Privacy Policy

This policy relates to thinksocialtech.org (“Our Site”) which is owned by Nissa Ramsay, of Think Social Tech (“We/Us”). Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this Privacy Policy is deemed to occur upon your first use of Our Site AND/OR when you are asked to provide express consent to participate in research by reading and accepting this Privacy Policy by email or online form. Your acceptance of the Cookies part of this Privacy Policy will occur when you tick the consent box on Our Site.

1. What Does This Policy Cover?

This Privacy Policy provides information about the different types of personal information that we collect, the different ways we collect and the ways in which we use it, although please note that not all of this will be applicable to you. We primarily collect and use personal data in person or through Our Site. Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

2. What Is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

3. What Are My Rights?

Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:

  1. The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions. The ICO has more guidance on their website [here]
  2. The right to access the personal data we hold about you. Part 9 will tell you how to do this. The ICO has more guidance on their website [here].
  3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us to find out more. The ICO has more guidance on their website [here].
  4. The right to erasure and to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us to find out more. The ICO has more guidance on their website [here].
  5. The right to restrict (i.e. prevent) the processing of your personal data. Please contact usto find out more. The ICO has more guidance on their website [here].
  6. The right to object to us using your personal data for a particular purpose or purposes. Please contact us to find out more. The ICO has more guidance on their website [here].
  7. The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time. Please contact us to find out more.
  8. The right to transfer data. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data for you to re-use with another service or business in many cases. Please contact us to find out more.
  9. Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves however, so please contact us first, using the details in Part 12.

4. What Data Do You Collect and How?

Depending upon whether we interact with you in person or whether you use of Our Site, we may collect and hold some or all of the personal and non-personal data set out in the table below, using the methods also set out in the table. Please also see Part 10 for more information about our use of Cookies and similar technologies. We do not collect any ‘special category’ or ‘sensitive’ personal data or personal data relating to children.

Data Collected How We Collect the Data Lawful Basis
Identity Information
including first name, last name, title, gender
Via Site including via any installed plugins, over the telephone or via email or in person, social media interaction and other general marketing. Sometimes data may be collected automatically through these mediums or via an Informed Consent form. Consent
Legal Obligation
Legitimate Interest
Contact information
including address, email address, telephone numbers
Via Our Site including via any installed plugins, over the telephone or via email or in person, social media interaction and other general marketing Sometimes data may be collected automatically through these mediums or via an Informed Consent form. Consent
Contract
Legal Obligation
Legitimate Interest
Technical information
including IP address, browser type, device type, and version, country, operating system
Via Our Site and servers. Sometimes data may be collected automatically through these mediums. Legal Obligation
Legitimate Interest
Data from outside of Our Site Research interviews or surveys we may conduct in person, offline or otherwise not through Our Site. Sometimes data may be collected automatically through these mediums. Contract
Legitimate Interest
Other personal data or personal information derived from research interviews Completion of Informed Consent form sent to you Consent
Contract

5. How Do You Use My Personal Data?

Under the Data Protection Legislation, we must always have a lawful basis for using personal data which comprises consent, contract, legal obligation and legitimate interests. More details on each lawful basis and examples of how we use your personal data under each basis are as follows:

Consent

Where you have expressly provided your consent to receive communications from us such as results of our research interviews, surveys or newsletters and emails or other marketing information. Consenting to the use of Cookies on Our Site is used to make your experience on Our site more seamless.

Contract

Your personal data is necessary for us to manage our contractual relationship with you and our clients, to keep in touch about projects you may engage us for, research interviews and surveys you have agreed to take part in and keeping you updated with any changes in our terms and policies as well as offering you additional products, services and benefits as a valued customer of ours.

Legitimate Interest

Where you have provided your email address or other personal data to us, either online or offline, we may add you to our database for emails to contact you about news on our services and opportunities. We may also use the personal data collected under this lawful basis to help us analyse and administer, improve and update Our Site for better experience, better service we offer.

Legal Obligation

Certain personal data you provide us is necessary for us to fulfil our legal obligations as a business for example, verifying your age and appropriate use of Our Site, preventing fraud and security breaches. You will not be sent any unlawful marketing or spam. Please note that we do not control the activities of such third parties, nor the data that they collect and use themselves, and we advise you to check the privacy policies of any such third parties.

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that there is another suitable reason to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us. If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

6. How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Even if we delete your personal data, it may still exist on backup or archival media for legal, tax or regulatory purposes.

7. How and Where Do You Store or Transfer My Personal Data?

We will store or transfer some of your personal data within the United Kingdom and the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.

We may store or transfer some or all of your personal data in countries that are not part of the United Kingdom or the EEA. These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation as follows: We may use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries such as the United States of America. These contracts require the same levels of personal data protection that would apply under the Data Protection Legislation. More information is available from the European Commission.Please contact us for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country.

The security of your personal data is essential to us and to protect your data, we take a number of important technical and organisational measures, including the following:

  • Limiting access to your personal data to those employees, sub-contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality and aware of any obligations relating to the use of your personal data by them; and
  • Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.

8. Do You Share My Personal Data?

We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions. If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. We may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority. We may also need to share your personal data to relevant authorities for example to facilitate the detection of crime or collection of taxes or duties.

Examples of who we may share your personal data will include:

  • Mailchimp, based in the USA, for the purposes of email marketing we may undertake;
  • Google Drive, based in the [UK], for the purposes of data storage;
  • Our clients, based in the UK, for the purposes of sharing results from research interviews, surveys and to complete services we have been engaged for;
  • Our sub-contractors, based in the UK, for the purposes of completing projects for our clients in the not for profit sector; and
  • Research bodies, based in the UK, for the purposes of anonymised aggregate data submission or publication.

Any data shared outside of the UK or EEA will be treated in accordance with Part 7 above.

9. How Can I Control My Personal Data?

In addition to your rights under the Data Protection Legislation, set out in Part 3, when you submit personal data via Our Site, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your detail).

Each consent you provide to us for using your personal data from research interviews or surveys is separate from any other and you have the option to request us to stop using your data for this purpose at any point by contacting us.

10. Can I Withhold My Information?

You may access most areas of Our Site without providing any personal data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

“Cookies” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Site are set out in Part 14 below; and “Cookies Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.

Our Site may place and access certain first-party Cookies on your computer or device. First-party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of Our Site and to provide and improve our services.

By using Our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on Our Site for analytics and SEO such as Google Analytics and Google Tag Manager. These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.

All Cookies used by and on Our Site are used in accordance with current Cookie Law.

If Cookies are placed on your computer or device, you will be shown a pop up screen requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended. Certain features of Our Site depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these Cookies, but it is still important that you are aware of them.

In addition to the controls that we provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all.

You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently.

11. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 12. There is not normally any charge for a subject access request except in exceptional circumstances. We will respond to your subject access request within 14 calendar days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

12. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Data Protection Officer & Representative: Nissa Ramsay: Email address: nissa@thinksocialtech.org . Postal Address: 56 City Walk Apartments, 31 Perry Vale, London SE23 2AR

13. General

You may not transfer any of your rights under this Privacy Policy to any other person. We may transfer our rights under this Privacy Policy where we reasonably believe your rights will not be affected. This Privacy Policy will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

14. Changes to this Privacy Policy

We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be immediately posted on Our Site or emailed to you and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date. This Privacy Policy was last updated on 18th July 2019.

Contact

Get in touch about this privacy policy, to discuss current projects and potential consultancy or follow Think Social Tech on: