Our Privacy Policy

1. Introduction

Last update: October 2024
‍
OnePlusOne ("we," "us," or"our") is a registered charity that operates a business websitewithin the UK/EU area. We are committed to protecting and respecting yourprivacy. This Privacy Policy sets out how we collect, use, disclose, andprotect any personal information you provide to us when using our website andrelated services. We comply with the General Data Protection Regulation (GDPR)and other applicable data protection laws.

OnePlusOne are the designated data controller for thepurposes of the General Data Protection Regulations. Certain third partyservices we use will be designated as a data processor on our behalf.

We have appointed a Data Protection Officer (DPO) to oversee data privacy compliance. You can contact our DPO for any data-related queries:

Data Protection Officer: DPO@oneplusone.org.uk

2. Information We Collect

We may collect and process the following types of personal information:

• Information you provide by filling in contact forms on our website, including your name, email address, phone number, and any additional comments you choose to provide.
• Information you provide when signing up for our newsletter service, which is facilitated through a service called MailChimp. This includes your name and email address. You have the option to unsubscribe from our newsletters at any time by clicking the"unsubscribe" link in the email.
• Information you provide when signing up for our lunch and learn communication, including your full name, email address, and county council or organisational representation. This communication is also managed through the MailChimp service.
• Information collected automatically through functional and statistical third-party services, such asGoogle Analytics, Vimeo, TypeForm, Stripe (for donations), and Memberstack. This information may include your IP address, browser type, operating system, and other technical data about your device and its interaction with our website.
• We collect data through cookies, including behavioural tracking, with explicit consent, to offer personalised experiences. You can refer to our Cookie Policy for detailed information.
• Information collected through cookies. Please refer to our Cookie Policy for more details on our use of cookies.

3. How We Use Your Information

We use your personal information for the following purposes:

• To communicate with you and respond to your inquiries.
• To provide you with information about our services and newsletters if you have opted to receive them.
• To personalise content and improve user experiences, based on consent. To analyse data to improve our website and services.
• To manage our lunch and learn communication.
• To improve our website and services through data analysis and statistical insights.
• To process donations and other transactions made through our website.
• To comply with legal and regulatory obligations.
• To fulfil accountability requirements under UK GDPR, including record-keeping and responding to data subject requests promptly.
• Carry out research to develop our interventions (covered by our Research Privacy Policy).
• To personalise content and improve user experiences, based on consent.
• To analyse data to improve our website and services.
• Carry out research to develop our interventions (covered by our Research Privacy Policy). To carry out research as described in our Research Privacy Policy.

4. Legal Basis for Processing

We process your personal information on the following legal bases:

• With your consent when you voluntarily provide us with your information.
• To fulfil contractual obligations when you sign up for specific services.
• For legitimate interests, such as improving our website and services, and providing you with relevant communications.
• To comply with legal obligations under the UK GDPR, such as responding to data breaches or data subject requests.
• Legitimate research data voluntarily provided from you by participating in our research events.

5. Data Sharing

We may share your personal information with third-party service providers who assist us in operating our website and providing services to you. These service providers are contractually obligated to handle your data securely and only process it on our behalf. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We ensure all third parties comply with UK GDPR by signing data processing agreements, outlining their responsibilities for data security.

We may also share your personal information with collaborative researchers for legitimate research purposes, as described in our Research Privacy Policy. We ensure all third parties comply with UK GDPR by signing data processing agreements, outlining their responsibilities for data security.

6. Data Transfers

We do not transfer your personal data outside of the UK/EU area. If we transfer your data outside the UK or EU, we will ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your rights in accordance with the UK GDPR.

7. Data Security

We implement reasonable technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. We use encryption for data storage and data transfer using SSL. Access to certain data is controlled through access management controls.

We conduct regular vulnerability assessments, penetration testing, and provide staff training on data security as per ICO guidance

We conduct regular vulnerability assessments, penetration testing, and provide staff training on data security as per ICO guidance

8. Your Rights

Under the GDPR, you have the following rights regarding your personal information:

• Right to access: You can request a copy of the personal information we hold about you.
• Right to rectification: You can ask us to correct any inaccuracies in your personal information.
• Right to erasure: You can request the deletion of your personal information (please also refer to our Research Privacy Policy).
• Right to restrict processing: You can request that we limit the processing of your personal information (please also refer to our Research Privacy Policy).
• Right to data portability: You can request to receive your personal information in a structured, machine-readable format.
• Right to object: You can object to the processing of your personal information in certain circumstances.
• Right to withdraw consent: If you have given your consent for specific processing, you can withdraw it at any time (please also refer to our Research Privacy Policy).
• Right to lodge a complaint with ICO: If you believe your data rights have been violated.

9. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page, and the updated PrivacyPolicy will be effective from the date of posting.

10. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your personal information, please contact us at:

Email: dpo@oneplusone.org.uk