Who we are
Global Canopy collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 1998 as amended and updated from time to time (DPA) and, with effect from 25 May 2018, the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and how we use it
In the course of visitors browsing our website we collect the following personal information:
- Browser and/or other internet log information
We use this information to monitor and improve our website.
In the course of visitors registering for SCRIPT™, we collect the following personal information:
- Job title
- Email address
We use this information to fulfil requests for registration, to monitor use of SCRIPT™ and to contact registrants with regard to possible further development of SCRIPT™ to suit user needs.
Who we share your personal information with
We may share your name and contact details with our ‘Data Partners’ CDP Worldwide (www.cdp.net/en) and The Zoological Society London (www.zsl.org) and our ‘Project Partners’ WWF and Ceres for use by them for internal purposes and to contact you in relation to SCRIPT™ and the underlying principles relating to soft commodity and supply chain risk.
We will share personal information with law enforcement or other authorities, but only to the extent required by applicable law.
We will not share your personal information with any other third party.
How long your personal data will be kept
For visitors to our website, we will generally keep your data for a period of 3 years, after which time it will be deleted from our systems if it is no longer required for the lawful purpose for which it is obtained.
For those who have registered to use SCRIPT™, we will keep your data for as long as the registration is maintained and for a period of 5 years afterwards.
Reasons we can collect and use your personal information
We rely on legitimate business interests as the lawful basis on which we collect and use your personal data. Our legitimate interests are:
- providing you with our services;
- monitoring the use of our website and the use of SCRIPT™;
- ensuring that content from this site is presented in the most effective manner for you and your computer;
- contacting you about services similar to SCRIPT™; and
- notifying you about changes to our services.
Transfer of your information out of the European Economic Area (EEA)
We host and store your data in the European Economic Area (EEA). We share the registration data for those who register to use SCRIPT™ with our Partners identified in the SCRIPT™ Terms and Conditions, some of whom are based outside of the EEA.
By submitting your personal information to us when you register to use SCRIPT™, and by using SCRIPT™, you agree to us transferring, storing and handling your personal information in this way.
Under the DPA and GDPR you have a number of important rights with regard to your personal data. In summary, those include rights to:
- request a copy of your information
- correct any mistakes in your information
- ask for your personal data to be erased
- restrict processing
- request data in a machine-readable re-useable form
- object to data processing
Please note that these rights are not absolute and on occasion these rights may be overridden by our need to comply with our legal obligations.
If you would like to exercise any of your rights, please:
- email or write to us at the addresses given below;
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you are exercising and the information to which your request relates.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Right to complain to the Information Commissioner’s Office (ICO)
We hope that we can resolve any query or concern you raise about our use of your information. If you complain to us and are not satisfied with our response or believe we are processing personal data not in accordance with the law, you can contact the ICO. This link will take you to the ICO’s website: https://ico.org.uk/
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us please send an email to email@example.com or write to 3 Frewin Chambers, Frewin Court, Oxford, England, OX1 3HZ.
Global Canopy Foundation is a company limited by guarantee and is registered in England and Wales under company number 4293417 and has its registered office at 3 Frewin Chambers, Frewin Court, Oxford, England, OX1 3HZ. Global Canopy Foundation is a registered charity with number 1089110.