Tamar Grow Local CIC
Privacy Policy
Updated April 2023
In accordance with the Data Protection Act (2018) General Protection Data Regulation (GDPR),
Tamar Grow Local has made sure that the way we have stored your data and will continue to do so
complies with the Regulations.
Tamar Grow Local CIC (TGL) only keeps people’s data if they have consented for us to do so. This
includes our members, supporters and allies who have signed up to be part of TGL, people who
signed up to our mailing lists via our website, people who have donated to our organisation, and
people we work with. This policy also applies to participants in research projects.
This data is only accessible by nominated staff and directors of Tamar Grow Local CIC and
Landworkers’ Alliance. Be assured that we will always endeavour to be clear, honest and transparent
with you about the info and the information we collect, and wherever practical will ask your specific
consent.
Our Privacy Policy sets out how we obtain, process and store personal data that you have provided
to us.
What is the General Data Protection Regulation and why is it important?
General Data Protection Regulation, or GDPR, dictates how businesses, charities, NGOs and unions
process and handle data. GDPR also boosts the rights of individuals and gives them more control
over their information.
Tamar Grow Local CIC is committed to ensuring all personal data will be handled in line with the
GDPR. We have laid out below how we store and what we do with our members, supporters and
allies’ data.
To read more about GDPR visit the Information Commissioner’s Office GDPR webpage.
How we use and store your data
1. Processing your data and your rights to access it
2. How TGL communicates with members, supporters, allies and the interested public
3. Our TGL members and supporters database
4. Sharing information with third parties
5. Updates and reviews
6. How long will we keep your data for?
7. What are your rights?
8. Where can you update your information?
9. Where can you find further information?
1. Processing your data and your rights to access it
Where you give us consent to process your data (i.e by signing up to our mailing list, donating to
us, joining as a member, supporter or ally) we always keep a clear record of how and when this
consent was obtained. We endeavour to ensure that there are appropriate and proportionate
technical and organisational measures to prevent the loss, destruction, misuse, alteration,
unauthorised disclosure of or access to your personal information. Personal information such as
bank details will always be kept in a password protected document. Your information is only
accessible by nominated and appropriately trained TGL staff and directors, who agree to abide
by this policy.
You can withdraw your consent for us to have your data at any time, or request that all your
personal data be deleted by emailing: info@tamargrowlocal.org
If you exercise your ‘right of erasure’, we will remove your personal information completely and
immediately.
2. How TGL communicates with members, supporters, allies and the interested public
TGL communicates with members, supporters, allies and the interested public by sending out
newsletters. You will receive these newsletters only if you have signed up for them via our
website. If you sign up for our regular newsletters and email updates we only ask for your email
address. We send out monthly newsletters, invitations to events, occasional targeted emails
about our projects and the Tamar Valley Food Hubs.
We send out all our newsletters via mailchimp, and this is where your email addresses are
stored. To read more about Mailchimp’s privacy policy please see point 3 below.
You can opt out of receiving these newsletters from us at any point by either (1) clicking
unsubscribe at the bottom of the newsletter or (2) by emailing info@tamargrowlocal.org
3. Our TGL members and supporters database
a) What personal information of members and supporters does TGL collect?
Personal information is collected when you join as a member or supporter on our website, over
the phone, by post or in person for example at an event. The information we generally collect
includes name, email address, physical address, reasons for interest. It is optional to include a
telephone number and date of birth and all other information is provided to us voluntarily.
All this information is held in our membership database on Excel and is password protected.
Only nominated TGL staff and directors can access the database, and anyone who has access to
the database must sign a non-disclosure agreement.
When people join as members and supporters on our website we do use other organisations to
provide services on our behalf - in particular Open Food Network and Stripe. We only provide
these organisations with the information they need to deliver the required service. To see which
third 3 parties hold any information about you please see below point 3. Sharing information
with third parties.
b) How TGL uses this information.
We use your data to develop membership benefits:
Communications
To send you monthly newsletters via mailchimp
To send you occasional regional newsletters so you know what TGL are doing in your local area.
To network TGL members
To send updates about our projects.
To send invitations to members to represent TGL at meetings, events and volunteering activities
To send invitations to members to participate and run workshops at TGL and partner events and
skillshares.
c) How TGL stores personal information of members and supporters and for how long.
All personal information given to TGL will be stored securely.
Personal information is only accessible by nominated TGL staff and directors that have signed a
confidentiality agreement (non-disclosure agreement).
To find out more information on how and for how long we store data get in touch via email:
4. Sharing information with third parties
TGL will not, under any circumstance and for any reason whatsoever, sell or share your personal
data with a third party for marketing purposes. We will always obtain consent from project
participants for publicity and media coverage before sharing their personal information. We will only
share data with third party companies who provide services for TGL. This will only be specific and
necessary data that is needed to provide a specific service on our behalf, including sending
newsletters, processing card payments and conducting surveys. We only provide these organisations
with the information they need to deliver the required service. The third parties that we currently
use are:
Survey Monkey – to hold responses to questionnaires we send out from time to time (see Survey
Monkey’s Privacy Policy here: https://www.surveymonkey.co.uk/mp/legal/privacy/ )
Mailchimp - to send out national and regional newsletter on a regular basis (see Mailchimp’s Privacy
Policy here: https://mailchimp.com/legal/).
Stripe payment - Members, supporters and people who make payments or donations to Tamar
Grow Local do so through a TGL Stripe payment system, which is where your payment details and
direct debit set up is stored (see Stripe’s Privacy Policy here: https://stripe.com/gb/privacy)
Wordpress - when members sign up on the TGL website (which is a wordpress website), the data is
stored in a downloadable CSV. This is password protected and only nominated TGL directors and
staff have access to this data (see Wordpress Privacy Policy: https://engb.
wordpress.org/about/privacy/ )
Open Food Network – when members order from the Tamar Valley Food Hubs, their data is stored
securely within Open Food Network Software. (see Open Food Network’s Privacy policy here:
chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://openfoodnetwork.org.uk/Terms-of-
ServiceUK.pdf )
Google Drive – where we store your information on google drive e.g. for the SW Land Match project
access is restricted and password protected.
GoDaddy – for the SW Land Match project. If members of the public sign up for updates, the data is
stored in a downloadable CSV. Which is password protected. Only nominated TGL and LWA staff
have access to this file. (See GoDaddy’s privacy policy here:
https://sso.godaddy.com/login?realm=idp&app=www&path=%2Fenuk%
2Flegal%2Fagreements%2Fprivacy-policy )
In addition the TGL may share data details with 3rd parties to meet monitoring requirements of our
funders.
Does this policy cover third party websites? No, this Policy does not cover external websites and
services that we link to and we are not responsible for the privacy practices or content of those sites
or services.
5. Updates and reviews.
The latest version of our privacy policy complies with new General Data Protection Regulation
GDPR.
In the event of any changes to the law, the privacy policy will be updated. Supporters and
members will be informed of any changes that affect their personal data and all necessary
changes will be made to protect personal information and comply with the law.
TGL’s privacy policy will be reviewed every two years.
6. How long will we keep your data?
Unless still required in connection with the purpose(s) for which it was collected – such as for a
campaign or project email newsletter list - we will usually remove your personal information
from our records ten years after the date it was collected. However, if you or your organisation
works with TGL, we may keep your personal information on record for longer. This exception
usually applies to journalists, policy-makers, researchers, industry contacts and people working
in the not-for-profit sector.
If your membership has expired or your cancel it, we will keep your data for 12 months on the
basis of ‘Legitimate interests: the processing is necessary for your legitimate interests or the
legitimate interests of a third party unless there is a good reason to protect the individual’s
personal data which overrides those legitimate interests.’ This gives us a bit of breathing space
after your membership expires, during which time we hope very much to get you back on board!
If you haven’t renewed after 12 months, we will ask for your consent to keep your data.
If you ask us to stop sending you emails or other forms of communication, we will keep your
name on our internal suppression list (a ‘do not contact’ list) to ensure that you are not
contacted again. If you exercise your ‘right of erasure’, we will remove your personal
information completely and immediately.
7. What are your rights?
Where we rely on your consent to use your personal information, you
have the right to withdraw that consent at any time. This includes the right to be
unsubscribed from our email list at any time. You also have the following rights:
• Right to be informed – you have the right to be told how your personal information will
be used.
• Right of access – you can ask what information we hold on you and to request a copy.
• Right of erasure – you can request that all your personal information is deleted from our
records immediately.
• Right of rectification – if you believe our records of your personal information are
inaccurate, you have the right to ask for those records to be updated.
• Right to restrict processing – you have the right to ask for processing of your personal
data to be restricted if there is disagreement about its accuracy or legitimate usage.
To exercise these rights, please send a description of the information in question to
8. Where can you update your information?
Generally you can check the personal data we hold about you, and update it by emailing us at
9. Where can you find further information?
If you have any questions at all about our TGL privacy policy and/or would like to discuss it
further please email us at info@tamargrowlocal.org