The Community Data Cooperative Privacy Policy [April 2020]
​
Our Privacy Policy sets out details of the information we collect about you, how we may use it, how we ensure it is kept secure, who we share it with, and what rights you have in respect of that information.
Up front, we’d like to make it very clear we’re committed to respecting the information you trust us with and to only request as much personal information as the cooperative needs to go about its business using community data for good and creating happier, healthier places for us to live in.
Broadly, we will use your personal information to contact and provide services and information to you that we believe will be relevant and in your interest as a Member of the cooperative; where explicit consent has been given, your information will be provided anonymously to clients paying to seek opinions, comments and insights into their commercial/strategic issues; to meet our legal obligations, and to help improve our products and services to both Members and Clients alike.
We want our personal information relationship to be fair i.e. where the Community Data Cooperative, Members, Clients and the wider communities we live in all benefit. And where we share your data, we only do so with individuals and organisations who have a right to see it and who will use it fairly.
We are registered members of the Information Commissioners Office, which is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
More information about the ICO can be found at https://ico.org.uk/
Why do we ask for your personal information?
The Community Data Cooperative sells Member personal opinions and insights to our Clients.
The main use of personal information is where we supply Members’ answers in response to our Clients’ market research requirements. In addition to supplying answers we may also provide anonymised profile details about Members to put their responses in context and add significant value to the service we offer our Clients. An example of this might be where we supply your gender, marital, physical activity status, and whether you own a bike or not, to a Client seeking insight around community activities in public areas. We would never provide your name, address or contact details though.
Other reasons we might collate personal information include:
- To create a Member database for data mining, research and insight purposes on behalf of Clients purchasing research products and services from us
- Administer Membership and Client records and maintain our accounts and records
- To better understand the common and more general needs of our Clients and Members and provide both with more personalised products, services and information, particularly in the context of promoting public wellbeing in local communities
- Using your personal details to send you things we think you need to know about and things we are obliged to send you legally. We broadly term these "service" emails. For example, we will send Members details about changes to the benefits they get from membership
- Developing an understanding of the activities, preferences, and requirements of our Members and Clients. For example, we might want to contact our Members to seek feedback on a community wellbeing initiative we’re funding on their behalf, or we might seek Client opinion on a “hot” topic to determine whether to engage with Members to generate further insights to sell back to Clients
- For statistical analysis to improve existing products and services and develop new products and services
- Communicating with you about the products and services we’re providing to you
- Promoting, marketing and advertising our products and services to existing and potential Clients
- Report to our Funders, Partners and Members on our charitable objectives
- To fulfil any legal contract we hold with Members or Clients
- Recording and managing complaints and or dealing with any legal claims
The types of information we hold about you and explicit consent
We will primarily use explicit consent as our legal basis for collecting and processing your data under the Data Protection Act 2018 (GDPR).
We only use personally identifiable information where we have an individual’s or organisation’s consent and where that consent can easily be withdrawn at any time by the provider.
We will never provide personally identifiable information to a 3rd party. Any sharing of data with a 3rd party for research or analysis purposes will always be anonymised.
We will share your data for compliance with any legal obligations we may have.
The types of information you give us will vary depending on the context in which you have provided it and may include some or all of the following:
- name, address, and contact details
- other socio-demographic details such as gender, disability, marital status, home ownership etc
- details about physical activities you do/want to do or your general health and wellbeing, as assessed by yourself
- details of products and services you've bought from various organisations
- details of your interactions with us using online, email, sms or social media channels
- payment details for Members receiving dividends
Sharing data
When we share your information, we only do so in accordance with our legal, data protection and privacy obligations.
We may share anonymous or aggregated information about you with both our Clients and partner organisations such as our technology suppliers or research partners who are contracted as data processors to help provide data management services such as data capture, data warehousing, engagement tools and research, evaluation and statistical analytics. The organisations we currently share data with include:
- Torque2 Ltd and Torque4 Ltd
Your rights around how we handle your personal information
We and our partners will hold all information in confidence and comply with all our responsibilities under the Data Protection Act 2018 (GDPR).
You may request confirmation that we hold personal data about you, and obtain a copy of any such data.
You may ask us to rectify any inaccurate information we hold about you.
You may ask us to delete your personal information which we will endeavour to comply with within 2 working days.
You may ask us to restrict the processing of your personal information in certain circumstances, however this may cause some delays in provision of services to you.
You may request the receipt or transfer to another organisation in a structured, commonly used and machine-readable form, the personal data that you have provided to us.
You may object to our processing of your personal information in certain circumstances.
Where oinur processing of your personal information is based on your consent, you have the right to withdraw this consent at any time, although this won’t affect the lawfulness of any prior processing where we relied on your consent. You can request withdrawal at any time by contacting us at the address below under How to Contact Us.
How to make a complaint
You may make a complaint about our processing of your personal data by contacting us using the details below. You can also find out more about your rights and/or make a complaint via the Information Commissioner’s Office.
How to contact us
If you would like to exercise any of your rights, please contact us using the contact details set out below:
Data Protection Team
Data Co-op
PO Box 92
Cockermouth
CA13 3BD
​
Email: info@communitydatacoop.co.uk
​
Changes to this Privacy Notice
We will inform you of any changes to our privacy policy so that you are always aware of the information we collect, how we use it and under what circumstances we disclose it.
Version 1 01/05/2020