Privacy Policy

Keep Britain Tidy is registered in England and Wales under the registered charity number 1071737 and also as a limited company registered under the company number 3496361. Our registered office is at Elizabeth House, The Pier, Wigan, WN3 4EX.

You can contact us:

by post, to the postal address given above;
using our website contact form;
by telephone, on the contact number published on our website from time to time
by email via our Data Protection Officer Ruth Jenkins ([email protected])

We are registered as a data controller with the UK Information Commissioner's Office.

Our data protection registration number is Z5657940.

If you have a concern about the way we are collecting or using your personal data, we would ask that you raise your concern with us in the first instance by contacting our Data Protection Officer, Richard McIlwain in writing: [email protected] or Ruth Jenkins, Keep Britain Tidy, Tintagel House, 92 Albert Embankment, London SE1 7TY

Alternatively you can make a complaint to the Information Commissioner’s Office at https://ico.org.uk/concerns/ or write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

What is the Purpose of this Document?

Keep Britain Tidy is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you, during and after your working relationship with us, in accordance with the UK General Data Protection Regulation (UK GDPR).

It applies to all supporters, customers, employees, workers and volunteers of Keep Britain Tidy.

The policy was last updated on 23rd March 2021

Keep Britain Tidy is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

Data Protection Principles

We will comply with data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way;

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

3. Relevant to the purposes we have told you about and limited only to those purposes;

4. Accurate and kept up to date;

5. Kept only as long as necessary for the purposes we have told you about;

6. Kept securely.

Information relating to all users of our websites

We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.

3.1 Our use of Cookies

Keep Britain Tidy uses cookies (small text files placed on your device) and similar technologies. Cookies allow us, among other things, to store your preferences and settings; enable you to sign-in; combat fraud; and analyse how our websites and online services are performing.

You have a variety of tools to control cookies, including browser controls to block and delete cookies, controls from some third-party analytics service providers to opt out of data collection and in application settings to control which cookies we will use. Your browser and other choices may impact your experiences with our products.

3.2 Use of third party websites

Our websites may include hyperlinks to third party websites.

We have no control over, and are not responsible for, the privacy policies and practices of third parties, we advise you read the privacy policy of third party sites before entering personal data on these sites.

3.3 How Secure is my Information with Third-Party Service Providers?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

3.4 What About Other Third Parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.

3.5 Where is Data Stored?

We may transfer your personal information outside the UK. For example, some of our external third party service providers may be based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.

Whenever we transfer your personal information out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information.
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Where there is a specific exemption under data protection law which will permit us to make the transfer outside the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

3.6 Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

3.7 Your Rights in Relation to Your Personal Information

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Officer, Ruth Jenkins ([email protected]) in writing. Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

3.8 Your Duty to Inform us of Changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

3.9 Data Breaches

3.9.1 Action upon Discovery of a Breach

On finding or causing a breach, or potential breach, the breach will be reported to our Data Protection Officer, immediately upon discovery. The details of the breach will be recorded.

Our Data Protection Officer will carry out an assessment of the actions necessary to mitigate any harm that might result from the breach. Each breach will be assessed on an individual basis and any actions taken shall be appropriate to the particular circumstances of the incident in question.

3.9.2 Notification to the ICO

Keep Britain Tidy will notify the ICO without undue delay and, in any event, within 72 hours of becoming aware of it, where a breach is likely to result in a risk to the rights and freedoms of individuals. This means that, if unaddressed, the breach would be likely to have a significant detrimental effect on the individuals concerned – for example, result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.

A copy of our Data Breach Policy is available from our Data Protection Officer, Ruth Jenkins, [email protected]

3.10 Accessing your personal data (a Subject Access Request)

You may want to see a copy of the information Keep Britain Tidy holds about them. You are entitled to be:

told whether any personal data is being processed;
given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
given a copy of the personal data; and
given details of the source of the data (where this is available).

A Subject Access Request (SAR) provides a right for you to see your own personal data, rather than a right to see copies of documents that contain your personal data.

To avoid personal data about one individual being sent to another, either accidentally or as a result of deception, we will ask for enough information to judge whether the person making the request is the individual to whom the personal data relates (or a person authorised to make the subject access request on your behalf.

A request must be in writing (this includes faxes, emails and requests made over social media).

Keep Britain Tidy will respond to a SAR promptly and in any event within one month of receiving it. This timeframe will begin from the date we receive all the information necessary to verify your identity There are certain circumstances where we can extend this timeframe. We will notify you if it is necessary for the timeframe to be extended.

A copy of our Subject Access Request Policy is available from our Data Protection Officer, Ruth Jenkins, [email protected]

3.11 Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

Details of retention periods for different aspects of your personal information are available in our Data Retention Policy which is available from our Data Protection Officer, Ruth Jenkins, [email protected]

3.12 Right to Withdraw Consent

In the circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer, Ruth Jenkins in writing. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

3.13 Contacting us

You can contact us:

by post, to the postal address given above;
using our website contact form;
by telephone, on the contact number published on our website from time to time
by email via our Data Protection Officer Ruth Jenkins ([email protected] )

We are registered as a data controller with the UK Information Commissioner's Office.

Our data protection registration number is Z5657940.

3.14 Complaints

If you have a concern about the way we are collecting or using your personal data, we would ask that you raise your concern with us in the first instance by contacting our Data Protection Officer, Ruth Jenkins in writing: [email protected] or Ruth Jenkins, Keep Britain Tidy, Tintagel House, 92 Albert Embankment, London, SE1 7TY.

3.15 Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this privacy notice, please contact our Data Protection Officer, Ruth Jenkins in writing: [email protected] or Ruth Jenkins, Keep Britain Tidy, Tintagel House, 92 Albert Embankment, London, SE1 7TY.

Information relating to supporters of Keep Britain Tidy

This section applies to people who choose to support one or more of our campaigns or sign up to receive our general email updates.

Our news updates are sent out via email, usually once a week

4.1 The Categories of Information We Hold About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are "special categories" of more sensitive personal data which require a higher level of protection.

We will collect, store, and use the following categories of personal information about you:

Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
Your date of birth;
Your gender;
Your interests;

4.2 How is Your Personal Information Collected?

We collect personal information about our supporters through the Keep Britain Tidy website. Supporters are asked to ‘opt-in’ to receive information about a campaign by providing some or all of the personal information listed above.

Supporters will also be asked if they wish to receive our email news updates, giving more information on our other work. Supporters will ‘opt-in’ to receive these email news updates.

4.3 How We Will Use Information About You

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

1. Where we need to email you with information on the campaign you have chosen to support or with our email news updates

2. Where we need to comply with a legal obligation.

3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

1. Where we need to protect your interests (or someone else's interests).

2. Where it is needed in the public interest.

4.4 Situations in Which We Will Use Your Personal Information

We need all the categories of personal information to allow us to tell you about the campaign you have chosen to support and to provide you with regular information and updates on the campaign. If you have chosen to receive our email news updates we will use your personal information to send out the email to you. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed below:

Compiling, sorting and updating lists of all supporters of a campaign
Compiling, sorting and updating the list of supporters signed up to receive our email news updates
Contacting you with email updates on our campaigns
Contacting you with our email newsletter, where you have signed up to receive this

4.5 Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4.6 Data Sharing

We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so.

We may have to share your data with third party service providers.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

4.7 Why Might You Share My Personal Information with Third Parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

4.8 Which Third-Party Service Providers Process my Personal Information?

"Third parties" includes third-party service providers (including contractors and designated agents). Personal data may be shared with the third parties set out below and a link to their privacy statements is provided.

(i) Sugar Customer Relationship Management (CRM) system

(www.sugarcrm.com/legal/privacy-policy)

We use the CRM to store and process your personal data.

(ii) Campaign Monitor

(www.campaignmonitor.com/policies/#privacy-policy)

We use Campaign Monitor to distribute emails to our supporters and clients

(iii) Google Analytics

(www.policies.google.com/privacy?hl=en)

We use Google Analytics to monitor how our websites and webpages are used by visitors to our sites

(iv) Zoom

(https://zoom.us/privacy)

We may use Zoom for some stakeholder meetings

4.9 Where is Data Stored?

Whenever we transfer your personal information out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information.
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Where there is a specific exemption under data protection law which will permit us to make the transfer outside the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

5. Information relating to customers of Keep Britain Tidy

This section applies to people who sign up to receive or purchase products or services from Keep Britain Tidy. We may update this notice at any time.

5.1 The categories of information we hold about you

There are "special categories" of more sensitive personal data which require a higher level of protection.

We will collect, store, and use the following categories of personal information about you:

Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
Your date of birth;
Your gender;
Your interests;
Photographs;
Your National Insurance number;
Bank account details and tax status information; purchase history.

5.2 How is Your Personal Information Collected?

We collect personal information through the following websites:

Keep Britain Tidy
Green Flag Award
Coastal Awards
Green Key
Eco-Schools.
Love my Beach

Customers receive products and services by providing some or all of the personal information listed above.

Customers will also be asked if they wish to receive our email news updates, giving more information on our other work. Customers will ‘opt-in’ to receive these email news updates.

5.3 How We Will Use Information About You

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

1. Where we need to email you with information on the product or service you are about to receive or have received

2. Where we need to update you with new information on the product or service you have received

3. Where we need to provide you with information that helps you get best value from the product or service you have received

4. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

5. We may also use your personal information in the following situations, which are likely to be rare:

1. Where we need to protect your interests (or someone else's interests).

2. Where it is needed in the public interest.

5.4 Situations in Which We Will Use Your Personal Information

We need all the categories of personal information primarily to allow us to tell you about the product or service you have chosen to receive and to provide you with updates on the product or service. If you have chosen to receive our email news updates we will use your personal information to send out the email to you. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed below:

Contacting you for billing and financial requests in relation to your purchase
Compiling, sorting and updating lists of all recipients of our products and services
Compiling, sorting and updating the list of all recipients of our products and services
Contacting you with information, updates and information on best practice related to your product or service
Contacting you with our email newsletter, where you have signed up to receive this

5.5 Change of Purpose

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5.6 Data Sharing

We may have to share your data with third party service providers.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

5.7 Why Might You Share My Personal Information with Third Parties?

5.8 Which Third-Party Service Providers Process my Personal Information?

(i) Sugar Customer Relationship Management (CRM) system

(www.sugarcrm.com/legal/privacy-policy)

We use the CRM to store and process your personal data.

(ii) Campaign Manager

(www.campaignmonitor.com/policies/#privacy-policy)

We use Campaign Monitor to distribute emails to our supporters and clients

(iii) Google Analytics

(www.policies.google.com/privacy?hl=en)

We use Google Analytics to monitor how our websites and webpages are used by visitors to our sites

(iv) Zoom

(https://zoom.us/privacy)

We use Zoom for some stakeholder meetings

(v) Enthuse

https://enthuse.com/security-and-data

We use Enthuse as our fundraising platform. You opt-in to receive further communications from Keep Britain Tidy.

(vi) Shopify

https://shop.keepbritaintidy.org/

We use Shopify to host our litter picking equipment store. Only the order information you agree to is used for future communication.

5.9 Where is Data Stored?

Whenever we transfer your personal information out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information.
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Where there is a specific exemption under data protection law which will permit us to make the transfer outside the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

Current and former employees, workers and volunteers

This section applies to current and former employees, workers and volunteers. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

6.1 The Categories of Information We Hold About You

There are "special categories" of more sensitive personal data which require a higher level of protection.

We will collect, store, and use the following categories of personal information about you:

Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
Your date of birth;
Your gender;
Marital status and dependents;
Next of kin and emergency contact information;
Your National Insurance number;
Bank account details, payroll records and tax status information;
Salary, annual leave, pension and benefits information;
Start date;
Location of employment or workplace;
Copy of driving licence.
Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
Details of any publicly accessible social media posts prior to appointment
Employment records (including job titles, work history, working hours, training records and professional memberships);
Performance information;
Disciplinary and grievance information.
CCTV footage;
Information about your use of our information and communications systems; and
We may also collect, store and use the following "special categories" of more sensitive personal information:
Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
Information about your health, including any medical condition, health and sickness records;
Information about criminal convictions and offences.

6.2 How is Your Personal Information Collected?

We collect personal information about employees, workers and volunteers through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers, agencies or other background check agencies. We may also collect information about employees, workers and volunteers through their publicly accessible social media accounts prior to being offered a role with us.

We will collect additional personal information in the course of job-related activities throughout the period of you working for us.

6.3 How We Will Use Information About You

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

1. Where we need to perform the contract we have entered into with you.

2. Where we need to comply with a legal obligation.

3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

1. Where we need to protect your interests (or someone else's interests).

2. Where it is needed in the public interest.

6.4 Situations in Which We Will Use Your Personal Information

We need all the categories of personal information to allow us to perform our contract with you and to enable us to comply with our legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below:

Making a decision about your recruitment or appointment;
Determining the terms on which you work for us;
Checking you are legally entitled to work in the UK;
Paying you and, if you are an employee, deducting tax and National Insurance contributions;
Providing relevant benefits to you;
Liaising with your pension provider;
Administering the contract we have entered into with you;
Business management and planning, including accounting and auditing;
Conducting performance reviews, managing performance and determining performance requirements;
Making decisions about salary reviews;
Assessing qualifications for a particular job or task, including decisions about promotions;
Gathering evidence for possible grievance or disciplinary hearings;
Making decisions about your continued employment or engagement;
Making arrangements for the termination of our working relationship;
Education, training and development requirements;
Dealing with legal disputes involving you, or other employees, workers, volunteers and contractors, including accidents at work;
Ascertaining your fitness to work;
Managing sickness absence;
Complying with health and safety obligations;
To prevent fraud;
To monitor your use of our information and communication systems to ensure compliance with our IT and Social Media policies;
To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution; and
Equal opportunities monitoring.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

6.5 If you fail to Provide Personal Information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

6.6 Change of Purpose

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6.7 How We Use Particularly Sensitive Personal Information

"Special categories" of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

1. In limited circumstances, with your explicit written consent.

2. Where we need to carry out our legal obligations and in line with our data protection policy.

3. Where it is needed in the public interest, such as for equal opportunities monitoring, and in line with our data protection policy.

4. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

6.8 Our Obligations as an Employer

We will use your particularly sensitive personal information in the following ways:

We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws;
We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting;

6.9 Do We Need your Consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

6.10 Information about Criminal Convictions

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

We envisage that we will hold information about criminal convictions.

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.

6.11 Automated Decision-Making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

1. Where we have notified you of the decision and given you 21 days to request a reconsideration.

2. Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.

3. In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

6.12 Data Sharing

We may have to share your data with third parties, including third-party service providers.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

6.13 Why Might You Share My Personal Information with Third Parties?

6.14 Which Third-Party Service Providers Process my Personal Information?

"Third parties" includes third-party service providers (including contractors and designated agents). The following personal data is shared with third parties as set out below. A link to their privacy statements are also set out below.

(i) PayCheck (www.paycheck.co.uk/Contact-Us)

Payroll process: employee and worker name, status, nationality, email address, job title, NI number, contract details, P45/46 for tax purposes, annual salary, DOB, Address, Bank details. Also receive notification (under processing of salary) for: maternity, childcare vouchers, paternity leave, shared parental leave, pension contribution, cyclescheme contributions, details of leavers, employee number.

(ii) DriverCheck (www.drivercheck.co.uk/privacy-policy/)

Name, DOB, Driver number, Address, Email Address, Vehicle details (including registration number, make and model, date of 1^st registration, road tax expiry, MOT expiry, MOT certificate number, Insurance Co., Insurance Policy number, Insurance expiry, type of cover, details of leavers.

(iii) Friends Life (www.aviva.co.uk/legal/privacy-policy.html)

Name, gender, DOB, NI number, salary, job title, location, details of leavers.

(iv) EssentialSkillz

(www.essentialskillz.com/wp-content/uploads/sites/23/2017/08/Privacy-Policy.pdf)

Name, email address, department, location, details of training, details of leavers (archive).

(v) Scottish Widows (www.scottishwidows.co.uk/global/legal_and_privacy_notice.html)

Employee Number, Name, status, DOB, Gender, NI Number, Nationality, postal address, email address, employment start date, monthly or fortnightly salary details.

(vi) Health Shield (www.healthshield.co.uk/privacy/)

Name, email address, postal address, location of work, DOB, NI number, date of salary paid, start date, level of cover, details of leavers.

(vii) BUPA (https://www.bupa.com/Corporate/legal-notices/privacy-policy)

Name, email address, postal address, location of work, DOB, NI number, date of salary paid, start date, level of cover, details of leavers.

(viii)) CycleScheme (www.ourprivacycommitments.com/)

Any individual data you input independently to the scheme – Keep Britain Tidy does not transfer any data to them.

(ix) 1^st IT (www.1st-it.com/privacy-policy/)

Our third party contractor supporting our I.T. and telephone systems

(x) People HR (https://www.peoplehr.com/privacy.html) records including name, email address, postal address, telephone number, employee number, emergency contacts, location of work, department, DOB, NI number, start date, gender, job title, salary details, nationality, employment type, documents relating to your employment, right to work details, DBS details (where applicable to role),

(xi) Zoom

(https://zoom.us/privacy)

We use Zoom for some group staff meetings

(xii) Microsoft Teams

(https://privacy.microsoft.com/en-gb/privacystatement)

We use MS Teams for staff and team meetings

(xiii) Broadstone

https://www.broadstone.co.uk/privacy-policy/

Employee Number, Job Title, Name, status, DOB, Gender, NI Number, Nationality, postal address, email address, telephone number, employment start date, salary details, pension details

(xiv) Enthuse

https://enthuse.com/security-and-data

We use Enthuse as our fundraising platform. You opt-in to receive further communications from Keep Britain Tidy.

(xv) Shopify

https://shop.keepbritaintidy.org/

We use Shopify to host our litter picking equipment store. Only the order information you agree to is used for future communication.

6.15 Where is Data Stored?

Whenever we transfer your personal information out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information.
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Where there is a specific exemption under data protection law which will permit us to make the transfer outside the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

7. Information relating to the Green Flag Award

This section of our privacy policy applies to individuals who sign up to the Green Flag Award or view, use or download content or communicate or interact with us via our website www.greenflagaward.org.uk (‘our website’).

7.1 Categories of information we hold about you

If you sign up to the Green Flag Award, apply for a Green Flag Award, communicate with us, or do business with us, this will result in us collecting personal information about you. We will collect, store, and use the following types of personal information about you:

Contact details such as your name, address, email address and telephone number;
Information about how you use our website and details of the resources you have accessed;
Details provided within your application for a Green Flag Award;
Records of your engagement with us, either through our website or by telephone, e-mail or post;
Information you provide to us when you submit your application for a Green Flag Award;
Photographs;
Technical information such as includes IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website; and
Information about your visits to our website including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time); details of what you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

We do not normally collect “special categories” of sensitive personal data from individuals who sign up to the Green Flag Award or users of our website. In the event you provide us with any special category data, we will take extra care to ensure your rights are protected.

7.2 How we will use information about you

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

Where we need to perform the contract we have entered into with you.
Where we need to comply with a legal obligation.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we have obtained your consent.

7.3 Situations in which we will use your personal information

We need all the categories of personal information primarily to allow us to administer the Green Flag Award and to provide you with updates relating to the Green Flag Award. If you have chosen to receive our email news updates we will use your personal information to send out the email to you. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed below:

The administration of the Green Flag Award including reviewing applications, judging applicants and monitoring the progress of award winners;
To register you as an applicant, ambassador or a judge;
To perform our obligations to you in accordance with our accreditation scheme;
To manage our relationship with you, including notifying your about changes to the Green Flag Award or asking you to provide us with feedback;
To administer and protect the business and our website;
To make suggestions or recommendations to you about similar goods or services that may be of interest to you;
To provide you, or permit our partner organisations to provide you, with information about products or services we feel may interest you if you have consented to this. If you do not want us to use your information in this way, or to pass your details on to partner organisations, please tick the relevant box situated on the form on which we collect your information or otherwise notify us in writing;
To provide you with our newsletter, notify you of new resources available and notify you of any changes to our website or our resources;
To ensure that content from our website is presented in the most effective manner for you and for your computer or device; and
To allow you to participate in interactive features of our website when you choose to do so.

7.4 Data Sharing

We may share personal information with:

Partner operators, suppliers and sub-contractors for the administration of the Green Flag Award or the performance of any contract we enter into with them or you;
Auditors, accountants and financial organisations;
Insurers, solicitors, professional advisers and consultants;
Survey and research organisations;
Regulators;
Funding providers;
Police forces, courts, tribunals; and
Professional bodies;

We may be required to share your information with third-party service providers (including contractors, suppliers and designated agents). The activities carried out by third-party service providers include, but are not limited to:

Sugar Customer Relationship Management (CRM) system;

We use the CRM to store and process your personal information.

Campaign Manager;

We use Campaign Monitor to distribute emails to our supporters and clients.

Google Analytics.

We use Google Analytics to monitor how our websites and webpages are used by visitors to our sites.

All our third-party service providers and partner organisations are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

7.5 Where your personal information is stored

The personal information that we collect from you is stored within the European Economic Area (EEA). It may be necessary to transfer and store your personal information at a destination outside EEA. It may also be processed by organisations operating outside the EEA who work for us or for one of our suppliers or partner organisations (e.g. organisations administering the Green Flag Award on our behalf abroad).

We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this policy and, in the event that personal information is transferred outside the EEA, shall ensure that this is carried out subject to the requirements of data protection law. This may include:

Transferring your personal information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (e.g. to the partner organisations located in these countries) or where our partner organisations operate outside of these countries;
We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or for partner organisations operating in the US;
We may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

7.6 Explicit consent and transfer of personal information abroad

In some circumstances, we may seek your explicit consent to transfer your personal information outside the EEA. In particular, where you provide consent for us to do so, your personal information may be shared with our partner organisation in your country of origin in order for them to administer the Green Flag Award on our behalf. If your country of origin is outside the EEA or is not a country that has been deemed to provide an adequate level of protection for personal data by the European Commission, you must be aware that your personal information may be transferred to your country which does not provide adequate protection and that no adequate safeguards as set out in data protection law aimed at providing protection for your personal data are being implemented. This means that there are risks to you in your personal information being transferred to your country of origin as your country of origin may not have a supervisory authority to regulate data protection law, data protection principles may not be complied with and data subject rights might not be provided for in your country of origin. However, we do require all of our partner organisations to enter into data processing agreements and they are required to take appropriate security measures to protect your personal information in line with our policies and we do not allow partner organisations to use your personal information for their own purposes.

You have the right to withdraw your consent at anytime by contacting [email protected]. For further details on your rights, please see ‘Your Rights in Relation to Your Personal Information’ above.