Welcome to the latest version of the privacy and cookie notice and other information covering the activities of Hatch. Our contact information is here and we are registered under the Data Protection Act 1998 (registration number ZA212531).
This page was last updated on 14 May 2018 and the information set out here is in force from 25 May 2018.
How we may gather your personal dataWe primarily use the legal basis of consent for processing personal data that you supply to us and therefore we only receive such data after you have given your consent. We may also process data under the legal basis of legitimate concern, such as to ensure the security of the sites and services we run or to support our work to improve democratic engagement.
The routes via which we may gather your personal data include:
- Sign-up forms, buttons or surveys, both offline and online,
- When you visit a digital website or service we operate,
- If you make a donation or other payment to me, and
- Cookies placed on your device(s) and tracking pixels.
This gathering of data includes both data you directly supply, such as by filling out a form, and also data provided when you interact with one of the services we operate digitally, such as the IP address, browser type and operating system of the device used.
The data gathered via surveys and forms may include special category data, such as whether or not you are a member of a political party or a supporter of a particular charity. Such data may also come from you sending us an email in which you choose to reveal such information, e.g. “As a member of the Organisation X, we disagree with your claim that…”
What we might do with your personal data
We may use personal data you provide to keep you informed about our work, to ask you questions, and to let you know about opportunities to get involved with our work, and to tell you about the work of others (like charities and campaigning organisations who share our values) that we think might appeal to you.
We may tailor the content supplied to you based on the personal data you have previously provided and may also use the data to ensure the security of our systems. We may also use your personal data to process any donations or payments that you make to us.
Any special category data you have consented to give us will be used only for the purposes of analysing our activities (such as to establish if our activities are fully inclusive), to analyse the answers of the survey or form used to collect it, or for providing direct follow-up to any points raised in those answers. If the data is contained in a comment that you have chosen to submit for publication, however, it may be published.
The routes via which we may contact you include:
- Email (if you have provided an email address),
- Facebook Messenger (if you have subscribed to a Messenger Bot, message our Page or otherwise we have permission to message you),
- RSS feeds (if you have subscribed to one or more of them),
- Website notifications (if you have subscribed to them),
- Online advertising (if you have provided information or taken actions that permit us to target advertising at you, such as by liking a Facebook page, visiting one of our websites and accepting cookies or providing your email address),
- Telephone or post (if you have provided your phone number or postal address), and
- Via publishing content on webpages.
Sharing and storing data
We will not share your data with anyone else except:
- If required to do so by law (for example, by the police with appropriate legal authority),
- If we have first asked for, and been given, your permission to do so, or
- If we are using their services to deliver one of the methods of communication set out above, such as to send you emails, or to store data about your interactions with those communications (such as whether you clicked a link in an email from us) and with any surveys or forms we may have sent you.
A service provider will only have personal data passed to them under this final category if their own systems, standards and legal terms are compliant with the requirements of GDPR. Their use to process your data will also be governed by their own privacy notices. Some of the service providers mentioned above may store personal data outside the E.U. and they will only be used in this way if the transfer of data outside the E.U. is done in accordance with Chapter V of GDPR. (You can read more about the safeguards involved on the Information Commissioner’s website here.)
If you choose to interact with one of our profiles or pages on a social network, such as Facebook or Twitter, that interaction may result in personal data being shared with us by the social network operating under its own legal contract with yourself.
Our sites may display adverts served up by Google. If you choose to interact with the adverts, such as by accepting cookies from them or by clicking on an advert, then your personal data may be processed by them, subject to their own privacy policies.
Our own data records are separate from those other organisations that we support – such as charities and campaigning organisations that share our values and priorities. Data is only shared if there is a clear legal basis for doing so, such as having asked your consent before gathering the data.
Withdrawing your consent
You may at any time withdraw the consent you have given for us to process personal data from you.
- Email: via the unsubscribe link including in emails or by emailing firstname.lastname@example.org,
- RSS feeds: by unsubscribing from the RSS feed in the application used to subscribe to it,
- Website notifications: via the normal unsubscribe/block settings for such notifications in your web browser,
- Online advertising: by blocking either all ads or just the ads from us using the options provided by the relevant advertising network, such as the option in Facebook to block all ads from our Facebook page; you can also request via email@example.com that we do not use your email address for targeting adverts via features such as Facebook’s custom audiences or Twitter’s tailored audiences,
- Cookies and tracking pixels: by blocking one or more of the cookies and tracking pixels that our site(s) would otherwise place, and
- Telephone: by request when receiving one of our phone calls, or by emailing firstname.lastname@example.org.
Cookies and tracking pixels
Our family of sites may place cookies and tracking pixels on the device from which you are accessing them. The emails we send out may also use a tracking pixel. To find out more about what cookies are, see this article from the BBC. To find out more about what tracking pixels are, see this article from Digiday.
- Collecting anonymous usage data for Google Analytics and for WordPress Statistics from Automattic,
- Providing embedded videos from platforms such as YouTube and Vimeo,
- Displaying advertisements, which may be personalised – no personal data is reported to us and their use of your personal data is subject to their own privacy policies with no functionality or content of the sites unavailable if you do not accept advertising cookies,
- Operating affiliate links, with no personal data reported to me,
- Integrating with services from Twitter and from Facebook, including the Facebook Pixel, the Facebook Connect service and the Facebook Social Graph service – this may include targeting content (including advertising) on those social networks at people who have visited a site,
- Analysing website visits from email subscribers using MailChimp or ActiveCampaign,
- Publishing web notifications using OneSignal,
- Remembering whether or not you have seen and accepted the privacy pop up message on visiting the site, and
- Servicing any requests that you make (e.g. to remember your details when you post a comment).
If you want to find out more about any individual cookies that any one of our sites use, please either email email@example.com or install a tool such as Ghostery, which provides detailed information about cookies on all the sites you visit.
Retention of data
Personal data which you provide via cookies will be retained for no more than two years.
Other data which is not special category data will be retained as long as it is required to accurately deliver information to you by the means set out above and to meet regulatory requirements (e.g. for tax purposes and for compliance with laws on electoral finance).
This may include retaining data after you have made an unsubscribe or similar request to ensure that you are not subsequently sent information by mistake and to protect against, for example, malicious attempts to add you to lists you do not wish to be a member of.
Special category data will not be retained for longer than five years.
You can, in addition, exercise your legal rights for data to be deleted if you wish.
Anonymous aggregate statistics may be retained when personal data is deleted.
Your legal rights
GDPR provides the following rights for individuals:
- The right to be informed,
- The right of access,
- The right to rectification,
- The right to erasure,
- The right to restrict processing,
- The right to data portability,
- The right to object and
- Rights in relation to automated decision making and profiling.
If you have a complaint of a query, you can raise it with us via firstname.lastname@example.org or, if appropriate, contact the regulator, the Information Commissioner.