General Privacy Notice
We are The Warren House Group at Dartington (‘WHG’) trading as the Dartington Service Design Lab (‘Lab’) and this incorporates the Centre for Social Policy (‘CSP’).
Your privacy is important to the WHG. This privacy statement provides information about the different types of personal information that we collect and the ways in which we use it, although please note that not all of this will be applicable to you. If in doubt, please feel free to check by contacting us using the contact details included at Clause 14.
As well as this general privacy notice, we will soon also be producing a version for members of the public or organisations that are invited to take part in any of our social and policy research activities.
1. When do we collect personal information about you?
We may hold information relating to you from a number of sources, and will collect personal information about you:
a. When you give it to us directly
For example, personal information that you submit through our websites (www.dartington.org.uk, and http://www.centreforsocialpolicy.org.uk), by signing up to our blog or email newsletter, or contacting us to make a donation, or any personal data that you share with us when you communicate with us by email, phone or post.
b. When we obtain it indirectly
Your personal information may be shared with us by third parties, including our business partners, our sub-contractors in technical and payment services, advertising networks, research providers and search information providers.
c. When it is publicly available
Your personal data may be available to us from external publicly available sources.
d. When you visit our website
2. What personal information do we use?
We may collect, store and otherwise process the following kinds of personal information:
a. Your name and contact details, including email address, postal address, telephone number, and social media identity;
b. Information about our services which you use, such as the Lab or CSP events and meetings with WHG representatives that you have attended and your communication preferences;
c. Information about your computer/ mobile device and your visits to and use of this website, including, for example, your IP address and geographical location; and;
d. Any other personal information which you choose to share with us as perClause 1.
Special categories of data
The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive, and therefore requiring more protection. These categories of data include information about things such as your health, ethnicity, attitudes, political opinions, etc. In certain situations, we may collect and/or use special categories of data (for example in order to make adjustments for any disabilities or dietary requirements you may have when attending our events). This is particularly common in our research activities (see ur Research Privacy Notice for further details). We will only process these special categories of data if there is a valid reason for doing so and where the GDPR allows us to do so. For instance, by seeking your explicit consent to use such data, or via some other lawful purpose, as defined by GDPR (see this linkon the Information Commissioner’s Office website; and what are most commonly relevant to us in Section 3 below).
3. Lawful processing
We are required to have one or more lawful grounds to collect and use the personal information that we have outlined above. We consider the grounds listed below to be relevant:
Where you have provided your consent for our use of your personal information in a certain way, for example, where we ask for your consent to send you our newsletter or to participate in research.
b. Legal obligation
Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject, for example, where we have to share your personal information with regulatory bodies which govern our work.
c. Contractual relationship
Where it is necessary for us to process your personal information in order to perform a contract to which you are a party (or to take steps at your request prior to entering a contract), for example, where you are a client, or you volunteer with us or provide associate consulting services.
d. Legitimate interests
Where applicable law allows us to collect and use personal information on the condition that to do so is reasonably necessary for our legitimate interests (and the use of your personal information is fair, balanced, and does not unduly impact your rights). We may rely on this ground to process your personal information when we believe that it is more practical or appropriate than asking for your consent. For instance, we rely on the legitimate interest ground to process your personal data:
- in order to protect the security of our networks e.g. when we receive external emails we will scan such emails for any threats.
- in order to capture your contact details when you have expressed a desire to remain in contact with the WHG, the Lab or CSP (e.g. via email) without necessarily wanting to opt-in to our direct mailing.
4. How we use your personal information
We may use your personal information:
a. to provide you with services, products or information that you have requested;
b. to provide updates about our work, services, activities, publications or products (where necessary, and only where you have provided your consent to receive such information);
c. to invite you to Lab and CSP events which we feel that you might be interested in;
d. to answer your questions/ requests and communicate with you in general;
e. to further our charitable aim in general, including asking for volunteer support;
f. to analyse and improve our work, services, activities, products or information (including our website) or for our internal records;
g. to audit and/ or administer our accounts;
h. to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/ or law enforcement bodies with whom we may work, or due diligence checks before accepting major donations;
i. for the prevention of fraud or misuse of service; and
j. for the establishment, defence of enforcement of legal claims.
We may analyse your personal information to create a record of your interests and preferences to help us manage our records efficiently and effectively. This allows us to ensure that communications (e.g. by post, telephone, email, text or social media) are appropriate and to generally provide you with an improved user experience.
If you would prefer us not to use your personal information in this way, please let us know by using the contact details included atClause 14.
We also undertake social science research as a core aspect of our work. Research participants (or potential participants) may see our research-oriented version of this privacy statement here: www.dartington.org.uk/privacy_research).
6. Do we share your personal information?
We will not sell, rent or lease your personal information to others. However, we may disclose your personal information to selected third party processors (such as partners, sub-grantees or sub-contractors) for the purposes outlined atClause 4.The third party in question will be obligated to use any personal data they receive in accordance with our instructions.
In particular, we reserve the right to disclose your personal information to third parties:
a. in the event that we buy or sell any business or assets, in which case we will disclose your personal information to the prospective buyer or seller or such business or assets;
b. if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
c. if we are under any legal or regulatory obligation to do so; and
d. in connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.
7. International Data Transfers
As we sometimes use third parties to process personal information, it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK or the European Economic Area (“EEA”).
Please note that certain countries outside of the UK or EEA have a lower standard of protection for personal information, including lower security protections. Where your personal information is transferred, stored, and/or otherwise processed outside the UK or EEA in a country which does not offer an equivalent standard of protection to the UK or EEA, we will take all reasonable steps necessary (including entering into standard contractual clauses to protect your personal information or relying on the Privacy Shield for transfers to organisations in the US) to ensure that the recipient implements appropriate safeguards designed to protect your personal information. If you have any questions about the transfer of your personal information, please contact us using the details at Clause 14.
8. Securing your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on secure servers.
9. How long do we keep your personal information?
We will generally remove your personal information from our records six years after the date that it was collected unless:
(a) we are required to hold for longer for legal or regulatory purposes; or
(b) it is still required in connection with the purpose for which it was collected and/or processed.
However, we will remove your personal information from our records before this date if we become aware that:
(a) your personal information is no longer required in connection with such purpose(s);
(b) we are no longer lawfully entitled to process it; or
(c) you validly exercise one of your right of erasure under Clause 10.
10. Your rights and preferences
We may contact you by post unless you request otherwise, and by telephone, email, text, social media or other electronic means depending on the communication preferences you have previously indicated. Where we rely on your consent to use your personal information, you have the right to:
a. Ask us for confirmation of what personal information we hold about you, and to request a copy of that information. If we are satisfied that you have a legal entitlement to see this personal information, and we are able to confirm your identity, we will provide you with this information.
b. Request that we delete the personal information we hold about you, as far as we are legally required to do so.
c. Ask that we correct any personal information that we hold about you which you believe to be inaccurate.
d. Object to the processing of your personal information where we:
- (i) process on the basis of the legitimate interests ground;
- (ii) use the personal information for direct marketing; or
- (iii) use the personal information for statistical purposes.
e. Ask for the provision of your personal information in a machine-readable format to either yourself or a third party, provided that the personal information in question has been provided to us by you, and is being processed by us:
- (i) in reliance on your consent; or
- (ii) because it is necessary for the performance of a contract to which you are party;andin either instance, we are processing using automated means.
f. Ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
If you decide you do not want to receive any further emails from the Lab or CSP please tell us and we will remove you from the mailing list. At any point you can request to unsubscribe from the Lab’s mailing list or remove your personal information from the database by contacting us using the details listed atClause 14.
Please note that where you ask us to delete your personal information we will maintain a skeleton record comprising your name and organisation to ensure that we do not inadvertently contact you in the future. We may also need to retain some records for statutory purposes.
Please note that you also have the right to lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk/concerns
11. Other websites
The WHG is not responsible for the privacy practices or the content of linked web sites. Please review the privacy notices of such websites.
12. Updating this privacy statement
We may update this privacy statement by posting a new version on this website. If we update this privacy statement in a way that significantly changes how we use your personal information, we will use reasonable efforts to bring these changes to your attention where we have your contact details. Otherwise, we would recommend that you periodically review this privacy statement to be aware of any other revisions.
13. If you have any concerns
If an individual has any concerns about how we are using their personal data then we ask that they contact our Data Protection Officer in the first instance (firstname.lastname@example.org). However, an individual can contact the Information Commissioner’s Office should they consider this to be necessary, at https://ico.org.uk/concerns/.
If you would like to discuss anything in this privacy notice, please contact:
Data Protection Officer: Brian Warren
General Privacy Notice dated 1 May 18 Reviewed Annually
Sign up to find out more