Positive Change Group (“Positive Change Group”, “we”, “us”, or “our”) is strongly committed to protecting Personal Data. This notice describes why and how we collect and use Personal Data and provides information about individual’s rights.
It applies to Personal Data provided to us, both by individuals themselves or by others. We may use Personal Data provided to us for any of the purposes described in this Privacy Notice or as otherwise stated at the point of collection.
Personal Data is any information relating to an identified or identifiable living person. Positive Change Group processes Personal Data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using Personal Data, our Notice is to be transparent about why and how we process Personal Data. To find out more about our specific processing activities, please go to the relevant sections of this notice.
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our information security management system relating to confidential data is independently certified as complying with the requirements of ISO/IEC 27001:2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
Purposes of Processing
We will only collect and/or process your Personal Data in accordance with applicable data protection and privacy laws.
In the majority of cases, we process your Personal Data for all of the purposes identified below on the basis that it is in our legitimate interests (for example, to allow us to provide you with our services; to monitor, analyse and improve our services), or the legitimate interests of third parties with whom we share your data, to carry out these activities.
Some of our processing is necessary for compliance with legal obligations (for example, for security and fraud prevention).
Where we cannot rely on another legal basis (for example, in respect of the use of your Personal Data for email marketing purposes) we process this on the basis that we have obtained your consent to do so.
1. Visitors to our websites
Collection of Personal Data
Visitors to our websites are generally in control of the Personal Data shared with us. We receive Personal Data, such as name, title, company address, email address, and telephone numbers, from websites’ visitors; for example when an individual subscribes to updates from us, registers for an event, or requests research materials. Visitors are also able to send an email to us through our websites. Their messages will contain the user’s name and email address, as well as any additional information the user may wish to include in the message.
Use of Personal Data
When a visitor provides Personal Data to us, we will use it for the purposes for which it was provided to us as stated at point of collection (or as obvious from the context of the collection). Typically, Personal Data is collected to:
- evaluate your registration or application for our products and services;
- deliver the services you request, manage your account, or to communicate with you regarding your account;
- send you our newsletters or research materials when you have expressly consented to this;
- personalise your repeat visits to our websites;
- register for events;
- subscribe to updates;
- administer and manage our websites, including confirming and authenticating identity and preventing unauthorised access to restricted areas, or services limited to registered users;
- aggregate data for website analytics and improvements;
- monitor and enforce compliance with our terms and conditions for use of our websites; and
- as we believe necessary or appropriate to comply with legal requirements.