Carbon Buddy Project Privacy Policy

E Newsletter

Do sign up for the Carbon Buddy Project E-Newsletter and Colin’s Blog (That Carbon Buddy Bloke). You can indicate a number of topics which interest you. You can change your mind at any point by updating your preferences or unsubscribing using the links on the emails you receive. To read more about how we use your information and for details about your rights, please read on below. It’s all gripping reading!

What or who is ‘we’!

This refers to The Carbon Buddy Project founded by Colin Hastings. At present The Carbon Buddy Project is set up as a sole trader with a bank account (MR C HASTINGS T/A THE CARBON BUDDY PROJECT) with The Co-operative Bank, P.O Box 250, Delf House, Southway, Skelmersdale, WN8 6WT. The business address of the Carbon Buddy Project is P.O.Box 789, Truro, TR1 9LQ.

Additions to this notice

This Privacy Notice was written to help you (the ‘Data Subject’) understand what personal information we collect from you, from others or generate ourselves when you use our services, why we collect it, how we use it, who we need to share it with to best provide these services and what your rights are in relation to your personal information.

We use the term personal information to mean any information you give us from which you can be identified. This might include your name, your home address, your personal email contact details, or your telephone number. Personal information does not include information where your identity has been removed (i.e. anonymous data).

Website cookies and analytics

This website collects personal data to power our site analytics, including:

• Information about your browser, network, and device

• Web pages you visited prior to coming to this website

• Your IP address

This information may also include details about your use of this website, including:

• Clicks

• Internal links

• Pages visited

• Scrolling

• Searches

• Timestamps

We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

We also collect data via Google Analytics. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit About the cookies Squarespace uses.

• These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.

• These analytics and performance cookies are used on this site, as described below, only when you acknowledge our cookie banner. We use analytics cookies to view site traffic, activity, and other data.

External links and social media

Our website contains many links to other sites on the Web. If you leave our site via an external link, we cannot be held responsible for their privacy practices. If in doubt, please review their privacy notice.

We also have a digital presence on social media. The information you share with us on social media platforms is dictated by your own privacy settings on these sites (please check your social media privacy settings for more details) but would normally include your name, any comments you make on our posts or updates and any direct or private messages sent to us on these platforms.

Information and marketing communications

If you’ve asked for us to keep in contact, you’ll receive occasional (no more than once a month) Information & Marketing Communications from us.

What information do we collect?

• Everyone who has signed up to Information & Marketing Communications:

• Your name and contact details as provided by yourself.

• The topic preferences you selected when you signed up for Information & Marketing Communications (including unsubscribed status) and your most recent updated preferences.

• Those who have signed up to email Information & Marketing Communications:

• How you interact with our emails e.g. what emails you open and have clicked in, etc.

What do we use this information for?

We use this information to provide you with updates, information and marketing communications.

If you sign-up to information and marketing communications, we tailor them to the topics you have shown interest in. .

If you choose to unsubscribe from any of our Information & Marketing Communications, we will take you off our communication lists. We will retain your name and contact details and record your preference not to be contacted.

If we wish to use this information for other purposes, we will ask for your consent to do this first.

Lawful Basis

We hold your name and contact details and use your involvement with us and services you’ve used for these communications and business analysis under the lawful basis of legitimate interest. This is also the lawful basis we use to contact you by phone or post.

If you sign up to Information & Marketing Communications our lawful basis for contacting you is consent.

Who will it be shared with and why?

We will share your contact details and topic preferences with our online form provider (Squarespace and Mailchimp) when you input this information into our online sign-up forms, so they can provide your information to us.

If you have selected to be contacted by email we will also share this information with our emailing platform (currently: MailChimp) so we can send tailored emails to you, or if you’ve unsubscribed, only to ensure you don’t receive any further emails accidentally.

We will also share information with the fulfilment agency Mail2Send which is responsible for packing and posting all our orders. Further details can be found at https://mail2send.co.uk

How long we will retain this information for?

We will retain this information (including unsubscribed from emails status) indefinitely or until you contact us to not only unsubscribe but have your data erased.

Your rights

• Right to be informed – as implemented here

• Right of access

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to data portability

• Right to object

If you want to change your contact preferences, you can do so via the link at the bottom of newsletters or by emailing marketing@carbonbuddyproject.org

Card payments

You can pay by card on our website or at certain events where we are selling the manual. We will never keep a record of your card details – they are input straight into our payment systems to process the payment then and there.

What information do we collect?

When paying online:

• Your name

• What do we use this information for?

• We use this information to process your payment.

Lawful Basis

Our lawful basis for collecting and storing this data is our contract with you to exchange payment for products or services.

Who will it be shared with and why?

Your details will be shared with our payment gateway (Paypal) who will process the payment as a gateway to your own bank who passes the payment to us via the gateway. Your card information is handled by the bank and not held by us. For more information, see https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

How long we will retain this information for?

Not applicable – we do not collect this information.

Your rights

• Right to be informed – as implemented here

• Other rights not applicable as card details are not recorded.

Online mail order

We collect information from you so that we can fulfil your orders through our online mail order service.

What information do we collect?

• Your name and contact details as provided by yourself.

• Correspondence records.

• Your order history.

• Records of what payments you have made when.

What do we use this information for?

We use your name and address to deliver your order. We may use your email address and phone number to clarify aspects of your delivery or send you confirmations or receipts. Otherwise this will be included in your order.

We keep records of our correspondence with you for our reference to best communicate with you in future and best deliver this and future services to you.

We compile a record of your payment history which also includes your booking for your reference, administrative, marketing, audit and debt recovery purposes. We also use this information for business analysis and store it to comply with financial regulations.

If we wish to use this information for other purposes, we will ask for your consent to do this first.

Lawful Basis

Our lawful basis for collecting, storing and processing your contact details is contractual, as we need this information to be able to fulfil our contractual agreement of fulfilling your order.

We use legitimate interest as our contractual basis for using your address to send you catalogues by post.

Correspondence details are important for us in providing our service to you. We use contract as our lawful basis for processing this information.

We store your contact details, order and payment records in order to comply with our legal obligations (for financial record keeping, audit and debt recovery purposes, contract for administrative purposes). We also use this information for your reference, for business analysis, marketing and debt recovery purposes, where we are satisfied that we have a legitimate interest to do so.

We use legitimate interest as our lawful basis for using this information in conjunction with other information we hold on you to provide you with more relevant Information & Marketing Communications.

Who will it be shared with and why?

We will share your contact details with the Royal Mail and DPD (or any other delivery contractors we might use in the future) so they can deliver your order and get in contact with you, if necessary, to fulfil this order.

How long we will retain this information for?

We will continue to hold your name, contact details and booking and payment history for reference, administrative, marketing, business analysis, financial record keeping and audit purposes for no longer than 7 years and 1 month after each individual invoice/payment/etc.

If there is a debt on your account with us however, this retention period will be extended until 7 years and 1 month after the debt has been cleared, for debt recovery, reference, administrative, marketing, business analysis, financial record keeping and audit purposes.

After this time your data may be anonymised for business analysis purposes.

Your rights

• Right to be informed – as implemented here

• Right of access

• Right to rectification

• Right to erasure – Not applicable to those details that we hold and process to fulfil our contract to you or as part of a legal obligation (as described above).

• Right to restrict processing

• Right to data portability

• Right to object
  

Right to rectification

We will always endeavour to hold the correct information relating to you. If, however, this information is incorrect you have the right for us to correct it. This could be, for example, by letting us know that you have changed your address.

We will need to verify your identity and check that the new information is accurate using ‘reasonable means’ proportionate to the what the data is used for. This will differ depending on the information requested. We will restrict the processing of the personal data in question while we verify its accuracy whether or not you have exercised your Right to restrict processing. We will act upon your request within one calendar month. We may contact you within this timeframe to ask for more information to verify your identity and/or to extend our ‘time to respond’ by a further two months if the rectification request is complex or we have received a number of requests from you. We will inform you of our reasons at the same time.

Rectified data will also be passed on to anyone else we shared the incorrect information with, unless this is impossible or involved disproportionate effort. The people who we share information with differs depending on the information and what it is used for but is listed throughout this document in the “Who will it be shared with and why?” sections of the tables throughout.

If we are satisfied that our data is accurate we will inform you that we will not be amending your data, explaining our decision and informing you of your right to make a complaint to the ICO or other supervisory authority and your ability to seek to enforce your rights through a judicial remedy.

Right to erasure

In most cases you will have the right to erasure of information related to you. This differs depending on the information and what it is used for but is listed throughout this document in the “Your rights” sections of the tables throughout.

We will need to verify your identity using ‘reasonable means’ proportionate to the what the data is used for. This will differ depending on the information requested.

We will act upon your request within one calendar month. We may contact you within this timeframe to ask for more information to verify your identity and/or to extend our ‘time to respond’ by a further two months if it is manifestly unfounded or excessive, an exemption applies or we need proof of identity before considering the request. We will inform you of our reasons at the same time.

We will also erase your data with anyone else we shared the information with, unless this is impossible or involved disproportionate effort. The people who we share information with differs depending on the information and what it is used for but is listed throughout this document in the “Who will it be shared with and why?” sections.

If a request is manifestly unfounded or excessive, in particular because they are repetitive we may refuse to respond, but will explain to you why and remind you of your right to complain to the supervisory authority within one month. Otherwise we may charge a ‘reasonable fee’ based on the administrative cost of providing the information and will not provide the information until the fee has been received.

Right to data portability

You have the right to request a copy of your personal data that is held digitally if our lawful basis for collecting, holding and processing the information is “Consent” or “Contract”. This differs depending on the information and what it is used for but is listed throughout this document at the bottom of the “What do we use this information for?” sections of the tables throughout.

We will act upon your request within one calendar month. We may contact you within this timeframe to ask for more information to verify your identity and/or to extend our ‘time to respond’ by a further two months if it is manifestly unfounded or excessive, an exemption applies or we need proof of identity before considering the request. We will inform you of our reasons at the same time.

We will provide the data in a structured, commonly used and machine readable form. You may request for it to be send directly to another organisation if technically feasible.

If a request is manifestly unfounded or excessive, in particular because they are repetitive we may refuse to comply with your request, but will explain to you why and remind you of your right to complain to the supervisory authority within one month.

Further information and resources

Please be aware that the web-links provided below work at the time of publishing but may have changed since then.

Contact Us:

If you have any questions or comments on this policy or our collection and use of your information, they can be sent to marketing@carbonbuddyproject.org or addressed to Data Protection, Carbon Buddy Project, PO BOX 789, TRURO, TR1 9LQ.

Eventbrite

Eventbrite is the online booking systems we use. You can find out more about how they use data at the following link https://www.eventbrite.co.uk/

Google Analytics

Google Analytics is one of the web analytics services we use to measure the success of our website and media campaigns.

Website: https://support.google.com/analytics/answer/6004245

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

ICO – Information Commissioner’s Office

The UK’s independent authority set up to uphold information rights in the public interest. Website: https://ico.org.uk/

We have written this policy and set up all our data collection and use practices using ICO recommendations and in compliance with the Data Protection Act 1998 and General Data Protection Regulation (GDPR).

MailChimp

We use Mailchimp for our email-newsletters. More information on their use of your data can be found at: https://mailchimp.com/legal/privacy/

Paypal

Paypal is the payment gateway we use for processing your payments to us. Website: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

Resources:

Data Protection Act 1998: https://www.legislation.gov.uk/ukpga/1998/29/contents

General Data Protection Regulation (GDPR): http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf