Thanks for your understanding and patience. In the mean-time, if you have any questions about the up-to-date details of how/where/why we store your data please do not hesitate to contact us on firstname.lastname@example.org and we will prioritise getting back to you.
The GEN office team, 1st February 2022
1) What data we collect
1.1) Newsletter Updates: You may actively opt-in to receive communications by either 1) donating to the Global Ecovillage Network; 2) signing up to our newsletter and/or other communications using an online form; 3) signing up to e-communications at an online or offline event or course.
If you give us your details, we will ask you to provide only the minimum amount of information required so we can keep in contact and/or provide the service/s we have promised. Usually, the information we ask for will consist of name, country, email address. However, on when you decide to donate to GEN, we will also ask for relevant banking information and address. At some of our offline events you will have the option to give us your phone number if this is appropriate. We do not share your information, and never would. We would never sell your information to any third party and consider it exploitative to profit from your personal data.
If you set up a recurring payment with us – for a donation, for example – we will need to store the account details linked to your gift. We will always store this information securely with one of the financial data processors we use. If you make a cash donation using your card, we will not store your full account details. You can read more about donating securely in section 9 below.
1.2) Ecovillage Database: By passing GEN any personal contact information under the auspices of publicity for the Community Database, we assume through legitimate interest that you are consenting to have that data accessible by the public so you can share your project. Such data will be stored in the cloud internally on our websites WordPress site.
If possible, when uploading project information we recommend uploading generic contact details that are not associated with individuals. If at any time, you find your details connected with a project that you did not consent to, or you need your project’s information updating, please contact us.
1.3) Friends of GEN: Thank you for supporting GEN – we truly appreciate your support. When you sign up to Friends of GEN, you can be sure that your financial data is secure. We assume by signing up to Friends of GEN that we can hold your data under business interest. You can learn more how we ensure the security of your financial information in section 9. If you want to cancel your Friends of GEN subscription, please contact our team by mailing friends[at]ecovillage.org.
1.4) Consultancy: When you inquire to how GEN can support you through GEN Consultancy, we will store your data up to 6 months after our last contact with you. We hold your contact data securely on our internal servers and justify this under legitimate business interest. If at any time you wish us to update, disclose, or delete your data, please contact us.
1.5) Ambassadors: When you apply to become a GEN Ambassador, we will store your initial expression of interest form on our internal servers. We will delete this information after 6 months after our last contact with you. Should you become an Ambassador, we will store your information on our servers so that you may receive the benefits of being an Ambassador, such as regular email communication. If you no longer wish to be an Ambassador, please contact our Ambassador Coordinator, Tessa Brock on tessa.brock[at]ecovillage.org.
1.6) Other Financial Details: When you pass any financial data to GEN – outside of those instances included in section 9 (such as through our Online Store or a donation) – including for Programme and Project based needs, we will keep these for 6 months, unless this contravenes other legislation. For example, in the UK where GEN is a registered Scottish Charity, we have a legal obligation to store the financial data used in our annual financial reporting for 6 years from the end of the last financial year. After this, we will delete all information.
2) When we’ll be in touch with you
You will only ever receive communications electronically and after you have consented to receive it. And we want to make sure we communicate with you in the way you want. If you have provided us with your email address and opted in to our newsletter, we’ll send you our email updates. If you sign up to our newsletter through an offline form (e.g. at an event or workshop) you will be sent a confirmation email afterwards to subscribe to the list.
Our newsletters contain news on specific programmes, projects, our consultancy services and fundraising initiatives, all in the service of ecovillages across the globe. Due to staff capacity, we currently do not use different mailing lists for different themes and therefore, if you only want to receive one type of update (e.g. fundraising) but not another (e.g. news), you will have to unsubscribe to the list. We hope to offer this more preferential service in the future. However, if you’re thinking of opting out of our list, please contact us and we’ll do our best to support your needs.
If you would like to withdraw your consent for us to contact you through our newsletter or in whatever form you originally asked us to, you can contact us and we will immediately remove your data from our servers and data processing services.
3) Your data, your rights
The Global Ecovillage Network believes that data sovereignty and control are fundamental in the digital age. Therefore, in line with GDPR, we encourage you to exercise your rights to data control, which include:
- Right to rectification: you can ask us via postal mail or electronically to update or ‘rectify’ any inaccurate data that we hold on you. We will fulfill your request within 31 days.
- Right of access: you can apply in writing for copies of all the information we hold on you. We will send this to you via the same means you applied i.e. via either if by postal mail or electronically. We will send you this information within 31 days of your request.
- Right to erasure: you have the right to be forgotten which means you can apply to us in writing or verbally to delete all of your data from our servers and data processor services. We will comply within 31 days of your request.
4) Help us improve
We are always looking for new ways to improve our services and what we can offer our supporters. If you have a complaint please do contact us. We will treat your complaint seriously and confidentially and resolve it as soon as possible. If you are not happy with our response to your complaint, you can take it further by contacting the Information Commissioner’s Office (ICO) in the UK.
5) Data accuracy
The Global Ecovillage Network endeavours to keep the data which we hold as up to date and accurate as possible. If you are on our database and any of your details change, please contact us at any time to update this information. We also respect your right to know what information about you we hold, and are happy to send this to you, please contact us for further information about this service.
6) The limited circumstances in which we may share your details
We may share your details with certain organisations, such as postal services or emailing service hosts. The partners we use will only store and use supporters’ information for the purpose of the service we contracted them to deliver. The only other occasion in which we would disclose your personal data is if the law requires it under special circumstances, such as a legal investigation.
We ensure that all third party services we use are compliant with the GDPR and will never disclose personal information to organisations not in compliance.
The majority of the processors and service providers we use are based in the cloud, and include: Financial Services (e.g Paypal or Stripe); Communications and mailing services (e.g. Mailchimp); Website / WordPress plug-ins (e.g. Woocommerce); Databasing services (such as Google Drive).
Due to GEN’s networked characteristics, and the fact that many of our staff and collaborators work remotely across the globe, we require the use of above services to further our charitable objectives.
It is possible that if you attend a GEN event you will be photographed. We ask that all events we run request explicit permission for your consent so that GEN may afterwards use the photographs taken for digital and print communications, such as on our website or in an event flyer.
If you do not wish photos of yourself to be used in this way, please be sure to notify the event management as soon as possible.
We often work with photographers outside GEN staff so we can collect beautiful photos of events and those magical fleeting moments. We use photo release forms in accordance with UK copyright and data protection law with each of these third party photographers to ensure that they have sought consent from the subjects in their photos.
If you see a photo of yourself in our communications that was taken in such a space, please contact us to revoke your consent if you do not wish to have your image used. We will remove the image as quickly as possible.
8) Data breaches
If, in the unlikely circumstance, we detect a data breach or misuse of your information that is our responsibility, we are required under GDPR to report this to the ICO within 72 hours. We will also notify you so that you can take appropriate measures to protect yourself.
We will always securely store any data that is entrusted to us, whether it’s held online or offline. All credit or debit card payment via our online store, for events, or in donation are processed by Paypal or Stripe. These are both highly reputable services and offer secure systems of processing payments to organisations. All recurring payments are processed through a WordPress website plug-in called Gravity Forms which is linked directly to Stripe.
Both of the payment processors we use – Paypal and Stripe – are PCI compliant (Payment Card Industry Data Security Standard). This means we only store the last four digits of your card details electronically, and once your donation has been processed, we destroy any record of the 3 digit security number on the back of the card.
By ensuring our processors are compliant in this way, we can guarantee any payments you make to GEN are secure and the risk of your data being used maliciously is significantly reduced.
10) What are cookies and do we use them?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the site owners about how people are using their site. There are four main types of cookies used by this website. These relate to temporarily storing information on your ecovillage.org preferences, security, analytics (so we can improve our services), and social media. These include:
- wp_woocommerce_*, woocommerce_* – Relates to online store, shopping cart etc. Your cart is preserved between sessions, and these cookies achieve that.
- wp-*, wordpress_* – Only present when logged in to our website and relates to your WordPress login and login related preferences.
- _wpss_* – wp spamshield plugin – spam prevention
- wpSGCacheBypass – Prevents caching when logged in to ecovillage.org
- _gid, _ga – Google Analytics – Supports us to improve the interactability of our website
- hustle_* – Relate to mailing list popup and social sharing buttons to store user preferences
- __cfduid – relates to Cloudflare and is necessary for their security protection of our site
You can find out more about how these different cookies work and how to manage them here.
11) Data and international borders
Due to GEN being global in nature and spirit, plus the fact that our team are based internationally, it follows that data is often shared across borders, such as through Google Drive, or email. We ensure that this data is being shared in compliance with GDPR and other country specific data and privacy legislation, and have appropriate internal policies and procedures to comply with these responsibilities and to reduce the risk of data breaches.
12) Translation of this policy
If you would like to read this document in another language, please copy the document to Google Translate here.
Si desea leer este documento en otro idioma, copie el documento en Google Translate aquí.
Si vous souhaitez lire ce document dans une autre langue, veuillez copier le document sur Google Traduction ici.
Se você gostaria de ler este documento em outro idioma, copie o documento para o Google Tradutor aqui.
Wenn Sie dieses Dokument in einer anderen Sprache lesen möchten, kopieren Sie das Dokument bitte hier in Google Translate.
إذا كنت ترغب في قراءة هذا المستند بلغة أخرى ، فيرجى نسخ المستند إلى “ترجمة Google” هنا.