Last update: July 2019
The Democratic Society (‘Demsoc’) is a Brussels based charity, with a UK not-for-profit subsidiary which leads our work in Scotland, England, Northern Ireland and Wales. Our registered address is: 107 Avenue de la Brabançonne-laan, Brussels 1000, Belgium.
Privacy and data protection are really important issues for us. As such, we are committed to explaining very clearly how we will use any personal data we hold about you.
We have set out how we will collect and use personal data below. However if you have any concerns or question please contact Michelle Brook, our Data Protection Officer, and we’ll respond as soon as we can. You can contact Michelle via email at firstname.lastname@example.org, or via post at: The Democratic Society, Federation House, 2 Federation Street, Manchester, M4 4BF.
In short – we don’t sell your data and will only share your data as outlined below, other than when required to by law. Where we can, we will seek your consent before processing and collecting your data.
What data we collect and how we use it
- Our newsletter and other mailing lists
If you subscribe to our newsletter, your name and email address will be added to our newsletter mailing list. We use this data to send monthly newsletters, and if consent is given, we may get in touch directly about activities we think might be interesting for you. We invite you to update your profile and provide us with additional information such as which country you live in, to help us better understand our audience.
If you subscribe to our other mailing lists, including the ‘Scotland Events’ mailing list, we will ask for you to share your name and email address, and potentially some location data. We will use this data only for the express purpose(s) outlined at the point of signup – for instance, issuing invitations to events we run in Scotland.
We do gather statistics related to email opening and clicks to help us improve the emails we send out.
If you subscribe to our mailing list, we will retain your data until you unsubscribe, or otherwise ask us to remove your details. To help with this every newsletter contains a quick and easy unsubscribe link in its footer.
When you unsubscribe from a newsletter managed via Mailchimp, your details remain on the list of past recipients. This is due to how Mailchimp works. However, your details can be permanently removed if you email us on email@example.com and ask us to do this.
In subscribing to any of our mailing lists, you are consenting to the terms laid out above. The lawful basis for this is termed ‘GDPR 6(1)(a) – Consent of the data subject’. Please see the ICO for more information.
- Signing up to an event
We use Eventbrite to handle ticketing for some of our events. We ask for as little personal information as possible to support your attendance, such as name, email address, and whether you have any accessibility needs or dietary requirements. We will use this data to ensure we meet (wherever possible) any needs, to manage ticketing, and to send reminders about the event beforehand or follow-up afterwards.
If you sign up to attend an event we will retain any data for up to 3 months after the event, or up to 3 months after any project the event is linked to has finished – whichever is longer.
By signing up to our events you consent to your data being used in the above way. The lawful basis for this is termed ‘GDPR 6(1)(a) – Consent of the data subject’.
- Our CRM
Like many organisations, we use a customer relationship management (CRM) platform to store details of our networks – including people from organisations we collaborate with, people we meet at conferences, and potential clients. With a distributed team working across Europe we find this to be the most effective way to ensure the whole team understands who we’re talking to and meeting with.
We use our CRM to store contact details, copies of some email conversations, and occasionally notes from meetings. This data is stored in the UK. We review our database at least once a year, deleting out of date contacts, or updating records where people have moved into new roles. You can ask us to delete any data we hold about you at any time by emailing firstname.lastname@example.org.
We consider this use of a CRM to be in our legitimate interests, as covered by GDPR 6(1)(f) – Legitimate Interest.
- Job Applicants
If you apply for a job with us, we will store your CV and cover letter in our internal document storage. Only staff who are involved in the recruitment process are able to access these.
After the recruitment process has ended, we delete these, other than where we have your consent to retain a CV. Where we do retain CVs, we will delete them after a period of a year. We may also retain a list of names of who applied for positions, but with no other data attached. We consider this use of personal data to be in our legitimate interests as laid out inGDPR 6(1)(f) – Legitimate Interest.
- Project Work
We undertake a wide range of project work – from designing and delivering collaborative and democratic processes, supporting the development of networks, through to research through workshops and interviews. Where we’re doing this, we will give you full details about how we will use and look after your personal data. In most instances, we will use a consent form that explains this, the lawful basis for processing your data, and your rights – including how to revoke consent.
The Democratic Society is a membership organisation. We process data of our members to help us stay in contact with these individuals and to ensure that subscriptions are up to date.
One of the ways we stay in touch is to use Mailchimp to send infrequent emails. Note that Mailchimp may transfer personal data outside the EU, and please contact Mailchimp with questions or concerns about this.
We are relying on GDPR 6(1)(f) – Legitimate Interest, as the lawful basis for processing membership data in this way.
Google Analytics allows us to collect information about how people use this site. It stores information including what pages you visit, how long you are on the site, how you got here, and information about your web browser.
If you don’t want to share your browsing activities on this site you can install opt-out browser plugins, such as the official browser plugin for blocking Google Analytics.
You have a number of legal rights regarding your data. For a detailed summary of your rights, please see the Information Commissioner’s website. To exercise any of your rights, we prefer you contact Michelle Brook, our Data Protection Officer, either through email at email@example.com, or by post to: The Democratic Society, Federation House, 2 Federation Street, Manchester, M4 4BF.
However, you can also exercise any of your rights to any of our team when you see us in person, or on the phone, via email, or via our professional social media accounts. We will respond as quickly as we can and must do so within a month.
Right of access: You have the right to access a copy of your personal data, to see what information we hold about you.
Right to rectification of data: If you believe any personal data we hold about you is incorrect or incomplete, you can request we rectify this.
Right to revoke consent: You have the right to revoke consent at any point regarding activities detailed above. We have identified under activities above how to do this and will make sure we do so.
Right to erasure: You have the right to request that we delete the data we hold about you. There may be instances in which there are legitimate reasons for us to continue to hold data, but wherever possible and whenever we are relying upon your consent to hold and process your data, we will delete what we hold.
Right to object: You have the right to object or complain about how your personal data is processed. If you have any concerns about how we handle your data, please do contact us first, so that we can try to help. However, you also have the right to complain to the Information Commissioner’s Office or the Data Protection Agency.