GRIT WEBSITE PRIVACY POLICY.
INTRODUCTION
GRIT is registered under the Data Protection Act 2018 under number ZA312166. Our registered charity number is 1176272.
This privacy notice explains how we at GRIT use any personal information we collect about you. We respect each site visitor’s right to personal privacy. To that end, GRIT collects and uses information throughout our website only as disclosed in this Privacy Policy. This statement applies solely to information collected on this website.
Our website uses cookies. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
1. WHAT INFORMATION DO WE COLLECT?
We may collect, store and use the following kinds of personal information:
• Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation;
• Information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any donations, or transactions you make of our goods or services;
• Information that you provide to us for the purpose of registering with us;
• Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;
• Any other information that you choose to send to us.
2. WEB TRAFFIC
We use a third party, Square Space, to measure our website’s audience and usage.
3. COOKIES
Cookies are small pieces of data, stored in text files that are stored on your computer or other device when websites are loaded in a browser. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits (using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on that site (‘third party cookies’).
We use cookies that are essential for the website to perform its basic functions, and cookies that improve the functionality and performance of the site.
Visitors may wish to restrict the use of cookies, or completely prevent them from being set. Most browsers provide for ways to control cookie behaviour such as the length of time they are stored – either through built-in functionality or by utilizing third party plugins. See www.aboutcookies.org for more information.
It’s important to note that restricting or disabling the use of cookies can limit the functionality of sites, or prevent them from working correctly.
4. USING YOUR PERSONAL INFORMATION
Personal information submitted to us via this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
We may use your personal information to:
• administer the website;
• improve your browsing experience by personalising the website;
• enable your use of the services available on the website;
• send to you goods purchased via the website, and supply to you services purchased via the website;
• send statements and invoices to you, and collect payments from you;
• send you general (non-marketing) commercial communications;
• send you email notifications which you have specifically requested;
• send to you newsletters and other marketing communications relating to our business, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
• provide third parties with statistical information about our users, but this information will not be used to identify any individual user;
• deal with enquiries and complaints made by or about you relating to the website.
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
5. DISCLOSURES
We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy. In addition, we may disclose your personal information:
• To the extent that we are required to do so by law;
• In connection with any legal proceedings or prospective legal proceedings;
• In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
• To the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
• To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this privacy policy, we will not provide your information to third parties.
6. INTERNATIONAL DATA TRANSFERS
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.
Information which you provide may be transferred to countries which do not have data protection laws equivalent to those in force in our home jurisdiction.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
You expressly agree to such transfers of personal information.
7. SECURITY OF YOUR PERSONAL INFORMATION
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on secure (password- and firewall-protected) servers. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the website).
8. PAYMENT SECURITY
Our payment service provider is Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services
(API, website, etc.).
For more information please visit: https://stripe.com/docs/security
9. POLICY AMENDMENTS
We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.
We may also notify you of changes to our privacy policy by email.
10. YOUR RIGHTS
You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject the payment of a fee. We may withhold such personal information to the extent permitted by law.
You may instruct us not to process your personal information for marketing purposes by email at any time. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes.
11. THIRD PARTY WEBSITES
The website may contain links to other websites. We are not responsible for the privacy policies or practices of third party websites.
12. UPDATING INFORMATION
Please let us know if the personal information which we hold about you needs to be corrected or updated.
13. CONTACT
If you have any questions about this privacy policy or our treatment of your personal information, please write to us by email to grithello@gmail.com or by post to GRIT, 18 Chiltern Road, Hitchin, SG4 9PJ.
Policy Written by Lucy Walder, Project Manager Updated June 2020
Reviewed by Dr Claire Powell July 2020