We collect and use your personal data to improve your experience
Trust is important to us and we’re dedicated to protecting your personal data to the best of our ability.
We want to be as transparent as possible with how we use your data. This means no surprises.
We want to communicate with you in the right way based on the information we have. This means sending relevant messages. No spam.
We only keep things as long as we need to. We don’t hold your data indefinitely.
1. How we manage your data
2. What kind of data we collect and why
3. Your rights as a data subject
4. How we protect your data
5. On what grounds we use your data
6. How long we hold your data
7. Sharing your data
8. Marketing and website ‘cookies’
1. How we manage your data
The Social Economy Data Lab is currently hosted by
Social Investment Business, Social Investment Business is a data controller
registered with the ICO. We decide how and why our data is used (as a controller)
while also working with the data to achieve a purpose (as a processor).
We may process certain types of personal data about
you as follows:
Identity data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender.
Contact data may include your address, email address and telephone numbers.
Financial data may include your bank account and payment card details.
Transaction data may include details about payments between us.
Technical data may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses.
Usage data may include information about how you use our website, products and services.
Marketing and communications data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
We use your data for the primary goal of delivering
our service to support charities and social enterprises. Like many
organisations, processing data is critical for the day-to-day operations of our
business; from marketing to fund management.
Personal data of job applicants will be shared for
the purposes of the recruitment exercise. This includes our HR team,
interviewers (who may include other partners in the project and independent
advisors), relevant team managers and our IT service provider if access to the
data is necessary for performance of their roles. We do not share your data
with other third parties, unless your application for employment is
successful and we make you an offer of employment. We will then share your data
with former employers to obtain references for you. We do not transfer your
data with former employers to obtain references for you. We do not transfer
your data outside the European Economic Area.
We may also process sensitive personal data, for
example, health records of staff or criminal records for recovery
funds. We require your explicit consent for processing sensitive data, so
when you submit your details, we will ask for your explicit agreement in
providing this information to us.
If we hold your personal data you have rights
outlined by General Data Protection Regulation and the Data Protection Act
You have the right to be informed about the collection and use of your personal data when it is obtained.
You have the right to be forgotten i.e. for us to no longer store your information. However, there are instances such as statutory/contractual agreements which mean we may have to keep hold of some details.
You have the right to ask for a subject access request (SAR). This means you can ask us for all the information we hold on you and we are obliged to provide this to you in a portable format by one month (30 days). Please note that requests deemed as ‘excessive’ can be denied or charged for. To request a SAR please contact us.
You have the right to complain to the ICO if you believe your personal data is compromised in any way.
We have various security measures in place to
protect all personal data we hold.
Internally, we maintain strict staff permission
sets and a control group policy which limits data access to the relevent
staff. We also educate staff on data protection through practical workshops and
training at the start and throughout their employment with us.
To protect ourselves from external threats, we
maintain active cyber security management (e.g. SSL encryption) and have a
robust emergency response plan in place in the event of a data breach.
As part of our ongoing contractual agreements with
third-party processors, we adhere to strict rules and guideline policies.
We may disclose information about you to any of our
employees, suppliers or subcontractors insofar as reasonably necessary for the
We will not without your express consent provide
your personal information to any third parties for the purpose of direct
Occasionally, Social Investment Business will act
as a ‘joint controller’. This means we will share information between us and a
partner organisation – for example, on a collaborative fund where another
controller is providing business support. We don’t share your information
without your consent.
do this in order to monitor and improve the user experience through Google
A cookie consists of information sent by a web
server to a web browser, and stored by the browser. The information is then
sent back to the server each time the browser requests a page from the server.
This enables the web server to identify and track the web browser.
Most browsers allow you to reject all cookies,
whilst some browsers allow you to reject just third party cookies. For
example, in Internet Explorer you can refuse all cookies by clicking “Tools”,
“Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding
selector. Blocking all cookies will, however, have a negative impact upon
the usability of many websites.
We operate a limited form of profiling in the
interests of providing relevant targeted marketing communications to our
stakeholders. For example, news subscribers who have willingly given us the
information that they work in the physical health or sports space may receive
an alert about a sports fund launch.
We do not currently have any automated or AI-based
decision-making in place.