1. Privacy and data protection
Mindfulness in Schools Project (MiSP), a charity registered in England & Wales number 1168992), is committed to ensuring the privacy of our employees, officers, trustees, beneficiaries, customers, suppliers, volunteers, partners and other third parties. This notice relates to our use of any personal information we collect from you via the following services:
Any personal information provided to us by email, telephone, in letters and any correspondence and in person.
- Our website (www.mindfulnessinschools.org)
- Other third party providers
- Social media
This notice explains what information we collect, why we collect it and what we do with it. We are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 2018.
2. The type of data we collect and use
We collect data in various ways for several different reasons. Personal data will include:
- Personal contact details that allow us to contact you directly such as name, title, email address, and telephone numbers;
- Personal information which enables us to process your application to attend our training courses and events;
- Hub membership details such as start and end date;
- Records of your interactions with us such as emails and other correspondence, and your instructions to us;
- Financial transactions;
- Records of attendance at MiSP events;
- Your marketing preferences, so that we know how we should contact you.
Please note that if you choose, for any reason, not to allow us to use your personal data (as is your right) it may result in a less efficient or accurate service to you.
3. Data retention
Your personal information will be retained by MiSP and its service providers in a secure environment, will be kept confidential, and will only be used in connection with the purposes for which it is submitted, or as otherwise explained on the websites or Terms and Conditions, or as necessary for us to comply with our legal obligations.
The period for which we hold your data will differ depending on the type of information and the reason why we collected it. For example, course application forms will usually only be kept for a period of six months post course, whereas data relating to a financial transaction will be retained for a period of seven years in line with HMRC requirements.
We like to update you about the services we offer. When you register with us for the first time you will be asked for your preferences. For those of you covered by our membership scheme we believe that legitimate interest is the lawful basis for contacting you about these services as part of benefitting fully from membership. For those not covered by membership we believe that we have a legitimate interest in contacting you about future events that are related to those you have attended in the past.
We use a third-party provider, MailChimp, to deliver our emails. We gather statistics around email opening and clicks to help us monitor and improve our emails. For more information, please see MailChimp’s privacy notice. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing us at firstname.lastname@example.org.
We do not rent or trade email lists with any other organisations or businesses.
5. Website cookies
6. Google Analytics
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is anonymous and we do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
7. Ticketing Data
We use a third-party online system, Eventbrite, to book tickets for many of our events. Eventbrite collects and stores data that can include your name and contact details depending on the sort of event you are booking. You can, of course, always contact us directly to book tickets if you prefer. Please be assured that we do not share your personal details with any other company without your consent.
8. Social media
We use a variety of online engagement tools and social media platforms to communicate and interact with customers and potential customers. We use third-party platforms including, but not limited to, Facebook, Twitter and LinkedIn. When interacting with MiSP’s presence on those sites you may reveal certain personal information. Apart from using your information to respond to a specific message or request, we will not use, share or retain any personal information given on these channels.
The relevant privacy policies of these sites are available at Facebook, Twitter and LinkedIn
9. Third parties
We occasionally share anonymised information with other organisations, particularly for research purposes.
MiSP takes appropriate security measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it for as long as is reasonable and necessary. We follow generally-accepted best practice industry standards to protect the personal information submitted to us during transmission and once we receive it. However, the transmission of information over the internet is never completely secure, so while we do our best to protect personal information, we cannot guarantee the security of information transmitted to MiSP’s websites.
11. Access to your information
You are entitled to view, amend, or delete the personal information that we hold. MiSP tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you, we will:
- give you a description of what information we hold;
- tell you why we are holding it;
- tell you who it could be disclosed to;
- let you have a copy of the information in an intelligible form.
To make a request to MiSP for any personal information we may hold please e-mail email@example.com.We are required under the GDPR regulations to respond to subject access requests within one month. If we refuse a request we will inform you of the decision within one month of the request explaining why we have refused the request.
12. Your rights
Under data protection law, you have certain rights when it comes to how your personal data is handled:
- The right to make a ‘subject access request’. You are entitled to receive a copy of the personal data we hold about you, together with information about how and why we process it;
- The right to request that we correct incomplete or inaccurate personal data that we hold about you;
- The right to withdraw any consent which you have given;
- The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it;
- The right to object to our processing of your personal data for direct marketing purposes, or where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing;
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if they want us to establish its accuracy or the reason for processing it;
- The right to request that we transfer to you or another party, in a structured format, your personal data which you have provided to us (also known as the right to ‘data portability’). The applicability of this right depends on the legal grounds on which we process it;
- The right to challenge a decision based solely on profiling/automated processing, to obtain human intervention, and to express your point of view.
We are required to comply with these rights without undue delay and, in respect of certain rights, within a one-month timeframe.
If you wish to lodge a complaint about MiSP’s use of your data you can contact us at: firstname.lastname@example.org
You have a right as an individual to refer your complaint to the ICO if you think that there is a problem with the way MiSP is handling your data.
14. Changes to this Privacy Notice
We review this policy on a regular basis. This Privacy Notice was last reviewed on 06 November 2019.