Privacy Policy

Leeds Tidal Privacy Notice

Last updated: May 2018

How we respect privacy when we deal with personal information collected by our organisation

This Privacy Notice applies to information Leeds Tidal, and our Leeds for Change project, collect about individuals who
interact with our organisation. It explains what personal information we collect and how we use it. If you have any
comments or questions about this notice, feel free to contact us at info@leedstidal.org

Our full Data
Protection Policy
can be read here.

1. Personal data that we process

The following table explains the types of data we collect and the legal basis, under current data protection
legislation, on which this data is processed.

Purpose Data (key elements) Basis
Enquiring about our organisation and its work Name, email, message Legitimate interests – it is necessary for us to read and store your message so that we can respond in
the way that you would expect.
Subscribing to email updates about our work Name, email Consent – you have given your active consent.
Making a donation and becoming a supporter Name and optional email or postal address (if you wish to receive our annual newsletter about our work) Legitimate interests – this information is necessary for us to fulfill your intention of donating money
and sending our thanks if you chose to allow us to contact you. Your payment details are processed by
Local Giving and are not accessible by Leeds Tidal.
Signing up as a member of Leeds for Change Name, email, and optional first 3 letters of your postcode. Legitimate interests – this information is necessary for us to be able to provide our services.

We ask for the first letters of your postcode to monitor the reach of our work. It is optional to
provide us with this data.

Registering for one of our events or trainings Name and email address Legitimate interests – this information is necessary for us to be able to provide our services and
ensure accessibility.
Being photographed at one of our events Photograph Consent – you have given your active consent
You are a previous employee, director, volunteer, contractor Pay records,

contracts, appraisals and personal records

Legitimate interests – this information is necessary for us to fulfil our legal obligations. Pay
records are destroyed after 3 years, and

contracts, appraisals and personal records

are destroyed after 6 years.

 

2. How we use your data

We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as
set out in the table at the top of this policy.

For example, we may use your personal information to:

  • reply to enquiries you send to us;
  • handle donations or other transactions that you initiate;
  • work in partnership with you on a project or event;
  • where you have specifically agreed to this, send you marketing communications by
    email relating to our work which we think may be of interest to you.

3. When we share your data

We will only pass your data to third parties in the following circumstances:

  • you have provided your explicit consent for us to pass data to a named third party;
  • we are using a third party purely for the purposes of processing data on our behalf
    and we have in place a data processing agreement with that third party that fulfils our legal obligations in
    relation to the use of third party data processors; or
  • we are required by law to share your data.
  • In addition, we will only pass data to third parties outside of the EU where
    appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.

4. How long we keep your data

We take the principles of data minimisation and removal seriously and have this policy in place to ensure that we only
ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer
required. We ensure that stored data is relevant and limited to what is necessary to carry out our work.

  • We do not keep your name and email address beyond the time period of each event or
    training.
  • We do not keep your name, email and address if you stop your financial support.
  • We do not keep your contact details if you unsubscribe from one of our e-mailing
    lists.
  • Your invoices are kept securely in paper and electronic formats for accounting
    purposes.
  • If you are a previous employee, volunteer, director, partner or contractor we only
    keep your name and contact details in order to provide you with references if requested.

5. How your data is collected & stored

The vast majority of the personal information we hold about you will be obtained via forms or sign up boxes on our
website, Local Giving, Eventbrite or if you contact us by email.

We store your data with integrity and in confidentiality. Your data is stored on secure GDPR complaint clouds. Tidal
uses Eventbrite, Dropbox, and Google Drive to process and store your data, all of which are US companies with Third
Country Status, making them compliant with EU regulation. These are password protected and only accessible to
authorised staff and volunteers of the organisation.

It is Tidal’s responsibility to ensure all personal and company data is non-recoverable from any computer system
previously used within the organisation, which has been passed on/sold to a third party.

6. Rights you have over your data

You have a range of rights over your data, which include the following:

  • Where data processing is based on consent, you may revoke this consent at any time
    and we will make it as easy as possible for you to do this (for example by putting ‘unsubscribe’ links at the
    bottom of all our marketing emails).
  • You have the right to ask for rectification and/or deletion of your information.
  • You have the right of access to your information.
  • You have the right to lodge a complaint with the Information Commissioner if you feel
    your rights have been infringed.

A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/

If you would like to access the rights listed above, or any other legal rights you have over your data under current
legislation, please get in touch with our Coordinator at maia.kelly@leedstidal.org

Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for
us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access
to your rights while continuing to deliver as many services to you as possible.

7. Accuracy

We ensure that the data we keep is accurate and rectifiable. To keep things up to date, we may occasionally email to
tell you what information we have of you, and ask for verification that its still correct.

8. Branch Reporting

Tidal is responsible for reporting a security breach to the Information Commission, notifying the data subjects, and
publishing a statement on our website.

This notice will be updated as necessary to reflect best practice in data management, security and control and to
ensure compliance with any changes or amendments made to the law.

Acknowledgements

This policy has been written using a template provided by White Fuse GDPR
ready template for charities