top of page

PRIVACY POLICY.

Summary

This policy sets out how Sustainable Hackney manages and protects the personal data that we collect in the course of our activities.  It sets out how we apply the principles of data protection, the legal basis for data processing, and the rights of individuals over their data.

Scope

The policy applies to the activities of Sustainable Hackney and to the projects that Sustainable Hackney has set up including Hackney Fixers, Hackney Food Partnership and Hackney Green Drinks and applies to our Steering Group, members, and volunteers acting on our behalf.

Principles

We will apply the principles of data protection:

  • Personal data shall be processed fairly and lawfully and transparently.

  • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with those purposes.

  • Personal data shall be adequate, relevant and not excessive in relation to the purposes.

  • Personal data shall be accurate and, where necessary, kept up to date.

  • Personal data shall be kept for no longer than is necessary.

  • Personal data shall be processed in accordance with the rights of data subjects.

  • Personal data shall be protected against unauthorised or unlawful processing, loss, destruction, or damage.

  • Personal data shall be transferred outside the European Economic Area only where there is adequate protection.

Policy

  1. We will only process data using one or more legal bases.    We will always use consent as the basis for any email marketing.  The basis on which we process data will be recorded in an appendix to this policy.

  2. When new data is collected we will document the legal basis and amend this policy and our privacy notice as appropriate.

  3. We will explain our policy in a privacy notice which will be posted online and linked to from our newsletters, referenced on our forms and on our website.  The privacy notice will be updated from time to time as necessary.

  4. We will only use the data for the purposes that are specified.  We will keep data for our different projects and member types separate and not use data collected for one purpose for another purpose unless we first obtain consent.  We will not pass, sell or release data to any third party without consent unless legally required to do so.

  5. We will only collect data that is relevant to the purpose for which it was collected and we will review at least annually whether the data is still relevant to that purpose.  We will aim to collect the minimum amount of data that is necessary. 

  6. We will make it easy to opt out of email newsletters using an unsubscribe link in each email.

  7. Members of the organisation can update their data when renewing their membership or on request to the membership secretary.  Network members can update their own profile information to ensure it is accurate themselves using their log-in.  Newsletter list subscribers can amend their data by using a link in each newsletter.

  8. We will not ask or require individuals to provide personal data on social media which we do not control. Individuals may of their own volition post personal information to our social media addresses or our website. We will keep Network member data and newsletter list data as long as the subscription remains in force.  We will keep member data for up to two years after a member’s subscription lapses.

  9. We will respond to all requests relating to access, rectification, erasure, restriction of processing or objection in line with data subjects rights.  Data subjects can make such requests by email to info@sustainablehackney.org.uk or in writing to the address of the organisation. See Appendix 3 for details of rights and how we respond to them.

  10. We will use our best endeavours to ensure data is protected from loss and not transferred outside the EEA without adequate protection.

  11. We have checked and are satisfied with the data privacy and security policies of our non EEA data processing partners, Ning (network members) and Mailchimp (newsletters).  

    1. We have set up an EU Privacy Shield agreement with Mailchimp.

    2. We will limit access to personal data to those who need it for their role.

    3. We will ensure that personal electronic data is password protected.

    4. We will avoid inadvertent disclosure of personal emails by using BCC where appropriate.

    5. We will make regular backups of member data, network data and mailing list data, which will be kept secure.

  12. We will report any substantial data breach to the Information Commissioner and, where appropriate, to the data subject.

Responsibilities

  • The Website Officer is the lead on data protection, and on the implementation of this policy, and reports to the Steering Group.

  • Steering Group members have a responsibility to ensure the policy is adhered to when they handle personal data as part of their role.

  • Where personal data is handled by members or volunteers working on behalf of Sustainable Hackney they will be required to comply with this policy. 

bottom of page