We take the privacy of those who visit our websites and use our services seriously and we aim to be transparent about our processing of personal information. Accordingly, this page explains the kinds of information we may collect about you as a result of your visiting or interacting with our website, contacting us through our forms, attending one of our events and so on.
Please read this notice carefully as it explains our purposes for using your personal information and includes information about your privacy rights.
General website information
If you use our websites, we will make a record of the information your web browser sends to us, typically identifying the type of browser you are using, and your IP address. We record this information in full where necessary, for example to detect bugs and prevent hostile access. Where we can, we only record an anonymised version of your IP address, for example to understand the ways in which people use our website and where in the world they are.
What are cookies?
A cookie is a small text file that a website (including this website) saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
The following table explains the cookies we use and why we use them:
Enabling you to log into the register and remembering your session between page views
How to control cookies
You can control and/or delete cookies and other storage technologies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
If you sign up to be on our mailing list via this website, we will ask you for the following information:
- First name
- Last name
- Email address
- Job title (optional)
- Organisation (optional)
We will use this information to subscribe you to our newsletter and store your details on our database in accordance with GDPR. As we send newsletters via Mailchimp, your details will also be transferred to them. We will also record your details in our CRM system.
You may unsubscribe from our mailing lists at any time and any promotional email we send you will contain an option to enable you to unsubscribe.
Contributors to the register
If you have signed up to incorporate data about your company into the Open Ownership Register, we will also process:
- Your name
- Your company name and position
- A company email address and an associated password
- The IP address from which you are currently signed in and from which you last signed in
We use this information in order to facilitate your contributor account, verify your identity whenever you login, to protect your identity from malicious access and we may use it to help us verify the accuracy of any information you submit for inclusion in the register. We may also contact you through the email address you provide to assist us with this verification process.
Data included in the register
We have a separate page which covers the personal information we may include in our Open Ownership Register, our legal basis for collecting it and your rights. That page supplements this one.
Contact and error reporting forms
If you use any of our online forms to report errors with our data, request that we correct or remove your information, or to contact us for general support, we will process:
- Your name
- Your email address
- Any information you give us to confirm your identity or explain your query
Webinars and other online events
If you register to attend a webinar or other online event we will process:
- Your name
- Your country/region
- Your company/organisation name
- Your job title
- Your email address
We use this information to give you access to the webinar event and to understand who is attending our events.
If you attend an online event, we will also process information about the times you start and stop attending the event. We use this information to understand how popular our events are and how our audience engages with them.
General purposes for using your personal information
We may also use your personal information:
- to satisfy legal obligations which are binding on us;
- for the prevention of fraud or misuse of services; and
- for the establishment, defence and/or enforcement of legal claims
We will only keep your information for as long as is necessary, but this period varies depending on the information and purposes involved. For example:
- We keep our web server logs for up to one year
- We retain your information for mailing list subscriptions until you unsubscribe. When you unsubscribe our mailing list provider will retain your details as an unsubscribed contact, so that we cannot accidentally re-add you to a list manually.
- We retain data in our CRM for 3 years after your last contact or interaction with us
- We retain data from our online events for 12 months after the event
- We retain your account information on the register for as long as you maintain an account. If you delete your account, we will remove all records of your account and those of any submissions (including drafts) you have made under that account. However, we will only remove beneficial ownership data which has already been included in the register through your submissions in accordance with our policy for data retention on the Open Ownership Register.
In some cases we will keep personal information for longer where we need to comply with relevant regulatory or statutory requirements. We will also retain information, when and as long as necessary, to resolve legal disputes.
Third-party data processors
We use a variety of third-party data processors who may receive your information. Any use we make of data processors will require them to act only on our instructions concerning your personal information. To this end, we have signed data processing agreements with each of them, governing how they can use your information and requiring them to keep it safe.
Specifically, we may share information with:
- Website hosting providers
- Software log storage services
- Website visitor statistics providers
- Mailing list management services
- Online email and office software
- Customer relationship management systems
- Backup services
- Event hosting and registration services
Do we share your personal information with anyone else?
As explained above, we may share your personal information with our suppliers.
There are other circumstances where we may need to share your personal information, such as:
- if we transfer the running of Open Ownership (or any part of it) to another organisation;
- with our professional advisors e.g. lawyers, where necessary to protect our or a third party’s interests;
- if we are under any legal or regulatory obligation to do so; and
- in connection with any legal proceedings or prospective legal proceedings, or in order to establish, exercise or defend our or a third party’s legal rights.
It is lawful for us, under the General Data Protection Regulation (GDPR), to process your personal information for the purposes described in this notice because one of the following applies:
- We have a legitimate interest, and our use is fair, balanced and does not unduly impact your rights and freedoms. For example, we have a legitimate interest in operating our websites and using the information we collect for these purposes, in processing your information to communicate with you, and to facilitate your attendance at our events.
- We have obtained your consent - for example to send you newsletters by email to your personal email address.
- We may be required to process or transfer your information in order to comply with legal requirements, such as requests from law enforcement agencies
We do not believe the way in which we are processing your personal information is likely to cause you any harm.
Transfer of data outside Europe
Any personal information we process may be transferred outside of the UK and European Union, in particular to the United States through our third-party data processors, many of whom locate their servers there. Some countries, including the US, have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. In the US, for example, this means that your information may be at risk of access by the US government and law enforcement agencies. As described above, we have attempted to minimise this risk by having signed contracts in place, based on the European Commission-approved ‘Standard Contractual Clauses’ with recipients of your information outside the UK and EU.
Under EU and UK data protection laws, you have a number of important rights which you can exercise free of charge. In summary, those include rights to:
- access to your personal information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
These rights are not always available, and are subject to legal exemptions. For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email us at [email protected]
- let us have enough information to identify you and your request
If you would like to unsubscribe from any email newsletter you can also click on the ‘unsubscribe’ button at the bottom of the email. Unsubscribing is automatic and effective immediately, but email may already be in transit when you unsubscribe.
EU and UK data protection laws also give you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. For example, in the UK this is the Information Commissioner’s Office.
Who we are and how to contact us
We are Open Ownership, a fiscally sponsored project of Global Impact, 1199 N. Fairfax St., Suite 300, Alexandria, VA, 22314, US. Although we are based outside Europe, we have appointed our Data and Technology Manager ([email protected]) as our representative in Europe for data protection purposes.