Privacy Policy
Updated 30.05.24
Organise Platform HQ Ltd, a company registered in England and Wales with number 10679316 and with registered address 49a Oxford Road, London, England, N4 3EY (“Organise”, “us”, “we” or “our”), is committed to safeguarding your privacy. At all times we aim to respect any personal data you share with us, or that we receive from other organisations, and keep it safe. This Privacy Policy (“Policy”) sets out our data collection and processing practices and your options regarding the ways in which your personal information is used.
This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this Policy from time to time without notice to you, so please check it regularly.
1. Collection of Personal Data
The provision of your personal data to us is voluntary. However, without providing us with your personal data, you will be unable to (as appropriate) sign a petition, start a petition, make a contribution or subscription payment, create an account on our website or mobile platform, open and/or maintain a case file, apply for employment with us or apply to volunteer with us.
We collect information about you:
(a) When you give it to us DIRECTLY – You may give us your personal data in order to start a petition, sign a petition, when you share information about a petition from our website on Facebook, Twitter and/or via email, when you create an account on our website or mobile app, open and/or maintain a case file on our mobile platform, when you apply for employment with us, when you apply to volunteer with us, when you contact us by phone, email or post, and/or when you contribute or subscribe to us.
(b) When you give it to us INDIRECTLY – Your information may be shared with us by others, including users of our services, independent event organisers, other fundraising entities, sponsors and supporters of our organisation and services. Your information will also be provided to us when you follow us or otherwise interact with us on or via Twitter, when you like and/or join our page on Facebook or interact with us in other ways on or via Facebook.
(c) When you give permission to OTHER ORGANISATIONS to share it or it is AVAILABLE PUBLICLY – We may combine information you provide to us with information available from external publicly available sources. Depending on your privacy settings for social media services, we may also access information from those accounts or services. We use this information to gain a better understanding of you and to improve our communications and fundraising activities.
(d) When you visit our WEBSITE – We use cookies to identify you when you visit our website and to enable us to personalise your online experience (for example by remembering your log in details). Please refer to our Cookies Policy for details on the way our use of cookies affects your personal data (https://organise.network/cookiespolicy060418/)
We may collect, store and use the following kinds of personal data:
(a) We will typically hold your name and contact details, including physical address, workplace, telephone number and e-mail address, and social media identity. However, we may request other information where it is appropriate and relevant, for example:
(i) Details of why you have decided to contact us/start/support a petition or open/maintain a case file;
(ii) Your bank details or debit/credit card details; or
(iii) Details of campaigns you have supported, details of topics/areas of interest to you, responses to surveys you have completed,
(b) information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views;
(c) information about the services you use, services and products of interest to you or any of your marketing and/or communication preferences; and/or
(d) any other information shared with us as per paragraph 1.
2. Do we process sensitive personal information?
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent.
Personal information you have uploaded through the Organise app for the purpose of building a case file will be held in encrypted files and will not be collected or processed by us for any purpose. We will not access the information held in the case file without your explicit consent.
3. How and why will we use your personal data?
Personal data, however provided to us, will be used for the purposes specified in this Policy or in relevant parts of the website or mobile app.
We may use your personal information to:
(a) Enable you to use any and/or all of the services we offer;
(b) Send you information about our work, campaigns, organisations and any other information, products or services that we provide (this will not be done without your consent);
(c) Provide you with the services, products or information you have requested;
(d) Improve your browsing experience by personalising your interaction with our website;
(e) Handle the administration of any contribution or other payment you make via credit/debit card, cheque, standing order or BACS transfer;
(f) Collect payments from you and send statements and/or receipts to you;
(g) Handle the administration of your employment and/or volunteering application;
(h) Conduct research into the impact of our campaigns;
(i) Deal with enquiries and complaints made by or about you relating to the website or us in general;
(j) Make petition submissions to third parties, where you have signed the petition and the third party is a target of the campaign to which the petition relates;
(k) Find and prevent fraud, and respond to trust and safety issues that may arise;
(l) Enforce our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and/or
(m) Audit and/or administer our accounts.
We may also use your personal information for other purposes for which we provide specific notice at the time the information is collected.
4. Supporter research/profiling
We may use your personal information to undertake research to gather further information about you from publicly accessible sources (as per clause 1 above). This helps us to get a better understanding of your background, interests and preferences in order to improve our communications and/or interactions with you, to help ensure they are targeted to be relevant and appropriate, and to provide information (sometimes through third parties) about petitions and other aspects of our services which we consider may be of interest to you.
5. Facebook marketing
We may use some of your personal information to participate in Facebook’s Custom Audience and Lookalike Audience programs, which enable us to display adverts to both existing and prospective supporters when they visit Facebook. We may provide your email address to Facebook so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook. Some of your data is sent in an encrypted format that is deleted by Facebook (a) if it does not match with a Facebook account or (b) after they confirm you are a registered account holder.
For more detailed information please see https://www.facebook.com/business/help/744354708981227 and Facebook’s data policy at https://www.facebook.com/policy.php.
6. Google Analytics and advertising
We may use some of your personal information to analyse our digital performance, for example to see how our website can be improved to help us achieve the purposes set out in section 11 below, to record how you are using our website or to assess the popularity of marketing campaigns.
For more information on how we use your personal information in relation to Google Analytics, please view our cookie policy by clicking this link https://organise.network/cookiespolicy060418/.
California Consumer Privacy Act (“CCPA”)
Under CCPA, Californian residents have the right to declare their preferences on the sale
of data for advertising and marketing purposes. If you wish to change your preferences, visit https://organise.network, log into your account, and click 'Privacy Settings' in the navigation sidebar.
We use a third-party to provide monetisation technologies for our site. You can review their
privacy and cookie policy at https://publift.com/privacy-policy/.
7. Communications, fundraising and marketing
Where you have provided appropriate consent, we will contact you by telephone and e-mail, with targeted communications to let you know about our campaigns and/or activities that we consider may be of particular interest; about the work of Organise; and to let you know about subscriptions, contributions or other support.
8. Contributions and other payments
All financial transactions carried out on our website are handled through Stripe, Inc. (“Stripe”), a third party payment services provider. We recommend that you read Stripe’s privacy policy (available at https://stripe.com/gb/privacy) prior to effecting any transactions with us. We will provide your personal data to Stripe only to the extent necessary for the purposes of processing payments for transactions you enter into with us. We do not store your financial details.
9. Other disclosures
Organise will never sell your information to a third party for their own use.
In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we will disclose your information with the following entities:
Vendors and Service Providers. We may share any information we receive with vendors and service providers retained in connection with the provision of website or mobile app.
User Content. Our website and mobile app facilitate the creation and posting of campaigns. When you create a campaign, the following information will be public:
- The title and image, if provided;
- The target decision maker, if provided;
- Campaign text, if provided (including petition or open letter text and/or survey questions and help text)
When you create an open letter campaign, you may choose to make the following information public:
- The names of signatories (in random order) of the open letter, and the threshold of signatures required before names are displayed
When you create a survey campaign, you may choose to make the following information public:
- The anonymised results in response to each survey question
When you join an existing campaign, the following information will be public. This information will be displayed on the campaign page until a further 10 people have joined the existing campaign:
- Your first name
- Your comment (and first name) on a petition or open letter, if provided
When you join an existing open letter campaign, the following information will be public:
- Your full name, if the open letter has reached its required ‘threshold’ to display signatures
When you join an existing survey campaign, the following information will be public:
- Your survey answers in anonymised format (without your name or personal details), if the existing campaign has chosen to make survey answers public
You may change the information that is public, or remove your information, by emailing dataprotection@organise.network. If you created an open letter or survey campaign, you may change what information is public by logging into your account and changing the settings on your campaign. (https://organise.network/organiser)
We are not responsible for the other users’ use of available information, so you should carefully consider whether and what to post or how you identify yourself on the website or mobile app.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through the website or mobile app.
Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. The use of your information following any of these events will be governed by the provisions of this Privacy Policy in effect at the time the applicable information was collected.
10. Processing your information
Organise employees and contractors will have access to your information. Your information is only accessible by appropriately trained staff and contractors.
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information. We make reasonable efforts to protect your information by using physical and electronic safeguards designed to improve the security of the information we maintain. However, as our services are hosted electronically, we can make no guarantees as to the security or privacy of your information.
Please note that some countries outside of the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. We may transfer and/or store personal data collected from you to and/or at a destination outside the European Economic Area (“EEA”). Such personal data may be processed by agencies and/or suppliers operating outside the EEA. If we transfer and/or store your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your personal data.
Otherwise than as set out in this Privacy Policy, we will only ever share your data with your informed consent.
11. Children’s data
We do not knowingly process data of any person under the age of 16. If we come to discover, or have reason to believe, that you are 15 and under and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly. If you learn that a person under 16 has provided us with personal information in violation of this Privacy Policy, then you may alert us at action@organise.network.
12. Your rights
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:
(a) Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
(b) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 40 days to comply. As from 25 May 2018, we will have 30 days to comply.
(c) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it.
(d) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
(e) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(f) Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please send a description of the personal information in question using the contact details in section 18 below. We also have specific pages to unsubscribe from our email list (https://identity.organise.network/subscriptions/unsubscribe?subscription=1) and to unsubscribe from our text notifications (https://identity.organise.network/subscriptions/unsubscribe?subscription=2). Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we reserve the right to ask for (i) personal identification and/or (ii) further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details in section 18 below.
You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (“ICO”). For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information. The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us/.
13. Lawful processing
We are required to have one or more lawful grounds to process your personal information. Only 4 of these are relevant to us:
(a) Personal information is processed on the basis of a person’s consent – We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing and fundraising emails, for targeted advertising and profiling, and if you ever share sensitive personal information with us.
(b) Personal information is processed on the basis of a contractual relationship – Most of our interactions with subscribers and website users are voluntary and not contractual. However, sometimes it will be necessary to process personal information so that we can enter contractual relationships with people. For example, if you apply for employment or to volunteer with us, or if you purchase something via our online shop.
(c) Personal information is processed on the basis of legal obligations – Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.
(d) Personal information is processed on the basis of legitimate interests – Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights). We will rely on this ground to process your personal data when it is not practical or appropriate to ask for consent. These include (but are not limited to) promoting any philanthropic or benevolent purpose including without limitation to ensure the views and values of the world’s people shape global decisions
Governance
- Internal and external audit for financial or regulatory compliance purposes
- Statutory reporting
Publicity and income generation
- Conventional direct marketing and other forms of marketing, publicity or advertisement
- Unsolicited commercial or non-commercial messages, including campaigns, newsletters, income generation or charitable fundraising
- Analysis, targeting and segmentation to develop and promote or strategy and improve communication efficiency
- Personalisation used to tailor and enhance your experience of our communications
Operational Management
- Employee and volunteer recording and monitoring for recruitment, safety, performance management or workforce planning purposes
- Provision and administration of staff benefits such as pensions
- Physical security, IT and network security
- Maintenance of suppression files
- Processing for historical, scientific or statistical purpose
Purely administrative purposes
- Responding to enquiries
- Delivery of requested products or information
- Communications designed to administer existing services including administration of petitions and financial transactions
- Thank you communications and receipts
- Maintaining a supporter database and suppression lists
Financial Management and control
- Processing financial transactions and maintaining financial controls
- Prevention of fraud, misuse of services, or money laundering
- Enforcement of legal claims
- Reporting criminal acts and compliance with law enforcement agencies
When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.
14. Data retention
In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
In the event that you ask us to stop sending you direct marketing/fundraising/other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.
15. Policy amendments
We keep this Privacy Policy under regular review and reserve the right to update from time-to-time by posting an updated version on our website, not least because of changes in applicable law. We therefore recommend that you check this Privacy Policy occasionally. If we materially change the ways in which we use or share personal information previously collected from you through the website or mobile app, we will notify you through them, by email, or other communication.
16. Third party websites
We link our website directly to other sites. This Privacy Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
17. Updating information
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at dataprotection@organise.network.
If you would like to request to review, correct, update, suppress, or delete personal information that has been previously provided to us by you, you may email us at dataprotection@organise.network. We will respond to your requests consistent with applicable law, and we will try to comply with your request as soon as reasonably practicable. Please note that we may need to retain certain information for record keeping purposes and/or to complete any transactions that you began prior to your request. There may also be residual information that will remain within our databases and other records, but such residual information will no longer be tied to your identity. For example, if you created a petition, we will have records that other Organise users signed your petition. If you subsequently ask us to delete your information from our platform and databases, information related to those other users’ signatures cannot be removed and will remain in our records.
18. Contact
We are not required by law to have a “Data Protection Officer” – however we have a Data Protection Manager.
Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by emailing the Data Protection Manager at dataprotection@organise.network