Save the Earth Co-Operative Ltd
Version 2; effective May 2018
The Save the Earth Cooperative are staffed by volunteers working in their spare time and who wish to make the World a better place. We are committed to maintaining the confidence and trust of visitors to our sites including customers of our online shop, and of our Cooperative members.
Our ethos is to securely store the minimum amount of personal data necessary to run our website and business. We are NOT in the business of renting, sharing or trading personal details with other businesses for marketing purposes.
This is a substantially revised version of our original policy issued May 2016 to show how We comply with the General Data Protection Regulations (aka GDPR), effective 25 May 2018.
From time to time we may need to amend this policy, and will publish the updated version on our website. For example, if we change subscription service provider or add a new service. You should check our Terms and Conditions and Privacy Policies occasionally to ensure you are happy with any changes. Major revisions will be communicated to our membership by email.
What we collect and how we use it
We politely ask that you do not submit data to us on behalf of other persons.
Subscription information and Mailchimp.
If you subscribe to any of our email campaigns, we require your name and email address and your consent. Consent is provided by selecting the appropriate items you wish to subscribe to (newsletter, marketing, shop offers). Note that our newsletter will sometimes contain marketing related material, although this will not be its focus.
We use Mailchimp to manage our email subscription services. Mailchimp servers are based in the USA (i.e. outside the EU) and they are committed to achieving GDPR compliance by May 2018. Mailchimp also track things like language, location and mail client. If you open an email, Mailchimp tracks it; if you don’t, MailChimp tracks it. We use this information collectively to determine what is of greatest interest to our subscribers, and the service to manage and track consent. All our emails contain an unsubscribe link.
Note that we are currently reviewing our service provider. In the event we change provider, this policy will be updated accordingly.
When you sign up for membership on our website we ask you for your name, email address, postal town, a question whether you wish to volunteer, to confirm if you are over 18, for your desired user name and secure password, and to confirm your acceptance of our terms and conditions. This information is only used to communicate with you as per membership terms.
We use Hubspot to manage administration of the membership system. Hubspot’s GDPR Privacy Information can be found at https://www.hubspot.com/data-privacy/gdpr. Please refer to the section below on Payment Details, in addition to which we can set-up direct debit payments between the Member’s Bank Account and Our Bank Account.
When you purchase items from our online shop or pay for Membership, you will either pay by Stripe or Paypal and be bound by the agreements you have with them. We do not collect or store your payment information. Transaction data are shared between us and the payment service provider to process payments, refunds and complaints or queries. The only information we retain is your customer contact data (name and address, so we can post the items to you), and what was purchased, for how much and when (for accounting purposes).
We interact with the public using Facebook, Twitter, Instagram, LinkedIn, G+ and Pinterest. Anyone posting material to our website, and social media pages and feeds is doing so publicly and subject to having agreed (consented) with the Privacy Policies and Terms and Conditions of those services. While we do police these for inappropriate content, you are responsible for what you post and the consequences of your actions.
Providing data to others
We do not routinely provide data to third (external) parties, except in the following circumstances:
- Where required to do so for legal reasons, for example if a shop customer had committed credit card fraud.
- When you purchase from our shop, we need to provide the supplier with your name and address for delivery purposes.
How we protect your information
We protect your information using technical, physical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure or modification. While we have employed security technologies and procedures to assist safeguarding your personal information, no system or network can be guaranteed to be 100% secure.
All Our staff and volunteers are responsible for ensuring that any personal data that they possess is held securely and is not disclosed to any unauthorised third party.
The Save the Earth Cooperative will only retain your information for as long as is reasonably needed for each purpose, subject to your consent, and subject to data retention and processing as may be required by Law.
In this section we summarise your rights under GDPR.
GDPR is complex set of regulations. For further information we recommend you consult the governing authority website(s) in your location. In the UK this is the ICO (Information Commissioner’s Office).
- The ICO Website GDPR guidance can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.
- The EU GDPR portal can be found at https://www.eugdpr.org/.
Please be patient. Due to the large volume of traffic accessing these sites in the early days of GDPR implementation, they may be slower than normal to load.
Some Rights may be limited by other applicable Laws and Regulations. Subject to these limitations, Your rights under GDPR mean you can:
- Request a copy of the information we hold,
- this can be requested in a structured digital format or sent to a third party of your nomination.
- Request data correction.
- Request data be deleted (erased), note this does not apply if we must retain the data to meet legal or contractual obligations.
- Request that we limit or restrict processing.
- Object to us processing your data, note this does not apply if we must process the data to meet legal or contractual obligations.
- Withdraw consent (for example by unsubscribing from communications).
- Make a complaint to an EU data protection authority. In the UK, this is the ICO who can be contacted here.
We welcome your questions, comments and concerns about privacy. You can contact the Save the Earth Cooperative via:
- email Us
- Postal mail addressed to: 43B Plains Road, Mapperley, Nottingham, UNITED KINGDOM, NG3 5JU.
www.savetheearth.coop (the “Site”) is an online service owned and operated by Save the Earth Co-Operative Ltd., a multi-stakeholder co-operative limited by guarantee and registered with company no. 10502602 in England & Wales using co-operative principles.