Superhighways, (a project of Kingston Voluntary Action), respects your privacy and considers the security of your personal information extremely importantly, taking all reasonable measures to safeguard any data we collect from you. The following information outlines what information we collect, for what purpose we process it and where and how long we store it for
Information we collect and how we use it
We collect personal information from you when you or your organisation enquires about our services, joins our membership package, books on our training or events or subscribes to our eNews. This may typically include your name, email address, job title, address and phone number. We also often collect further information about your organisation eg client group you support, borough you are based in, deemed as non personal data.
We only use this information to process requests, deliver our services and to provide you with information about our services, other related services or information about tech and the non profit sector. We will not share this information with other organisations unless we gain prior consent, or as outlined below, or where we are required to do so for legal reasons.
Training & events
We collect some personal data from people booking on our training and events in order that we can contact attendees e.g. with directions to the venue or if the event has been cancelled or send out follow up resources. We may also ask about any additional support needs so we can ensure our training is accessible. We also often report back attendance information to funders (usually as anonymous statistics, but sometimes identifying organisation names and for example which borough they are based in).
Photos, audio & video
We may take photos at training sessions / events and use to post on social media or in our other communications including our website and annual review. We will ask for verbal consent before doing so. We also sometimes take audio or videos from beneficiary organisations to showcase our own impact. In these cases we have a case study consent form which we will ask you to agree and sign.
Monitoring & evaluation
We often use online survey tools (usually Survey Monkey or Office 365 forms) to collect feedback about our services (or to provide evidence of need). These are usually completed anonymously, but we often optionally ask for an email address so we can contact those who have requested follow up e.g. further training. Read more about Survey Monkey’s privacy and security policies
When you subscribe for our eNews, we collect your name, email address and organisation and use this information only for the purpose of communicating updates about our services in our monthly eNews and ad hoc training alerts. We do not share your information with other organisations.
You can subscribe to our mailing list here and if subscribed already, you can unsubscribe at any time by either emailing firstname.lastname@example.org or by clicking the unsubscribe link in the footer of the eNews.
If you fill out our volunteer application form we use the information provided to verify your identity and contact you to progress your application. We will keep basic details after you have finished volunteering with us to enable us to act as a reference in future, should this be requested.
Third party data processors
As outlined above, we use a number of 3rd party providers to process your data e.g. for booking on training and sending out our eNews, most of whom will store your data on our behalf in the United States. We carry out reasonable due diligence checks on these providers including checking they have signed up to the EU US Privacy Shield where data is stored outside of the EU, as well as checking their privacy policies and security statements.
We will only retain your personal information for as long as necessary for the purposes we collect it as outlined above.
We use all reasonable technical, physical and organisational safeguards to maintain security of the personal data we hold about you, to protect against loss, theft or unauthorised access, use, modification or disclosure. We also carry out due diligence checks on the security notices of any data processors that we use.
Under GDPR, you have a number of data rights: the right to access; right to rectification; right to erasure; right to object; right to restrict processing and the right to data portability.