Last update: February 20th, 2019
1. Who we are
Greener Tywyn Gwyrdd is a voluntary community group (you can read our constitution here) focusing on positive environmental change in Tywyn and the surrounding area.
greenertytywn.co.uk is our official website which we use for communication, promotion of our activities, membership and newsletter sign-up and contact forms.
Greener Tywyn Gwyrdd (collectively referred to as Greener Tywyn Gwyrdd, Greener Tywyn, “we”, “us” or “our” in this notice) is the data controller, which means that we are responsible for processing your personal data.
For some of our services, we may rely on third party data processors who processes personal data on our behalf, for example for the purpose of sending newsletters. More information about third parties is provided in section 3.
• Full name of legal entity: Greener Tywyn
• Data privacy manager : Mr. Mathieu Gasquet
• Email address: info [at] greenertywyn [dot] co [dot] uk
2. Your personal data: what, why and how we collect it
Personal data means any information that can identify a living person, who can be directly or indirectly identified from that information.
In this section we explain which type of data we collect, how we collect it, why we collect it and which lawful basis we rely on to process your personal data.
In our case, we have determined four lawful basis:
- Consent: you may give us explicit permission when using our contact form, subscribe to our newsletter or filling a form related to a specific event (ex. a petition).
- Performance of a contract: necessary when filling out the online or paper form to become a member of Greener Tywyn.
- Legal or regulatory obligation: we may need to process your data where necessary to comply with a legal or regulatory obligation that we are subject to.
- Legitimate interest: we may need to process your data in order to conduct, manage and promote our group’s activities, to improve our work, or to give you a better and more secure experience. We carefully select the type of data and your rights before processing your personal data for our legitimate interests. We will not proceed when our interests are overridden by the impact they can have on you (unless we have your consent or are otherwise required or permitted to by law).
Note: you can find out more about lawful basis by visiting the ICO website.
Identity and contact data
- What: first name, last name, email address, postal address, phone number. Please note that not all the identity and contact data is required for every interaction. For example, to subscribe to our newsletter, we only ask for your email address.
- How: a) direct interaction. You may provide your contact and identity data when you correspond with us by post, phone or mail, when you subscribe to our newsletter, when you become a member / volunteer of Greener Tywyn by filling our the online or paper form, or when participating in a specific event. – b) automated technologies or interactions. We may receive your identity and contact data from third parties such as an online payment platform if you donate money to us (unless you’re donating anonymously) or pay for your membership fee online.
- Lawful basis: necessary for legitimate interests (keep our records updated, verify a transaction), to perform a contract with you, to comply with a legal obligation.
Identity and contact data of children (under 18)
Important: this website is not intended for children and we do not knowingly collect data relating to children with the exception of our young membership program.
- What: first name, last name, email address, parent or guardian’s postal address, children’s phone number (if he/she has one), parent or guardian’s phone number.
- How: direct interaction. The child may provide his/her contact and identity data when he/she correspond with us by post, phone or mail or when he/she subscribe to our Greener Tywyn youth membership via online or paper form. If the child is under 13, we require expressed consent from the parent or guardian.
- Lawful basis: necessary for perform a contract with him/her (youth membership), to comply with a legal obligation.
Audiovisual data (photographs and video)
- What: any digitally recorded image where a person can be identified.
- How: direct and indirect interaction. we may document the events we organise with photographs, video and sound, which include taking pictures of the persons who attend and participate at the event.
- Why: we require these photographs to document and promote our activities / events on our website, social media channels or external media such as local or national newspaper and their online website counterpart. The use of audiovisual material is strictly related to the promotion of Greener Tywyn activities. We do not use, share or sell any of this material for other purposes. If we ever decided to do so, we would ask for your expressed consent first.
- Lawful basis: necessary for our legitimate interests (documentation and promotion our event and activities)
- What: internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Why: to study and improve our website, to administer and protect our activities and this website (including troubleshooting, data analysis, testing, security, system maintenance, support, reporting and hosting of data).
- Lawful basis: necessary for our legitimate interests to running our website correctly and safely (including provision of administration and IT services, network security, to prevent fraud), necessary to comply with a legal obligation.
*Note: IP addresses are anonymised in Google Analytics meaning they end in an 0, so we do not see the precise address.
Note: at this time, online payment is not yet possible on greenertywyn.co.uk.
Through our website you have the possibility to pay online for your membership fee or donate to Greener Tywyn. These transactions can be done with a third party payment platform (Paypal) or by electronic wiring to our bank account.
We do not collect debit or credit card information, or any other type of direct payment, nor do we receive debit and credit card information from third parties.
We may receive identity and contact details about your transaction from you or the third party payment platform. For more details about third parties, see section 3.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Special Categories of Personal Data
We do not collect any Special Categories of Personal Data about you such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic and biometric data, criminal convictions and offences.
We may require information about your health when you sign for a membership or volunteer program in order to make sure we treat you with respect and in accordance to your abilities when performing activities with us.
Marketing and advertising
At this time we do not serve any type of advertising or affiliate programs on this website, nor do we use your data for marketing purposes outside of promoting the activities and events of Greener Tywyn.
If in the future we decide to use advertising, marketing or make promotional offers, including sharing your personal data with any third parties outside Greener Tywyn, we will get your express opt-in consent before doing so.
Help us to keep your personal data up to date
It is important that the information we hold about you is accurate and up to date. Please notify us of any change concerning your personal data during your relationship with us, especially if you are a member or volunteer of Greener Tywyn or have subscribed to our newsletter.
If you fail to provide personal data
Where we need to collect personal data by law, or if we need to collect it under the terms of a contract we have with you in future, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the contract you have with us but we will notify you if this is the case at the time.
3. Third parties: the data we receive from and the data we share with them
As mentioned in section 2, some of your data is collected with the help of third party providers. Here we aim to explain more in details who are these third parties, what data we share with them and which data we receive from them.
We may have to share your personal data with the third parties described below for the reasons explained in section 2:
- Service providers acting as processors based within the UK, EEA or US who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers based within the UK who provide consultancy, banking, legal and insurance.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Mailchimp, based within the US, which provides our newsletter platform.
- Paypal, based within the US, which provides our online payment platform.
- Third parties to whom we may choose to sell, transfer, or merge parts of our group or our assets. If a change happens to our group, then the new owners may use your personal data in the same way as set out in this privacy notice.
We may receive personal data about you from some of these third parties as set described below:
- Technical Data from analytics providers such as Google based outside the EU;
- Technical Data from newsletter providers such as Mailchimp based outside the EU;
- Identity and Technical data from payment providers such as Paypal based outside the EU.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Embedded content from other websites
Articles on this site may include embedded content such as YouTube videos. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We do not ordinarily transfer your personal data outside the European Economic Area (EEA).
Because some of our External Third Parties are based outside the EEA, their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
4. Data Security
We use appropriate security measures to prevent your personal data from being lost, accessed or used, altered or disclosed in any unauthorised way.
The access of your personal data is limited to the Greener Tywyn committee, members and volunteers when applicable or when appropriate. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Please note that when publishing photographs of events on our website or social media channels, we cannot stop individuals from downloading or re-sharing those images.
If we suspect any personal data breach, we will notify you and any applicable regulator of a breach where we are legally required to do so.
5. How long we retain your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For member and volunteer subscriptions, we will retain the data during the entire duration of your membership. Once the membership is terminated, we will keep your data for no longer than six months, unless required otherwise for legal reasons.
In the case of photographs, we will keep a copy of all the images taken at activities and events for archive and documentation purposes as long as Greener Tywyn is active.
6. Your legal rights
The data protection laws provides the following rights in relation to your personal data. You have the right to:
- Request access to your personal data: you can ask us a copy of all the personal data we hold about you.
- Request correction of your personal data: you can ask us to rectify inaccurate information about your personal data.
- Request erasure of your personal data: you can ask us to delete all the personal data we hold about you where there is no good reason for us continuing to process it, if you withdraw your consent to process it (applicable for data you initially consented to), if you think we processed it unlawfully or if we have to comply with a legal obligation.Note, however, that we may not always be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data: where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms
- Request restriction of processing your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request transfer of your personal data (to you or to a third party): We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us. To find our more about your rights, please visit the ICO website.
We won’t charge any fee to fulfil your request unless your request is clearly unfounded, repetitive or excessive. We may also refuse to comply with your request in these circumstances.
In order to fulfil your request, we may ask you specific information to confirm your identity and ensure that you personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.