When you request information from Community Action Network (CAN), sign up to any of our services, donate or buy things from us, CAN may obtain personal information about you. This notice explains how we look after that information and what we do with it.
At CAN we respect the privacy of those using our services. The personal information that we collect about you is used only to provide the service you have asked for. For each service we provide there is a more detailed Privacy Notice setting out what data we collect, why, how it is stored and used.
We take the security of your data very seriously. We have internal policies and controls in place to ensure your data is not lost, accidently destroyed, misused or disclosed, and is not accessed except by those in the performance of their duties. We make sure that confidential material is labelled as such, that paper copies are locked away and that electronic files are password protected and encrypted where necessary. It will only be shared with those within CAN where it is necessary for the performance of their roles.
Data that is no longer required is erased after you have stopped using our services. We may need to retain certain types of data for set periods of time after you cease to use our services, but we delete as much personal data as we can as soon as possible. Individual service privacy notices give more detail about what and how long such data will be kept.
Your data will not be sold to anyone else and not transferred to countries outside the European Economic Area. We will only share personal information about you with another organisation if we:
- have a safeguarding concern
- are required to by government bodies or law enforcement agencies
- engage a supplier to process data on our behalf (e.g. .to take online bookings, or to issue invoices
- have obtained your prior permission.
You have the right to ask to see the data that we have about yourself, and to ask for any errors to be corrected. If you would like to exercise any of these rights please contact our Data Compliance Officer (01202 466130, email@example.com). We will respond to all such requests within one month of us verifying your identify.
You can also ask for the data to be deleted, but note that:
- we will not be able to provide a service to you if we do not have sufficient information about yourself
- even after you stop using our services, we may have a statutory duty or legitimate interest to retain some types of data for specific periods of time so can’t delete everything immediately.
If you have a complaint about how we have kept your information secure, or how we have responded to a request to access, update or erase your data, you can make a complaint to us or you can refer us to the Information Commissioner’s Office (ICO) online or call them on 0303 123 1113.
Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us.
In the case of this activity the following will apply:
- Your data will be made available to our website provider
- The data that may be available to them include any of the data we collect as described in this policy.
- Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
- They will store your data for a maximum of 7 years.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.
Blocking all cookies will have a negative impact upon the usability of many websites, including ours.