Privacy Statement

Northern School Permaculture Privacy Policy

Northern School of Permaculture / CommEnt CIC

25 May 2018

We have always treated the information that people provide to us with care and respect. When you give us data we do our utmost to preserve your privacy and the security of your data.   When you contact us through our websites, we collect only the bare minimum of information that we need to respond to your needs.

You remain in control of the data that you provide us with and you may ask us to delete data that we hold on you.   For site visitors, we only collect the data that you submit to us when you fill in one of our webforms.  We may also collect data from you when you attend one of our events but again this will be no more than is necessary to provide you with the services that you sign up for.   Other than contact details, we never ask for data that we consider truly personal and intrusive ("sensitive information").

We do not carry out profiling, reporting, segmentation or other activities that involve the use of sensitive information such as gender, ethnicity, age etc.   We never disclose your personal data to third parties. Our business model is not dependent on profits from trading or exploiting data.   We do not track visitors to our site. For site members, we have resisted the "convenience" of allowing third party log-ins (Facebook, Google), on the basis that this may allow the third party to track people using our site.  

Your data is used primarily to contact you. Our main area of concern is over the use of location data. We advise you to take care when giving us location data (see our separate advice notes). We do our best to avoid disclosing locations but map providers have ways of identifying you once you leave our site and engage with their maps.   Our website is hosted on reputable servers with secure connections and security is constantly under review and quickly updated.  

All enquiries about your data should be addressed to our Data Officer.   The General Data Protection Regulation requires us to keep the situation under review, which we will do. GDPR also requires us to draw up a privacy statement that provides you with more detail about our use of your data, and we are happy to comply as follows.    

What is personal information?  

Personal information is usually defined as information that may be used to identify a living individual.  

What types of your personal information might we hold?  

Contact details such as e-mail addresses, telephone numbers and postal addresses.   Event-related information such as your attendance, your needs on the day, your progress if the event is part of a training programme.   Payment information where appropriate, amounts and billing details (but never bank or credit card details which are handled by external providers such as Stripe Ltd and GoCardless)  

Why do we keep this information?  

Your information is used to contact you to answer your enquiries; to provide you with the services that you agree to, including attending events; and, when appropriate, to allow you to keep in contact with other site members.   We keep track of payment information for financial management and to allow us to provide confirmations and receipts.   We log your progress with training events, including certifications and keep this information to allow us to issue duplicate certificates and supply accreditation details to the international community.  

How do we obtain and process information?  

Much of the information is provided when you fill in forms on our website. We may collect additional information, with your permission, while you are attending our events.   Your data is stored on secure servers in the UK with reputable Internet Service Providers (Zen Internet). Security is constantly under review and quickly updated when threats are identified.   Although access to the database is strictly controlled to a small number of authorised users, you can have access to your own information.    The processing of financial transactions is carried out externally by Stripe Ltd with details that you provide provided through a webform and an API. By return they confirm transactions to us. See their policy statement on the Stripe website.

Who do we share your information with?  

As general policy, we never share your information with third parties. The exceptions are:   We respond to training certificate authentication and verification requests from external enquires, both nationally and internationally.    We act as a conduit for your information when using payment systems, receiving return information from Stripe Ltd.

Site members are considered as part of our community and not as third parties. If you are a site member, your contact information may be shared, with your permission, with other site members in our mutual interest of working and socialising together.    

Using your information within data protection laws  

We can show that your contact information has been provided with your consent, usually by yourself. You have right of access to your information and the right to request removal.   Other information is held as a matter of legitimate interest in meeting our obligations to you, the wider community and regulatory obligations.   

We do not keep sensitive information, neither of a personal nor a financial kind.   Contact information which you provide us will be retained for the length of time required to provide you with the services requested. We retain certification records as a matter of our legitimate interest and will be retained as long as we have a function to verify or authenticate any process of certification that is done through us.   You may request copies of information held that relates to you and ask for amendment or deletions of your personal information using the data officer’s contact details provided.   If you wish to discuss your data with us, you can contact our Data Officer.