This notice sets out what personal data we hold, how we store and process it, how we maintain it including updating and deleting data. It covers how you can request to see what data we hold about you (a “subject access request”) and what we will do if any data is disclosed to people who should not have access to it (our “data breach policy”).
Your information and how we collect it
Information collected via the website and cookies
Use of our website is subject to your acceptance of cookies. A full list of the cookies we use is available on request.
If you buy our products and services or ask to be added to our mailing lists
If you register to receive our emails or purchase a product or service from us, including becoming a member or supporter, we will store the information which we need to process your mailing subscription request and/or order, which you may have given us via online forms, on paper or by phone, on our contact database (SheepCRM) and online shop (WooCommerce), and on our mailing list system (MailChimp). If you are a customer or supplier, we will also hold details about you on our finance database. We are required by company law to keep financial records for six years.
What data we collect
The information we collect is likely to include your name (first name, surname, title, honours), contact details (address, phone, fax, email), job title/role, organisation (if applicable) and mailing preferences such as whether you wish to receive email updates about campaigns, products and services or local branch events. If you book a place at a face-to-face event, we may also collect data such as dietary and access requirements. If you book an event on behalf of another person we will hold the details you supply for that person as well as yourself.
We use a third-party supplier (GoCardless) to process direct debit payments for membership. Credit and debit card payments are also processed via a third-party (Stripe). We do not hold or store any bank, card or other payment details from customers.
For those closely involved with Early Education, we hold information as to their roles eg trustee, patron, Associate, staff member, branch officer, and any branches with which they are associated. In the case of trustees and Associates we hold a professional profile and (for Associates only) a photograph.
On what basis we process your data
If you have purchased a product or service from us, we process your data on a contractual basis in relation to your contract with us to deliver that product or service to you. Your data will only be processed in relation to that purchase and any relevant follow up such as to notify you of related products or services that we think may be of interest to you.
For all other purposes, we will only process your data if you give us your consent for us to use it for specific purposes, namely to keep you informed about our campaigns, to send you updates about our products or services, or to receive updates about your local branch’s activities.
What we do with your data
We use the information we collect about you to:
- improve your browsing experience of our website
- process your order for goods or services, eg membership, books, training courses or events
- send you relevant news and updates if you have opted to receive these
- analyse use of our services.
We will only use your data to contact you to send you updates about our activities or tell you about new products and services that may be of interest if you have given us consent to email you by opting in to receive such updates or if we have a contractual basis to do so (ie if you are a member or supporter).
We will not pass your information to any third parties for their own use, but we do contract some of our services to third-parties, eg our mailing house and outsourced finance provider, who will process your data on our behalf in order to send out our mailings and process our financial transactions as required. Any organisations which process your data on our behalf are required to comply with the General Data Protection Regulations and our data protection policies.
Updating and deleting data
Your data will be stored in line with legal requirements, such as that we must keep records of all financial transaction for six years. We will delete personal data once we no longer need to store your data for such purposes, if we do not have current permission from you to use the data to keep you in touch with our activities and services.
We will aim to keep our records up to date through periodically asking you to reconfirm that your details are correct and that you still wish to hear from us. We monitor bouncebacks from emails and returned post and attempt where possible to obtain updated contact details in such cases. Where updated contact details cannot be obtained, we delete from our database contact details which are no longer current.
Who has access to your personal data
Access to our contact database is restricted to Early Education staff and volunteers who need this to carry out their work. Early Education branches are given access to up to date lists of members for their branch, but these do not include contact or other personal details. Our outsourced finance support company has access to our online finance system, which includes contact details for customers and suppliers where needed. Where third parties need access to data to perform outsourced functions such as print or online mailings, we ensure they comply with GDPR regulations, and they have access to subsets of data only insofar as is necessary to carry out the contracted task, and on a time-limited basis.
When we would disclose your data
We will not disclose your data to third parties unless legally required to do so.
Security and risk management
We have security measures in place to protect the loss, misuse and alteration of the information under our control. We have procedures and security features in place to prevent unauthorised access and use of your information.
All personal data is kept securely. Our online contact database, online documents and finance system are password protected and restricted to those staff and contractors who require access.
How to find out what data of yours we hold
If you are registered as a user on our contact database you may view and amend your data at any time, using the process set out below.
You can contact us to find out what information we hold on you (this is called a Subject Access Request in the General Data Protection Regulations). You can do this in two ways:
- If you are registered as a user on our contact database, you can log in to see the data we hold. You can register as a new user at any time, and provided that you verify your email address, you will be able to access any data linked with that email address. If you cannot remember your password, please reset it using the automated service available via that link.
- If your account is not linked with an email, or you are unable to log in or if you wish to know about data not held on the contact database, if applicable, you should contact us via the contact details below.
We will aim to respond to such requests within one month. If your request is manifestly unfounded or excessive, we reserve the right to refuse it, or to charge you for the staff time which would be involved in complying. If we do so, you have the right to complain to the Information Commissioner’s Office, or to the courts.
Unsubscribe or update your information
You can unsubscribe from our email list, update your mailing preferences or correct the contact information we hold by logging into your user account or contacting us via the contact details below.
Our website site may contain links to other sites. We are not responsible for the privacy practices or the content of such websites.
We are happy to answer any questions that you may have about this Privacy Notice or the use of your information. For more information, please contact us by phone, email or letter.
You can contact us via the details in the webpage footer.