updated Feb 2018
Statement of intent
Ethos VO Ltd fully endorses the Principles of Data Protection, as detailed in the Data Protection Act 1998, and the EU General Data Protection Regulation (GDPR) 2016.
What this document is about
This Policy explains when and why we collect personal information about people who visit our websites, or those we work with, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By sharing data with us, you’re agreeing to be bound by this Policy. Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org
Who are we?
We need your permission!
Our primary purpose is to improve individuals’ lives through better work, living and well-being. In order to do this we need your active consent to hold your personal data.
However we engage with you (face to face, telephone, email, online) we are completely supportive of the importance of an individual being in control of their own personal data. Practically speaking, this will mean asking (and possibly re-asking) for permission to hold and process your personal data. You will see something like this and you will have to make a choice.
☐ – Yes, please keep my details on file. Keep trying to improve my working, living and well being (link to current privacy, security and data sharing policy)
☐ – No – remove all records about me. Other than those needed legally
☐ – Somewhere in between (manage my personal data. Subscribe to mailers, see what Ethos has on me!)
How do we collect information from you?
We obtain information about you when you use our websites, for example, when you complete a registration form, contact us about our services, or if you register to receive one of our email newsletters.
We may also gather information from you directly at events or meetings we both attend.
What type of information is collected from you?
The personal information we collect might include your name, address, email address and other personal information as required by our projects.
How is your information used?
We may use your information to:
- to carry out our obligations arising from any contracts entered into by you and us;
- seek your views or comments on the services we provide;
- notify you of changes to our services;
- send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, events, and promotions of our associated companies goods and services
- process a service registration, event invitation or job application.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example for project evaluation purposes). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process job or placement applications or training course registrations and send you mailings). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the Ethos network of organisations and initiatives for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us or our products and services, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us by email: email@example.com
How you can access and update your information
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your email address, or any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org
You have the right to ask for a copy of the information Ethos holds about you.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information, such as CVs or employment details, is acquired via an encrypted web connection and stored on a secure server. Only authorised users are able to access this data, as and when required to provide the services to which you have subscribed, in accordance with our privacy policies and again only over secure connections.
In most web browsers you can check that you are using a secure connection, typically indicated as a padlock icon in the address bar.
Third party applications
We use the Google Drive, Slack and Dropbox applications to transfer, share and store information including data files when necessary. Dropbox, Slack and Google Drive protect user files with encryption. Our Google Drive system also has two-step verification enabled, which requires an extra code texted to the user’s phone to access the account, making it harder for hackers to access a user’s data. Both services use perfect forward secrecy, which prevents hackers from using old session keys to hack files stored in the cloud.
Any US-based services that we work with are Privacy Shield Compliant. The US Privacy Shield framework, which will be reviewed in 2018, has been co-developed by the US Department of Commerce and the European Commission to provide mechanisms to protect the flow of personal data between the EU and the US.
Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Review of this Policy