We are committed to letting you know what data we collect, why we collect it, and what we do with it. If you have any questions about how we use your personal information or comply with data protection legislation, please get in touch.
1.0 Our principles regarding user privacy and data protection
- We believe user privacy and data protection are human rights
- We take protecting your privacy seriously, and we recognise we have a duty of care to the people whose data we hold
- We will only collect and process data when it is absolutely necessary, and when we do, we will make it clear why we are doing so and how it will be used
- We will not send you regular email newsletters that you have not subscribed to – we hate spam as much as you do! We will always give you the choice to unsubscribe
- We will not share your personal information with anyone else without your permission
2.0 Personal information collected by this website (and why we collect it)
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We will process all personal data lawfully, fairly and in a transparent manner. The General Data Protection Regulation (GDPR) sets out six lawful grounds for processing personal data, of which this site relies on the following bases:
- (i) For the performance of a contract
- (iv) Legitimate interest
- (vi) Consent
This website collects and uses personal information in the following ways, for the reasons specified:
2.1 Cookies and tracking site visitors
Disabling cookies on your internet browser will stop this site from tracking any part of your visit to this website. Further information on how to enable and disable cookies is available from aboutcookies.org.uk, www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to do this. However, some of our website features may not function correctly as a result.
Clicking any link on our website is taken as implied consent to our placing cookies on your device, unless you have disabled them in your browser as described above.
2.2 Uses made of information
We use personal information held about you:
As part of our efforts to keep our website safe and secure
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and research purposes
- To personalise and optimise your experiences as part of our provision of the service
- To provide you with our service and to communicate with you in respect of your use of the service.
- To allow you to participate in interactive features of our service, when you choose to do so, such as responding to surveys or registering to receive email updates from us.
- To ensure that content from our website is presented in the most effective manner for you and for your computer. This involves conducting data and system analytics to develop and improve our service. In such circumstances we shall use anonymised data to the extent possible.
2.3 Contact forms and email links
Should you complete a form on our site, none of the data that you supply will be stored by this website or passed to/be processed by any of the third-party data processors defined in Section 4.0.
3.0 About this website’s server
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
4.0 Our third-party data processors
5.0 Other websites
Our website contains many links to and from other websites. If you follow a link to any of these websites, please note that they will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
5.1 Community and social networks
6.0 Website data breaches
In the event of an unlawful data breach of this website’s database or the database(s) of any of our third-party data processors, we will report it to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
7.0 Requesting your personal data
Individuals have the right to the personal data that an organisation such as GEC holds on them. You can request your personal data by making a subject access request.
There is no fee for making a subject access request. This should be done by contacting us to provide GEC with the necessary information needed to deal with your request.
The right of access extends to all information held on an individual, and includes staff files, databases, interview notes and emails referring to the individual.
However, there are a number of exemptions which effectively allow personal data to be withheld. To consider and apply an exemption will be dependent on the purpose for which the personal data is being processed, and will be considered and undertaken on a case-by-case basis. There is more detailed guidance on exemptions available from the Information Commissioner's Office.
The data controller (see section 9.0) is required to communicate to the data subject the information it holds in an intelligible form within 1 month or up to 2 months if the request is complex. This timeframe starts from the date the request is received by the data controller, and the data controller has been provided with sufficient information by the data subject to locate the information being requested.
8.0 Relevant legislation
This website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 2018 (DPA)
- EU Data Protection Directive 1995 (DPD)
- Privacy and Electronic Communications Regulations (PECR) 2003
- EU General Data Protection Regulation 2016 (GDPR)
This site’s and GEC's compliance with the above legislation, all of which are stringent in nature, means that this site and GEC is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residence’s specific data protection and user privacy legislation you can contact our data protection lead (details of whom can be found in section 10.0) for clarification.
9.0 Data controller
The data controller of this website is: International Institute for Environment and Development (IIED): an independent charity registered in England (charity number 800066) and in Scotland (OSCR number SC039864). Our registered office is Third Floor, 235 High Holborn, London, WC1V 7LE, UK.
10.0 Data protection lead
Catherine Baker, Tel: +44 (0) 20 3463 7399 Email: firstname.lastname@example.org
11.1 How to contact us
Questions, comments and requests regarding how we use your personal information or comply with data protection legislation, please contact us.
11.2 Change log
Version 2.0 GDPR revised, updated 15 May to ensure compliance with GDPR legislation.