We, Global Angels, are committed to protecting and respecting your privacy. This policy, together with any other documents referred to, sets out the basis on which we will process any personal data that we collect from you, or that you provide to us.
For the purpose of the Data Protection Act 1998 (Act) / EU General Data Protection Regulation 2016 (GDPR), the data controller is Renate Doma, Global Angels, at our London office.
- Individuals whose data we collect and process
We collect and process data from a range of individuals, for the purpose of our legitimate legal and business interests as defined in Article 6.1 of the GDPR, including:
- Members of staff (Staff)
- Job applicants (Potential Staff)
- Individuals who are end users of our services (End Users) like trip participants and donors to projects
- Individuals who we judge may become end users of our services (End Users)
- Individuals whose services we employ or may consider employing to carry out our services (Contractors)
- Individuals who form part of the event teams for fundraising events on which we work or provide specialist services for our projects (Specialists and Volunteers)
- Individuals who may form part of the teams for projects on which we will work or will need to provide specialist services for our projects (Specialists and Volunteers)
- Information we process about Individuals
We collect and process relevant data about Individuals:
- Information you provide by filling in any forms we require for legitimate business use
- Information you may send to us for legitimate business use
- If you contact us about donations and ways to get involved, and we need to keep a record of that correspondence
- Information we prepare – such as contact lists for project teams or attendees noted in the minutes of meetings
- Information we prepare and circulate – such as guest lists – relating to the management of our legitimate marketing activities
- If you allow us to use your name as a reference or testimony for marketing purposes
- If you offer us a service, and we want to keep a record of that correspondence
- Details of any transactions you carry out with the charity
- Any information incidental to that listed above.
Sensitive data information is only collected for health and safety reasons (physical or mental health condition) or tracking our diversity profile as a company (racial / ethnic origin)
- Information we process about End Users
Information is processed for our legitimate use only; and is not shared with any uninvolved third party.
- Retention & Deletion
Global Angels retains your information while you remain of interest to our legitimate purposes. We will retain your information unless you request that your details be deleted. We will only contact you if we believe the information we intend to send you could be of ‘legitimate interest’ to you or your company.
We keep information for the following typical length of time:
Members of staff
- We keep their records
- 6 months
Individuals who are end users of our services (End Users)
- As long as our liabilities last for that project (normally 12 years)
Individuals who may become end users of our services
- 2 years after last contact
Individuals whose services we employ to carry out our services
- We keep their record
Individuals who form part of the volunteer teams for projects on which we work
- As long as our liabilities last for that project (normally 12 years)
Subject to applicable law, Global Angels may retain information after account deletion:
- If there is an unresolved issue relating to your account, such as an outstanding invoice on your account.
- If necessary for its legitimate business interests, such as fraud prevention.
- If we are required to by applicable law; and/or in aggregated and/or anonymised form.
Any personal information in hard format will be shredded.
- IP addresses, cookies and similar technologies
We do not collect information about your computer.
- Where we store Individual’s personal data
We retain hard copies of personal staff information and this is kept under lock or key in the office or out of the office in a secure location.
- Security and Control of Data
All electronic information you provide us is stored on our secure servers and is accessible only by you if you are an Authorised User(s) of our software. Once we have received your information whether collected by us or on our own, or on our customer’s behalf, we will use strict procedures and security features in order to reduce the risk of unauthorised access.
We have the highest level of encryption for our website. passwords and any software we are using.
Data breaches will be reported within 72 hours of discovery and the person(s) notified.
We note that the transmission of information via the internet is not completely secure. Any transmission you send us is at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site.
- Personal data on social media
Our use of personal information on social media sites is subject to our social media policy.
- How we use your information
We use information held about you in the following ways:
- To ensure that correspondence from our offices is presented in the most effective manner for our end users or potential end users;
- To provide you with information or services that you request from us or which we feel may interest you
- To carry out our obligations arising from any contracts entered into between you and us;
- To notify you about changes to our service
- We do not disclose personal information about individuals to advertisers or sell your information to any other organisation for marketing purposes.
- Sharing your information
We will not share your information with third parties except
- When, by your agreement, you allow us to use your name as a reference or testimony for marketing purposes and obtaining new clients
- Links to other sites
Our website will, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
- Accessing your Information
The Act gives you the right to access information held about you. You can find out if we hold any personal information about you by making a “data subject access request” under GDPR 2016. If we hold information about you we will:
- Give you a summary of it;
- Tell you why we are holding it;
- Tell you who it could be disclosed to
Any formal subject access request should be made in writing to the address above. This will be provided FOC. However we may charge a reasonable fee for repetitive, unfounded, or excessive requests or additional copies.
13. How can you Update or Change your Information?
If at any time you wish to change your information, you can contact us, providing the updated information.
If you wish to opt out of any notifications, invitations and communications you can contact us and we will ensure you do not receive any more communications.
14. Data Subject Rights
- Right to Rectification – the right to request the controller rectify inaccurate personal data.
- Right to Object – the right to object to processing based on either public interests or legitimate interests. Processing will stop, unless the controller demonstrates compelling grounds for continuing the processing or that the processing is necessary in connection with the controller’s legal rights.
- Right to Object to Direct Marketing
- Right to be Forgotten – the right to have the controller erase personal data without undue delay. Contingent on the occurrence of one of the following:
- The data is no longer necessary;
- The data subject withdraws consent (and consent is the legal basis for processing);
- Controller has no overriding grounds for continuing processing against the objectification;
- Processing was unlawful;
- Erasure is necessary with EU or national law.
- Right to Restrict Processing – the right to have the controller restrict processing if:
- The accuracy of the data is contested;
- Processing is unlawful;
- The controller no longer needs the data for its original purpose, but needs it for legal purposes;
- Erasure is pending.
- Right of Data Portability – the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller. This will either be in .xls or .csv format.
30 Manor Avenue