Privacy Policy

 
 
 
 

GDPR-Compliant Privacy Policy for Communication For Development Ltd

This statement was last updated on 25th April 2018.

We at Communication for Development Ltd (‘CfD’) are committed to protecting the privacy of all personal information obtained from you during your visits to this website. This privacy policy explains what personal information we may collect from you and the purposes for which it will be used. By using this website, you give your agreement to the data practices described in this policy. We have taken steps to ensure that we are compliant with the General Data Protection Regulation (GDPR) of the European Union.

The data controller for this website is Communication for Development Ltd.

 

Information that you provide to us

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

We collect and process information that you may provide for specific purposes. This could include information such as your name and email address. We use these details to provide you with the specific information, on product or services that you request from us, and to communicate with you. If you contact us using certain site facilities, we may seek some information to help provide you with a more tailored response.  This includes the following:

  • ‘Contact us’ – you will be asked for contact information if you request advice or guidance. This information is passed to the relevant individual within CfD we believe can best assist you.
  • ‘Client Zone’ – this is for clients who we are working with to share our products and services. No personal data is collected from clients using this service.

 

Website usage information

CfD itself does not:

  • Collect web usage information when people visit our site or then disclose that data to others for marketing/strategic purposes.
  • Collect web usage information to help us deliver better services/products/marketing campaigns, or to help us inform people about our services (so long as they’ve consented).
  • Use users’ IP addresses to help us identify trends or track their movements.

 

Linking to other websites

www.communication-for-development.com contains links to social networking sites that we use so that anyone interested may view our work and connect with us.

A link to a third-party website does not imply endorsement – you must use your own judgement to decide whether the information or service on that website is suitable for your needs.

We are not responsible for the content of any linked website and cannot take responsibility for the consequences of your using the information or services on linked websites. We cannot guarantee that these links will work all of the time.

Websites that we link to may have ‘Terms and Conditions’ that are different from ours. Do not assume that our ‘Terms and Conditions’ apply to other websites. We reserve the right to add or remove links to other third party websites as we see fit.

 

Other third party content

We embed external content from third-party websites such as Vimeo. This content is not published on our website. It is delivered using devices and services provided by such third party sites that can be inserted onto our site. We are not responsible for this content.

 

Security and virus protection

No data transmission over the internet can be guaranteed as totally secure. While we strive to protect such information, we do not warrant and cannot ensure the security of any information which you transmit to us. Accordingly, such transmission is at your own risk. We will not be liable for any damages or loss arising out of or resulting from any unauthorised access to, alteration to or modification of information contained on this website.

We make every effort to check and test our website during production. You must take your own precautions to ensure that the process which you employ for accessing this website does not expose you to risk of viruses, malicious computer code or other forms of interference which may damage your computer system. It is always wise for you to run an anti-virus program on anything you download from the internet.

We accept no liability for any loss, disruption or damage to your computer system or your data caused by using this website or arising as a result of having used the website.  

 

Data Processors

Communication for Development Ltd uses a number of third party services as data processors, which process personal data on behalf of us. These services are detailed below:

Hubspot

We use Hubspot as a customer relationship management tool. They do not use the data we input for their own purposes. We are solely responsible for the data we input. Hubspot’s agreements with their customers prohibit them from using personal information, except as necessary to provide and improve their Subscription Service, as permitted by their Privacy Policy, and as required by law. Please refer to Hubspot’s privacy policy at  https://legal.hubspot.com/privacy-policy for more information.

Typeform

We use Typeform to gather post-assignment feedback from our clients.  This data helps us improve our services and better assist clients in the future. Typeform collects their responses for us, but we are responsible for that data. They do not process any of the data. However, they do use cookies and process usage data when clients access the link or their site. This data relates to the device clients use to access our services, including the IP address, browser type, operating system and geographic location based on the IP address. For more information please read Typeform’s privacy policy at https://admin.typeform.com/to/dwk6gt.

Trello

We store the information from Typeform on Trello. Trello is a web-based project management application. Trello does not process the data we input, so it does not use personal data in any way. Personal data is only used to help us review and improve our service offerings. For more information, please refer to Trello’s privacy policy at https://trello.com/privacy-updated.

WordPress

We use a third party service, WordPress.com, run by Automattic.inc, as a content management system and to publish our blog. The site is hosted by HostPapa. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. To the best of our knowledge, WordPress is GDPR compliant. For more information about how WordPress processes data, please see Automattic’s privacy notice at https://automattic.com/privacy/.

PhotoShelter

We direct clients with whom we are working to Photoshelter for image management. For any questions about how Photoshelter uses personal information, cookies, etc, clients must refer to Photoshelter’s privacy policy https://www.photoshelter.com/support/privacy.

CfD Cloud

For storing client’s projects and information on our creative associates, we use a private cloud (NAS) device. The information stored on the cloud is solely our responsibility and no third parties have access to this information. No personal data is collected by us when clients use the cloud.

Hootsuite

We use a third party provider, Hootsuite to manage our social media interactions. If you send us a private or direct message via social media, the message will be stored by Hootsuite. It will not be shared with any other organisations.

Google Analytics

We use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns for visitors to our website. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, do not intend to make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. For any questions about how Google Analytics uses personal data, please refer to Google Analytics’ data protection principles at https://support.google.com/analytics/answer/6004245?hl=en.

 

Your rights

If your use of this site falls under the GDPR as a personal user, you have a right to request a copy of any information held about you. If you wish to do this, please contact Communication for Development Ltd, explaining that your interest is to review your personal information. Except where the law obliges us to keep your data, Communication for Development Ltd will ensure that your data is gathered and/or purged from the servers. Communication for Development Ltd will need to receive appropriate identification that proves you are the correct person to request the information. Your rights as data subject are provided in more detail below:

 

Specific rights of the data subject under the GDPR

Right of confirmation

The regulation grants every data subject the right to ask the data controller to confirm whether or not their personal data is being processed. Any data subject who wishes to know whether or not we are processing their data may contact our Data Protection Officer, or use the “contact us” tool on our site.

Right of access

The regulation also grants data subjects the right to request information about any personal data being saved by the controller free of charge. The European directives and regulations also give data subjects the right to access the following information:

  • The purpose for processing the data.
  • The categories of personal data concerned.
  • How long the personal data will be stored (where possible), or (where not possible) the criteria used to determine the length of storage.
  • Who the personal data has been/will be disclosed to, especially if these are third countries or international organisations.
  • That they have the right to request the correcting or erasing of their personal data, and the right to object to its processing or request its restriction.
  • The existence of the use of profiling or other means of automated decision making to collect data – including the logic of using this, the significance and consequences of these methods.
  • That they have the right to lodge a complaint with a supervising authority and request information about how the data was obtained when it has not come directly from the data subject.

Data subjects also have the right to know when and if personal data is being transferred to third countries or international organisations. The data subject also has the right to know of any safeguards being used for the information transfers.

Data subjects may at any time use their right of access to contact our Data Protection Officer.

Right to rectification

Data subjects have the right to rectify any inaccurate personal data, including having incomplete data completed, for instance by providing a supplementary statement. In order to do so, they may contact the Data Protection Officer.

Right to Be forgotten

Data subjects have the right to have their personal data erased in the following circumstances as long as the processing is not necessary:

  • Personal data is no longer necessary for the purposes they were collected for.
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  • The data subject withdraws consent to which the processing is based, according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
  • The personal data must be erased in order to comply with a EU or EU member state law that the controller is subject to.
  • The personal data was processed unlawfully.

If one of these reasons applies and the data subject wants to be erased they may contact our Data Protection Officer who will ensure that the request is completed.

Where the controller has made personal data public, and must under Article 17(1) erase the data, the controller will take reasonable steps to inform other controllers processing the data that the data subject has requested erasure. The Data Protection Officer of Communication for Development Ltd will arrange the necessary measures in individual cases.

Right to restriction of processing

Data subjects have the rights to restrict the processing of their data where one of the following applies:

  • The controller no longer needs the personal data for the processing purposes, but they are needed by the data subject for legal claims.
  • The processing is unlawful and the data subject opposes the erasure of the data and requests restricted use instead.
  • The accuracy of the personal data is contested by the data subject. The data will be restricted temporarily to enable the controller time to verify the accuracy of the data.
  • The data subject has objected to processing under Article 21(1) of the GDPR pending the verification of whether the grounds of the controller override those of the data subject.

If one of these conditions is met and the data subject wishes to request the restriction of personal data, they may contact our Data Protection Officer who will arrange the restriction of the data processing.

Right to data portability

The data subject has the right to receive their personal data being used by the controller in a commonly used format, and the right to submit that data to another controller without interference as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary in the public interest or in the exercise of official authority given to the controller.

The data subject will have the right to have their personal data transmitted from one controller to another where technology allows and where the rights and freedoms of others are not adversely impacted by the action.

Right to object

Data subjects have the right to object to the processing of their personal data based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

Communication for Development Ltd will stop processing personal data in the case of an objection unless we can demonstrate a sound reason for the processing which would legally override the data subject’s rights in the case of a legal claim.

While Communication for Development Ltd does not process personal data for direct marketing purposes currently, if we do so in the future, data subjects have the right to object to the processing of their personal data for direct marketing purposes. In the event that the data subject objects, Communication for Development Ltd would stop processing their data for these purposes.

Should a data subject want to object, they may contact our Data Protection Officer.

Automated individual decision-making, including profiling: data subjects have the right not to have decisions made about them based solely on automated processing of their data (including by profiling) if it has legal effects for them. Communication for Development Ltd does not use, or engage in, these types of processes. Please contact our Data Protection Officer should you have questions.

Right to withdraw data protection consent

Data subjects have the right to withdraw consent for the processing our their data at any time. Should the data subject wish to withdraw consent, they may contact our Data Protection Officer.

 

Changes to this policy

This privacy policy will change from time to time as we develop the range of services on the website. When this privacy policy changes, we will place an updated version on this page and where appropriate we will give you the opportunity to review the revised privacy policy and ask you to agree to it. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties. You should continue to check the privacy policy before using this site, even if you have visited it in the past. This ensures that you will be aware of any changes.

 

Name and address of the controller

The Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is:

Communication for Development Ltd, Kemp House, 152-160 City Road, London EC1V 2NX, United Kingdom

 

Name and address of the Data Protection Officer

The Data Protection Officer of the controller is:

Robin Wyatt, Communication for Development Ltd, Kemp House, 152-160 City Road, London EC1V 2NX, United Kingdom

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.