Data Protection Officer (“DPO”): Claire Tucker.
Personal Data: is data that relates to you and can — either on its own or in combination with other information — identify you as an individual. Personal Data does not include data that has been aggregated or made anonymous such that you can no longer be identified using means reasonably available to us.
2. Information We Collect
The Personal Data that we collect and our use of that information depends on your relationship with us and the requirements of applicable law as described below.
We collect information that:
- you provide to us directly;
- about your devices and their location, and your use of our services, including through certain Internet technologies; and
- that we obtain from other sources.
3. Information Collected From You
HomeWork requests different types of Personal Data from you, depending on the services you use and your relationship with us.
- Identity and Contact Data: including your name, mailing address, phone number, email address, Slack account, and other information that enables us to contact you.
- Payment Information: including your bank account information, and payment or other information required when you set up a direct debit with us.
- Profile data: includes preferences, feedback and survey responses.
- Marketing and communications data: includes preferences in receiving marketing from us and communication preferences.
4. Information Collected About You
- Technical Data: Google and Other Third-Party Analytics. We use a tool called “Google Analytics” to collect information about the use of our website (e.g., Google Analytics collects information such as how often users visit the website, what pages they visit when they do so, and what other sites they used prior to coming to our website). Google Analytics collects only the IP address assigned to you on the date that you visit the website, rather than your name or other identifying information. The information collected through the use of Google Analytics is not combined with your Personal Data. You can learn more about how Google Analytics collects and processes data and opt-out options at http://www.google.com/policies/privacy/partners/. We also may use other third-party analytics tools to collect similar information about use of certain online services.
- Technical Data: On your Mobile. Our website is specifically designed to be compatible for use on mobile computing devices. Mobile versions of the website may require you to log-in with an account. In such cases, information about use of each mobile version of the website may be associated with user accounts.
5. Aggregated Data and Special Categories of Personal Data
Apart from dietary requirements (health information), we do not collect Special Categories of Personal Data (such as race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about health, and information about criminal convictions and offences).
6. Use Of Personal Data
We will use Personal Data in the following circumstances:
- where we need to provide the services to you (i.e. because we are contractually obliged to do so);
- where it is in our legitimate interests to do so (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
- where we need to comply with a legal or regulatory obligation.
Occasionally, we rely on consent as a legal basis for processing personal data other than in relation to sending useful information and marketing communications to you via telephone and/or email. You have the right to withdraw consent to us contacting you like this at any time by responding to the person that contacts you and/or by contacting us via the details given below.
We have set out below the ways we use personal data and the legal basis for doing so. We have also identified what our legitimate interest is, where appropriate.
We may process personal data for more than one lawful ground depending on the specific purpose for which we are using data. Please contact us if you want further details about the specific legal ground we are relying on to process your personal data.
Where we need to collect personal data by law, or under the terms of a contract and you do not provide that data when requested, we may not be able to perform the contract. In this case, we may have to cancel a service you have with us but we will notify you of this at the time.
7. Sharing of Personal Data
We may disclose your Personal Data in limited circumstances to our community, our service providers and advertisers, and other end users, in order to provide our services and to improve ways of working in our community. Where required by applicable law, we will only share your Personal Data with particular third parties with your consent.
Our Community: our services may include member communities, forums, networks, and other features through which you may share information and connect with others. This includes: member networks, events, and/or other groups available to users.
Surveys / Feedback: from time to time, we may ask for your feedback in surveys. Participation is voluntary, and we will use the information that we collect for research and reporting purposes, and to help us to improve the quality of our services. We use the survey responses to determine the effectiveness of our services, including the quality of our communications and our advertising and/or promotional activities. If you participate in a survey, your responses will be used along with other participants’ responses.
Other Parties When Required by Law and as Necessary to Provide and Protect Our services: there may be instances when we disclose your Personal Data to other parties:
- to provide you with the services that you request;
- to invoice you and collect payments via accounting software such as QuickBooks;
- to comply with our legal obligations, including with auditors, lawyers, CPAs, financial consultants, or other consultants;
- to comply with the law or respond to legal process or a request for cooperation by a government entity or law enforcement;
- to detect, limit, and prevent fraud, or verify and enforce compliance with the policies governing our services;
- to protect our rights, property, and safety or that of any of HomeWork, our business partners, members, or employees; or
- where otherwise required by law.
We share Personal Data in this way either to comply with legal obligations to which we are subject, or to meet our legitimate interests in protecting our business, including from fraud and legal claims.
Other Parties in Connection with a Corporate Transaction: we may disclose or share your information in the event that we purchase, sell, finance, transfer, or acquire all or a portion of a business or assets, such as in connection with a merger, or in the event of a bankruptcy reorganisation or liquidation.
8. Social Media
While we will not edit comments, we may delete a comment from our page on a social media site if it, for example, does not relate to the post, promotes a commercial product or service, uses obscene, threatening, or harassing language, or if it is a personal attack or hate speech that targets or disparages any ethnic, racial, age, or religious group (or other legally protected group), or if it advocates illegal activity or breaches copyright laws.
10. Personal Data – Your Rights
You have the right to:
- Request access to your personal data (known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. It is unlikely, but in some cases we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of the processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
12. Special Categories of Personal Data – Dietary Requirements
Where you have provided us with any dietary requirements in relation to any events and have consented to HomeWork’s use of such information you may withdraw that consent, in accordance with applicable law.
13. Email and Telephone Communications
If you have any concerns about our processing of your Personal Data, we’d be delighted to discuss them with you. You may also lodge a complaint with the Information Commissioner’s Office which is the UK supervisory authority for data protection.
HomeWork will retain your Personal Data for as long as you have a relationship with us, and for a period after your relationship with us has ended.
When determining how long this retention period will last, we take into account the length of time Personal Data is required to:
- continue to develop, tailor, upgrade, and improve our services;
- maintain business records for analysis and/or audit purposes;
- comply with record retention requirements under the law;
- defend or bring any existing or potential legal claims; or
- address any complaints regarding the services.
16. Information Security
The security of all Personal Data provided to HomeWork is important to us. HomeWork takes reasonable steps to use appropriate technical or organisational measures to protect your Personal Data, including against unauthorised or unlawful processing and accidental loss, destruction, or damage. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while HomeWork strives to protect your Personal Data, we cannot ensure or warrant the security of any information that you transmit to HomeWork, and you do so at your own risk. As such, we ask that you help us be safer together by implementing your own security controls, such as locking your laptop when you leave your desk and other security best practices.
17. Use of CCTV
We operate a CCTV system within our premises. Its aim is to provide a safer and more secure environment for the benefit of visitors, staff and members.
We use CCTV as outlined below. We believe that such use is necessary for our legitimate interests or for the purposes of fulfilling the terms of a contract (i.e. our contracts with our staff), including:
- to prevent crime and protect buildings and assets from damage, disruption, vandalism and other crime;
- for the personal safety of visitors, members and staff;
- to act as a deterrent against crime;
- to support law enforcement bodies in the prevention, detection and prosecution of crime;
- to assist in day-to-day management, including ensuring the health and safety of visitors, members and staff;
- to assist in the effective resolution of disputes which arise in the course of our business; and
- to investigate gross misconduct or behaviours that puts others at risk.
- CCTV images are monitored, recorded and used in strict accordance with this policy.
Where CCTV cameras are placed in HomeWork, we will ensure that signs are displayed at the entrance of the surveillance zone to alert individuals that their image may be recorded. Such signs will contain details of the organisation operating the system, the purpose for using the surveillance system and who to contact for further information, where these things are not obvious to those being monitored.
Recorded CCTV images will be stored in a way that ensures the integrity of the image and in a way that allows specific times and dates to be identified.
Access to live images is restricted to the DPO and any other authorised staff at HomeWork (see further details below), and recorded images can only be viewed in a restricted area by approved staff.
The recorded images are viewed only when there is suspected criminal activity and for occasionally checking that our staff are following best practice. We do not use CCTV for the purpose of monitoring visitors or members.
We reserve the right to use images captured on CCTV where there is activity that we cannot be expected to ignore such as criminal activity, potential gross misconduct, or behaviour which puts others as risk.
Images retained for evidential purpose will be retained in a locked area accessible by the Data Protection Officer.
Where images are retained, the DPO will ensure the reason for its retention is recorded, where it is kept, any use of the images and finally when it is destroyed.
CCTV digital recordings are made using a digital recorder operating in real time mode, monitoring the setting continuously 24 hours a day.
Data recorded by the CCTV system will be stored digitally using a cloud computing system. Data from CCTV cameras will be retained for thirty days then will be automatically recorded over. In some cases, the images may be kept for longer. For example, where images are being recorded for crime prevention purposes, data will be kept long enough only for incidents to come to light.
At the end of their useful life, all images stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs will be disposed of as confidential waste. Any still photographs and hard copy prints will be disposed of as confidential waste.
No images from our CCTV cameras will be disclosed to any third party, without express permission being given by the DPO. Data will not normally be released unless satisfactory evidence that it is required for legal proceedings or under a court order has been produced.
In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.
No images from CCTV will ever be posted online or disclosed to the media.
Disclosure will only be granted:
- if its release is fair to the individual concerned;
- if there is an overriding legal obligation; and
- if it is consistent with the purpose for which the system was established.
We will maintain a record of all requests and disclosures of CCTV footage. If access or disclosure is denied, the reason is documented.
18. Collection of Information from Children
Our website and services are not directed to children, and we do not knowingly collect Personal Data from children except as permitted under applicable law. If we become aware that a child has provided us with Personal Data, we will delete such information from our files or obtain parental consent in accordance with applicable law.
19. Changes to this Policy in the Future
20. Questions or Comments
Effective Date: January 2020