Legal & Privacy
Data Protection Policy
- what data may be collected;
- how we use your personal data;
- why we may hold your data;
- our process for safe processing and storage of data and
- what will happen in the event of a breach of data protection.
We want you to be fully informed and confident when giving us your personal information. Our policy conforms with the European General Data Protection requirement (GDPR) and legal requirements under Data Protection Law.
Under GDPR Settle Stories Ltd. is a Data Controller (we hold information given to us by people for specific reasons e.g. to receive our email newsletter or take part in some research) or a Data Processor (we process individual personal data if requested by one of our funders).
Your personal data is in safe hands with Settle Stories
This policy also explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this policy from time to time so please check this occasionally to ensure that you’re happy with any changes.
Who are we?
Whenever you see ‘we’ in the policy, it refers to Settle Stories Ltd — a registered charity in England and Wales: Company Registration No. 7515653 Registered Charity No. 1141649.
If you have any questions about how we use or store your personal data, please email them to email@example.com post them to, Data Protection Officer, The Joinery, Dawsons Court, Market Place, Settle BD24 9ED.
Settle Stories Ltd. is the sole owner of the information collected. We will not sell, share or rent this information to others in ways other than that disclosed in this statement. The following policy is only in effect for the web pages, newsletters, discussion lists and opt-in announcement lists owned and operated by Settle Stories Ltd.
How do we collect information from you?
We obtain information about you when you purchase tickets, subscribe to one of our services, contact us about products, make a donation, or if you register to receive our email newsletter from our website or at one of our events or apply for a job with us.
What type of information could be collected from you?
The personal information we collect might include your name, address, postcode, phone and email address.
If you use our website, we may collect your IP address and information regarding what pages are accessed and when.
If you make an online purchase by credit or debit card your card information is not held by us, it is collected by our third-party payment processors, PayPal, who specialise in the secure online capture and processing of credit/debit card transactions. Settle Stories Ltd. does not store any credit card or banking details on our website or by any other method.
When we evaluate our events / services we may ask you for other types of personal data to help us understand who our work is reaching. We will make it clear at the point of collection why we are collecting this data.
If you sign up for a course/event/workshop we may have to collect much more in depth and sensitive information such as employment status or medical conditions to show how we are complying with the funding contract or if we have a duty of care (courses for children etc). In this instance information will only be shared with the funding organisation or, in the event of a medical issue, with the appropriate members of the medical profession. All participants will be made aware at the point of sign up what this entails.
We may also collect personal data you give us via photographs/videos and audio clips.
How is your information used?
We may use your information to:
- process orders that you have submitted;
- send you communications you have requested;
- process a donation you have made;
- create a subscription to a service we provide;
- to carry out our obligations arising from any contracts entered into by you and us;
- deal with entries to a competition;
- seek your views or comments on the services we provide;
- notify you of changes to our services;
- process a job (including short term contracts), volunteer or course application;
- market research, internal monitoring and traffic auditing. This information is only examined in aggregate and
- to deliver requested customisable content to you.
We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or for as long as is set out in any relevant contract you hold with us. We maintain a record of our data processing activity so we know when we are able to destroy records which identify an individual.
Who has access to your information?
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Third party suppliers and service providers. Settle Stories Ltd. will pass certain personally-identifiable information on to third party suppliers if it is necessary to complete a commercial transaction or a request. Settle Stories Ltd. will pass on only the minimum information necessary to complete the commercial transaction or request.
Statistics and adverts. Settle Stories Ltd. may supply statistics to advertisers and/or Third Party suppliers. This information is only supplied in aggregated form and as such cannot be linked to or used to identify individual users.
Settle Stories Ltd. will disclose personally identifiable information when required by law or in good-faith belief that such an action is necessary to:
- Conform with the edicts of the law or comply with a legal process served on Settle Stories Ltd.
- Protect or defend the rights or property of the Settle Stories Ltd. network of sites, or visitors to the Settle Stories Ltd. website.
- Identify persons who may be violating the law, the legal notice or the rights of third parties.
- Cooperate with investigations of unlawful activities
GDPR and cloud based office systems
Settle Stories Ltd works mainly on Google Drive Stream. This is a cloud based system which allows easy document sharing and home working. It is an effective solution to 21st century methods of flexible working. Google is thus our Data Processor when using Drive Stream and is not allowed to do anything with data obtained through us unless we specifically instruct them to do so. All the data remains within our control. Google’s statement on GDPR may be accessed here https://cloud.google.com/security/gdpr/
If Settle Stories staff or a contractor becomes aware of a data breach, the Data Officer will be informed within 24 hours. Subsequently, and within 3 days, the Information Commissioner’s Office (ICO) will be informed.
Complaints re Data Breaches
If we receive a complaint regarding a data breach, Settle Stories’ Data Officer will fully investigate the issue and will report back to the complainant within 7 working days. If this does not fully satisfy the complainant and ensure remedial action is taken to ensure the breach cannot happen again, the procedure of the ICO will be followed.
Links to other sites
The YFOS and Settle Stories websites contain links to other sites. Please be aware that Settle Stories is not responsible for the privacy practices of other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by Settle Stories via our website and other means stated above.
Settle Stories Ltd. takes every precaution to protect our users’ information. When users submit sensitive information it is protected both online and offline. All of our users’ information is restricted to our offices and is password protected. Only staff who need the information to perform a specific job (for example, accounts or administration) are granted access to personally-identifiable information.
We strive to be a paperless office however, where paper records are used (certain funders require this) they are kept in a locked storeroom
Our staff use password-protected screen-savers when they leave their desk. When they return, they have to re-enter their password to regain access to personal information. Furthermore, ALL staff are kept up-to-date on our security and privacy practices.
Each quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy and what they can do to ensure our customers’ information is protected. If you have any questions about our data security you can send us a message to firstname.lastname@example.org.
During online transactions, where sensitive information such as credit card details or financial information is transmitted, it is done so using SSL encryption through our payment provider, PayPal.
What are cookies and how do we use them?
Sensitive information like passwords and credit card details are not stored on cookies placed on the user’s system by the Settle Stories Ltd. website. For more information about cookies visit www.allaboutcookies.com.
You have the right to the rectification, processing or deletion of your data. You have the right to withdraw your consent to us holding your data and can unsubscribe from Settle Stories email communications at any time.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. You can change your existing marketing preferences at any time by unsubscribing in the email newsletter, by contacting us through the website or by telephone: 01729 822292.
The Data Officer for Settle Stories Ltd. is Sita Brand. If you wish to find out more about how we use and process our data or lodge a complaint about how your data has been used please contact us through the website.