- what personal data we collect about you;
- why we collect that personal data;
- who we share your personal data with;
- the rights you have in relation to your personal data;
- how we keep your personal data secure.
When we talk about "Personal Data" in this policy, we mean any information which could be used to identify you, either directly or indirectly. It can include your name, email address, contact details.
What Personal Data we collect about you
We may collect, store and use the following kinds of Personal Data:
1.1 Information about your computer and about your visits to and use of this website;
1.2 Information that you provide to us for the purpose of registering with us; making contact with us and/or applying to us for investment;
1.3 Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters.
Why we collect Personal Data
We may collect your Personal Data in order to:
2.1 Assess your enquiry or application for social investment
2.2 Send you email notifications or updates, which you have specifically requested;
2.3 Send you marketing communications relating to SASC which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
2.4 Deal with enquiries and complaints made by you relating to the website.
How to stop notifications or marketing messages from SASC
You can stop receiving marketing messages from us at any time.
You can do this:
- By clicking on the ‘unsubscribe’ link in any email
- By contacting email@example.com
Once you do this, we will update your profile to ensure that you do not receive further marketing messages.
Please note it might take a few days for all our systems to be updated, so you might get messages from us while we process your request.
Who we share your Personal Data with
We may share your Personal data only as described below:
3.1 Third Parties Working For Us
3.2 Following the Law
We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to comply with the law or to protect our rights. When we receive law enforcement or national security requests for information, we strongly believe in privacy and transparency. We scrutinise such requests carefully and challenge vague, overbroad or otherwise unlawful requests. And when legally permitted, we provide our users with notice that their information is being requested. This notice is provided so that you have the opportunity to challenge such requests.
3.3 Business Transfers
If we're involved in a reorganisation, merger or acquisition, your information may be transferred as part of that deal.
The rights you have in relation to your Personal Data
Where we are holding your Personal Data, you have the following rights relating to this information:
- The right to be informed about how we are using your personal information.
- The right to access the personal information that we hold about you.
- The right to request the correction of inaccurate personal information we hold about you.
- The right to request that we delete your data, or stop processing it or collecting it, unless required for statutory purposes.
- The right to stop direct marketing messages, and to withdraw consent for other consent-based processing at any time.
- The right to request that we transfer elements of your data either to you or another service provider.
- The right to complain to the Information Commissioner’s Office in the UK if you believe that your personal information is compromised in any way.
If you want to exercise any of your rights, have a complaint, or just have questions, please contact firstname.lastname@example.org
In some circumstances, where your request is found to be “excessive” we can deny your request or charge for your request.
How we keep your Personal Data secure
5.1 SASC commits to holding your data securely and we have various security measures in place to protect all Personal Data that we hold. Internally, access to Personal Data is restricted so that staff only have access to data required in order to carry out their duties. We deliver regular staff training on data protection.
5.2 To protect ourselves from external threats, we maintain active cyber security management and password protection on all SASC computers. Hard copies are stored in locked cabinets.
5.3 As part of our ongoing contractual agreements with third-party processors, we work to strict rules and policies. We hold specific GDPR-compliant contractual agreements with our external data processors. We apply certain selection criteria to third-party providers who maintain an off-shore presence. These third-party companies ensure that they adhere to a Privacy Shield Agreement (US-EU, Swiss Shield) and comply with the GDPR List of compliant countries. Any transfers to non-adequate countries are forbidden.
5.4 We have varied retention periods for each type of data we process but will always try to limit the length of time we hold your data. We keep data that does not have to be retained for statutory reasons no longer than necessary for the purposes we obtained it for.
5.5 We currently provide social investment only to organisations established in the UK and therefore have a general policy of not transferring any personal data outside of the UK.
Want to find out more?
If you would like to contact us about any of the above information, please write to us at email@example.com or call us on 020 3 874 3332 and we will be happy to answer any queries.