‘Our’, ‘we’ and ‘us’ refers to aspects related to the incorporated organisation of Gigfunding C.I.C.
‘Our users’ refers to users of the website www.Gigfunding.org of whom have created a profile and had their identity verified through the platform.
You should read this Policy alongside our Terms and Conditions which are available here.
1. Contact Information
Gigfunding C.I.C. is the data controller in respect of any personal data we collect about you for the purposes of the GDPR and all other applicable law from time to time relating to the processing of personal data.
If you have any comments, enquiries or complaints related to this Policy or the information we hold about you, please do not hesitate to contact us by email, using firstname.lastname@example.org.
Our data protection officer ensures, in an independent manner, that our processing of personal data is carried out in accordance with applicable law.
2.1 The Policy sets out how we use and protect your personal data that you provide to us, or that is otherwise obtained or generated by us, in connection with your use of our website or mobile application.
2.3 Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information. This will be in the form of a monthly newsletter from the team. There is weekly and monthly opt in/out ‘new listings, which you can control on the settings menu, under ‘Newsletters’.
2.4 This Policy explains the following:
what personal data we collect from you;
the purposes for which we process personal data;
the legal bases for processing your personal data; and
your rights regarding your personal data.
2.5 In this policy, "we", "us" and "our" refer to Gigfunding C.I.C, a community interest company registered in England (company number 10701355). For more information about us, see Section 1 Contact Information.
2.6 This document was created using a template from SEQ Legal (https://seqlegal.com/free-legal-documents/privacy-policy).
3. The data we collect about you
3.1 Personal data is any information that relates to an identified or identifiable individual. We collect and process different kinds of personal data about you including the following:
Profile Data - We will only ever use your data / details to make your Gigfunding profile (Offer or Request).
Account Data - this includes your website user account data such as your username and password (stored in encrypted format), profile information and picture which you will provide when setting up an account with us;
Contact data - this includes any information you have given us to use to identify or contact you. This could include your name, address, email address or phone number, your communication preferences (i.e. a record of what you have told us about how you like to be contacted and what you would like to receive, logs of communications we’ve sent you and you have sent us);
Financial data - this includes bank account and payment card details that you have provided to us on the website [and information on donations that you make on our website, gift aid status;
Publication data - this is the information you post for publication on our website or through our services, including offers and requests the user has posed and any given or received feedback or badges, and any enquiries or complaints that you raise with us;
Usage Data - this includes information about how you use our website, mobile application and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This usage data may be processed for the purposes of analysing the use of the website and services. The source of the usage data is our analytics tracking system. Your approximate location is visible to other users on the platform. This is useful to other users who might be looking for a particular skill in that area. But this functionality can be switched off, by clicking on the YOUR NAME>SETTINGS>LOCATION>then Deleting the information in the box/field.
3.2 We store the following personal data on an electronic database register:
Personal details: First name, second name, display name, email address, phone number, profile picture, location (non-specific, general area of address given);
Account details: username, password (stored in encrypted format);
The description text that the user may write about him/herself;
The offers and requests the user has posted to the service;
Statistical data about service usage, e.g. the number of times the user has logged in; andThe given and received feedback and badges.
3.3 Personal details are given by the user on registration to the service on the website or when requesting services on the website at a later time. The handling of personal details is not outsourced to a third party, but the register data is stored on a server [in the UK] that is rented by us from a third party operator.
3.4 [If you use your credit or debit card to make payments online, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard.]
3.5 Generally, we do not collect or keep a record of sensitive information. If we do need to gather this information, we would only do so with your explicit consent.
4. How your personal data is collected.
We use different methods to collect data from and about you including through:
Direct interactions with you: we collect your Account Data, Contact Data, Publication Data and Financial Data as well as other personal data you provide to us, including when you register with us, engage with our website, fill in forms, correspond with us by post, phone, or email, make an enquiry or complaint or make a payment on our website.
[Third parties or publically available sources: we will receive personal data about you from various third parties [and public sources]]:
Google analytics (please see our section[x] on cookies);
Our partner causes.
5. The purposes for which we use your personal data
We will only use your personal data when the law allows us to. We may use your personal data for the following purposes:
Usage data may be processed for the purpose of analysing the use of the website and services, to facilitate service development and to operate, maintain, understand and improve the use of our website, mobile application and services. The source of usage data is our analytics tracking system;
Contact data may be processed for the purpose of facilitating communication between service providers and service users on the website and to enable direct communication between website users, and to provide customer service; ie. for social media marketing.
Account data may be processed for the purpose of operating the website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you;
Publication data may be processed for the purposes of enabling such publication and administering our website and services; and
Financial data may be processed for the purposes of facilitating payments online and administering and managing your payments.
We process certain personal data, including Contact data and Financial data, where such processing is necessary (i) for compliance with our legal or regulatory obligations or (ii) in order to comply with our duties and exercise our rights under a contract with you.
We carefully manage the communications that we send to you to ensure we are contacting you in the most appropriate manner. If you ask us to stop contacting you, we will, unless we are legally obliged to communicate with you. We will only contact you by email for marketing purposes if you have given us your explicit opt-in consent to do so along with your email address. You can opt out of these emails at any time by clicking on the “unsubscribe” link at the bottom of our emails or by emailing our team at: email@example.com
6. Legal basis for processing your personal data
The legal basis that we rely on to process your personal data will depend upon the circumstances in which we collect and use your personal information.
We will process your Usage data in accordance with this Policy where it is necessary for the purpose of furthering our legitimate interests including in respect of monitoring and improving our website, mobile application and services and keeping our records up to date.
We will process your Account data and Publication data in accordance with this Policy where it is necessary for the purpose of furthering our legitimate interests including in respect of the proper administration of our website and business, keeping a record of your communications with us and handling contacts, complaints and queries.
We will process your Financial data in accordance with this Policy where it is necessary for the purpose of furthering our legitimate interests including in respect of facilitating financial transactions on our website and to prevent, detect and investigate fraud or illegal activity.
A legitimate interest exists where we have a business or wider public interest reason to use your information. However, when we act on the basis of our legitimate interests, we must balance our interests against what is right and best for you.
We will process your personal data in accordance with this Policy where you have provided your consent to allow us to use your data in a certain way, for example, if you have elected to receive updates by email about our activities.
We will process your personal data in accordance with this Policy where it is necessary for compliance with our legal or regulatory obligations, including in respect of payment processing and financial accounting management.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
7. Providing your personal data to others
7.1 We will not, without your consent, share or disclose any of your personal data to a third party other than for the purposes specified in this Policy or where there is a legal or regulatory requirement to do so. We do not sell your details to anyone.
7.2 We may disclose your personal data to a third party where such disclosure is necessary (i) for compliance with a legal or regulatory obligation (such as to the courts, law enforcement agencies, the ICO, HMRC, the Charity Commission, Companies House, regulatory agencies or government bodies), or (ii) to protect the rights, privacy and safety of us, you or others.
7.3 We may also disclose your personal data to a third party in order to apply or enforce our contractual rights, including, for example, to certain hosting service providers.
7.4 We use external service providers to provide you with our services. These providers may include payment providers and software platform providers. Where required, we would give relevant persons within these service providers access to your personal information, provided that they have adequate data security processes in place.
7.5 We use Stripe to process your debit or credit card payments. More information on how Stripe process your personal data and your data protection rights, including your right to object, is available at https://stripe.com/gb/privacy.
7.6 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
7.7 Data security and protection of your personal data is very important to us. We take care in the selection and implementation of appropriate security measures and controls to keep your data protected and safe. Accordingly, we limit access to the personal data to only certain employees who reasonably need to process the data in accordance with this Policy.
7.8 You can rest assured that any such third party to whom we transfer your personal data will be under an obligation to protect the confidentiality and security of your personal data.
8. International transfers of your personal data
8.1 Unless we notify you, we will not process or transfer your personal details outside of the European Economic Area (“EEA”) as currently defined. The hosting facilities for our website are situated in the UK.
8.2 You acknowledge that personal data that you submit for publication through our website may be available, via the internet, around the world. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of such personal data - any transmission is at your own risk. Gigfunding C.I.C cannot accept liability for this if it happens.
9. Retaining and deleting personal data
9.1 This Section 9 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
9.2 Personal data that we process for any purpose shall only be stored for (i) as long as it is reasonably necessary to fulfil the purposes we collected it for, and/or (ii) to the extent necessary to comply with our legal and regulatory obligations, and for the purposes of preventing fraud, crime or other activity that may cause harm in relation to our business or our service users.
9.3 For example, we will keep your personal data for as long as you are a service user or service provider on our website, and for a reasonable time after you stop being a user or provider so that we can respond to any questions or complaints regarding our interactions with you.
9.4 The duration for which each category of data will be retained will vary depending on how long we need to process it for, the reason it was collected, and in line with any statutory requirements. Beyond this the data will either be deleted or we may retain a secure anonymised record for analytical purposes.
9.5 Where we retain personal data, we do so in accordance with any limitation periods and records retentions obligations that are imposed by applicable law. We will continue to safeguard your personal data for as long as we hold it.
9.6When we no longer need to use your personal information for the purposes set out in this policy, we will ensure it is securely disposed of, at the appropriate time. You can request for us to delete this information at any time and we will do so.
10. Your rights regarding the personal data you provide to us
10.1 In this Section 10, we have listed some of the rights that you have under data protection law.
10.2 Your principal rights under the data protection law are:
(a) the right to access - you can ask for copies of your personal data that we store;
(b) the right to rectification - you can ask us to correct any inaccurate personal data we hold on you or to complete any incomplete personal data we hold on you;
(c) the right to erasure - you can ask us to delete or amend your personal data from our records in certain circumstances, including where it is no longer necessary for us to hold it for the purposes for which we are processing it;
(d) the right to restrict processing - you can restrict or object to the processing of your personal data if there is disagreement about its accuracy or legitimate use;
(e) the right to object to processing - you can object to the processing of your personal data for marketing or profiling purposes;
(f) the right to data portability - you can ask that we transfer your personal data to another organisation or to you in certain circumstances;
(g) the right to complain to a supervisory authority - you can lodge a complaint with national data protection authorities regarding our processing of your personal data. In the UK, the competent authority is the Information Commissioner’s Office; and
(h) the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
10.3 These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by reading this guidance issued by the Information Commissioner’s Office https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
10.4 You can make a complaint, raise a concern about how we process your personal data or exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out above. If you are not happy with how we have handled your complaint, you can contact the Information Commissioner’s Office.
11. About cookies
11.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies are widely used in order to make sure websites work effectively, as well as to store information about your preferences or past actions.
11.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
11.3 Cookies do not typically contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
12. Cookies that we use
(i) improving efficiency and your website experience - by helping us to remember you the next time you visit our websites and operate our digital services efficiently, (ii) measurement and analysis - to measure website traffic and usage patterns in our digital services and to collect information about your interactions with those services
13. Cookies used by our service providers
__stripe_mid: Generates a session for recognising a client and expires after one year.
__stripe_sid: Generates a session for recognising a client and expires after one year.
14. Managing cookies
14.1 Most browsers allow you to refuse to accept cookies and to delete cookies by following your browser’s instructions. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647 (Chrome);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
14.2 Blocking all cookies may have a negative impact upon the usability and functionality of many websites. Without cookies you can still visit our website but some of the features of the website may not work.
14.3 For instructions on how to stop cookies being installed on your browser, please see http://www.allaboutcookies.org/manage-cookies
14.4 If you would like to opt out of Google Analytics, you can do so by viewing Google’s currently available op-outs.
15. Changes to this Policy
15.1 We will review and update this Policy from time to time. Any changes to this Policy will become effective when we post the revised Policy on our website.
15.2 You should check our website frequently to ensure you are happy with any updates or changes to this policy.
15.3 We may notify you of significant changes to this policy by email.
15.4 This Policy has been last updated on [19.11.2020]