This document can also be viewed as a PDF document here.
GMCVO, its subsidiaries, programmes and projects take your data rights very seriously and as such this privacy statement details what we record, why we record it, where we store it and how you can request changes to it.
We do not, and never will, sell your data for marketing purposes. We will only use it in the manner you have allowed us to, so we can deliver the services you have requested.
Contents
Our privacy statement
Who are we?
Your acceptance of this statement
Changes to this privacy statement
What is personal data?
What is sensitive personal data?
People we collect information on
Why we hold your data
How we collect data
Complying with the Data Protection Act
Marketing communication preferences
Note on email marketing
Giving your data to other organisations
Sensitive data
Use of media and consent
Expiry of consent
Job applicants, current and former GMCVO employees
Your data on our website
E-newsletters
Website hosting
People who contact us through social media
Accessing information held about you
Changing your communication preferences
Asking for your data to be deleted
The remit of this statement
How to contact us
Our privacy statement
This privacy statement tells you what to expect when we collect personal information.
Who are we?
In this statement, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to GMCVO (a working name for Greater Manchester Centre for Voluntary Organisation), its subsidiaries and all projects.
All profits from our subsidiary ventures support the work of the parent charity (GMCVO).
Your acceptance of this statement
By using our websites, social media pages, accessing an event, accessing a service or providing your information you consent to our collection and use of the information you provide in the way(s) set out in this statement. If you do not agree to this statement please do not use our sites, social media pages or services.
Changes to this privacy statement
We regularly review our privacy statement. Any updates will be posted on our website and will apply from when they are updated on the website. Anyone that we are in contact with will be informed if there are major changes.
What is personal data?
‘Personal data’ means any information that identifies a living person. This can include name, address, phone number or email address.
It also covers our use of any personal information you provide to us. This may be by phone, text message (SMS), email, social media, letter and other correspondence, and in person. It can include IP addresses and other technical identifying information.
What is sensitive personal data?
‘Sensitive personal data’ is data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
We only collect this sensitive data if we have a legitimate interest. None of this data will be used in a way that could harm you as an individual and will only be used for anonymised statistical reporting.
People we collect information on
We need to collect and use your personal data if you contact us for any reason, including if you are a:
-
Member of GMCVO
-
Member of our online community
-
Stakeholder or partner
-
Visitor to any of our websites
-
Someone who connects with us through social media platforms
-
Someone who accesses one of our funded projects
-
Someone who trades with our trading companies
-
Volunteer or prospective volunteer
-
Employee or prospective employee of GMCVO
-
Supplier or prospective supplier to GMCVO and its subsidiaries
-
Journalist, member of the media or someone who publishes or broadcasts to the public
-
MP, other parliamentarian or representative including councillors
-
Person within the VCSE sector who works with us
-
Person from an organisation that wishes to work with us or ask us for support or information.
Why we hold your data
We hold your details to:
-
Communicate with you as a stakeholder, partner or user of our services
-
Respond to your enquiry or request for information
-
Provide you with the service or membership you have requested
-
Process sales or donations and verify financial transactions
-
Provide a personalised service to you when you visit our websites. This includes the use of cookies if you agree to their use. This could include customising the content and/or layout of our pages for individual users
-
Keep a record of any contact we have with you
-
Enable third parties, working for us, to carry out technical or logistical functions for us
-
To carry out research on the demographics, background and interest of our stakeholders, partners and users of our services. This is to get a better understanding of you and to improve our services
-
Tell you about the things you have told us you are interested in – if you have given us permission to inform you of relevant areas of interest
-
Help you with any problems you may be experiencing with a form or our website. We may also do this if you enter your details onto one of our online forms, and you don’t ‘send’ or ‘submit’ the form
-
Prevent or detect fraud.
How we collect data
We may collect and store information about you whenever you interact with us. For example, when you book a room through St Thomas Centre, register for an event, apply to become a member, subscribe to one of our mailings or submit an enquiry. Other examples include if you register for our services, apply for a job or volunteering opportunity, or otherwise give us any other personal information.
We may also receive information about you from third parties for a specific purpose. However, this will only happen if you have given them permission to share your information.
Complying with the Data Protection Act
Data Protection Act principles require us to process personal data fairly and lawfully. We will offer you choices about the way you are contacted. We will also be clear about how we will use your information. We will make sure that the reason for collecting information is lawful.
As required by law, we have informed the Information Commissioner’s Office (ICO) why we collect and process data.
We only hold data about you that is enough for our purpose and that of our funders, nothing more.
We work to make sure the data we hold is accurate and up to date. Accuracy is checked when data is recorded, for example through confirmation pages.
We only hold personal data as long as necessary. However, we may need to keep personal data on you even if you have requested no further contact. This is so that we can make sure we don’t contact you about an activity. For example, it means we won’t include you when we send promotional communications to people in a particular geographic area.
We have systems in place to safeguard your personal data. Access to written and electronic personal data is restricted and has a level of security depending on the sensitivity of the data. No sensitive data linked to a person’s name or address is transported off-site from our offices unless it is either securely locked, password protected or encrypted.
Marketing communication preferences
If you have given us permission to contact you about news and information, our work or ways to support us, we will make sure that you can opt out of receiving marketing communications. At the first reasonable opportunity, you will be offered the chance to opt out of hearing from us and any of its subsidiaries. You will be able to say ‘no’ to contact by mail, telephone, text or email.
If at a later date you complete another form, giving different contact preferences, we will use those you have given most recently.
Every time we contact you in the future we will give you the chance to update your communication preferences.
Note on email marketing
Emails and text messages are also covered by the Privacy and Electronic Communications Regulations. Every time your email address or mobile telephone number is recorded, you will be offered email / text updates. You will have to tick a box to agree to your details being used for marketing emails / texts.
Also, any marketing emails / texts sent by GMCVO will include the opportunity to unsubscribe from future emails / texts.
Giving your data to other organisations
We use third parties to handle some of our services on our behalf, as allowed under the Data Protection Act. These organisations are only allowed to use your personal information for the specific purpose they have been contracted for. For example, this could be to process and store the data we hold on you.
If we do share your data with any third parties, we will state who they are, what data we will share and why we will share it, when you give us the information.
We have also stated in our Information Commissioner’s Officer (ICO) registration that we will not transfer data outside the European Economic Area.
We always transfer your personal data securely – through a secure FTP (File Transfer Protocol) website, or as a password-protected file.
We will never swap or sell your data to another organisation for them to use for marketing purposes.
Sensitive data
We have legitimate interests for collecting sensitive data. It helps us to achieve one or more of our charitable aims. For example, we can demonstrate we are not discriminating against any section of society. None of this data will be used in a way that could harm you as an individual and will only be used for anonymised statistical reporting.
Use of media and consent
Media consent applies to:
-
Photographs
-
Video footage
-
Still images taken from video
-
Sound recordings
-
Quotes and case studies submitted (spoken or written, including web form submissions)
-
It applies whether or not we took the material, commissioned it or it was submitted by a third party.
If you give consent to the use of media, we may use it as follows:
-
on our website or other websites
-
on social media and video-hosting platforms (for example Twitter, Facebook, Instagram and YouTube)
-
in our information materials, such as leaflets, presentations, posters or fundraising material
-
for broadcast and radio interviews
-
for written press articles.
Expiry of consent
Material will only be used, printed or published for as long as consent has been given and will be kept for as long as necessary.
-
Consent can be withdrawn at any time in which case every effort will be made to withdraw from use and they will not be used in the future
-
After expiry of consent photographs, videos or audio recordings etc. will be:
-
Deleted from photographic libraries or other storage and not reused in publications etc.
-
Withdrawn from use from web use and other similar environments
-
-
We are unable to guarantee that we can withdraw from use images, videos or quotes that have been published prior to withdrawal of consent although all reasonable steps will be taken to do so
-
We will take all reasonable steps to make sure that content used for our web sites, publications and materials is not used by third parties without our permission. However, we cannot guarantee that third parties will always request our consent
-
At some of our events other photographers not employed or associated with us may take and distribute photographs etc. These may be journalists, other event attendees or casual passers-by. The use of these images etc. are beyond our control.
Job applicants, current and former GMCVO employees
When people apply to work at GMCVO, we use the information they supply to us to process their application and to monitor recruitment statistics. When we want to disclose information to a third party, we will not do so without telling the person in advance unless the disclosure is required by law. For example, we may need to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Service.
Personal information about unsuccessful candidates will be held for 3 months after the recruitment exercise has finished. It will then be securely destroyed or deleted. We keep de-personalised statistical information about applicants to help inform our recruitment activities. However, no individuals can be identified from that data.
Once a person has taken up employment with us, we will compile a personnel file about their employment. The information in this file will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with us has ended, we will keep the file as required by our retention schedule and then securely destroy or delete it.
Your data on our website
If you use any of the email facilities or forms on any of our sites, we will capture your email address, your name and, where relevant, your postal address. This means we can respond to your request, enquiry or order. We will ask if you want to opt in to being contacted in the future by mail, telephone, email or text.
If you use any of the secure forms on our sites, your credit card information is only used to complete that transaction. All such forms are secure and cannot be accessed by anyone other than the members of staff involved in completing the transaction.
Information is automatically provided on your browsing behaviour through the use of cookies on our sites. This information does not enable us to identify you personally. However, it does allow us to track usage of our sites so that we can improve them.
We use standard third-party web analytics services (such as Google Analytics) to collect anonymous information about your computer, including your IP address, operating system and browser type. This includes for example the number of users viewing pages on the site, but it does not identify you individually. This means we can monitor and report on the effectiveness of the site and help us improve it. If visitors want to post a comment on our sites, we require visitors to enter a name and email address.
We may temporarily retain any data that you provide on the website, even if you do not complete your enquiry. Such contact details and data may be used to contact you to enquire if you require any assistance but for no other purpose.
E-newsletters
We use CiviCRM to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies. This includes clear gifs to help us monitor and improve our e-newsletter.
Website hosting
We use a third-party service to host our websites. These sites are hosted with:
Machine Networks – Europarc Innovation Centre, Innovation Way, Grimsby, North East Lincolnshire, DN37 9TT who have a data centre in Manchester.
People who contact us through social media
If you send us a private or direct message through social media, the message will be stored in line with our data retention policy. It will not be shared with any other organisations.
Accessing information held about you
We will assist you if you want to see the information we hold about you. A request should be made in writing, by letter or by email, to gmcvo@gmcvo.org.uk. In most cases, we will reply to a request within a month. We may need to extend this period for particularly complex requests.
Incorrect data can be changed, blocked or destroyed. You also have a right to prevent us processing your data for marketing or if it is likely to cause distress.
If you have already requested and received this information, there will need to be a reasonable period of time before you can request the information again.
Changing your communication preferences
You can change your communication preferences at any time. You can choose whether we contact you by mail, telephone, email or text message. You can also choose whether or not you receive information on certain activities of GMCVO. Just contact us – by phone on 0161 277 1000, in writing or by email to gmcvo@gmcvo.org.uk or via our website at https://www.gmcvo.org.uk/contact
Asking for your data to be deleted
You can ask us to stop using your personal data at any time. However, we may keep the personal data of people who have requested no further contact. This is so that we can make sure we don’t include them in any future activity. We may also need to keep data about activities, events etc. to demonstrate outcomes to funders. However, if requested we will anonymise the data held on our systems.
The remit of this statement
This privacy statement does not cover information gathered on other websites outside our control.
How to contact us
Requests for information about our privacy statement can be emailed to data protection team at: gmcvo@gmcvo.org.uk or by writing to the Data Protection Compliance Team at the address below:
GMCVO
St Thomas Centre
Ardwick Green North
Manchester
M12 6FZ
United Kingdom
For a more detailed list of what information we collect and how it is used you can visit the Information Commissioner’s Office (ICO) website and view our registry entry. Our registration number is Z6753563.