About this Policy

To meet its objectives and carry out its day to day operations InterClimate Network (ICN) needs to collect and keep certain information about a range of people including trustees, paid associates, volunteers, delivery partners, teachers, students attending our events, event speakers and guests, funders and supporter networks.

This policy explains what personal information we collect and why, how we keep it secure, and your rights in relation to it.  

We will comply with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR) when dealing with your personal information.

By providing your personal information to InterClimate Network you agree to the collection, storage and use of your personal information by us in accordance with this Privacy Policy.

Further information about your rights under GDPR can be found at the website for the Information Commissioner (www.ico.org.uk). For the purposes of GDPR, the InterClimate Network Board of Trustees is the “controller” of all personal data we hold about you.

Principles

The GDPR is underpinned by a series of principles: These specify that personal information must:

  1. be processed fairly, lawfully and transparently
  2. be obtained only for specific, lawful purposes
  3. be adequate, relevant, and limited to what’s necessary
  4. be accurate and kept up to date
  5. not be held for any longer than necessary
  6. be processed in accordance with the rights of date subjects
  7. be protected in appropriate ways
  8. not be transferred outside the European Economic Area

What information we collect and why

What Why
Trustees
Name, address, email, telephone number, age, CV Discharging ICN’s charitable duties
Paid Associates
Name, address, email, telephone number, bank account details, CV, DBS status (if necessary) Managing ICN’s delivery activities
Volunteers
Name, email, telephone number Managing ICN’s delivery activities
Delivery Partners
Name, address, email, telephone number, bank account details (if necessary) Managing ICN’s delivery activities
Teachers
Name, email, telephone number, school name and address Managing ICN’s delivery activities; distributing Newsletters, notifying about future events
Students
Name, year group, school name and school address Managing ICN’s delivery activities
Event Speakers & Guests  
Name, address, email, telephone number, organisation Managing ICN’s delivery activities
Funders & Supporter Networks  
Name, email, telephone number, organisation Distributing Newsletters; fund-raising initiatives
Website Responders  
Name, email, school (if relevant)  

How we protect your personal data

Personal information is kept as paper records, on email servers, computer hard drives, memory sticks, Dropbox, and Mailchimp:

  • Any paper records and memory sticks are kept securely in the homes of ICN Trustees and Associates. Memory sticks have password protection.

PCs are kept in the private homes of trustees, paid associates, and volunteers, and have standard internet security and anti-virus software. We will hold your personal data only for as long as is necessary to meet our legal obligations. We will notify you in the event of any breach of your personal data which might expose you to serious risk. All financial information we hold for you will be securely destroyed once it is no longer needed.

Who else has access to the information you provide us?

We will not share your personal information with anyone or any organisation except where required to do so by law or as set out in the following paragraph.

We may pass your personal information to third parties, for instance who are paid associates, volunteers, or involved in delivering ICN events, but only or the purposes of completing ICN related tasks and providing our services to you.  However, we disclose only the personal information that is necessary for the third party to deliver the service and we instruct that they keep your information secure, do not to use it for their own purpose, do not pass it to any other 3rd party without our permission, and delete it when it is no longer needed. 

Sensitive Data

ICN does not collect data which GDPR defines as ‘sensitive’ (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs).

GDPR calls for special care regarding information relating to children. However, because of the low risk nature of personal information held, no extra precautions are deemed necessary beyond the general ones described in this document.

It is assumed that schools have obtained the permission of students or parents/guardians to pass students’ information to ICN.

How long do we keep your information?

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.We will hold your personal information on our systems only for as long as it is required. An annual audit will be carried out (covering Trustees, Associates, Delivery Partners, Volunteers) and any personal data that are no longer required will be deleted or requested to be deleted.  These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, some of our website features may not function as a result.

Embedded content from other websites

Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Responsibility for ensuring data protection

The Board of Trustees is the Data Controller, ie the person or persons in ICN who determine the purposes for which, and the manner in which, any personal information is processed.

ICN does not have a legal responsibility under GDPR to have a Data Protection Officer.  The ICN Operations Manager is the person responsible for ensuring on behalf of the Trustees that ICN discharges its GDPR responsibilities. The Operations Manager will:

  • Ensure that relevant people in ICN, or connected with ICN, are aware of this Policy and their associated responsibilities;
  • Lead an annual Personal Data Audit to ensure that:
    • the above ‘What/Why’ table is up to date;
    • no personal information is being held longer than necessary;
    • appropriate protection measures are operating satisfactorily. 

Consent

ICN will assess annually, and keep a record of, on what basis we lawfully keep and process an individual’s personal information and will then act accordingly.  We will typically base our activity on two of the six lawful ways outlined in GDPR, namely:

  1. obtaining direct consent (eg in the case of mass marketing/fund-raising);
  2. ‘legitimate interest’ (eg planning and delivering ICN Events, communicating with associates and volunteers, ‘direct marketing’ such as contacting a targeted set of people who have previously donated to ICN)

In the case of ‘direct marketing’, we will provide an easy means of opting-out in future.Your rights

You have rights under the GDPR:

  • to access your personal information 
    • to be provided with information about how your personal information is processed
    • to have your personal information corrected
    • to have your personal information erased
    • to object to or restrict how your personal information is processed

Any such requests about your information can be addressed in the first instance to ICN’s Executive Chair James Streeter at james.streeter@interclimate.org .

You have the right to take any complaints about how we process your personal data to the Information Commissioner: https://ico.org.uk/concerns/