to our services. This includes information you give when joining or registering, registering for a course, booking an event with us, or communicating with us. For example:
- personal details (name, date of birth, email, address, telephone etc.) when you join as a associate/active-associate/member, supporter, volunteer or interested member of the public.
Information created by your involvement with BPSISR
Your activities and involvement with BPSISR will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our events and activities.
If you decide to donate to us then we will keep records of when and how much you give to a particular cause, using our Data Processor – QuickBooks.
Information we generate
We will not analyse or interpret your information for the purposes or marketing or sharing of data.
However, we will utilise Data Processor (MailChimp) generated information about engagement to remove disengaged parties (i.e. you used to be interested, but have ceased engaging the past two years; we would use this information to remove you from our marketing outreach).
Information from third parties
We do not collect information from third parties about you in any way.
Sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about supporters and members. However there are some situations where this will occur (e.g. if you volunteer with us or join us as a resident). If this does occur, we’ll take extra care to ensure your privacy rights are protected.
Accidents or incidents
If an accident or incident occurs on our property, at one of our events or involving one of our staff (including volunteers) then we’ll keep a record of this (which may include personal data and sensitive personal data).
Volunteers & Residents
If you are a volunteer or resident with us then we may collect extra information about you (e.g. references, details of emergency contacts, medical conditions etc.). This information will be retained for legal reasons, to protect us both (including in the event of an insurance or legal claim, or injury) and for safeguarding purposes.
3. HOW WE USE INFORMATION
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- protect your vital interests;
- for our own (or a third party’s) lawful interests (e.g. communicating our events with you as an interested party), provided your rights don’t override the these.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes).
We use personal data to communicate with people, to promote BPSISR. This includes keeping you up to date with our news, updates, campaigns and fundraising information. For further information on this please see Section 5 (Marketing).
We use personal data for administrative purposes (i.e. to carry on our charity and promoting the ideology of this organisation). This includes:
- receiving donations (e.g. direct debits or gift-aid instructions);
- maintaining databases of our volunteers, members and supporters;
- performing our obligations under membership contracts;
- fulfilling orders for goods or services (whether placed online, via email, or over the phone or in person);
- helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).
External research and analysis
We do not carry out research and analysis on our supporters, donors or volunteers, but we do use MailChimp and Facebook to determine the success of our marketing campaigns, and to better understand behaviour and responses and identify patterns and trends. This helps inform our approach towards campaigning and make BPSISR a stronger and more effective organisation. Understanding our supporters, their interests and what they care about also helps us provide a better experience (e.g. through more relevant communications).
4. DISCLOSING AND SHARING DATA
We will never sell your personal data. If you have opted-in to marketing, we may contact you with information about our collaborators, or affiliated ecovillages or course organisers, but these communications will always come from BPSISR and are usually incorporated into our own marketing materials (e.g. events promotion or newsletters).
We will never share your data outside of the organisation without first consulting you and informing you as to why we need to do so. When we are utilising third-party data processors (e.g. Mailchimp / Facebook etc.) you will be informed and reserve the right for us not to include you in these liaisons.
From May 2018, BPSISR will ask its supporters to “opt-in” for most communications. This includes all our marketing communications (the term marketing is broadly defined and, for instance, covers information about our outreach, events and BPSISR).
This means you’ll have the choice as to whether you want to receive these messages and be able to select how you want to receive them or not (we only use email, at present).
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact the admin team by emailing firstname.lastname@example.org or by writing to BPSISR, Ipsden, South Oxfordshire, OX10 6AN or telephoning 01491 680221 and leaving a message or speaking to the office.
What does ‘marketing’ mean?
Marketing does not just mean offering things for sale, but also includes news and information about:
- our Specially Authorised Friendly Society, campaigns and educational work;
- our role in educating the public about conservation of the natural environment, social processes, and community life;
- BPSISR benefits and offers;
- volunteering opportunities and how you can help us deliver our charitable aims as an educational community;
- appeals and fundraising (including donations and also competitions, raffles etc.);
- our events, courses, activities and local groups.
When you receive a communication, we may collect information about you respond to or interact with that communication, and this may affect how we communicate with you in future.
Newsletters and Outreach
Membership newsletters are provided as a benefit to our members. We send these out to all our members (unless you specifically ask us not to) and you can choose to unsubscribe from general marketing communications without giving up your subscription to our Membership Newsletters. However, please be aware that member newsletters do include advertisements, course & event promotion, competitions and fundraising information.
As a Specially Authorised Friendly Society & Charity, we rely partially on donations and support from others to continue our educational work. From time to time, we will contact members and supporters with fundraising material and communications.
As with other marketing communications, we’ll only contact you specifically about fundraising if you’ve opted in to receiving marketing from us (and you can, of course, unsubscribe at any time).
6. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff who handle data receive data protection training and we have data protection procedures which personnel are required to follow when handling personal data.
We will not ask for any financial information from you at any point in time.
When requesting payments from you, we will provide you with our financial information to enable you to use safe means of paying us for any services we offer. Our preference is to receive payments by BACS transfer, bank to bank. Otherwise, we will accept cash or cheque payments which will not involve the storing of this information.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
CCTV & Photography
We do not use CCTV.
If we are taking photos at a public event we host, we do not need to request consent but we are happy to remove any undesirable photos that may cause offence. We may then store these photos in our secure server, and use them in promotional materials. We will not identify individuals through these media, however.
Where we store information
BPSISR is based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do this if your data is adequately protected.
For example, some of our systems use Google products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Google is certified under the USA’s Privacy Shield scheme, likewise they are bound by the EU GDPR as European-operating data processors).
How long we store information
We will only use and store information for as long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your email for marketing purposes (though we’ll keep a record of your preference not to be contacted regarding marketing).
We continually review what information we hold and delete what is no longer required. We never store payment information.
8. KEEPING YOU IN CONTROL
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to our admin team at email@example.com and quote ‘General Data Protection Regulation’ in the subject line. You can also phone 01491 680221 or write to Braziers Park, Ipsden, OX10 6AN.
You can complain to BPSISR directly by contacting our admin team using the details set out above. If you wish to make a complaint (including a complaint about fundraising activity) which does not directly relate to your data protection and privacy rights, you can do so in accordance with our contact information, found throughout this document.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk.
9. COOKIES AND LINKS TO OTHER SITES
Links to other sites
Our website contains hyperlinks to many other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the ‘Contact us’ link at the top of the page, or by emailing firstname.lastname@example.org).
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with BPSISR.