In order to comply with the General Data Protection Regulation (GDPR) that came into effect across the European Union on May 25th 2018, we have updated our Privacy and Data Protection Policy.
1. Policy Statement
The ManKind Project UK and Ireland is strongly committed to protecting your personal data. We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. MKPUK&I processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this statement.
This policy sets out how we ensure that this information is processed lawfully and appropriately, in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
We take our data protection duties seriously, because we respect your privacy. We will not sell or otherwise transfer your information to third parties for marketing purposes without your explicit consent.
2. About This Policy
MKPUK&I is responsible for ensuring compliance with the Data Protection Requirements and with this policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to your usual contact at MKPUK&I; if you are unsure who to contact then contact us.
3. What is Personal Data?
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession).
Processing is any activity that involves use of personal data. It includes obtaining, recording, holding or transferring data; organising, amending, retrieving, using, disclosing, erasing or destroying it.
4. Data Protection Principles
As your data processor, we will ensure that your personal data is:
- Processed fairly, lawfully and in a transparent manner.
- Collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose.
- Adequate, relevant and limited to what is necessary for the intended purposes.
- Accurate, and where necessary, kept up to date.
- Kept in a form which permits identification for no longer than necessary for the intended purposes.
- Processed in line with the individual’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Not transferred to people or organisations situated in countries without adequate protection and without firstly having advised the individual.
- The Data Protection Requirements are not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the individual.
5. Fair and Lawful Processing
In accordance with the Data Protection Requirements, we will only process personal data where it is required for the following lawful purposes: where the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, in the legitimate interests of the business, or where the individual has given their consent.
6. Processing for Limited Purposes
We have in place detailed policies and procedures for data subjects. These will be kept up to date with all Data Protection requirements and are available to data subjects upon request.
7. Accurate Data
We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to amend or destroy inaccurate or out-of-date data.
8. Timely Processing
We will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
9. Processing in line with Data Subject’s Rights
We will process all personal data in line with data subjects’ rights; in particular their rights to:
- Confirmation as to whether or not personal data concerning the individual is being processed.
- Request access to any data held about them.
- Request rectification, erasure or restriction on processing of their personal data.
- Lodge a complaint with a supervisory authority.
- Data portability.
- Object to processing, including for direct marketing or contact.
10. Data Subject Requests
You have the right to access, rectify, or erase any personal data we have collected about you through our Services. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through our Services. In addition, you have the right to ask us not to process your personal data (we do not provide data to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorised by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights, please write to the Community Director: Brendan.firstname.lastname@example.org. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfil the purposes for which it was collected and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
If you have any issues with our compliance, you have the right to lodge a complaint with a European supervisory authority.
11. Data Security
We take appropriate and adequate security measures against unlawful or unauthorised processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
We have in place industry-standard procedures and technologies to maintain the security of all personal data from the point of the determination of the means for processing and point of data collection to the point of destruction. Credit card transactions are handled by established third-party banking institutions and process agents. These third-parties directly receive the information they need to verify and authorize your credit card transactions. The MKPUK&I never has access to this credit card payment information.
When collecting credit card information, these third-parties offer secured server transactions that encrypt your information in transit to prevent someone from intercepting it and misusing it. All information collected from you is retained on a secure server. Although we use reasonable efforts to safeguard the security of your Personal Information, transmissions made on or through the internet are vulnerable to attack and cannot be guaranteed to be secure. You hereby acknowledge that the MKPUK&I is not responsible for any intercepted information sent via the internet, and you hereby release us from any and all claims arising out of or related to the use of intercepted information in any unauthorised manner.
12. Legal Compliance, Security and Compelled Disclosures.
Notwithstanding anything to the contrary stated herein or within our Services, we occasionally release information about users of our Services when we deem such release appropriate to comply with law, respond to compulsory process or law enforcement requests, or protect the rights, property or safety of users of our Services, the public, ManKind Project UK and Ireland, our affiliates, or any third party.
13. Changes to this Policy