How African Caribbean Exchange (ACE) uses personal data
Data privacy is important and we support the General Data Protection Regulation (GDPR), Europe-wide law that came into force on 25 May 2018. This new law is built around the principles of transparency and control, something we always take pride in offering. So, to help you retain control of your data, our new policies offer more detail on what we collect, how we use it, and your rights.
It sets out requirements for how organisations will need to handle personal data and builds on and enhances existing data protection principles in the 1998 Data Protection Act. A new Data Protection Act is currently going through parliament and will become law in due course. To help comply with GDPR requirements, we are informing you of what data we might store about you and how it is used.
Who is responsible for data?
For the purpose of the Data Protection Act 1998 and under the General Data Protection Regulations the Data Controller is African Caribbean Exchange (ACE) c/o Liondaris & Co Accountants, 49 Bevan Road, EN4 9DY. Only contracted staff members have access to data and they only have access if it is relevant to their role and they have signed a commitment to our data policy.
What does the privacy statement cover?
This privacy statement sets out how African Caribbean Exchange (ACE) will use and protect any personal information that you share with us. We fully endorse and adhere to the six Principles of Data Protection set out in the General Data Protection Regulations (GDPR). Any information that you share with us will be:
- Processed lawfully, fairly and in a transparent manner.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Collected for specified, clear and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
- Accurate and, where necessary, kept up to date. Every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measure
How we use your personal data ?
- To contact you regarding our projects or events
- For legitimate organisational interests, e.g. to keep your data up to date, to send you information about our work via email or newsletter (legitimate interests are our business reasons for using your data, but, we will not unfairly put our legitimate interests above what is best for you)
- For other purposes as necessary when you have consented to it
How we collect your data
You will have provided your personal data (and or organisational data) directly to us via social media, via events, via social and professional networking, via our website; in all settings you will have given us permission to hold your data via data capture form, email, or trackable request
If you give us your personal information at an event we have organised, by signing up to our newsletter, or by connecting with us on social media, we will use it to send you information about our work, news about projects, and appeals for support. We will only email you this information with your consent, which you may amend at any time. If we send you information by post, we will always make it easy for you to ask us not to do so in the future.
Your data is only shared with third party suppliers who provide services to African Caribbean Exchange (ACE) (data processors), e.g. Pensions provider, Mailchimp (for our newsletter), Eventbrite for events, Xero for accountancy purposes, Accountants for accounting purposes only, Google Analytics/Drive via our secure site, Companies house for reporting, Wetransfer, Dropbox. Data is not shared with anyone else without prior permission.
What data do we collect?
We collect data with permission via our website, through social media channels, at events and through expression of interest and commissioning. Some data is only applicable to staff/contractors or members.
- Title, e.g. Mrs/Name/Job title/Job description
- Home postal address
- Work postal address
- Email Address (work and home)
- Telephone numbers (work, home, mobile)
- Date of birth
- General communications we have with you that may be retained within email/project folders (e.g. emails, letters, contracts)
- Photographs/Videos where data may be stored in Hard copy/on hard drive/memory stick
- Details you provide such as public socials, a photo, links to professional socials, photographs.
Where individuals are under 18 we require consent from a parent or guardian.Some ‘generic’ sites we use, e.g. Mailchimp may store data beyond the European Economic Area (EEA), but, in these cases, we have checked that the providers are part of the US Privacy Shield (a framework which sets out the standards for data to be sent between the United States and European countries), or the data is held in non-EEA countries which have privacy laws at least as protective as those within the EEA.
How long we keep your data?
We keep your data only for as long as we need it. How long we need data depends on what we are using it for, e.g. to provide services to you, for our own legitimate interests, or so that we can comply with the law. This means that we may retain your data for a reasonable period of time after your last interaction with us, but we actively review the data we hold and when there is no longer a legal or business need for us to hold it, we will delete it securely.
How we protect your data.
We protect personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction. We use technical measures such as password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example, where appropriate, limiting the number of people who have access to data. We will make sure that our suppliers respect your personal data and comply with data protection laws.
You have many rights regarding your personal data. These include updating your data, e.g. if it is out of date, seeing what data we hold and being able to complain to the Information Commissioner’s Office (ICO) if you are unhappy with the way we are processing your data. Your details are safe as noted above, we will never share your data with a third party without consent. If you have any questions or need further information about what data we have and how it is used, there will be a full privacy notice made available and you can contact the office on email@example.com
- You have the right to receive copies of the information we hold on you if you wish to do so please contact firstname.lastname@example.org
- You have a right to object to processing that is likely to cause, or is causing you damage or distress
- You have a right to prevent processing for direct marketing;
- You have a right to object to decisions being taken by automated means;
- You have a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
- You have a right to claim compensation for damages caused by a breach of the Act
If you are unhappy with our response to your enquiry about how we have processed your personal information, you have the right to lodge a complaint with the Office of the Information Commissioner.
If you would like more information about the Data Protection Act and the General Data Protection Regulations you can contact the Information Commissioner’s Officer at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: 0303 123 1113 Website: https://ico.org.uk/
Data collected through our websites/YouTube
We use Google Analytics/Youtube analytics to monitor visitor activity and make changes to improve functionality. Google/YouTube Analytics/ generate statistical and other information by means of cookies, which are stored on your devices. The information generated may be used to create reports about the use of the sites. Details captured during your visit could include, but are not limited to, the pages you visit, how long you spend on each page, how you got to the site (e.g. via a search engine), and what you click on while you’re visiting the site.
Our website/communications may contain links to other websites of interest. You should be aware that we do not have any control over the content or security of external sites and therefore we cannot be held responsible for the protection and privacy of any information which you provide whilst visiting these sites. You should exercise caution when disclosing personal information on any website and should read the website’s privacy statement to understand how your personal data will be used.