Last update: January 2021
Democratic Society (‘Demsoc’) is a Brussels based charity, with a UK not-for-profit subsidiary which leads our work in Scotland, England, Northern Ireland and Wales. Our registered address is: 107 Avenue de la Brabançonne-laan, Brussels 1000, Belgium.
Privacy and data protection are really important for Democratic Society. As such, we are committed to explaining very clearly how we will use any personal data we hold about you.
We have set out how we will collect and use personal data below. However if you have any concerns or question please contact our Data Protection Officer, and we’ll respond as soon as we can – and certainly within a month. You can contact us via email at firstname.lastname@example.org, or post at:
Democratic Society, The Melting Pot, 5 Rose Street, Edinburgh, EH2 2PR
Democratic Society, BeCentral, Cantersteen 10, Brussels 1000, Belgium.
In short, we don’t sell your data and will only share your data as outlined below, other than when required to by law. We only collect data to deliver the work we are funded to do so, to understand how to improve our websites and newsletter, to support our membership activities, and to support our business development. Where we can, we will seek your consent before processing and collecting your data.
More general information about the current laws and lawful bases for data collection can be found on the Information Commissioner’s website (UK residents) or the Data Protection Agency’s (European residents) website.
What data we collect and how we use it
1. Our newsletter
If you subscribe to our newsletter, your name and email address will be added to our mailing list, which is hosted with Mailchimp. Note that Mailchimp may transfer personal data outside the EU, and please contact Mailchimp with questions or concerns about this.
We only use data from this mailing list to send monthly newsletters, and if consent is given, to get in touch directly about activities we think might of interest. We do however gather statistics related to email opening and clicks to help us monitor and improve our newsletter. Likewise, we invite you to update your profile and provide us with additional information such as country of origin, to help us better understand our audience.
If you subscribe to our mailing list, we will retain your data until you unsubscribe, or otherwise ask us to remove your details. To help you unsubscribe every newsletter contains a quick and easy unsubscribe link in its footer.
When you unsubscribe from a newsletter managed via Mailchimp, your details remain on the list of past recipients. Mailchimp states: “Subscribers who unsubscribe themselves can’t be deleted from your list”. Provided you are still a subscriber at the point when you contact us your details can be permanently removed from the list – please get in touch with us at email@example.com if you would like this to happen.
In subscribing to the newsletter, you are consenting to the terms laid out above. The lawful basis for this is termed ‘GDPR 6(1)(a) – Consent of the data subject’. Please see the ICO for more indepth information.
2. Signing up to an event
We use Eventbrite to handle ticketing for some of our events. We ask for as little personal information as possible to support your attendance, such as name, email address, and whether you have any accessibility needs or dietary requirements. We will use this data to ensure we meet (wherever possible) any accessibility needs or dietary requirements, to manage ticketing, to send reminders about the event beforehand, or to send a follow-up subsequently.
By signing up to our events, you consent to your data being used in the above ways, and the lawful basis for this is termed ‘GDPR 6(1)(a) – Consent of the data subject’.
3. Our CRM
Like many organisations, we use a customer relationship management (CRM) platform to keep details of our networks – including people from organisations we collaborate with, people we meet at conferences, and potential clients. With a distributed team working across Europe we find this to be the most effective way to ensure the whole team understands who we’re talking to and meeting with.
We use Capsule, a UK company, for this purpose, and store contact details, copies of some email conversations, and occasionally add some notes about meetings. You can ask us to delete any data we hold about you by emailing firstname.lastname@example.org. We review our database at least once a year, deleting out of date contacts, or trying to update records where people have moved into new roles.
We consider the lawful basis for using a CRM in this way to be our ‘legitimate interest’.
4. Job Applicants
If you apply for a job with us, we will store your CV and cover letter in our internal document storage. Only those who are directly involved in the recruitment process will be able to access them. After the recruitment process has ended, we will delete all cover letters, and all CVs unless we have your consent to retain them. Where we do retain CVs, we will delete them after a period of a year. We may also retain a list of names of who applied for positions, but with no other data attached. We consider the lawful basis for storing and processing this data to be our ‘legitimate interest’.
5. Project Work
We undertake a wide range of project work – from designing and delivering collaborative and democratic processes, supporting the development of networks, through to research through workshops and interviews. Where we’re doing this, we will give you full details about how we will use and look after your personal data. In most instances, we will use a consent form that explains this, the lawful basis for processing your data, and your rights – including how to revoke consent.
Democratic Society is a membership organisation, and processes data of our members to help us stay in contact with these members, and to process membership dues.
In addition to this, we use Mailchimp to send infrequent emails to members. Note that Mailchimp may transfer personal data outside the EU, and please contact Mailchimp with questions or concerns about this.
We consider the lawful basis for storing and processing this data to be our ‘legitimate interest’.
We sometimes place small data files on your computer or mobile phone when you visit our site, known as cookies. This information can be useful for you. For example, if you leave a comment on the blog, cookies ensure that the next time you comment, you won’t have to re-enter your credentials.
We use Google Analytics to collect information about how people use this site. We do this to make sure we understand how we could do it better. Google Analytics stores information such as what pages you visit, how long you are on the site, how you got here, what you click on, and information about your web browser. IP addresses are masked (only a portion is stored) and personal information is only reported in aggregate. We do not allow Google to use or share our analytics data for any purpose besides providing us with analytics information, and we recommend that any user of Google Analytics does the same.
If you don’t want to share your browsing activities on this site with other companies, you can install opt-out browser plugins, such as the official browser plugin for blocking Google Analytics.
You have a number of legal rights regarding your data. For a detailed summary of your rights, please see the Information Commissioner’s website. To exercise any of your rights, we would prefer you contact Mel Stevens, our Data Protection Officer through email at email@example.com, or by sending a letter to us (addresses above).
We will respond as quickly as we can and must do so within a month. You can also exercise any of your rights to any of our team when you see us in person, or on the phone, via email, or via our professional social media accounts.
Right of access: You have the right to access a copy of your personal data, to see what information we hold about you.
Right to rectification of data: If you believe any personal data we hold about you is incorrect or incomplete, you can request we rectify this.
Right to revoke consent: You have the right to revoke consent at any point regarding activities detailed above. We have identified under activities above how to do this and will make sure we do so.
Right to erasure: You have the right to request that we delete the data we hold about you. There may be instances in which there are legitimate reasons for us to continue to hold data, but wherever possible and whenever we are relying upon your consent to hold and process your data, we will delete what we hold.
Right to object: You have the right to object or complain about how your personal data is processed. If you have any concerns about how we handle your data, please contact us. You also have the right to complain to the Information Commissioner’s Office (UK residents), or the DPA (European residents)
However, please do contact us first, so that we can try to help.