Privacy notice for professional clients
What is the purpose of this document?
This document is part of our commitment to being transparent about how we collect and use your data. It explains what Gendered Intelligence does with your data, and addresses how we meet our obligations under the General Data Protection Regulation (GDPR) 2018.
Who should read this document?
It covers individuals with whom we have a professional relationship, delivering services such as training, consultancy, presentations, workshops or assemblies. Where we deliver services such as mentoring, the 1:1 relationship with the young person is addressed in our Privacy Notice for Service Users, but our relationship with other individuals at the educational establishment is covered in this document.
Definitions
‘Personal data’ means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
‘Special category data’ is regarded as more sensitive, and includes information about race; ethnic origin; politics; religion; trade union membership; genetics; health; sex life; or sexual orientation.
‘Processing’ means collecting, storing, using, amending, disclosing or destroying data. Gender and trans identity are not explicitly named in the GDPR. However we believe gender should be treated as personal data, and that trans status is covered within the special categories of genetics and health data. Therefore we have requested your Explicit Consent (Special Condition (a) under Article 9) as the basis for our processing of information about your trans identity.
What data do we collect and how is it used?
Gendered Intelligence collects and processes data about you during and after your relationship with us in order to manage that relationship and report to our stakeholders. We aim to comply with guidance from the Information Commissioner’s Office (ICO), the independent body that upholds your information rights in the UK.
The table below lists the range of data we may collect from you. We will only collect the information that is relevant and required for the specific purpose, so we may not collect all items of data from everyone.
Data we process and what we use it for
Name, address, telephone number, email address, job title:
To help us deliver the service requested, and facilitate payment. Information on access requirements, health or medical conditions To ensure safe access to the services and help us carry out our legal duties (e.g. to provide reasonable adjustments, ensure health and safety). For example, in case of a medical emergency we would be able to provide accurate information to the appropriate services.
Photos:
Publicity via our website, annual report or other marketing materials.
Attendance information:
To ensure events and meetings run smoothly with sufficient support. We also use such data for statistical analysis and reporting, but would either anonymise the data (so you cannot be identified) or ask for your permission.
Evaluation feedback:
To improve services and report on our activities. We also use such data for statistical analysis and reporting, but would either anonymise the data (so you cannot be identified) or ask for your permission.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
How is your data collected?
We collect initial data through our application process and via emails or conversations during the booking process. We may collect data about you from other organisations or individuals, such as your employer, that sends you on a course or provides contact details for payment purposes. We may collect additional data in the course of our relationship with us.
How can Gendered Intelligence use the data I provide?
We have to have a valid reason to use your personal data. It's called the "lawful basis for processing". The lawful basis by which we process your data is Contract: you are providing the information we request in order that we can deliver the service that you want us to deliver.
When we use special category data we also need to confirm a Special Condition under Article 9 of the GDPR. We confirm that we have asked you for Explicit Consent to the processing of this data in order to facilitate the services we provide. Where we have asked for your consent to process your data, you may at any time withdraw your consent for some or all of your data to be processed. If you do not wish us to process your data, we may not be able to offer you the same range or standard of services, for example tailored consultancy advice.
You may also provide us with data about individuals other than yourself, for example a list of attendees, contact details of a Finance Officer, or information about a young person requiring mentoring. The GDPR is clear that the Data Subject retains ownership of any data about them. We will comply with our legal obligations for any data that you share with us, but respectfully request that you consider confidentiality when sharing any data, especially Special Category Data. Our lawful basis for processing any data received from you about others is Legitimate Interests. Where we receive Special Category Data we will comply with Special Condition (a) under Article 9, and either obtain Explicit Consent as soon as is practical from the Data Subject, or delete the data.
Who has access to your data?
Your information may be shared internally, including with staff members responsible for managing and administering projects, HR, health and safety, insurances, events and marketing activities.
We may share your data with other organisations including companies who provide a service to Gendered Intelligence, for example MailChimp in connection with our mailing list, or individuals such freelance trainers acting on our behalf or other third-party contractors. We require anyone we share your data with to respect the security of your data and treat it in accordance with the law. Where we have asked them to process your data on our behalf, they are only permitted to do so for the reasons we give them, and not for any other purposes.
We will also share your information with other organisations or individuals where required by law; where it is necessary to administer our relationship with you; or where we have another legitimate interest.
Your legal rights
As a data subject, you have a number of rights, details of which can be found at www.ico.org.uk/fororganisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you believe that Gendered Intelligence has not complied with your data protection rights, you can complain to the ICO (www.ico.org.uk/concerns)
Changes to this privacy notice
We may update this privacy notice to comply with changes in the law or to reflect improved processes at GI: if we make substantial changes we will provide you with a new privacy notice. We may also notify you in other ways from time to time about the processing of your personal information.
Queries and Further Information
Gendered Intelligence, c/o VAI, 200 Pentonville Road, London N1 9JP is the Data Controller.
Further information is available at www.genderedintelligence.co.uk/data where you can view GI’s Data Protection Policy and related policies and procedures, for example, how we deal with Data Security Breaches; how you can view or amend your data (via a Subject Access Request); and how long we keep your data for.
Alternatively, please contact the person responsible for data protection: Jay Stewart, CEO, jay.stewart@genderedintelligence.co.uk