GSEN Data Privacy Notice

Glasgow Social Enterprise Network Data Privacy Notice

Glasgow Social Enterprise Network (GSEN) is providing this information so you know what data we hold for you and why, and how we keep your data protected in compliance with the General Data Protection Regulation (GDPR).

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by [the General Data Protection Regulation 2016/679 (the “GDPR”)

Who are we?

GSEN is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes. We will usually collect basic personal data about you like your name, organisation information, postal address, telephone number and email address.

Why are we collecting this information?

We collect your personal data in connection with specific activities, such as applications to become a member of GSEN, newsletter/ebulletin requests, campaign/policy updates, event registration, surveys and to allow us to evaluate our services.

The information is either needed to fulfil your request or to enable us to provide you with a more personalised service. You don't have to disclose any of this information, however, if you choose not to supply certain information, we may not be able to provide you with certain services (for example if, when becoming a member, you do not give an email address, we will not be able to send you our ebulletin or newsletter)

Sometimes we will process your personal data to provide you with information about our work or our activities that you have requested or are expecting. On other occasions, we may process personal data when we need to do this to fulfil a contract (for example employment contracts with our employees) or where we are required to do this by law or other regulations.

GSEN also processes your data when it is in our legitimate interests to do this and when these interests do not override your rights. Those legitimate interests include providing our membership with information about our services and other relevant activities.

How are we collecting this information?

We may collect your personal data in a number of ways and from a variety or stakeholders including members, other supporters and interested parties. We may also receive information about you from third parties, for example, another member or other third party organisation who refers you to GSEN.

With your consent, data you provided to become a GSEN Member is transferred from our website online content management system to outlook mailing lists and external mailing software. On an annual basis we will also ask you to renew your membership which will include updating your contact and organisational details.

The host of our online content management system provides a back up system for a period of three months, which means that if your details are amended or deleted on our system it may remain in its original form for this period after any changes are actioned.

With your consent, data you provided to sign up to our enewsletter is transferred from our website to external mailing software. Every two years we will ask you to renew your interest in the enewsletter.

Your details may be transferred to third party providers and held there e.g. events, surveys and for enewsletter purposes. We only use third party systems to store and process your data for which we have completed an assessment exercise to ensure your data is secure.

What information are we collecting?

We collect your contact details, organisational information, information on your interests that relate to events and services offered by GSEN, and information related to your charitable donations to GSEN.

How do we process your personal data?

GSEN complies with its obligations under [the GDPR] by keeping personal data up to date;

  • by storing and destroying it securely; by not collecting or retaining excessive amounts of data;
  • by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes: -
    • To enable us to provide membership services;
    • To administer membership records;
    • To fundraise and promote the interests of GSEN;
    • To maintain our own accounts and records.
    • To operate the GSEN web site and deliver the services that individuals have requested.
    • To inform individuals of news, events, activities or services running at GSEN.
    • To facilitate the establishment of networking groups
    • To facilitate the establishment of connectivity between members and external parties
    • To process gift aid applications.
    • To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered.

What is the legal basis for processing your personal data?

Depending on the activity your data is used for, we will rely on one of the following conditions for processing: a legitimate interest; a legal obligation; or your consent to process your data, as explained below.

"GDPR Article 6(1)(a) – Consent of the data subject"
We will only email you about our events, services and opportunities which are relevant to GSEN and our activity, or call registered numbers, if we have your express consent to do so. We may send you post, unless you have asked us not to.

"GDPR Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract "
We will process your information to fulfil any contract obligations.

"GDPR Article6 (1)(c) – Processing is necessary for compliance with a legal obligation"
If you make or have made a charitable donation to GSEN, we will process your name, address, and donation information under 6(1)(c) of the GDPR for the purpose of administering your donation.

"GDPR Article 6(1)(f) – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject."
We will hold data relating to any activity you participated in as a GSEN member or stakeholder, including your name, activity details, and dates of attendance under 6(1)(f) of the GDPR for the purpose of monitoring our activity and to provide you with the information e.g. attendance and participation in GSEN.

When we use your personal information, we will always consider if it is fair and balanced to do so, and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair.

Sharing your personal data

Your personal data will be treated as strictly confidential, and will be shared with your consent, in relation to GSEN activity, only with:

  • all GSEN Members
  • GSEN funding requirements ie Milo
  • Recognised GSEN partners and stakeholders
  • External services used by GSEN such as mail chimp, survey monkey, Eventbrite, IT and software providers

We will not disclose your data without your consent to third parties, except where they are acting as authorised agents for GSEN for the above purposes or where we are permitted or required to do so by GDPR.

How long do we keep your personal data?

Membership

We keep your personal data for no longer than reasonably necessary for a period of the applicable membership, which is renewed annually, in order to provide membership services. Membership and data will be renewed on an annual basis.

Enewsletter

For those who sign up to our newsletter, email addresses are retained for a period of two years. The enewsletter database will be renewed every two years.

Your rights and your personal data

Unless subject to an exemption [under the GDPR], you have the following rights with respect to your personal data: -

  • The right to request a copy of your personal data which GSEN holds about you;
  • The right to request that GSEN corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for GSEN to retain such data;
  • The right to withdraw your consent to the processing at any time.
  • The right to request that GSEN provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable)
  • The right to lodge a complaint with the Information Commissioners Office
  • The right if your personal data is to be transferred to countries or territories outside the EU for detail of how the data will be protected.

Will my data be used for automated decision making?

No.

Further processing

If you would like to know more about your rights under the data protection law see the Information Commissioners Office website. Remember, you can change the way you hear from us or withdraw your permission for us to process your personal data at any time.

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Where and whenever necessary, we will seek your prior consent to the new processing.

If an individual contacts the company to:

  • Ask what information the company holds about them and why
  • Ask how to gain access to it
  • Be informed how to keep it up to date
  • Be informed how the company is meeting its data protection obligation

this is called a subject access request.

GSEN will aim to respond as soon as possible and at the latest within one month of receipt. If the request is complex or numerous we may look to extend the period of compliance by a further two months. If this is the case, we will inform the individual within one month of the receipt of the request and explain why the extension is necessary.

GSEN will always verify the identity of anyone making a subject access request before handing over any information.

Storage and Security of Personal Information

GSEN will use all reasonable endeavours to ensure that you provide personal information in a secure and confidential environment and when the information is no longer needed it will be destroyed or permanently rendered anonymous.

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect.

Contact Us

If you wish to discuss this further, exercise all relevant rights, raise a complaint please in the first instance, contact us at:

In writing to:

GSEN

c/o Senscot Legal

24 George Square

Glasgow G2 1EG.

Or email: elizabeth.docherty@gsen.org.uk,