What is the purpose of this document?
This document is part of our commitment to being transparent about how we collect and use your data. It explains what Gendered Intelligence does with your data, and addresses how we meet our obligations under the General Data Protection Regulation (GDPR) 2018. It covers all individuals who use GI services, including youth group attendees, mentees, individuals who are involved in Special Projects, and members of our mailing list.
‘Personal data’ means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
‘Special category data’ is regarded as more sensitive, and includes information about race; ethnic origin; politics; religion; trade union membership; genetics; health; sex life; or sexual orientation.
‘Processing’ means collecting, storing, using, amending, disclosing or destroying data.
Trans experiences are not explicitly named in the GDPR. However we believe the information that someone has, or is considering whether they have, a gender identity that does not align with the sex they were assigned at birth should be treated as personal data. This is directly analagous to the special category of sexual orientation, and we believe it is arguably covered within the special categories of genetics and health data. Therefore we have requested your Explicit Consent (Special Condition (a) under Article 9) as the basis for our processing of information about your trans identity.
What data do we collect and how is it used?
Gendered Intelligence collects and processes data about you during and after your relationship with us in order to manage that relationship and report to our funders and stakeholders. We aim to comply with guidance from the Information Commissioner’s Office (ICO), the independent body that upholds your information rights in the UK.
As a trans-led organisation, we understand that some of your gender-related data or name may be different in different contexts, such as school or home. We have to comply with the law and keep you safe, but we are always mindful of your situation, will only share data where it is absolutely necessary, and aim not to out you without your permission in any situation. If you have any concerns please talk to your GI contact.
The table below lists the range of data we may collect from you. We will only collect the information that is relevant and required for the specific purpose, so we may not collect all items of data from everyone.
Data we process and what we use it for
Names, addresses, telephone numbers, email addresses, date of birth:
To keep you updated on our services or activities and events. In case of a safeguarding or medical issue we would be able to provide accurate information to the authorities or emergency services. Postcode data, where provided, may be used for analysis and
reporting, but is always anonymised.
Information on access requirements, health or medical conditions:
To carry out our legal duties (e.g. to ensure health and safety). In case of a medical emergency we would be able to provide accurate information to the appropriate services.
Next of kin or emergency contact details:
To ensure your friends or family could be contacted in case of an emergency. We would use a name they know you by, where appropriate.
Publicity via our website, annual report or other marketing materials
To ensure events and meetings run smoothly with sufficient support. We also use such data for statistical analysis and reporting, but would either anonymise the data (so you cannot be identified) or ask for your permission.
Criminal Offence data:
To ensure we are meeting our safeguarding obligations.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
How is your data collected?
We collect initial data through our membership forms, from conversations with you, or via the mailing list sign up process. We may collect data from where other organisations or individuals, such as parents or school staff, refer you to our services. We may collect additional data in the course of your relationship with us. We aim to inform you about any data which you have not provided yourself so that you have the opportunity to review and amend it where appropriate.
How can Gendered Intelligence use the data I provide?
We have to have a valid reason to use your personal data. It's called the "lawful basis for processing". The lawful basis by which we process your data is Consent: we have asked you to provide the information and you have done so, and indicated your agreement by signing or ticking the appropriate form. Where you have provided health data the lawful basis is Vital Interests, as we need to have the correct information to provide medical support in the event of an emergency.
For individuals involved in Special Projects, we process your existing data under Legitimate Interests so that we may inform you of related future activities.
When we use special category data we also need to confirm a Special Condition under Article 9 of the GDPR. We confirm that we have asked you for Explicit Consent to the processing of this data.
When we process criminal offence data we aim to comply with Article 10 of the GDPR.
Because we have asked for your consent to process your data, you may at any time withdraw your consent for some or all of your data to be processed. If you do not wish us to process your data, we may not be able to offer you the same range of services, for example attending a day trip or overnight residential.
We also process data for your next of kin and/or emergency contacts; the lawful basis on which we do this is Legitimate Interests.
Who has access to your data?
Your information may be shared internally, including with staff members responsible for managing and administering projects, HR, health and safety, insurances, events and marketing activities.
We may share your data with other organisations, including companies who provide a service to Gendered Intelligence, for example MailChimp in connection with our mailing list. We require anyone we share your data with to respect the security of your data and treat it in accordance with the law. Where we have asked them to process your data on our behalf, they are only permitted to do so for the reasons we give them, and not for any other purposes.
We will also share your information with other organisations or individuals as necessary where required by law, for example in safeguarding cases, especially where you are under 18; where it is necessary to administer our relationship with you; or where we have another legitimate interest.
Your legal rights
As a data subject, you have a number of rights, details of which can be found at https://ico.org.uk/fororganisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you believe that the organisation has not complied with your data protection rights, you can complain to the ICO (www.ico.org.uk/concerns)
Changes to this privacy notice
We may update this privacy notice to comply with changes in the law or to reflect improved processes at GI: if we make substantial changes we will provide you with a new privacy notice. We may also notify you in other ways from time to time about the processing of your personal information.
Queries and Further Information
Gendered Intelligence, c/o VAI, 200 Pentonville Road, London N1 9JP is the Data Controller.
Further information is available at www.genderedintelligence.co.uk/page/data-protection-policy where you can view GI’s Data Protection Policy and related policies and procedures, for example, how we deal with Data Security Breaches; how you can view or amend your data (via a Subject Access Request); and how long we keep your data for.
Alternatively, please contact the person responsible for data protection: Jay Stewart, CEO,
Document review process
Draft approved for circulation: May 2018
Board approval due: July 2018
Review due: July 2020