Confidentiality and Data Protection Policy
Policy Centre for African Peoples (PCAP) is a charity founded in the UK in 2008 to enable African and disadvantaged people to improve their lives through education and engagement. PCAP’s charity registration number is 1131139.
PROCESSING YOUR DATA
Personal Data That We Collect:
• Email address – when you communicate through email • Email address – when you sign up to our newsletter • Personal information – when you enquire through our forms • Contact data – when shared with us, may include your address, email address and telephone numbers.
Analytics and tracking data
• Technical data – this may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site • Usage data – this may include information about how you use our website, products and services (see section on cookies below).
Marketing and communications data
• This may include your preferences in receiving marketing communications from us and our third parties and your communication preferences
MARKETING AND WEBSITE COOKIES
A “cookie” is a file stored on your computer’s web browser. The main purpose of a cookie is to track usage, tailor web pages and remember login information.
Cookies do not give us access to your computer, and the information we collect through cookies does not include personal information.
WE PROCESS INFORMATION RELATING TO:
• Employees • Job applicants • Service users and clients • Suppliers • Complainants (via our External Complaints procedure) • Professional advisers and consultants • Website visitors.
Unless we obtain your permission, information that is identifiable as relating to you (i.e. it has not been edited to make it anonymous) is not sold to other organisations for commercial or other purposes. We may share data with our partners who sign data protection or data sharing agreements with us in order to deliver, monitor, evaluate and report the outcomes of our services. More information on this is available under the “Transferring Information to Third Parties” section below.
WHY DO WE COLLECT AND PROCESS YOUR PERSONAL INFORMATION?
We will only collect and process your personal information in accordance with data protection laws. Our legal bases for processing your personal information are as follows:
We will usually only collect and process your personal information if you have given your consent for us to do so, for example, we will only send you certain marketing emails and process any information about you if we have your consent.
We may use and process some of your personal information where we have sensible and legitimate charitable grounds for doing so. Under European privacy laws there is a concept of “legitimate interests” as a justification for processing your personal information. Legitimate interest could exist for example where there is a relevant and appropriate relationship between you and PCAP in situations such as where you are our supplier, client or benefiting from one of our services. Similarly, it may arise in the event that we have awarded funding to you or your organisation and need to process your personal data in the public interest or for the prevention of crime.
PCAP’s legitimate interest may also include processing your personal data to authenticate you and give you access to our online services.
You have a right to object to our use of your personal information for these legitimate interests including where we may use your personal information to create a profile to inform beneficiary/ customer demographics. If you raise an objection, we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we are continuing to process your personal information.
Performance of a contract
The processing may be necessary for a contract that we hold with you. For example, if we are awarding a grant to you there may be data that is required such as bank details in order to enter into that contract. We may require you to share data with us as part of the contracting terms.
This may also include processing your personal data through third-party websites or hosting platforms to deliver services to you, in which case you would be notified of such processing.
HOW WE STORE YOUR DATA
PCAP and our partners use third-party vendors and hosting partners to provide services such as training, newsletter signup and mailing lists. Data is transferred to or mirrored on servers within the UK, the European Economic Area (EEA) and outside the EEA in certain instances.
PCAP collaborators will apply all reasonable measures to ensure that data held on our servers is secure but cannot guarantee that security measures will not be breached.
HOW WE MANAGE YOUR DATA
As a data controller, PCAP decides how and why the data we collect is used. When working with collaborators in our network, we use data sharing agreements that set clear expectations on how and when collaborators can use our data.
Any third-party vendors that we use to process your data must be GDPR compliant and PCAP will hold a Data Protection Agreement with those third parties.
TRANSFERRING INFORMATION TO THIRD PARTIES
To meet our obligations and provide you with our services, we may need to process your personal data via third parties. Personal data will only be transferred to, or processed by, third-party companies where such companies are necessary for the fulfilment of services you have consented to, our contractual obligations or a legitimate interest.
We will not transfer personal data to a country or territory outside the European Economic Area (EEA) unless the transfer is made to a country or territory recognised by the EU as having an adequate level of Data Security, or is made with the consent of the Data Subject, or is made to satisfy the legitimate interest of PCAP in regard to its contractual arrangements with our partnering organisations.
If it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of service, or as otherwise required by law.
COVID-19 EMERGENCY RESPONSE AND DATA USAGE
In light of the changing needs of the charity sector due to COVID-19, we are working with a growing network of collaborators who are able to support our service users, our charity and other charitable organisations.
We will be collecting and sharing data across our network of collaborators in order to identify our service users’ needs, collect and share contact details with partners who can respond to those needs, analyse those needs and publish our aggregate findings for the benefit of the wider community.
If we hold your personal data you have rights under the General Data Protection Regulation and the Data Protection Act 1998 and 2018.
You have the right to request we remove all identifiable information we store on you, including the removal of any email subscriptions. To do so, please email email@example.com
The data we hold on you will be removed from our systems after a year from our last interaction with the data subject, unless we need to keep the information for legal or auditing purposes.
If you believe that your personal data has been compromised, you have a right to complain to the Information Commissioner’s Office (ICO).
(Article 4 of the GDPR): this means the person or company that determines the purposes and the means of processing personal data.
(Article 4 of the GDPR): means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
DATA SUBJECT RIGHTS
(Chapter 3 of the GDPR) each Data Subject has eight rights. These are:
• The right to be informed - this means anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed to.
• The right of access - this is your right to see what data is held about you by a Data Controller.
• The right to rectification - the right to have your data corrected or amended if what is held is incorrect in some way.
• The right to erasure - under certain circumstances you can ask for your personal data to be deleted. This is also called ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed.
• The right to restrict processing - this gives the Data Subject the right to ask for a temporary halt to processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected.
• The right to data portability - a Data Subject has the right to ask for any data supplied directly to the Data Controller by him or her, to be provided in a structured, commonly used, and machine-readable format.
• The right to object - the Data Subject has the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.
• Rights in relation to automated decision making and profiling - data Subjects have the right not to be subject to a decision based solely on automated processing.
If you have concerns about the way PCAP is handling your User Personal Information, please let us know immediately. You may contact us by emailing us directly at firstname.lastname@example.org with the subject line “Privacy Concern”. We will respond within 30 days at the latest.
CHANGES TO THIS POLICY
PCAP may periodically update this policy. We will notify you about significant changes in the way we treat personal information by placing a prominent notice on this site.
This policy was last reviewed on 17 August 2020.