Privacy Policy

Introduction

The Foundation for Democracy and Sustainable Development (FDSD) is a registered charity (number 1101302) and a company limited by guarantee (number 04869004). The registered office is located at Floor One, 51 Southwark Street, London SE1 1RU.

We at FDSD are committed to protecting your personal information. This Privacy Notice sets out what personal data we collect about you, how and why we use it, and how we protect it. It also summarises your rights under the General Data Protection Regulation (GDPR).

As a small charity, FDSD is not required to appoint a Data Protection Officer. If you have any questions regarding this Privacy Notice or your rights under GDPR, please contact us at info@fdsd.org.

Your personal data: what we collect and when

In this Privacy Notice, ‘personal data’ is any information that relates to you and enables you to be identified, whether directly or indirectly.

What personal data do we collect? When do we collect it?
Basic personal information, e.g. name, postal address, email address, telephone number. Additional personal information depending on context, e.g. occupation, affiliations with other organisations. When you contact us on our website, by email, by post, by telephone or in person; also when you offer to carry out voluntary work for us, including applying to serve as a trustee of FDSD.
Your communications with us. When you communicate with us by email, letter or telephone, or engage with us on social media.
Personal information freely available in the public domain, e.g. name, postal address, email address; possibly also other information (depending on context) e.g. occupation, affiliations with other organisations. When we are seeking to determine the most appropriate people to contact regarding our charitable activities.
Personal information collected by third parties we use for specific services, e.g. distributing the FDSD Bulletin (for which we use MailChimp) or managing attendance at FDSD events (for which we use Eventbrite).
Eventbrite collect your name, email address and organisational affiliation. MailChimp collect the above data and also record the IP address, location, time zone and system language of the computer you used to register with them.
When you register to receive the FDSD Bulletin or to attend an FDSD event, the third party platform will ask you to provide the personal data specified.
MailChimp and Eventbrite have their own privacy policies, which are available on their websites. They are both American firms and hold data on servers located in the USA.
Your IP address, and details of how you have used our website, which uses cookies.
Cookies are small text files that are placed on your machine to help the site provide a better user experience. This cookie text file consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
When you use our website.

You can read about our use of cookies by clicking on the ‘Find out more’ link at the top of the Home page on our website.

Your bank details, viz. name, sort code and account number. When you donate to us or pay to attend an FDSD event, by cheque, bank transfer or standing order.

Your personal data: why and how we use it

Why do we use your personal data? How do we do this?
To inform you about our activities. We send you the FDSD Bulletin by email, if you have opted to receive it. We may also send you details of forthcoming events, consultations, calls for evidence or any other FDSD activities we hope you would like to know about. You can opt out of receiving these communications by clicking on the ‘unsubscribe’ link in the email.
To communicate with you. We may contact you for a specific reason, e.g. to confirm a meeting or respond to a question; this may be by email, telephone or letter.
To obtain feedback from you. We may send you surveys, consultation papers or other means of seeking your opinions and feedback; these may be by email or letter.
To improve how we engage with you. We use your feedback and specified communications preferences, and our website management tools, to try to align our future communications more closely with your interests.
To recruit and manage volunteers (including trustees). We use some personal information to manage the work of individuals who volunteer their time and expertise, and to recruit trustees with the appropriate skills and experience.
To enable FDSD to meet its legal and governance obligations and to carry out its charitable activities effectively. We may need to incorporate items of your personal data in our accounting records, contractual or other legal documentation, regulatory returns, and payment verification procedures (e.g. for debit or credit card payments).

Your personal data may also be included in more general operational activities such as website administration, data security procedures or fraud screening.

Our legal basis for processing your personal data

We at FDSD may only collect, record or process your personal data on one of the lawful bases set out in the GDPR (see the Introduction).

The lawful bases applicable to our processing of your personal data are as follows:

Lawful basis of processing Personal data processed on this basis
The processing is necessary for us to fulfil a contractual obligation. For example, you have paid to attend one of our events, or we are paying you to carry out some work for us.
The processing is necessary for us to comply with the law. For example, items of your personal data need to be included in our accounting records.
You have given clear consent for us to process your personal data for a specific purpose (the ‘consent’ basis). We will only seek to raise funds from you with your explicit consent. You are completely free not to give such consent, or to give consent at one time and to withdraw it at any later time.
The processing is necessary for our legitimate interests or the legitimate interests of a third party (see next section), unless there is a good reason to protect your personal data which overrides those legitimate interests (the ‘legitimate interests’ basis). This basis is applicable to all of our processing of your personal data apart from the circumstances listed above. You have the right to object to our processing of your personal data on this basis, and to request us to erase your personal data from our files.

Allowing third party access to your personal data

We at FDSD do not share your personal data with any public body, commercial organisation or other charity, except in the strictly defined circumstances set out below:

When would we share your personal data? Why would we do this?
We are legally obliged to allow a third party access to your personal data. Various government and other public bodies have statutory rights of access to our records, including your personal data in our records. Any auditor or independent examiner appointed by us would also have such rights.
You have consented to our allowing a third party access to your personal data, e.g. to enable you or us to fulfil a contract. For example, if you make a payment to us or receive a payment from us you thereby consent to our bank receiving items of your personal data (i.e. account name, number and sort code).
You have visited our website, which uses cookies.

Cookies are small text files that are placed on your machine to help the site provide a better user experience. This cookie text file consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

It may be necessary to allow our website providers access to your personal data for purposes of backing up data held on our website and computers to secure password-protected off-site servers.
You can read about our use of cookies by clicking on the ‘Find out more’ link at the top of the Home page on our website.
We use a third party service provider to carry out a specific task as part of our overall charitable activities. We use MailChimp for bulk email distribution and Eventbrite for event management, as those firms specialise in their respective services and carry them out much more efficiently than we could do ourselves.

MailChimp and Eventbrite have their own privacy policies, which are available on their websites. They are both American firms and hold data on servers located in the USA.

A third party has a legitimate interest in obtaining access to your personal data, unless there is a good reason to protect your personal data which overrides those legitimate interests. We may judge certain of our files, which may include items of your personal data, to be of potential interest to current or future academic researchers.

We may also provide our funders, non-commercial partners, or contractors working with us to develop or manage our website with aggregated general statistical information about our website users. However this aggregated information will not enable any recipient to identify any individual website user.

Your personal data: how long do we keep it

We keep your personal data for as long as we consider necessary and appropriate, depending on the nature of your interactions with us:

Your interaction with FDSD How long we keep your personal data
Continuing interaction, e.g. you subscribe to the FDSD Bulletin. As long as the interaction continues.
Single or ad hoc interaction, e.g. you attend an FDSD event. Until we judge that there has been no interaction between you and FDSD for the period specified in our data retention policy (currently two years).
Financial transaction. By law, six years after the end of FDSD’s financial year in which the transaction occurred.
Interaction on a matter of potential interest to current or future academic researchers. Until we judge that legitimate research interests have been met, or that the matter can no longer be regarded as of potential interest.

Security of your personal data

We take reasonable technical and organisational precautions to protect your personal data against unlawful processing and against accidental loss, misuse or alteration.

Where we allow a third party access to your personal data, we require that third party to adopt appropriate technical and organisational precautions to protect your personal data.

Personal data which is no longer to be kept is securely deleted (for electronic data) or confidentially shredded (for hard copy data).

Your rights

The following table sets out your rights under GDPR, and how we at FDSD support your rights. In each case, please contact us at info@fdsd.org.

In order to protect the privacy of your personal data, we will use reasonable means to verify the identity of the person seeking to exercise rights under GDPR.

Your rights under GDPR How it works
You have the right to be informed who we are, what we are going to do with your personal data, and who your data will be shared with. This Privacy Notice sets out the relevant information.
You have the right to obtain confirmation that your data is being processed, and access to your personal data (this is termed a ‘subject access request’). If we receive a subject access request, we will provide the information free of charge and without delay (and in any event within one month of receipt). We are permitted to make exceptions where requests are manifestly unfounded or excessive.
You are entitled to have your personal data rectified if it is inaccurate or incomplete. We will rectify inaccurate or incomplete personal data without delay (and in any event within one month of notification).

If we have disclosed the personal data in question to third parties, we will inform those third parties of the rectification and advise you that we have done so.

You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. Please note that this does not amount to an absolute ‘right to be forgotten’. We will delete or remove your personal data upon request without delay (and in any event within one month of notification) unless there is a compelling reason for us not to do so (e.g. if we are legally or contractually required to retain the data), in which case, we will advise you of the reason.

If we have disclosed the personal data in question to third parties, we will inform those third parties about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so.

You have the right to require us to restrict processing of your personal data in certain circumstances (e.g. during consideration of a request for rectification or removal of your personal data). When processing is restricted, we are permitted to store the personal data but not further process it, and to retain just enough information about you to ensure that the restriction is respected in future.

If we have disclosed the personal data in question to third parties, we will inform those third parties about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so.

We will inform you if and when a restriction on processing is lifted.

You have the right to object to processing of your personal data in certain circumstances (e.g. processing based on legitimate interests or processing for purposes of scientific/historical research and statistics). Please note that you must have “grounds relating to your particular situation” in order to exercise this right. We will stop processing your personal data upon request without delay (and in any event within one month of notification) unless there is a reason to continue processing which is so compelling as to override your objection (e.g. if we are legally or contractually required to continue processing, or if processing of your personal data is necessary for the performance of a public interest task), in which case, we will advise you of the reason.

Updates to this Privacy Notice

We will update this Privacy Notice as and when required to reflect changes in the law, changes to FDSD’s activities and operations, and feedback from stakeholders and supporters.

This Privacy Notice is effective from 25 May 2018.