GRIT is registered under the Data Protection Act 2018 under number ZA312166. Our registered charity number is 1176272.
1. WHAT INFORMATION DO WE COLLECT?
We may collect, store and use the following kinds of personal information:
• Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation;
• Information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any donations, or transactions you make of our goods or services;
• Information that you provide to us for the purpose of registering with us;
• Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;
• Any other information that you choose to send to us.
2. WEB TRAFFIC
We use a third party, Square Space, to measure our website’s audience and usage.
Cookies are small pieces of data, stored in text files that are stored on your computer or other device when websites are loaded in a browser. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits (using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on that site (‘third party cookies’).
4. USING YOUR PERSONAL INFORMATION
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
We may use your personal information to:
• administer the website;
• improve your browsing experience by personalising the website;
• enable your use of the services available on the website;
• send to you goods purchased via the website, and supply to you services purchased via the website;
• send statements and invoices to you, and collect payments from you;
• send you general (non-marketing) commercial communications;
• send you email notifications which you have specifically requested;
• send to you newsletters and other marketing communications relating to our business, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
• provide third parties with statistical information about our users, but this information will not be used to identify any individual user;
• deal with enquiries and complaints made by or about you relating to the website.
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
• To the extent that we are required to do so by law;
• In connection with any legal proceedings or prospective legal proceedings;
• In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
• To the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling; and
• To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
6. INTERNATIONAL DATA TRANSFERS
Information which you provide may be transferred to countries which do not have data protection laws equivalent to those in force in our home jurisdiction.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
You expressly agree to such transfers of personal information.
7. SECURITY OF YOUR PERSONAL INFORMATION
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on secure (password- and firewall-protected) servers. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the website).
8. PAYMENT SECURITY
Our payment service provider is Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services
(API, website, etc.).
For more information please visit: https://stripe.com/docs/security
9. POLICY AMENDMENTS
10. YOUR RIGHTS
You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject the payment of a fee. We may withhold such personal information to the extent permitted by law.
You may instruct us not to process your personal information for marketing purposes by email at any time. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes.
11. THIRD PARTY WEBSITES
The website may contain links to other websites. We are not responsible for the privacy policies or practices of third party websites.
12. UPDATING INFORMATION
Please let us know if the personal information which we hold about you needs to be corrected or updated.
Policy Written by Lucy Walder, Project Manager Updated June 2020
Reviewed by Dr Claire Powell July 2020