Community Made Solutions Ltd is a company limited by guarantee registered in England and Wales, company number 5105212, registered address 15 Paternoster Row, Sheffield S1 2BX, UK.
Community Made Solutions Ltd acts as a data controller with respect to the collection and use of personal information. In some circumstances Community Made Solutions Ltd also acts as a data processor in the collection and processing of personal data on behalf of third parties.
• We will only ever ask you for information that we really need to know.
• We will be transparent, honest and fair in our collection and use of your personal data.
• We will put appropriate security measures in place to protect personal data that you share.
• We will never sell your data.
We review this Policy from time to time. Any changes will be published at www.cmso.co.uk/privacy.
Please check our website occasionally to ensure you are happy with any changes. By consenting to our processing of your personal data, you agree to be bound by this Policy.
You can contact us at email@example.com
1. Purposes for which collect personal information
We may use your information to:
• process requests that you have submitted;
• carry out our obligations arising from contracts you have entered into with us;
• provide you with services and support that you have requested from us;
• process an application for a job or a volunteering opportunity.
• Conduct research into the impact of our work;
• send you communications you have requested and that may be of interest to you.
• notify you of changes to our organisation;
2. Information that we collect
The type and amount of information we collect depends on why you are providing it.
We will usually ask you for your name and email address and we may request other information where it is appropriate and relevant, for example for the delivery of services and support.
This additional information might include:
(1) Your physical address and/or telephone number;
(2) Details of why you have decided to contact us;
(3) information about your computer and your visits to our website including your IP address;
(4) information about the services of interest to you or any communication preferences you give;
(5) if you are a beneficiary of services and support provided by us or our partners, information that you disclose to us in order to assist us in the provision of those services and support;
(6) If you are a job applicant the information you are asked to provide as set out in the application pack and necessary for the purposes of considering the application.
(7) any other information shared with us in relation to the different purposes set out at clause 1
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent.
3. Communications and marketing
Where you have provided us with your physical address, we may contact you by post; and where you have provided appropriate consent, also by telephone and e-mail, with targeted communications to let you know about our events and/or activities that we consider may be of particular interest; about the work that we do or the services we provide; or to ask for support.
4. Information sharing with others
(1) Third party service providers
We may pass your information to third-party service providers, agents, subcontractors, delivery partners and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, support services or to send you communications).
These third parties have access to your Personal Information only to perform these specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.
(2) Funding and commissioning bodies
We may pass your information to funding or commissioning organisations, including public bodies, in the case and only to the extent that such entities require information as part of a contract or service delivery agreement. In such case we will inform you of the information that is required to be shared.
(3) We will disclose your information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe it is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our services.
5. Children’s data
We do not knowingly process data of any person under the age of 16. If we come to discover, or have reason to believe, that you are 15 and under and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly.
6. International transfer
7. Security of and access to your personal data
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information.
Your information is only accessible by appropriately trained staff, volunteers and contractors.
The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.
8. Your rights and how consent works
You have a choice about whether or not you wish to receive information from us. If you do not want to receive communications from us about the work we do, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time.
You also have the following rights:
(1) Right to be informed – you have the right to be told how your personal information will be used. This policy and other policies on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
(2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have confirmed your identity, we will have 30 days to comply.
(3) Right of erasure – you can ask us for your personal information to be deleted from our records. In some cases we may propose to suppress further communications with you, rather than delete it.
(4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
(5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(6) Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please send a description of the personal information in question to firstname.lastname@example.org. Where we consider that the information you have provided does not enable us to identify the personal information in question, we may ask you for (i) personal identification and/or (ii) further information. Please note that some of these rights only apply in limited circumstances.
You are also entitled to make a complaint to the Information Commissioner’s Office about the way we have processed your data.
9. Lawful processing
We process your personal information on the grounds of one or more of the following:
(1) Consent: where you have given clear consent for us to process your personal data for the purpose of marketing or communications from us and/or our partners.
(2) Contract: where we have a contract with you or are considering entering into a contract with you and the processing is necessary for the entering into or the implementation of the contract.
(3) Legal obligation: where the processing is necessary for us to comply with the law (not including contractual obligations).
(4) Public task: in circumstances we may act as a data processor on behalf of a public body who is the data controller and where we have established that processing is necessary to perform a task or function that is in the public interest and that the task or function has a clear basis in law.
(5) Legitimate interests: where the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure we use your personal information in ways that are not unduly intrusive or otherwise unfair.
10. Data retention
In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we will remove your personal information from our records five years after the date it was collected. If before that date (i) your personal information is no longer required in connection with such purpose(s) or (ii) we are no longer lawfully entitled to process it, we will remove it from our records at the relevant time. We are legally required to hold some types of information for longer periods to fulfil contractual or statutory obligations.
We review our retention periods for personal information on a regular basis. You can request to remove your personal information at any time by emailing email@example.com
11. Policy amendments
12. Third party websites
13. Updating information
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at firstname.lastname@example.org
We are not required by law to have a “Data Protection Officer” – however we have a Data Protection Manager. Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by either emailing the Data Protection Manager at email@example.com or by writing to us at the following address:
Data Protection Manager
Community Made Solutions
15 Paternoster Row
If you are not satisfied with the response or you need independent advice about data protection, privacy and data sharing you can find further information and/or contact the Information Commissioner’s Office at https://ico.org.uk/ or by telephone 0303 123 1113.