GeneWatch Privacy Policy
GeneWatch UK limits the collection and processing of personal data to a few key purposes. We do not use personal data in a manner inconsistent with the purposes for which it is provided it to us.
We do not sell, rent or lease personal data.
We will use lawful means to challenge any attempts by government agencies or private sector organisations to gain access to any personal information that is provided to us in confidence.
What Personal Data Do We Collect and Process?
GeneWatch UK collects and processes as little personal data as possible in order to achieve our aims and objectives.
We may collect and process personal data relating to the following people:
Employees
Board members
Contractors/ Consultants
Volunteers
Applicants (for any of the above roles)
Employees of partner organisations (where necessary to implement joint projects)
Supporters
Individuals who contact GeneWatch directly
Research subjects
Journalists, policy makers, experts and other stakeholders (for dissemination purposes)
The types of personal data we may process, for the purposes described below, include:
Name
Email address
Home address
Phone number
Biographical information
Nationality
Immigration status
Employment and employer details
Financial information
Generally, we do not collect or keep a record of sensitive personal data and only do so in very limited circumstances, primarily when an individual has chosen to provide us with this data.
We process some sensitive personal data for Human Resource purposes, for example, about our employees as far as necessary to fulfil our duties as an employer. We do not use this data for any other purpose other than that for which it is provided.
We also collect and process data in connection with our websites. However, this is limited to the data needed to generate statistics on the number of visits to the site.
When using our websites, individuals are not required to provide us with personal data for processing.
Why Do We Collect and Process Personal Data?
We collect and process personal data for the following necessary purposes:
To respond to any communications, queries or requests for information or services from individuals, howsoever received;
To receive and process financial donations;
For recruitment, employee and human resources management purposes;
For procurement of services;
For managing our relationships with partners (e.g. joint projects);
For research, investigations and campaigns in accordance with our aims and objectives;
To comply with our legal or regulatory obligations; and
To establish, exercise or defend legal claims.
GeneWatch UK will only process personal data when we have a legal basis for doing so. The legal basis that we will rely on will depend on the circumstances in which we collect and use personal data. In almost all cases, the relevant legal basis to process personal data is that the processing will be one of the following:
Based on an individual's consent to use their data in a certain way (for example, to communicate with them in order to a respond to a query they have sent us).
Necessary in order to take steps prior to entering into a contract or for the performance of a contract (for example, for recruitment, for human resources management and to manage those carrying out work on our behalf);
Necessary to comply with legal requirements (for example, to comply with applicable regulatory obligations and employment law); and
Necessary for our legitimate interests (for example, to manage our donations, or to carry out campaigns, research and investigations consistent with our aims and objectives). We will only rely on this legal basis where we've identified the purpose (the legitimate interest), assessed that the processing is necessary for that purpose and conducted a balancing test to ensure that this interest is not overridden by the interests, rights and freedoms of the individual.
We do not have a supporter database, however we network with other individuals and organisations online (e.g. by email and Skype) on an ongoing basis, using contact details provided to us with consent. We do not use personal data to conduct direct marketing or to solicit donations and we do not maintain a supporter newsletter or send regular supporter communications.
In some cases, we may collect publicly-available email addresses of journalists, policy makers, experts and other stakeholders, for the purpose of disseminating reports or other information, usually on a one-off basis.
How Do We Protect Personal Data?
Personal data shall be subject to additional safeguards to ensure this data is processed securely. For example, access to personal data will be strictly limited to a minimum number of individuals and subject to confidentiality commitments.
We will take all steps reasonably necessary to ensure that data is treated securely and in accordance with this Policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect personal data, we cannot guarantee the security of data transmitted to us by phone or email. However, once we have received this information, we will use strict procedures to prevent unauthorised access.
Who Do We Share Personal Data With?
We maintain direct control over as many processes as we can. Personal data may, however, be shared with PayPal (when making a donation via PayPal online) and (for donors, employees, consultants and partners/service providers) with our accountants, in accordance with relevant legal requirements.
We do not sell, rent or lease personal data.
Communications
Emails and phone calls to us are reviewed by one staff member, and shared internally where necessary. We do not disclose the names of senders to others outside of GeneWatch UK, i.e. third parties, without permission.
We use the email service provider GreenNet. Our phone number for general enquiries is a Skype number.
Information we receive by post is collected by one staff member, reviewed, and discussed when necessary with other staff members. These items are destroyed as soon as possible. We do not disclose the names of senders to third parties without permission.
Financial and Supporter Information
We collect and process data provided by prospective and current donors. This data is usually limited to contact details. We do not purchase such data, so we only collect data given to us by the individuals themselves.
We have a Paypal account to administer on-line donations. Paypal allows individuals to close their customer account once if they no longer require it. Account information may stay active with PayPal for legal and audit purposes, in accordance with PayPal's privacy policy. In accordance with this privacy policy, we may have access to or be provided with data by this platform for the purpose of managing our donations.
Our financial accounts are held with the Co-Operative Bank. Any donations made to GeneWatch UK in the form of a cheque or bank transfer will be processed by the bank in accordance with its privacy policy and under UK law.
We retain information about all donations in accordance with financial accounting and auditing requirements.
Website Privacy Policy
We design and administer our web services to limit the amount of data collected. We endeavour to protect users and their data when we process data collected. However, we may link from our website to other internet services that use cookies and other forms of tracking.
To undertake analysis of how our site is used, we use statistics for the following purposes:
To know how many visitors per day visit the site
To know which items on our site are being downloaded
To identify items not found, i.e. 404s, so that we can fix them
These statistics are only available to us. We keep the aggregate data indefinitely, and use this aggregate data to report internally, to our Board, and to our funders. For instance, we will report to our Board that a report was downloaded X number of times.
Our main website provider is GreenNet. GreenNet may use the logs and other information for their own business purposes, such as for troubleshooting and defining usage patterns, in accordance with their Code of Practice.
GreenNet has refused to take part in the UK Government's voluntary traffic data retention scheme. As a result, GreenNet's Code of Practice states that it keeps most information logged in relation to internet and internet support services for seven days and some for up to 1 month, after which this information is deleted. However, as a UK-based provider, GreenNet is susceptible to retention orders in the UK, which may require it to retain this information for longer periods of time. We do not access this information in its raw form, nor do we review specific user activity.
From time to time, we may manage, administer or contribute to other websites set up using alternative providers, on a project basis.
Social Media
We do not use social media and social networking services as part of our main work. However, we sometimes establish other websites for specific (sometimes joint) projects, and contribute to or administer social media messages from such sites. For example, the Forensic Genetics Policy Initiative website has a Facebook page and Twitter feed.
The Facebook page is administered by Facebook, in accordance with Facebook's Data Policy. We do not export information on our followers from the Facebook platform.
The Twitter account we use is administered by Twitter, in accordance with Twitter's Privacy Policy.
Volunteers' and Applicants' Information
Occasionally we receive employment information from prospective employees. This information may include the individual's CV, biographical information, contact details, immigration status, photograph, and references. This information may be shared with relevant staff internally until that individual becomes a candidate for employment. At that point we may share the CV with our Board members. We delete applications once they are no longer necessary.
We are rarely able to employ volunteers. However, we may collect and process prospective and current volunteer data for recruitment and administration purposes on an occasional basis. This data may include biographical information, contact details, immigration-related information, references, and payment details for reimbursement purposes. Again, we delete the application once it is no longer necessary.
We keep all accounting and administration information for auditing purposes, in accordance with standard practice and UK law.
Research and Investigations
We collect and process data in relation to our research and investigations. In the vast majority of cases this is not personal data. However, we may from time to time conduct research projects, usually in collaboration with others, which may involve personal data e.g. interviews with individuals. If we do so, we will ensure that personal data is collected in full compliance with data protection legislation and ethical requirements, which would normally require the fully informed consent of research participants.
Data Subject Rights
Individuals have rights under data protection law over their personal data and are entitled to request access to, rectification of, or erasure of their personal data on request by email to: mail [at] genewatch.org.