Privacy Policy
This privacy policy governs The Social Innovation Partnership’s (TSIP’s) collection, use, maintenance, sharing and disclosure of information collected from data subjects through our work with clients and wider operations as a social enterprise including through our website (www.tsip.co.uk).
POLICY STATEMENT
This privacy policy governs The Social Innovation Partnership’s (TSIP’s) collection, use, maintenance, sharing and disclosure of information collected from data subjects across our website (www.tsip.co.uk), through our work with clients and wider operations as a social enterprise.
WHY AND HOW WOULD TSIP CAPTURE PERSONAL DATA?
In all instances where we retain personal data, such as email addresses or identities of data subjects, we will have a legitimate interest such as keeping you informed about our work as you have requested, delivering a contract which involves handling or gathering data or maintaining an ongoing business relationship.
TSIP may collect personal identification information from data subjects in a variety of ways: when you visit our website, fill out a form at an event we host, or in connection with other activities, services, features or resources we make available on our website. We will always establish consent and comply with relevant legislation.
On our projects any personal data will have been collected with explicit consent and the project will be governed by the terms of our contract and this policy. TSIP’s status as determined by relevant legislation differs depending on our role in our projects. On most of our projects we are recognised as a Data Processor under the European Union’s General Data Protection Regulation. On the projects where we may be recognised as a Data Controller and are capturing data directly we will establish consent for any data we capture, why we are capturing it and how it will be retained. If working with partners, we will look to establish a specific Data Sharing Agreement that will govern how those data will be captured, retained, accessed, shared and deleted along with specific routes of contact for users to get in touch with us to understand more about any of these issues. We will explicitly nominate a Data Protection Officer if necessary.
HOW LONG WILL TSIP KEEP PERSONAL DATA?
We will keep your data for no longer than necessary. This will vary. The length of time will depend on any legal obligations we have (such as tax recording purposes), the nature of any contracts that we have in place, the existence of your consent or our legitimate interest as a business.
When you purchase anything from us, for example services, we retain that information for a period of six years following the end of our financial year during which you purchase from us ceased. It is our legal obligation to keep these records for tax purposes.
If you express an interest in TSIP’s work we may retain data such as your contact details or name to be able to keep you informed. If you wish for your data to be deleted at any point see Your rights as a data subject below.
HOW IS MY DATA SHARED?
TSIP never sells any of personal data. On certain projects we might share personal data with a project partner, but in these instances, this will be made clear at the point of collection and will be supported by the explicit prior permission of the person whom the data belongs.
WHERE IS MY DATA SAVED?
TSIP uses Google Drive and Salesforce as storage systems both of which adhere to the EU’s GDPR. There are no reasons that Data being held by TSIP would be transferred to a third party country but if this is in likelihood of occurring the Adequacy Framework of the European Commission will determine acceptability.
SECURITY INFORMATION
We take data privacy and security extremely seriously. Any information gathered for the purposes of TSIP’s work is stored on our cloud-based server delivered through the user interfaces of Google drive and Salesforce. Both systems require Multi factor authentication via Google Authenticator.
Jumpcloud controls the authentication for Google Workspace and we also use Mimecast as our email security platform. It provides an extra layer of security for emails by filtering them before they get through to Google Workspace. Emails are analysed before they reach mailboxes for SPAM, malware, impersonation, spearfishing attacks, and fraud attempts.
Our hardware and software protection includes Webroot Anti-Virus and Anti-Malware, Sophos Hard Disk Encryption Management and Webroot DNS Protection. We further ensure that all our data collection, storage and deletion meet GDPR as well as any terms specified by the funder or funded partners during the course of the programme.
YOUR RIGHTS AS A DATA SUBJECT
Under GDPR you have rights as a data subject. These rights are:
THE RIGHT TO BE INFORMED
This means we must inform you how we are going to use your personal data. We do this through this privacy policy and by informing you how your data will be used each time we collect it.
THE RIGHT OF ACCESS
You have the right to access your personal data that we hold. This is called a subject access request. We must respond to your request within one month. To request access to your data, please send us this email. This will auto-generate an email with the subject line ‘Subject Access Request’ to the email address contact@tsip.co.uk. It is very helpful if you tell us what of your personal data you are seeking.
THE RIGHT TO RECTIFICATION
If you think the data we hold on you is incorrect, tell us so we can put it right. You can do this by emailing contact@tsip.co.uk with the correction that you wish to make.
THE RIGHT TO ERASURE
You have the right to request that we delete your data. We think our work is pretty interesting, but if, now having read this message or at any point in the future, you want to be removed from our GDPR-compliant database you can let us know by sending us this email. This will autogenerate a message to the address contact@tsip.co.uk including the subject line ‘Remove me from your database’. We will do so, provided that we do not have a compelling reason for keeping it.
You also have rights to restrict processing, concerning data portability, to object and in relation to automated decision making. These are unlikely to be relevant given the very limited ways in which TSIP retain and process data. However if you wish to exercise any of your rights under Chapter 3 of GDPR you can let us know by sending us this email which will autogenerate an email message to the address contact@tsip.co.uk including the subject line ‘GDPR rights request’.
I WANT TO COMPLAIN ABOUT TSIP
You have the right to raise any issues with TSIP’s privacy policy or data collection in one of two ways: direct to us or to the Information Commissioner’s Office.
Direct complaints
You can make a complaint direct to TSIP by sending us this email which will autogenerate an email message to the address contact@tsip.co.uk including the subject line ‘Privacy/Data complaint about TSIP’.
Complaints via the Information Commissioner’s Office
TSIP has been registered with the UK’s Information Commissioner’s Office since 4 April 2013. Our reference number is Z3625333
The ICO’s contact details are:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
I WANT TO KNOW MORE
If you want to contact TSIP to understand more about our data and privacy policy please get in touch with us in writing at the postal address, email address below or give us a call:
The Social Innovation Partnership Limited
The Rain Cloud Victoria
76 Vincent Square
London
SW1P 2PD
UK
+44 (0) 7775 934 921
POLICY REVIEW
This policy will be reviewed annually to ensure it remains in line with legislation and TSIP's organisational principles.
Last updated : 2022-11-25