Privacy Policy
This Privacy Policy has been created for members of Investing in Ethnicity and any subsidaries, to help you understand the data which we may collect, how we intend to securely process and store that data, and the rights you have in relation to your personal data. Along with our Terms and Conditions, this Privacy Policy makes up our agreements with you as a member or user of Investing in Ethnicity.
Summary Privacy Policy
● Data Controller: Investing in Ethnicity
● We will only collect personal information that you have voluntarily provided to us
● Depending on how you choose to interact with us, we may collect your name, email, phone number, IP address or any other contact details or content which you have provided to us. These details will only be used by our organisation (SPM Group Ltd) and its employees.
● Information provided to us by yourselves for the Maturity Matrix, will be used to provide you with reports; to analyse and report back anonymously on trends. None of your data will be externally or shared with third parties. We will only share it back with the authorised company and contacts that have submitted the data through reporting, unless with prior written agreement.
● We will always ask you before processing your data in any other ways
● We will use an anonymised aggregated version of your organisation’s data, from which you cannot be identified, to prepare and benchmark statistics and reports.
● We will never sell, rent or give away your data to other third parties
● We will only keep your information for as long as needed to answer your query or as required by applicable legislation or regulations
● We store your Maturity Matrix submission data using Microsoft 365 with enhanced privacy.
● We will use appropriate technical and organisational measures to ensure the safety, security and accuracy of your personal data
● You should contact admin@investinginethnicity.org if you have any questions about this Privacy Policy or the collection, processing and storage of your personal data.
Full Privacy Policy
1. Introduction
This Privacy Policy will help you to understand what information We collect and process using the Investing in Ethnicity initiative, hereinafter referred to as “the Service”, and the choices and rights you have in connection with your personal and organisation’s information. In this Privacy Policy when we refer to ‘Investing in Ethnicity’, ‘We‘, ‘Us‘ or ‘Our‘ we are referring to SPM Group Ltd of SPM Group Ltd, 142-143 Parrock Street, Gravesend, Kent DA12 1EY, telephone +442072581777, email admin@investinginethnicity.org, the “Data Controller” for this Service. The Data Controller is responsible for determining the processing purposes of your personal data, and the content and related services or features which are made available to you from using this Service.
2. Data Protection Framework
Investing in Ethnicity is a trading name of SPM Group Ltd is based within the United Kingdom and is registered with the Information Commissioner’s Office (ICO) as a Data Controller under the UK Data Protection Act of 1998 (registration number ZA798931).
3. What is the Purpose of this Service?
The purpose of this Service is to progress the Ethnicity agenda, by collaboration, using insights and sharing best practice with organisations.
4. Where do we collect personal data about you from?
We may collect personal data about you from the following sources:
● Directly from you. This is information you have voluntarily provided whilst entering your personal or organisation’s details through the Service.
We do not collect personal data about you from:
● an agent/third party acting on your behalf.
5. What Information Do We Collect and Why?
We will only ever collect the information we need to enable us to undertake the specific information processing activities noted later in this section. We collect and process two distinct kinds of information:
● company information to help inform our resources, the Maturity Matrix and information shared during Action Group sessions. We will only use this information anonymously unless we get your written consent. All other data and information is used anonymously to help inform our membership of best practice and trends.
● tracking information, such as the pages you have accessed, helping Us to determine how many people use Our Service, how many people visit on a regular basis, and how popular each of Our pages are. This information doesn’t tell Us anything about who you are or where you live. It simply allows Us to monitor and improve Our service.
● personal information such as your IP address, email address, username, password, approximate location and any optional information you may choose to provide to Us as part of your experience within the Service (e.g. text, photograph, meme). Should you decide to register we ask for the following information:
● Email address – we use this to send you a welcome email, and any service related communications such as resetting your password or verifying your email address. We will not send you any external marketing or third-party messages unless you have explicitly provided your consent for Us to do so.
● A password – we store this in a secure one-way encrypted system. If you forget your password, you may request that it be reset, and we will send an email to you with instructions on how to do so.
6. What legal basis do we have for using your data?
The legal basis we have for processing your data is based around the consent you have voluntarily provided us.
7. Sensitive Data
GDPR Article 9 specifies a set of special categories which are considered to be “sensitive personal data” (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) and which require special consideration by Data Controllers. This Service does not knowingly collect or process any sensitive personal information unless you have chosen to voluntarily disclose and share such information during your use of the Service.
8. Additional data
Apart from contact data collect, we will collect data in line with research and to provide members with an internal report. This data is also used to help us provide further research to organisations regarding trends and best practice to help the ethnicity agenda. All information provided by your organisation will always be used anonymously. We will never use any information you have provided to any third-parties without your prior consent.
9. User Data Rights
As prescribed within the EU General Data Protection Regulation, you have several rights connected to the provision of your personal information to Us from using the Service.
1. The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how We use your information and your rights. This is why We’re providing you with the information in this Privacy Policy.
2. The right of access. You have the right to obtain access to your personal or company information (if We’re processing it), and certain other information such as the reasons why we are processing or storing it. This is so you’re aware and can check that We’re using your personal information in accordance with data protection legislation and your agreement.
3. The right to rectification You are entitled to request that your personal and organisation’s information is promptly corrected if it’s identified as being inaccurate or incomplete.
4. The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information under certain circumstances where there’s no compelling reason for Us to keep using it. This is not a general right to erasure; there are exceptions.
5. The right to restrict processing. You have rights to ‘block’ or suppress further use of your personal or company information. When processing is restricted We can still store your information but may not be able to process it further.
6. The right to object to processing. You have the right to object to certain types of personal or company data processing, including processing for direct marketing activities.
7. The right to lodge a complaint. You have the right to lodge a complaint about the way We have handled or processed your personal data with your national data protection regulator (the Information Commissioner’s Office within the UK)
8. The right to withdraw consent If you have given your consent to anything We do with your personal or company data, you have the right to vary or withdraw your consent at any time (although if you do so, it does not mean that anything We have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw your consent to Us using your personal or company data for anonymous reporting purposes. We usually act on validated requests and provide the requested information or activity free of charge, but by law we are allowed to charge a reasonable fee to cover Our administrative costs of providing the information for:
● baseless or excessive/repeated requests, or
● further copies of the same information. Alternatively, there are reasons why We may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as We can. Generally, this will be within one month from when We receive your validated request but, if the request is going to take longer to deal with, We will let you know. To contact Us please see Section 16 below. If We do not address your request or fail to provide you with a valid reason why We are unable to do so, you have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.
10. Personal Data Breach Reporting
You have the right to be promptly informed by Us of any personal or company data loss, theft or compromise arising directly or indirectly from the Service, and any supporting systems or declared Data Processors (see Section 11) involved with delivering, supporting, maintaining, monitoring or improving the Service. Similarly, We are required to notify the Information Commissioner’s Office promptly, as the supervisory authority for the United Kingdom. As a user of the Service, you have a responsibility to safeguard and manage your Service login credentials securely. This requires you to ensure that they are changed frequently, of sufficient strength and complexity, different from any other passwords you may use, and not recorded in a format which could be accessed or guessed by others. If you suspect that your credentials have been compromised, you should notify Us immediately (see Section 16 below).
11. Declaration of Personal Data Sub-Processors
To make an informed decision on whether to provide your personal data to Us when using this Service, we need to make you aware of the organisations that act as Data Sub-Processors for Us, helping in the provision of the Service and its functionality.
These partners are as follows:
● MailChimp: Used to send Administration of Service emails such as Email Verification, Password reset and Welcome email; and other potential membership messages where you have given your explicit consent for Us to do so. Based in the United States. MailChimp complies with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
● WordPress [and authorised plug-ins]: Used to host website, supply cookies. Site privacy and GDPR
● Google Analytics: Used to provide analytics to understand how the Service is used and help provide actionable insights for improvements. Google, including Google Inc. and its wholly-owned US subsidiaries, comply with the EU-US Privacy Shield Framework, as set forth by the US Department of Commerce, covering the collection, use and retention of personal data transferred from the European Union to the United States.
● Microsoft Business: Used for email, cloud storage and data collection, comply with GDPR and UK privacy laws.
● SalesForce CRM: Used for storing company and client information, comply with GDPR and UK privacy laws.
12. International Transfers of Data
As We have described above, to be able to provide you with the Services We may transfer your personal data to partners in countries outside the EEA (such as the United States). These countries’ privacy laws may be different from those in your home country. Should We transfer data to a country which has not been deemed to provide adequate data protection standards, we always have security measures and approved model clauses in place to protect your personal data. By voluntarily submitting your personal data to us you consent to these international transfer. If you later wish to withdraw your consent, please contact the Data Controller using the details in Section 16.
13. Use of Cookies
Cookies are small text files sent by websites to your web browser and sent back to them each time you access or use the site, and may be necessary for the site to function. They are unique to you or your web browser and may contain personally identifiable information as well as technical information (e.g. your device manufacturer and model, screen resolution, internet service provider, browser, and geo-location data). Session-based cookies last only while your browser is open and are automatically deleted when you close the browser. Persistent cookies last until you or your browser delete them, or until they expire.
Further information about cookies can be found at Interactive Advertising Bureau or Out-Law’s.
14. External Links
The Service includes relevant hyperlinks (posted by us) to external websites and resources which are not directly controlled by Us. Whilst all reasonable care has been exercised in selecting and providing such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. You are advised, therefore, that your use of external links is at your own risk and We cannot be responsible for any damages or consequences caused by your use of them.
15. Changes to this Privacy Policy
We may change this Privacy Policy from time to time, and if We do so, you will be notified at your next available interaction with the Service, at which time you will be provided with the updated Privacy Policy to review and consent to before you are able to continue using the Service.
16. Contacting the Data Controller
If you have any questions about this Privacy Policy, would like to exercise any of your statutory rights or to make a complaint, please write to:
Investing in Ethnicity
Tel: +442072581777
Email: admin@investinginethnicity.org