Superhighways, (a project of Kingston Voluntary Action), respects your privacy and considers the security of your personal information extremely importantly, taking all reasonable measures to safeguard any data we collect from you. The following information outlines what information we collect, for what purpose we process it and where and how long we store it for
Information we collect and how we use it
We collect personal information from you when you or your organisation enquires about our services, joins our membership package, books on our training or events, accesses our advice services or subscribes to our eNews. This may typically include your name, email address, job title, address and phone number. We also often collect further information about your organisation eg client group you support, borough you are based in, deemed as non personal data.
We only use this information to process requests, deliver our services or to provide you with information about our services and any other related services or resources. We will not share this information with other organisations unless we gain prior consent, or as outlined below, or where we are required to do so for legal reasons. Organisational data may sometimes be shared with our funders to satisfy reporting requirement,usually as anonymous statistics, but sometimes identifying organisation names and for example which borough they are based in.
We collect and store some personal data when providing advice and assistance to both member and non member organisations accessing our tech support service. This is logged in our Tech support portal which links to our CRM (AIDE) and is used to reference past IT issues and look up contact details so we can get back to you.
Training & events
We collect some personal data from people booking on our training and events so we can administer bookings and e.g. contact attendees with webinar links, update on any session cancellations or send out follow up resources. We may also ask about any additional support needs so we can ensure our training is accessible and report back attendance information to funders as above.
Photos, audio & video
We may take photos at training sessions or events and use to post on social media or in our other communications including our eNews, website and annual review. We will ask for verbal consent before doing so. We also sometimes take audio or videos from beneficiary organisations to showcase our own impact. In these cases we have a case study consent form which we will ask individuals to agree to and sign.
Monitoring & evaluation
We often use online survey tools (usually Survey Monkey or Office 365 forms) to collect feedback about our services (or to provide evidence of need). These are usually completed anonymously, but we often optionally ask for an email address so we can contact those who have requested follow up e.g. further training. Read more about Survey Monkey’s privacy and security policies. In future we will be using inbuilt surveys from our CRM system (AIDE).
When you subscribe to our eNews, we collect your name, email address and organisation and use this information only for the purpose of communicating and targeting updates about our services in our monthly eNews and ad hoc training alerts. We do not share your information with other organisations.
You can subscribe to our mailing list here and if subscribed already, you can unsubscribe at any time by either emailing email@example.com or by clicking the unsubscribe link in the footer of the eNews.
If you fill out our volunteer application form we use the information provided to verify your identity and contact you to progress your application. We will keep basic details after you have finished volunteering with us to enable us to act as a reference in future, should this be requested.
Third party data processors
As outlined above, we use a number of 3rd party providers to process your data e.g. for booking on training and sending out our eNews. Where data hosting is possible in the UK, we opt for this. But some providers will store your data on our behalf in the EU or United States. We carry out reasonable due diligence checks where data is transfered outside the UK.
We will only retain your personal information for as long as necessary for the purposes we collect it, as outlined above.
We use all reasonable technical, physical and organisational safeguards to maintain security of the personal data we hold about you, to protect against loss, theft or unauthorised access, use, modification or disclosure. We also carry out reasonable due diligence checks on the security notices of any data processors that we use.
Under GDPR, you have a number of data rights: the right to access; right to rectification; right to erasure; right to object; right to restrict processing and the right to data portability.
Updated February 2022.