What is the purpose of this document?
This document is part of our commitment to being transparent about how we collect and use your data. It explains what Gendered Intelligence (GI) does with your data, and addresses how we meet our obligations under the General Data Protection Regulation (GDPR) 2018. It covers all GI volunteers, including Trustees.
‘Personal data’ means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
‘Special category data’ is regarded as more sensitive, and includes information about race; ethnic origin; politics; religion; trade union membership; genetics; health; sex life; or sexual orientation.
‘Processing’ means collecting, storing, using, amending, disclosing or destroying data.
Trans experiences are not explicitly named in the GDPR. However we believe the information that someone has, or is considering whether they have, a gender identity that does not align with the sex they were assigned at birth should be treated as personal data. This is directly analagous to the special category of sexual orientation, and we believe it is arguably covered within the special categories of genetics and health data. Therefore we have requested your Explicit Consent (Special Condition (a) under Article 9) as the basis for our processing of information about your trans identity.
What data do we collect and how is it used?
Gendered Intelligence collects and processes data about you during and after your relationship with us in order to manage that relationship and report to our funders and stakeholders. We aim to comply with guidance from the Information Commissioner’s Office (ICO), the independent body that upholds your information rights in the UK.
As a trans-led organisation, we understand that some of your gender-related data or name may be different in different contexts, such as school or home. We have to comply with the law and keep you safe, but we are always mindful of your situation, will only share data where it is absolutely necessary, and aim not to out you without your permission in any situation. If you have any concerns please talk to your GI contact.
The table below lists the potential range of data we may collect from you. We will only collect the information that is relevant and required for the specific purpose, so we may not collect all items of data from everyone.
Data we process and what we use it for
Names, addresses, telephone numbers, email addresses
To contact you to discuss volunteering opportunities or to keep you updated on our services or activities and events; to record your location in order to assess your suitability for projects in your region.
Application Form or Curriculum Vitae
To build a picture of your skills, experience and interests in order to assess your suitability for volunteering opportunities or specific projects
To assess your suitability for volunteering with us, and for being utilised on specific projects
For publicity purposes on our website or other marketing materials e.g. Annual Report
Information on access requirements, health or medical conditions
To enable us to provide appropriate support and ensure compliance with health and safety
Next of kin or emergency contact details
To ensure your friends or family are aware of major problems.
Information related to availability
To assess your potential for involvement on specific projects
Information related to attendance or planned attendance at events, or hours spent on a project
To ensure events run smoothly with sufficient support, and to use such data for statistical analysis and reporting.
Criminal Offence data
To obtain a Disclosure and Barring Service (DBS) Check and ensure we are meeting our safeguarding obligations and protecting our business interests.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
How is your data collected?
We collect data through our volunteer registration process, either directly from you or the references you will be asked to provide. We may collect personal data in the course of volunteering activities throughout the period of you volunteering for us.
How can Gendered Intelligence use the data I provide?
We have to have a valid reason to use your personal data. It's called the "lawful basis for processing". The lawful basis by which we process your data is Consent: we have asked you to provide the information and you have done so, and indicated your agreement on the application form. Where you have provided health data the lawful basis is Vital Interests, as we need to have the correct information to provide medical support in the event of an emergency.
When we use special category data we also need to confirm a Special Condition under Article 9 of the GDPR. We confirm that we have asked you for Explicit Consent to the processing of this data in order to facilitate your involvement as a volunteer with Gendered Intelligence.
When we process criminal offence data we aim to comply with Article 10 of the GDPR.
Because we have asked for your consent to process your data, you may at any time withdraw your consent for some or all of your data to be processed. If you do not wish us to process your data, we may not be able to offer you the same range of volunteering opportunities.
We also process data for your emergency contacts; the lawful basis on which we do this is Legitimate Interests.
Who has access to your data?
Your information may be shared internally, including with staff members responsible for managing and administering projects, HR, health and safety, insurances, events and marketing activities.
We may have to share your data with third parties, including third-party service providers, for example in connection with managing our volunteer data (via ThreeRings) or organising events (via EventBrite). We require third parties to respect the security of your data and treat it in accordance with the law. We will share your information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest. All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Your legal rights
As a data subject, you have a number of rights, details of which can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulationgdpr/individual-rights
If you believe that the organisation has not complied with your data protection rights, you can complain to the ICO (www.ico.org.uk/concerns).
Changes to this privacy notice
We may update this privacy notice to comply with changes in the law or to reflect improved processes at GI: if we make substantial changes we will provide you with a new privacy notice. We may also notify you in other ways from time to time about the processing of your personal information.
Queries and Further Information
Gendered Intelligence, c/o VAI, 200 Pentonville Road, London N1 9JP is the Data Controller.
Further information is available at www.genderedintelligence.co.uk/data where you can view GI’s Data Protection Policy and related policies and procedures, for example, how we deal with Data Security Breaches; how you can view or amend your data (via a Subject Access Request); and how long we keep your data for.
Alternatively, please contact the person responsible for data protection: Jay Stewart, CEO, email@example.com
Document review process
Draft approved for circulation: May 2018
Board approval due: July 2018
Review due: July 2020