Data Privacy Notice
Foxglove Legal (Foxglove) strongly believes that you have the right to control the use of your personal information, and that your privacy must be respected. We strictly limit the collection and processing of your personal data. We will not use personal data that you provide to us in a manner inconsistent with the purposes for which you provided it to us.
This data use policy describes how we will process any personal information that we may collect about you as a supporter, a donor, an attendee at an event, as a partner or as a visitor to our website.
We do not and will not sell, rent or lease personal data, nor send marketing on behalf of third parties.
1. Who is Foxglove?
Foxglove Legal is a non-profit and a Community Interest Company (registered company number 12052097). Our registered address is: International House, 36-38 Cornhill, London, England, EC3V 3NG. Our correspondence address is: PO BOX 76731, London, SW2 9PE. You can contact Foxglove by emailing firstname.lastname@example.org.
Foxglove is the data controller for data processing in accordance with this policy and is registered with the Information Commissioner as a data controller (registration number ZA694774).
2. The personal information we collect and how we use it
Personal data, or personal information, means any information from which your individual identity could be identified. It does not include data where the identity has been removed (anonymous data). We explain below the personal data we collect and how we use it, and explain the circumstances in which we only collect anonymised data.
If you subscribe to our emails:
We collect the information you provide – your full name and email address – in order to send you updates about our work, when you sign-up online and consent to receiving emails from us.
To create more suitable content and better understand how our supporters interact with the emails that we send, we may keep a record of your engagement with Foxglove. This record includes the donations you make to Foxglove and when you engage in one of our supporter actions, for example if you sign one of our petitions.
When signing-up for our emails, the information you provide is collected by a third-party tool called Action Network. We receive information from Action Network that allows us to know if the emails we send you have been opened.
If you are a journalist and you ask to sign up to receive our press releases your name, your email address and information about the news outlet for which you work will be held in AirTable.
If you make recurring donations to Foxglove
If you sign up to make a recurring donation to Foxglove online, you are asked to provide your name, email address, telephone number and payment information this information is used to process your donations.
A company called GoCardless processes the donations on our behalf and then shares the information about your donation with us. GoCardless collects the information you provide – your name, address and payment information – on our behalf. We hold this information for the purposes of completing and recording your transaction(s).
If you make a one-off donation to Foxglove:
If you make an online donation to us, you are asked to provide your name, email address, telephone number and payment information. This information is used to process your donation.
If you make a one-off donation to Foxglove, a company called Stripe processes the donations on our behalf and then shares the information about your donation with us. Stripe collects the information you provide – your name, address and payment information – on our behalf. We hold this information for the purposes of completing and recording your transaction(s).
If you choose to make a donation through Paypal, they will process the donation on our behalf and then share the information about the donation with us. Paypal collects the information you provide – your name, address and payment information – on our behalf. We hold this information for the purposes of completing and recording your transaction(s).
If you visit our website:
Our website is hosted by Wordpress. Through WordPress we collect some information about your visit to our site. Including: information about your browser, network and device. The information collected also includes details about your visit to our website. Including: clicks, internal links, pages visited, searches and timestamps.
On our website we use a WordPress plugin called Matomo, which is an open source web analytics platform which collects, analyses, and reports data about how our website is used. We use Matomo to help us improve the design and functionality of our website.
Through Matomo, we collect some details about your visit to our website, including: date and time of visit; the title of the page viewed; the URL of the page viewed; the URL of the page viewed prior to the current page; screen resolution; the time in local timezone; files that were clicked and downloaded; the link clicks to an outside websites; how long pages take to load; country, region, city of the site visit; the main language of the browser; the browser you use; mouse events (movements, content forms and clicks); whether you take any actions on our site; and whether you watch any videos we have on the site.
We do not use Matomo to process any personal data about users of our website and have it configured not to collect any personally identifiable information.
If you contact us by phone, email or in writing:
If you exchange emails, telephone conversations or other electronic communications with our staff members, our systems will record details of those conversations, sometimes including their content. If you contact us by email we use the secure and encrypted email provider Outlook to store your email. If you contact us by post your letter will be sent to our registered address where it will be scanned an uploaded to password protected online portal.
When you contact us, we sometimes need to keep a record of the communication we have with you to operate, manage and develop our organisation.
If you apply for a job with us:
If you apply for a job with us, you are asked to provide your name, email address and telephone number. The information you provide is collected by a third-party tool called Applied. We hold this information for the purposes of communicating with you on the progress of your application.
In the course of our work, we collect information such as the names, contact details and work-related information about individuals and organisations we work with. We keep this information in order to invite you to collaborate on and participate in relevant work-related activities.
This includes the details of those whose professional interests align closely with our own and individuals who participate directly in our activities, as well as those who we have current contractual obligations with or who we may in the future enter into an agreement with. We also keep the details of other professional contacts if you have consented to hearing from us for this purpose.
We collect this information through business cards, personal contact or occasionally recommendations from partners.
If you sign up to attend a Foxglove event we use Eventbrite to manage and communicate with event attendees. If you sign up to attend an event through Eventbrite we hold your name and email address. If you choose to give Foxglove a donation to attend one of our events, we hold your payment information which is used to process your donation.
If you sign up to attend an online Foxglove event, we use Zoom or Crowdcast to host the meeting. Through Zoom or Crowdcast we collect some information about you, including your name and email address so we can invite you to the event.
If you send us an invoice then your financial information and contact details are processed in our accounting software Xero.
If you fill out a survey with us, you will do so through a website called Typeform. We will not collect personal data through Typeform without informing you why we are doing it and allowing you to opt-out.
3. The legal bases for our personal data processing
In summary, where we are processing personal information or data, we rely on the following legal bases:
- Your specific consented to a particular use of your data (such as where you have signed up to receive our emails);
- Where you have entered into a legal agreement with us that necessitates that particular use of your data (such as where you make a payment or donation to us);
- Where it is necessary lawful basis for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example, when a partner shares your details with us as you may be interested in our work – but we will delete such information if you tell us that you do not want to hear from us);
- Where we are obliged to process your data in a particular way by law (for example, if we are required to notify any authority or regulator of the nature or value of your donations).
4. Your data and third parties
There are some third party service providers Foxglove uses to further our stated purposes. We are transparent about those third parties. They are:
- Action Network
Foxglove strongly values data protection and we are therefore very carefully select the third parties we work with and we ensure that they share our values around data protection. All third parties that we work with are contractually obligated to act on our instructions and in accordance with current data protection legislation. We shall never voluntarily share your information with a third party for their own use.
There are some circumstances where we may have to disclose your information if required by law. If this is ever the case, we will tell you.
We will never sell, rent, trade or pass your personal data to any other third parties.
5. Third party links
6. Retention and deletion of your information
We keep your data as long as the law requires us to, and no longer. We will delete or permanently anonymise personal data when it is no longer needed for the purposes for which it was collected. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which we collected it. Including for the purposes of fulfilling any regulatory, legal, tax, accounting and reporting requirements.
When determining the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal, regulatory, tax, accounting or other requirements.
7. The security of your information
We take the security of your information very seriously. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use OneDrive (Microsoft) to store our electronic documents.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Your rights
As a data subject you have a number of rights in relation to your personal data.
Right of access
You have a right to request access to the personal information that we hold about you, and to some related information, under data protection law. You may have heard of this right being described as a “subject access request”
We follow the ICO’s “Subject Access Code of Practice” when dealing with requests for access to personal data. You can read this code by visiting https://ico.org.uk/media/for-organisations/documents/2014223/subject-access-code-of-practice.pdf
Right of rectification and erasure
You can also require any inaccurate personal information to be corrected or deleted (and we hope you will).
You may also ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”).
Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. Further, we are not always obliged to erase personal data when asked to do so; if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to your request.
Your right to stop receiving communications
As noted above, where we send you e-mail marketing communications (or other regulated electronic messages) you have the right to opt-out at any time. You can do this by using the ‘unsubscribe’ link that appears in the footer of each communication.
Alternatively, if for any reason you cannot use those links, or if you would prefer to contact us directly – you can unsubscribe by writing to us at email@example.com and telling us which communications you would like us to stop sending you.
Right to restrict processing
Where we process your personal data on the basis of a legitimate interest (see the sections of this Policy which explain how and why we use your information) you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.
You may also ask us to stop processing your personal data (a) if you dispute the accuracy of that personal data and want us verify that data’s accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.
Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.
Right to object
You can object to our use of your personal information at any time and you may have the right to object to our processing of some or all of your personal information in some other circumstances.
Your right to object to automated decision making and profiling
You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.
We do not use any of these techniques.
Right to portability
Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party you may write to us and ask us to provide it to you in a commonly used machine-readable format.
Because of the kind of the nature of our work do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party we are happy to consider such requests in good faith.
Exercising your rights
You can exercise any of these rights at any time. If you wish to do so, please contact us at the details set out below, and explain what right you wish to exercise and why.
We may need to ask you for more information about who you are (for e.g. we may request ID documents to help us verify your identify) or other information about your request to make sure we understand it properly.
For full information about your rights under the current General Data Protection Regulation, please see the Information Commissioner’s Office website.
9. Making a complaint
If you are unhappy with the way that we have processed or handled your data then you have a right to complain to the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom.
The contact details for the Information Commissioner’s Office are:
- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
- Telephone: 0303 123 1113
- Website: https://ico.org.uk/concerns/
10. Contact us
We want to do everything we can to make sure the information we hold on you is accurate and up to date. If you have a query regarding this statement, if you would like us to amend any information or request access to the information we hold on you, please contact Martha Dark, Director, firstname.lastname@example.org or call +44 20 8152 8076.
Except for information that needs to be kept for legal reasons, you have a right to opt-out of us processing your data or withdraw your consent at any time. Please contact us using the above details if this is the case.
12. Changes to this policy or your personal information
We keep this data use policy under regular review and will place any updates on this page. This data use policy was last updated on 21 October, 2022.
Please do let us know if there are any changes to your information which you would like us to update our records to take account of.