About this Policy
To meet its objectives and carry out its day to day operations InterClimate Network (ICN) needs to collect and keep certain information about a range of people including trustees, paid associates, volunteers, delivery partners, teachers, students attending our events, event speakers and guests, funders and supporter networks.
This policy explains what personal information we collect and why, how we keep it secure, and your rights in relation to it.
We will comply with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR) when dealing with your personal information.
Further information about your rights under GDPR can be found at the website for the Information Commissioner (www.ico.org.uk). For the purposes of GDPR, the InterClimate Network Board of Trustees is the “controller” of all personal data we hold about you.
The GDPR is underpinned by a series of principles: These specify that personal information must:
- be processed fairly, lawfully and transparently
- be obtained only for specific, lawful purposes
- be adequate, relevant, and limited to what’s necessary
- be accurate and kept up to date
- not be held for any longer than necessary
- be processed in accordance with the rights of date subjects
- be protected in appropriate ways
- not be transferred outside the European Economic Area
What information we collect and why
|Name, address, email, telephone number, age, CV||Discharging ICN’s charitable duties|
|Name, address, email, telephone number, bank account details, CV, DBS status (if necessary)||Managing ICN’s delivery activities|
|Name, email, telephone number||Managing ICN’s delivery activities|
|Name, address, email, telephone number, bank account details (if necessary)||Managing ICN’s delivery activities|
|Name, email, telephone number, school name and address||Managing ICN’s delivery activities; distributing Newsletters, notifying about future events|
|Name, year group, school name and school address||Managing ICN’s delivery activities|
|Event Speakers & Guests|
|Name, address, email, telephone number, organisation||Managing ICN’s delivery activities|
|Funders & Supporter Networks|
|Name, email, telephone number, organisation||Distributing Newsletters; fund-raising initiatives|
|Name, email, school (if relevant)|
How we protect your personal data
Personal information is kept as paper records, on email servers, computer hard drives, memory sticks, Dropbox, and Mailchimp:
- Any paper records and memory sticks are kept securely in the homes of ICN Trustees and Associates. Memory sticks have password protection.
PCs are kept in the private homes of trustees, paid associates, and volunteers, and have standard internet security and anti-virus software. We will hold your personal data only for as long as is necessary to meet our legal obligations. We will notify you in the event of any breach of your personal data which might expose you to serious risk. All financial information we hold for you will be securely destroyed once it is no longer needed.
Who else has access to the information you provide us?
We will not share your personal information with anyone or any organisation except where required to do so by law or as set out in the following paragraph.
We may pass your personal information to third parties, for instance who are paid associates, volunteers, or involved in delivering ICN events, but only or the purposes of completing ICN related tasks and providing our services to you. However, we disclose only the personal information that is necessary for the third party to deliver the service and we instruct that they keep your information secure, do not to use it for their own purpose, do not pass it to any other 3rd party without our permission, and delete it when it is no longer needed.
ICN does not collect data which GDPR defines as ‘sensitive’ (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs).
GDPR calls for special care regarding information relating to children. However, because of the low risk nature of personal information held, no extra precautions are deemed necessary beyond the general ones described in this document.
It is assumed that schools have obtained the permission of students or parents/guardians to pass students’ information to ICN.
How long do we keep your information?
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
Embedded content from other websites
Articles on our website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Responsibility for ensuring data protection
The Board of Trustees is the Data Controller, ie the person or persons in ICN who determine the purposes for which, and the manner in which, any personal information is processed.
ICN does not have a legal responsibility under GDPR to have a Data Protection Officer. The ICN Operations Manager is the person responsible for ensuring on behalf of the Trustees that ICN discharges its GDPR responsibilities. The Operations Manager will:
- Ensure that relevant people in ICN, or connected with ICN, are aware of this Policy and their associated responsibilities;
- Lead an annual Personal Data Audit to ensure
- the above ‘What/Why’ table is up to date;
- no personal information is being held longer than necessary;
- appropriate protection measures are operating satisfactorily.
ICN will assess annually, and keep a record of, on what basis we lawfully keep and process an individual’s personal information and will then act accordingly. We will typically base our activity on two of the six lawful ways outlined in GDPR, namely:
- obtaining direct consent (eg in the case of mass marketing/fund-raising);
- ‘legitimate interest’ (eg planning and delivering ICN Events, communicating with associates and volunteers, ‘direct marketing’ such as contacting a targeted set of people who have previously donated to ICN)
In the case of ‘direct marketing’, we will provide an easy means of opting-out in future.Your rights
You have rights under the GDPR:
- to access your personal information
- to be provided with information about how your personal information is processed
- to have your personal information corrected
- to have your personal information erased
- to object to or restrict how your personal information is processed
Any such requests about your information can be addressed in the first instance to ICN’s Executive Chair James Streeter at firstname.lastname@example.org .
You have the right to take any complaints about how we process your personal data to the Information Commissioner: https://ico.org.uk/concerns/
Please fill out the form below and we will get back in touch.