1. The Lens is a charity registered in Scotland (SC046025). Our address is Robertson House, 152 Bath Street, Glasgow G2 4TB. You can also email us: hello@lensperspectives.org.uk

2. Our Data Controller and Processor is Iain Delworth, Operations. You can contact him using the above addresses.

3. We have identified 3 purposes for processing personal information. They are; marketing communications, delivery of mission through our Intrapreneurship Programmes and other products/services, and HR.

4. We have assessed the lawful basis for processing and included below.

Purpose

Lawful Basis

Reasoning

Marketing communications

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

·      Data collected is used for marketing purposes which may be deemed a “nuisance” so individuals must consent to clearly identify they wish to receive them.

Delivery of mission through Programmes and other products and services

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

·      Data collected is a fundamental need for our work to be conducted, e.g. contacting an intrapreneur to provide ongoing support.

·      It is also required for maintaining appropriate records for the organisation.

HR

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

·      Data collected for HR purposes helps monitor the organisations compliance with legislation and performance in areas including equality & diversity.

·      It is also required for maintaining appropriate records for the organisation.

5. You can access our Legitimate Interest Assessment for more information on why we have classified the Delivery and HR as legitimate interest as our lawful purpose.

6. We do not, and will never, share any personal data we have with any third party.

7. We use Dropbox, Insightly and MailChimp to manage our data. Their servers may be located in countries outside the UK.

8. We will keep data for each of our purposes for the following time periods:

  • Marketing – 6 years
  • Delivery – 6 years
  • HR – up to 1 years after an individual is no longer engaged with The Lens

9. We are firmly committed to upholding individual rights and have included our processes of how we do so below.

Right

Compliance measures

1.    The right to be informed

Privacy notice – made available on our website and to any who requests a copy.

2.    The right of access

Access requests will be completed by the Data Controller within one month of the request being made. Information will be provided using our Access Request Template.

3.    The right to rectification

Any request made for personal data to be amended will be completed by the Data Controller within one month of the request being made. All amendments will be tracked in the GDPR Log.

4.    The right to erasure

Any request for the erasure personal data will be dealt with within a month of the request by the Data Controller. A copy of the notification of erasure will be kept demonstrating compliance.

5.    The right to restrict processing

Any request for the restriction of the use of personal data will be completed by the Data Controller within one month of the request being made. All requests will be tracked in the GDPR Log.

6.    The right to data portability

Any request for the portability of personal data will be completed by the Data Controller within one month of the request being made. All requests will be tracked in the GDPR Log. A copy of an individual’s data will be provided in CSV format.

7.    The right to object

Any objections to the use of personal data will be handled by the Data Controller as soon as the request has been received. All requests will be tracked in the GDPR Log.

8.    Rights in relation to automated decision making and profiling.

Not applicable – no activity conducted by The Lens is automated.

10. You can withdraw consent from any of your marketing communications at any time. You can unsubscribe from our mailing list, or you can email us using hello@lensperspectives.org.uk. Alternatively, you can send us a letter using the above address or speak to any of our team who will arrange that for you.

11. All breaches will be recorded in the GDPR Log and if it is deemed to have an adverse effect it will be reported to the ICO and any affected party – including the individuals whose data may be compromised and Lens Champion for the organisation they work for – within 12 hours.

12. If you are not happy with how we are handling your data, you can lodge a complaint with the Information Commissioner’s Office.

13. We receive data from the following sources:

  • Marketing – signs up via our website, Programme applications and sign-up sheets. We ask for consent in all cases.
  • Delivery – we either receive data directly from individuals or are passed data from our Partners.
  • HR – all data is given by individuals either applying to work with us, or who are contracted or employed to work at The Lens.

14. You are under no statutory or contractual obligation to provide personal data to The Lens. We would never ask for something you are not happy to give freely.