We have studied the Information Commissioner’s Office (ICO) guidelines concerning compliance with the new General Data Protection Regulation (GDPR) rules. This document explains how We Are Open Co-op (WAO) complies, using the structure of the ICO booklet, “Preparing for the General Data Protection Regulation – 12 Steps to Take Now.”
The Company Secretary and all members of WAO are aware that GDPR comes into effect on 25th May 2018. The Company Secretary and all members have read and adhere to our data protection privacy policies.
We hold the following data, which can be accessed by relevant members of WAO:
The Company Secretary has access to the following data:
The Company Secretary and Weaver Financial Ltd. (our accountants) have access to the following data:
We do not share this information with anyone outside of We Are Open Co-op and Weaver Financial Ltd (based in the UK).
We have taken the following steps:
Any individual or organisation may request to be informed on the data held by WAO about them. We will update or delete this data subject to reasonable requests in order to comply with GDPR. Note that we have a legal requirement to retain some financial records for auditing purposes.
We will respond to all requests for information within the one month compliance period. In order to action the request, please note that the individual or organisation will be requested to prove their identity.
Any individual or organisation subscribed to our email lists can unsubscribe at any time by clicking the relevant link in one of our communications, or by contacting us via our website. These email addresses are retained as ‘unsubscribed users’ for a one-year period for auditing reasons.
Information held in Xero is stored solely for accounting purposes.
Individuals and organisations who subscribe to our email lists are over the age of 13. If we find that there are subscribers under this age, we will remove them from the list, explaining why we are doing so.
We aim to prevent data breaches by using strong passwords with two-factor authentication where available. If any organisations who we use as data processors are compromised we would take steps to follow their advice immediately, and inform the data subjects.
We have familiarised ourselves with the ICO’s code of practice on Privacy Impact Assessments.
We have appointed a Data Protection Officer (DPO) who can be contacted at: DPO@weareopen.coop
We have registered with the UK’s lead data protection supervisory authority, the Information Commissioner’s Office (ICO).
We’re serious about protecting your personal data. This note explains:
If you have any questions or queries about this notice please email us at DPO@weareopen.coop
Your privacy is important to us. We are committed to safeguarding the privacy of your information.
When required we collect personal data to provide an appropriate level of service to you and to comply with the law regarding data sharing. In legal terms this is called ‘legitimate interests’. We collected your personal data when you corresponded with us during a sales process or signed up for one of our services. When it is required, we may also ask you for your consent to process your data. We never share your information with others.
The categories of information that we may collect and hold include:
We’re committed to using your personal data responsibly and lawfully. Here’s what we do with your personal data:
Your personal data is all stored within the EU or on platforms including Google Applications that have Privacy Shield and/or other features to ensure we can them in ways compliant with the GDPR in general, and our privacy and data retention policies specifically.
Google Apps’ Privacy Sheild Certification is here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
To help us to maintain the accuracy of the personal data that we hold please let us know if we hold out of date or inaccurate information about you.
We hold your data for varying lengths of time depending on the type of information in question but in doing so we always comply with Data Protection legislation. We will hold your data for six years from the end of contracted business relationship or the date of last correspondence, whichever is the later.
We will not share your information with third parties without your consent unless the law requires us to do so or as necessary for own legitimate interests or those of other persons and organisations eg:
There are only a few occasions where we will share your personal data with a third party. They are:
Under Data Protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact our Data Protection Officer (DPO).
You also have the right to:
For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you please get in touch with our Data Protection Officer using the contact details below.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/
To discuss anything in this privacy notice, please contact our Data Protection Officer: DPO@weareopen.coop