On May 25th 2018, the General Data Protection Regulation is active for any website within the EU or any worldwide that stores information on any EU citizen.
In order to comply with this regulation, we list here the ways Serve the City store and use information.
Information collected by Serve the City may be used to:
- respond to requests for information
- disseminate information such as newsletters or details of events
- engage with volunteers and make the appropriate organisational arrangements for serving.
- process any donations or pledges of donations.
- keep a record of Volunteer and client contact details
- inform clients, donors and volunteers of any current or future information about our work, events, campaigns and activities, or any other features of Serve the City.
business purposes, such as data analysis, audits, fraud monitoring and prevention, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of informational and operating and expanding our serving activities.
- as we believe to be necessary or appropriate: (1) under current applicable law, (2) to comply with legal process; (3) to respond to requests from public and government authorities (4) to enforce our terms and conditions; (5) to protect our operations; (6) to protect our rights, privacy, safety or property and/or that of others; and (7) to allow us to pursue available remedies or limit any damages that we may sustain.
It is the commitment of Serve the City that any use of collected information will be in accordance with the data protection principles of good practice.
This means that it will be:
- processed fairly and lawfully.
- processed for limited purposes and in an appropriate way.
- adequate, relevant and not excessive for the purpose.
- Accurate and, where necessary, kept up to date.
- not retained any longer than necessary for the purpose.
- processed in line with data subjects’ rights.
- be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information,
- not transferred to any third parties outside Serve the City organisation without adequate protection and we only use third-party data processors who guarantee their ability to implement the technical and organisational requirements of the GDPR.
In addition, Serve the City will ensure that:
- It has a Data Protection Controller in operation with responsibility for ensuring compliance with GDPR rules and best practice procedures.
- Everyone processing personal information understands that they are contractually responsible for following good data protection practice,
- Everyone processing personal information is appropriately trained to do so,
- Everyone processing personal information is appropriately supervised,
- Anybody wanting to make enquiries about handling personal information knows what to do,
- It deals promptly and courteously with any enquiries about handling personal information,
- It describes clearly how it handles personal information,
- It will regularly review and audit the ways it stores, manages and uses personal information
- It regularly assesses and evaluates its methods and performance in relation to handling personal information
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the General Data Protection Regulation.
Serve the City use Google Analytics in order to measure the audience of its website.
Information about the location and age of visitors may be stored for a limited time on Google Analytics’ servers but any identifiable information will be automatically deleted after 14 months.
Google Analytics follows the GDPR guidelines and you can read more about this here.
Storage and handling of information
Unless specified otherwise, the personal information you provided to Serve the City is stored either on Salesforce (read Salesforce’s commitment to GDPR) or our web hosting server at Infomaniak (read Infomaniak’s commitment to GDPR).
We also capture some data from our website into Salesforce using Formsite
(read Formsite’s commitment to GDPR )
Some personal data may also be held on Microsoft Office365 and Sharepoint
(read Microsoft’s commitment to GDPR )
Please contact us regarding any request or queries on your data