Protecting your privacy
The UK Data Protection Act 2018 requires all organisations within the EU who process Personal Data to be transparent on how, why and what data is captured, stored and processed; the lawful basis for holding and processing personal data; how individuals can access information on themselves held by the organisation; and how they can control, or object to, the use of their personal data.
The lead partner of Action on children’s harmful work in African Agriculture (ACHA) is the Institute of Development Studies (IDS). IDS is committed to protecting your privacy and complying with these regulations. This statement sets out how this is implemented across all our communications channels, applications and networks, and details your rights in relation to your personal data that IDS captures, stores and uses. In addition to the above, we collect information automatically about visits to our website.
If you have any questions or requests concerning how we use your personal information or comply with data protection legislation, please contact the Data Protection Officer at IDS.
You have the right to access, rectify, restrict or prevent processing of your data by ACHA. ACHA will always verify your identify before processing your request. To do this we might ask for another form of identification and ask for proof that you are the person asking this. If you choose to activate your right to rectify, restrict or prevent processing and/or storage of your personal data, ACHA will ensure that this is communicated to any third party with access to your data.
You have the right to know what data ACHA holds that relates to you. You can make a Subject Access Request at any time to the IDS Data Protection Officer (DPO). By making this request ACHA is legally obliged to share all the information that the Institute holds on you, ACHA will respond to a data access request within 72 hours. ACHA then has 30 days in which to fulfil the requests.
If you wish to rectify the data that is held on you, ACHA has a month in which to complete the process.
In addition, all marketing e-communications sent out by ACHA provides you with an option to unsubscribe.
If you object to the lawful basis upon which we hold your data, you should contact the DPO where your objections will be reviewed. During this period all processing of your personal data will be suspended with immediate effect.
Alternatively, you may lodge a complaint with the UK Supervisory Authority for the implementation of GPDR which is the Information Commissioners Office (ICO).
We do not use any automated decision-making systems except those used to detect and remove viruses from content you may provide us or undertake automated profiling. We do not record data which falls under the Sensitive/Special Category. ACHA will never attempt to buy or sell your Personal Data.
Storage, use of personal information and data protection
Any personal data captured by ACHA is used and held in accordance with the requirements of the General Data Protection Regulation (GDPR) 2018. All IDS Staff are required to complete and pass an online data protection course which gives them knowledge on how to process personal data.
We will only disclose data when obliged to disclose personal data by law or we have your consent.
- Within ACHA to monitor events and short training
- Suppliers we engage to process data on our behalf (i.e. payroll) or marketing emails
- Legal representative
We will only share your personal information with third parties who process data on our behalf or where necessary, for example when your information needs to be provided to the financial institution that processes our credit card transactions. They receive your name, address, telephone number, credit card number and expiry date solely for the purpose of verifying the credit card number and processing the transaction in a secure environment. They employ industry standard security technology to ensure the confidentiality of your transactions.
Given that the Internet is a global environment, using it to collect and process personal data necessarily involves the transmission of data on an international basis. This means, for instance, that data you pass to us may be processed outside the European Economic Area, although the data will always be held securely and in line with the requirements of UK data protection legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
When people visit the ACHA website, we log non-personally-identifiable information including IP address, profile information, aggregate user data, and browser type. We use this data to monitor usage and improve our website services.
Email subscription services
You should not enter information on behalf of another person or about any other person. Your name and email address will be used only for delivering to you the services to which you have subscribed, for sending information about these services, for sending you password reminders and for validating security. They will not be provided to any third parties without your express consent.
If you are sharing your email address with other people, ACHA cannot protect any information you provide against access by the other users of your email address, nor can IDS prevent other users of your email address changing your subscription details.
Services allowing you to publish your personal information
For services allowing you to publish your personal information on a website (e.g. the IDS online Alumni platform), you are required to provide accurate information about yourself and accept sole and full responsibility for this and for keeping the information up to date. You should not enter information on behalf of another person or about any other person.
The inclusion of any information in the service is subject to acceptance procedures. Entering your information does not result in automatic inclusion in the service. By entering your information, you are submitting information to the approval process. You will be notified by email if the profile meets the inclusion criteria.
ACHA reserves the right to edit each contribution (within the limits of the 2018 of the General Data Protection Regulation (GDPR) Act. If any of the information submitted is deemed to be offensive, inflammatory or materially misleading by IDS (in its sole discretion), IDS reserves the right to refuse to publish contributions.
Use of personal information
We may process personal information collected via this website or other electronic communications networks (i.e. like email address) used by ACHA, for the following purposes:
- Opting in to receive our e-newsletters
- Accounts and records
- Accounts provided to IDS
- Capturing data from CCTV camera placed in and outside the IDS Building for the purpose of monitoring a potential crime. Read the IDS CCTV Policy.
- Event sign-ups
- Processing personal data for persons who sign-up to attend one of our events
- Advertising and promotion of ACHA events
- Research data
However, ACHA processes your personal information, it will be done so lawfully, fairly and transparently. We will never process your person information for any other purpose or reasons specified at the time your personal information is collected. We will only ask you to provide information which is adequate and necessary in order to process your data according to its intended and agreed purpose. Your personal information will always be processed securely by authorised personnel employed by/or acting on behalf of IDS and will only be stored within appropriate formats for periods of time which are justifiable by law or business purpose.
External providers we use for personal data capture
ACHA/IDS uses a range of 3rd party processors who process personal data on behalf of IDS. All 3rd party processors are contractually obligated to process personal data in lien with GDPR requirements.
IDS use a third party provider, MailChimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies. For more information, please see MailChimp privacy notice.
IDS uses a third party provider, AM Fire and Security to provide our CCTV coverage for in and outside of the building. Their privacy notice can be sent on request.
ACHA/IDS uses a third-party provider, EventBrite, to capture sign-ups for our key events and seminars. For more information, please see EventBrite privacy notice.
IDS use a third party provider Google Analytics to monitor web usage and page visits to the IDS website. For more information see the Google Analytics privacy notice.
ACHA/IDS uses a third-party provider Telestream to live stream some of our key events and seminars. These events are then broadcast on the IDS website, Facebook, YouTube or all 3. For more information see the Telestream privacy notice.
Microsoft Dynamics CRM
Subject access requests
You have the right to see what personal data we hold about you. To obtain a copy of the personal information we hold about you, please write to the Data Protection Officer, Institute of Development Studies, Brighton, East Sussex, BN19RE or email firstname.lastname@example.org.
After you have requested a subject access request, you will be notified within 72 hours that your request is being dealt with. IDS will then have 30 days to provide the information to you. Please see the subject access request form for more details.