Privacy and cookies policy

General website information

If you use our main website openownership.org, we do not use cookies to track any information about your visit.

Emails

If you sign up to be on our mailing list via this website, we will ask you for the following information:

• First name
• Last name
• Email address
• Job title (optional)
• Organisation (optional)

We will use this information to subscribe you to our newsletter and store your details on our database in accordance with GDPR. As we send newsletters via Mailchimp, your details will also be transferred to them. We will also record your details in our CRM system.

You may unsubscribe from our mailing lists at any time and any promotional email we send you will contain an option to enable you to unsubscribe.

Webinars and other online events

If you register to attend a webinar or other online event we will process:

• Your name
• Your country/region
• Your company/organisation name
• Your job title
• Your email address

We use this information to give you access to the webinar event and to understand who is attending our events.

If you attend an online event, we will also process information about the times you start and stop attending the event. We use this information to understand how popular our events are and how our audience engages with them.

General purposes for using your personal information

We may also use your personal information:

• to satisfy legal obligations which are binding on us;
• for the prevention of fraud or misuse of services; and
• for the establishment, defence and/or enforcement of legal claims

Data Retention

We will only keep your information for as long as is necessary, but this period varies depending on the information and purposes involved. For example:

• We keep our web server logs for up to one year
• We retain your information for mailing list subscriptions until you unsubscribe. When you unsubscribe our mailing list provider will retain your details as an unsubscribed contact, so that we cannot accidentally re-add you to a list manually.
• We retain data in our CRM for 3 years after your last contact or interaction with us
• We retain data from our online events for 12 months after the event

In some cases we will keep personal information for longer where we need to comply with relevant regulatory or statutory requirements. We will also retain information, when and as long as necessary, to resolve legal disputes.

Third-party data processors

We use a variety of third-party data processors who may receive your information. Any use we make of data processors will require them to act only on our instructions concerning your personal information. To this end, we have signed data processing agreements with each of them, governing how they can use your information and requiring them to keep it safe.

Specifically, we may share information with:

• Website hosting providers
• Software log storage services
• Website visitor statistics providers
• Mailing list management services
• Online email and office software
• Customer relationship management systems
• Backup services
• Event hosting and registration services

Do we share your personal information with anyone else?

As explained above, we may share your personal information with our suppliers.

There are other circumstances where we may need to share your personal information, such as:

• if we transfer the running of Open Ownership (or any part of it) to another organisation;
• with our professional advisors e.g. lawyers, where necessary to protect our or a third party’s interests;
• if we are under any legal or regulatory obligation to do so; and
• in connection with any legal proceedings or prospective legal proceedings, or in order to establish, exercise or defend our or a third party’s legal rights.

Lawful basis

It is lawful for us, under the General Data Protection Regulation (GDPR), to process your personal information for the purposes described in this notice because one of the following applies:

• We have a legitimate interest, and our use is fair, balanced and does not unduly impact your rights and freedoms. For example, we have a legitimate interest in operating our websites and using the information we collect for these purposes, in processing your information to communicate with you, and to facilitate your attendance at our events.
• We have obtained your consent - for example to send you newsletters by email to your personal email address.
• We may be required to process or transfer your information in order to comply with legal requirements, such as requests from law enforcement agencies

We do not believe the way in which we are processing your personal information is likely to cause you any harm.

Transfer of data outside Europe

Any personal information we process may be transferred outside of the UK and European Union, in particular to the United States through our third-party data processors, many of whom locate their servers there. Some countries, including the US, have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. In the US, for example, this means that your information may be at risk of access by the US government and law enforcement agencies. As described above, we have attempted to minimise this risk by having signed contracts in place, based on the European Commission-approved ‘Standard Contractual Clauses’ with recipients of your information outside the UK and EU.

Your rights

Under EU and UK data protection laws, you have a number of important rights which you can exercise free of charge. In summary, those include rights to:

• access to your personal information
• require us to correct any mistakes in your information which we hold
• require the erasure of personal information concerning you in certain situations
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal information
• otherwise restrict our processing of your personal information in certain circumstances

These rights are not always available, and are subject to legal exemptions. For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

• email us at [email protected]
• let us have enough information to identify you and your request

If you would like to unsubscribe from any email newsletter you can also click on the ‘unsubscribe’ button at the bottom of the email. Unsubscribing is automatic and effective immediately, but email may already be in transit when you unsubscribe.

EU and UK data protection laws also give you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. For example, in the UK this is the Information Commissioner’s Office.

Who we are and how to contact us

We are Open Ownership, a fiscally sponsored project of Global Impact, 1199 N. Fairfax St., Suite 300, Alexandria, VA, 22314, US. Although we are based outside Europe, we have appointed our Data and Technology Manager ([email protected]) as our representative in Europe for data protection purposes.