Our general privacy notice
This privacy notice explains in detail the types of personal data we (Children of Prisoners Europe, COPE) may collect about you when you interact with us or subscribe to our mailing list. It also explains how we store and handle that data and keep it safe. We are committed to protecting the data and privacy of all of our members, affiliates and partners. If you have any comments or questions about this notice, feel free to write to us at: firstname.lastname@example.org.
Personal data that we process
We ask for certain information when you register for our newsletter (such as your first and last name and email address), make a donation (such as financial information and postal address), or if you correspond with us (such as your email address or postal address). All of these are stored securely and privately and never shared with third parties (with the exception of MailChimp which securely stores our online mailing lists). The following table explains the types of data we collect and the legal basis, under current data protection legislation, on which this data is processed.
|Purpose||Data (key elements)||Basis|
|Enquiring about our organisation and its work||Name, email, message||Legitimate interests – it is necessary for us to read and store your message so that we can respond in the way that you would expect.|
|Subscribing to email updates about our work||Name, email||Consent – you have given your active consent when you subscribe to our mailing list.|
|Making a donation||Name, email, address, payment information||Legitimate interests – this information is necessary for us to fulfill your intention of donating money and your expectation of receiving a confirmation message.|
|Requesting a payment||Name, email, address, payment information||Legitimate interests – this information is necessary for us to fulfill your request to receive a payment from us and your expectation of receiving a confirmation message.|
|Signing up as a member||Name, email||Contract – by paying your membership fees you have entered into a contractual relationship with us as set out in our membership structure document, statutes and bylaws.|
|Website functionality||Website activity collected through cookies||Legitimate interests – it is necessary for us to store a small amount of information, usually through cookies, to deliver functionality that you would expect, such as remembering the contents of your order before you have fully completed the process.|
Conditions for processing data
We will only use your data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table at the top of this policy. We are only entitled to process and store your data within the limits of the GDPR, which sets out a number of different reasons for which we may collect and process your personal data. These include:
In specific situations, we may collect your data (name and email address) to pursue our legitimate interests in a way which might reasonably be expected as part of our organisation’s activities. Doing so does not materially impact your rights, freedom or interests. This may include processing data to satisfy our external quality auditors or our regulators.
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity.
In some situations, we will collect and process your data only with your consent. For example, when you subscribe to receive our email newsletters. When collecting your personal data, we will always make clear to you which data is necessary in connection with a particular service.
For example, we may use your personal information to:
- reply to enquiries you send to us;
- handle donations or other transactions that you initiate;
- where you have specifically agreed to this, send you communications by email relating to our work which we think may be of interest to you.
When and how do we collect your data?
We most frequently collect your data when you provide it to us when signing up for either our newsletter or our press relations mailing list. You may also give us your data by email, through an online web form, over the telephone, face to face, or by post.
How do we use your data
- We use personal data to distribute our newsletter which includes:
- new issues of the European Journal of Parental Imprisonment
- a biannual round-up of news and activities
- invitations to conferences and events
- We also use personal data to distribute press releases to those individuals who have subscribed to our press relations mailing list.
- We will never release your personal details to any organisation outside Children of the Prisoners Europe (COPE) for mailing or marketing purposes.
How do we protect your data?
We take protecting your data very seriously. We treat your data with the utmost care and take all appropriate steps to protect it. We have clear data protection and information security policies and procedures in place and we use commercially reasonable safeguards to preserve the integrity and security of all our information.
Where is your data processed and stored?
Your data is stored and processed within the EEA (with the exception of MailChimp — see below). If we ever have to share your personal data with third parties and suppliers outside the European Economic Area (EEA), we will seek your specific consent to do so. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.
When we share your data
We will only pass your data to third parties in the following circumstances:
- you have provided your explicit consent for us to pass data to a named third party;
- we are using a third party purely for the purposes of processing data on our behalf (such as MailChimp or Wild Apricot membership management software) and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
- we are required by law to share your data.
In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.
How long we keep your data
We take the principles of data minimisation and removal seriously and have internal policies in place to ensure that we only ever ask for the minimum amount of data for the associated purpose and delete that data promptly once it is no longer required. Where data is collected on the basis of consent, we will seek renewal of consent at least every three years.
What are your rights?
You have a range of rights over your data, which include the right to:
- request access to or a copy of the personal data we hold about you at any time, free of charge;
- the correction of your personal data if incorrect, out of date or incomplete. For example, when you withdraw consent; object and we have no legitimate overriding interest; or once the purpose for which we hold the data has come to an end;
- request a copy of any information that we hold about you at any time and to have that information corrected if it is inaccurate. To ask for your information, please write to us at: email@example.com
- If we choose not to action your request, we will explain the reasons for our refusal;
- withdraw consent
- Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. At which point, we will remove your information from all our databases and will stop any consent-based processing of your personal data after you withdraw that consent.
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us.
Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.
Changes to this policy