Harvest Workers’ Co-Operative Ltd Privacy and Data Protection Policy and Practical Information
The Harvest Workers’ Coop is committed to maintaining the trust and confidence of our visitors to our web site and subscribers to our newsletter. Here you’ll find information on how we treat data that we collect from visitors to our website, or when someone subscribes to our newsletter or purchases items through our online shop.
Visitors to our Website
If we want to collect personally identifiable information through our website www.harvestworkerscoop.org.uk through our email newsletter provider Mailchimp www.mailchimp.com or our online shop with the Open Food Network https://openfoodnetwork.org.uk/harvest-workers-co-op/shop we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Please read the section on cookies below.
Newsletter Sign Up
As part of the registration process for our bi-monthly newsletter, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses.
We use a third party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see MailChimp’s privacy notice.
You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing us email@example.com
Links to our Open Food Network – Online Shop
We use a third party provider, Open Food Network, to administer our online shop. Links to ticket purchases take customers to this site. The Open Food Network uses SSL encryption (2048 bit RSA) everywhere to keep your shopping and payment information private. Their servers do not store your credit card details and payments are processed by PCI-compliant services. If you create an account with the Open Food Network we have access to your name, email, address and order details. You can request that this information is deleted by contacting us firstname.lastname@example.org
Links to Other Web Sites
Access to Your Personal Information
You are entitled to access the personal information that we hold. Email Kevin Cotter at email@example.com
HARVEST WORKERS’ CO-OPERATIVE LTD PRIVACY AND DATA PROTECTION POLICY
1. Policy Statement
Every week our business will receive, use, and store information about a range of data subjects, including but limited to customers, suppliers, and general enquiries. This policy sets out how we ensure that this information is processed lawfully and appropriately, in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
We take our data protection duties seriously, because we respect your privacy. We will not sell or otherwise transfer your information to third parties for marketing purposes without your explicit consent.
2. About This Policy
Harvest Workers’ Co-operative Ltd is responsible for ensuring compliance with the Data Protection Requirements and with this policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to firstname.lastname@example.org or 01837318050.
3. What is Personal Data?
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession).
Processing is any activity that involves use of personal data. It includes obtaining, recording, holding or transferring data; organising, amending, retrieving, using, disclosing, erasing or destroying it.
4. Data Protection Principles
As your data controller, we will ensure that your personal data is:
1. Processed fairly, lawfully and in a transparent manner.
2. Collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose.
3. Adequate, relevant and limited to what is necessary for the intended purposes.
4. Accurate, and where necessary, kept up to date.
5. Kept in a form which permits identification for no longer than necessary for the intended purposes.
6. Processed in line with the individual’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
7. Not transferred to people or organisations situated in countries without adequate protection and without firstly having advised the individual.
5. Fair and Lawful Processing
The Data Protection Requirements are not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the individual.
In accordance with the Data Protection Requirements, we will only process personal data where it is required for the following lawful purposes: where the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, in the legitimate interests of the business, or where the individual has given their consent.
6. Correct Data
We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to amend or destroy inaccurate or out-of-date data.
7. Efficient processing
We will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
8. Processing in line with Data Subject’s Rights
We will process all personal data in line with data subjects’ rights, in particular their rights to:
1. Confirmation as to whether or not personal data concerning the individual is being processed.
2. Request access to any data held about them.
3. Request rectification, erasure or restriction on processing of their personal data.
4. Lodge a complaint with a supervisory authority.
5. Data portability.
6. Object to processing, including for direct marketing.
7. Not be subject to automated decision making including profiling in certain circumstances.
9. Data Security
We take appropriate and adequate security measures against unlawful or unauthorised processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
We have in place standard procedures and technologies to maintain the security of all personal data from collection to amending to destroying. Additionally, we ensure that secure connections are used when collecting financial information from you. All forms which request credit card or bank details use the SSL (Secure Sockets Layer) protocol for encryption.
Cookies – Information
We use a system of classifying the different types of cookies which we use on the Website, or which may be used by third parties through our websites. The classification was developed by the International Chamber of Commerce UK and explains more about which cookies we use, why we use them, and the functionality you will lose if you decide you don’t want to have them on your device.
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
How long are cookies stored for?
Persistent cookies – these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies – these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.
You can find more information about cookies at www.allaboutcookies.org and www.youronlinechoices.eu
Cookies used on the Website
A list of all the cookies used on the Website by category is set out below.
Strictly necessary cookies
These cookies enable services you have specifically asked for. These cookies are essential in order to enable you to move around the Website and use its features, such as accessing secure areas of the Website.
These cookies collect anonymous information on the pages visited. By using the Website, you agree that we can place these types of cookies on your device.
These cookies collect information about how visitors use the Website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the Website works.
These cookies remember choices you make to improve your experience. By using the Website, you agree that we can place these types of cookies on your device.
These cookies allow the Website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
Third party cookies
These cookies allow third parties to track the success of their application or customise the application for you. Because of how cookies work we cannot access these cookies, nor can the third parties access the data in cookies used on our site.
For example, if you choose to ‘share’ content through Twitter or other social networks you might be sent cookies from these websites. We don’t control the setting of these cookies, so please check those websites for more information about their cookies and how to manage them.
Changes to this Policy and Statements
Harvest Workers’ Co-operative Ltd
3 June 2018