UN-AGE is committed to protecting your personal information, respecting your privacy and security is very important to us. This policy sets out the basis upon which information is collected about you by UN-AGE, through using UN-AGE’s website, email, social media and other electronic platforms, and the use of the personal information you provide to us in person or online, via email, phone, in writing or other correspondence. For example, your personal information may be collected or provided by subscribing to the UN-AGE email Newsletter through our website, reserving a place at one of our events, applying for one of our opportunities/commissions, emails, correspondence, fundraising or campaign responses. Please read this policy carefully as by providing your personal data to UN-AGE you may be deemed to have consented to the processing of such data.
Who we are
UN-AGE is funded by Paul Hamlyn Foundation and via crowdfunding currently. UN-AGE is a Company Limited by Guarantee, Registered in England and Wales www.un-age.com
UN-AGE is an initiative to connect young and older people to start new businesses together.
UN-AGE may collect personal data as part of our activities, however we will never share, sell or rent your details with any other organisation(s) or individuals outside of UN-AGE without prior and explicit consent.
The personal data that we process and store
We may collect personal information about you when you request a specific service from us using online forms and/or email us or communicate in person, over the phone and through third party sources.
UN-AGE may collect several different types of personal information from you depending on which of our services you choose to use, but which may include all or any of your:
- first name
- postal address (including billing/shipping addresses and postcode)
- telephone number (including home and mobile phone numbers)
- photograph/film media (for example documentation taken at one of our events, archived media for our website resources and/or Study Room, promotional materials for past, current and upcoming projects/events/resources/publications)
- email address
- social media account ID (including your Facebook username and Twitter or Instagram handle)
- device information (such as MAC address, IP address, operating system and browser type)
- location information (such as a GPS signal emitted by your mobile device)
- date of birth
- narrative or written information submitted to us by you (for example, information within job or workshop opportunity applications, or email submissions)
- information necessary for legal compliance (including details of ethnicity or disability/access requirements)
- payment information (such as bank account details, or debit/credit card details)
- educational institute details (such as your school, university or college)
- marketing preferences (for example, where you have opted in to receive our email newsletter/s)
- reasons for contacting us, such as enquiries or requests
- opinions, preferences, feedback, complaints, comments and/or suggestions (including comments made on our social media pages and online discussion forums)
- online browsing habits, activities and behaviour (such as which of our web pages you have visited and when you visited them)
- Mailchimp email newsletter statistics such as when you have opened a newsletter and what links you have clicked on within it.
- visit history, habits, activities and behaviour (such as when you visited our Study Room, or event attendance)
- preferences, access needs and dietary requirements
- employment related information (your job/employer, also if you apply for a job, placement, internship or volunteer post)
This list is not intended to be exhaustive and may be updated from time to time as our organisational needs and legal requirements dictate. All such data is/will be stored in password protected systems that are only accessible by core UN-AGE staff.
How we collect and use personal information
UN-AGE retains all data under three different lawful bases, under General Data Protection Regulation (GDPR) for communication and processing:
1) Due to the nature of UN-AGE’s work as a professional development agency the majority of individuals that communicate with UN-AGE or engage with UN-AGE’s activities do so in a professional capacity or as business-to-business (B2B) contacts. Therefore the following data collection/processing from professional or B2B contacts fall under the ‘Legitimate Interest' basis: - Retaining your name and contact details to contact you for collaboration or with industry related information/enquiries/resources. - Monitoring your preferences, history of engagement with us, record of past/present job roles and places of work. This information could be used for internal research purposes, such as monitoring statistics to improve our programme or communication methods.
2) Other data collection and processing involved in services you have requested from UN-AGE, falls under the ‘contractual obligation’ basis : - Contacting you to respond to your queries (if you email us, for example). - Informing you of information and/or changes to an event or project, which you have shown interest in (if you have reserved a place at an event, for example). - Monitoring your preferences or history of engagement with us. This information could be used for anonymous internal research purposes, such as monitoring statistics to improve our programme or communication methods.
3) Finally, with your ‘prior consent’, your personal data may also be used for: - Sending you UN-AGE activities related Email Newsletter. - Contacting you concerning UN-AGE’s support/fundraising invitations/requests. - Other forms of direct marketing (Flash Email Newsletters, event invitations, surveys).
Please note: If you are subscribed to one of our email newsletters distributed through Mailchimp or follow us on social media we can monitor performance tracking through these platforms.
For the services listed in option 3, you have the option to opt-out of such communication at any time.
These lists are not intended to be exhaustive and may be updated from time to time as our organisational needs and legal requirements dictate.
Data protection, safety and security
We protect the security of your personal information in accordance with our legal obligations.
Your personal details will never be shared with any other outside sources for promotional reasons, or for use other than UN-AGE initiatives. When working in partnership with other organisations we may ask you if you would like your data to be shared with such partners and if you agree, we will do so.
All of the data we collect is stored on one of the systems listed below. These systems are all password protected, and receive regular updates and maintenance:
- Cloud based drives
- Online application portal
- CRM database
For any questions please
Retaining your personal information
Due to our mission as both a business support and advocacy organisation, we will retain the personal information that you have provided to us indefinitely.
If you wish for your personal information to be removed from our records you may make a right to erasure request by sending us an email at firstname.lastname@example.org
Data breach procedure
In the result of a data breach, UN-AGE has 72 hours to report the incident to the Information Commissioner's Office (ICO), UN-AGE’s Board and the individuals affected.
A data breach could be but is not limited to, personal information being shared outside of UN-AGE.
Under GDPR, as an individual, you have the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object For full information see: https://ico.org.uk/for-organisations/guide-to-the-general-data- protection-regulation-gdpr/individual-rights/ If you would like to make a subject access request or implement your right to be forgotten, please contact us here with the subject line “Subject Access Request” or “Right to be Forgotten”.
In line with GDPR:
- UN-AGE will respond within 40 days.
- UN-AGE can refuse or charge for requests that are manifestly unfounded or excessive.
- If we refuse a request, we will explain to the individual why, without undue delay within 40 days, and that they have the right to complain to the supervisory authority and to a judicial remedy.
- We may charge to administer “Subject Access Requests” to cover any overheads such as staff time, printing and postage.
Challenges and conclusions
UN-AGE has a sound understanding of the impacts that the implementation of GDPR will have in most areas, and an understanding of where we require further information to make proper assessments and actions. We have aspired to understand the new legislation and implement preparatory work accordingly. This work has taken place in the context of UN-AGE being a small not-for-profit organisation, with limited resources and a lack of specialist knowledge in this area, while endeavouring to relate the requirements of the new legislation to our mission. We have sought and will continue to seek advice and review further information provided by ICO and other governing bodies to meet full compliance as we understand it, and will update this Policy in future where necessary. This policy was last updated on 23/05/2018 and is under continuous review. For further information please visit https://ico.org.uk/for-the-public.