We have studied the Information Commissioner’s Office (ICO) guidelines concerning compliance with the UK's General Data Protection Regulation (UK GDPR) rules. This document explains how We Are Open Co-op (WAO) complies with this legislation, using the guidance found on the ICO's website.
The Company Secretary and all members of WAO are aware that GDPR came into effect on 25th May 2018. They have read and adhere to our data protection and privacy policies.
We hold the following data, which can be accessed by relevant members of WAO:
The Company Secretary has access to the following data:
The Company Secretary and Weaver Financial Ltd. (our accountants) have access to the following data:
We do not share this information with anyone outside of We Are Open Co-op and our UK-based accountants, Weaver Financial Ltd.
We have taken the following steps:
Any individual or organisation may request information about the data held by WAO about them. We will update or delete this data subject to reasonable requests to comply with GDPR. Note that we have a legal requirement to retain some financial records for auditing purposes.
We will respond to all requests for information within the one month compliance period. In order to action the request, please note that the individual or organisation will be requested to prove their identity.
Any individual or organisation subscribed to our email lists can unsubscribe at any time by clicking the relevant link in one of our communications, or by contacting us via our website. These email addresses are retained as ‘unsubscribed users’ for a one-year period for auditing reasons.
Information held in Xero is stored solely for accounting purposes.
Individuals and organisations who subscribe to our email lists are over the age of 13. If we find that there are subscribers under this age, we will remove them from the list, explaining why we are doing so.
We aim to prevent data breaches by using strong passwords with two-factor authentication where available. If any organisations who we use as data processors are compromised we would take steps to follow their advice immediately, and inform the data subjects.
We have familiarised ourselves with the ICO’s code of practice on Privacy Impact Assessments.
We have appointed a Data Protection Officer (DPO) who can be contacted at: DPO@weareopen.coop
If we transfer your personal data outside the UK or EU, we ensure that it is protected in a manner consistent with how your personal data will be protected by us in the UK or EU. This can be done in several ways, for instance:
We’re serious about protecting your personal data. This note explains:
If you have any questions or queries about this notice please email us at DPO@weareopen.coop
Your privacy is important to us. We are committed to safeguarding the privacy of your information.
We collect personal data to provide an appropriate level of service to you and to comply with the law regarding data sharing. In legal terms, this is called ‘legitimate interests’. We collected your personal data when you corresponded with us during a sales process or signed up for one of our services. When required, we may also ask you for your consent to process your data. We never share your information with others without your consent.
We’re committed to using your personal data responsibly and lawfully. Here’s what we do with your personal data:
Your personal data is all stored within the EU or on platforms including G Suite that have Privacy Shield and/or other features to ensure we can them in ways compliant with the GDPR in general, and our privacy and data retention policies specifically. Google’s Privacy Shield Certification is here.
To help us to maintain the accuracy of the personal data that we hold please let us know if we hold out of date or inaccurate information about you.
We hold your data for varying lengths of time depending on the type of information in question but in doing so we always comply with Data Protection legislation. We will hold your data for six years from the end of contracted business relationship or the date of last correspondence, whichever is the later.
We will not share your information with third parties without your consent unless the law requires us to do so or as necessary for own legitimate interests or those of other persons and organisations, e.g.
There are only a few occasions where we will share your personal data with a third party. They are:
Under Data Protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact our Data Protection Officer (DPO).
You also have the right to:
For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you please get in touch with our Data Protection Officer using the contact details below.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns
To discuss anything in this privacy notice, please contact our Data Protection Officer: DPO@weareopen.coop