— You sign up as a member or volunteer;
— You borrow tools from our database;
— You register or book tickets for events;
— You sign up to receive updates via our newsletter.
TYPES OF DATA COLLECTED
— Individuals who buy a ticket to a GTL event are required personal data: forename, surname and email address. This is done by third party organisation eventbrite. We may contact you to give more information in relation to the event you have booked, to give further details or to ask for feedback. We will only contact you with regards to the event you have booked.
— Individuals who sign up to volunteer will be asked to provide personal data: forename, surname, phone number and email address. This information is used to communicate about relevant GTL activities. This is done via third party platforms Slack, facebook and whatsapp. These platforms are used to keep volunteers and the GTL network connected.
— Individuals who become a member of GTL are required to provide personal data: Forename, surname, address including postcode, email address, phone number and date of birth. We also asked that members provide proof of address and show a copy of their drivers license to confirm the information provided is correct. We do not keep copies of this information. We process this information to ensure you meet the membership requirements and are able to contact you with regards to the tools you are lending. This information is stored physically on our membership forms and kept in a locked box. This information is also added to our management system which is provided by third party organisation My Turn.
< div class=”text-block-3″>Personal Data will never be collected or processed for any reason other than the original purpose that was agreed between GTL and the individual. In cases where Sensitive Personal Data is collected, an extended version of our privacy and consent policy will be issued to Data Subjects and discussed with them at the time.
- MailChimp, to deliver newsletters and help us gather statistics around email openings and clicks. For more information please see MailChimp’s privacy notice.
- Gmail, to host our email services. Gmail uses a Secure Sockets Layer (SSL) to encrypt emails.
- Slack, to coordinate volunteers, for more information see their privacy notice.
GTL takes appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of Personal Data.
GTL processes Personal Data relating to the Data Subject only if one of the following applies:
— The individual who is providing the data has given unambiguous formal consent.
— Provision of Data is necessary for the performance of an agreement with the Subject and/or for any pre-contractual obligations.
— Processing is necessary for compliance with a legal obligation to which the Owner is subject.
— Processing is related to a task that is carried out in the public interest.
— Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
Data is processed at the GTL office and in any other places where the parties involved in the processing are located.
Data is processed and stored for as long as it is required to fulfil the purpose that it was collected for:
— The Personal Data of individuals who are subscribed to GTL’s newsletter will be held until the individual opts out of the subscription or until GTL ceases to produce newsletters.
— Personal Data collected for volunteers will be held until the individual opts out of being a volunteer and requests their information is no longer stored.
— Personal Data collected for memberships will be retained until individuals fail to renew their GTL membership.
Once the retention period has expired, Personal Data will be deleted.
THE RIGHTS OF DATA SUBJECTS
In relation to their Personal Data, Subjects have the right to do the following:
— To be informed, with transparent information and communication from the Controller at the time of data collection.
— Withdraw consent to the processing of their Personal Data that has previously been given. They can withdraw consent at any time.
— Access their Personal Data, to view what data is being held on them and how it is being processed. They can request a copy of this data.
— Verify the data that is held on them, by gaining access and requesting for it to be corrected or updated.
— Restrict the processing of their Personal Data. Subjects can request that the Owner cease the processing of their data, in which case the data will be stored for its original purpose or deleted.
— To be forgotten, by having their Personal Data deleted from the Owner.
— Data Portability, by having their Personal Data transferred to another Controller. Subjects can obtain their data in an appropriately readable format, have it transferred to another Controller and deleted from the previous.
Any requests to exercise these rights can be directed to the Owner via firstname.lastname@example.org. These requests can be exercised free of charge and will be addressed by the Owner within one month.