Welcome to Gather

Gather uses data to transform city sanitation

 

 Privacy Policy

Effective as from: 7th November 2018

1.       Introduction

1.1.     We are committed to safeguarding the privacy of individuals (“you”, “your”) whose personal data we collect and use. In this Privacy Statement, we explain how we handle your personal data. For example, what personal data we collect and how, what we do with it and who we share it with. It also describes your privacy rights and controls such as your choices regarding use, access and correction of your personal data.

1.2.    Our Privacy Statement is part of, and is subject to, our Cookies Policy and our Website Terms. By accessing or using www.gatherhub.org (“Website”), you confirm that you accept the terms of our Privacy Statement.

2.     About Gather   

2.1.    Our Website is owned and operated by Gather Hub Limited (“Gather”, “Gather Hub”, “we”, “us” or “our”).

2.2.   We are a company registered in England and Wales under registration number 10003335, and a charity registered in England and Wales under registration number 1168130. Our registered office and principal place of business is at Geovation, 4th Floor, Sutton Yard, 65 Goswell Road, London EC1V 7EN.

2.3.   You can contact us by (a) post, to Geovation, 4th Floor, Sutton Yard, 65 Goswell Road, London EC1V 7EN, or (b) email, using the following email address: [email protected]

3.      Our Data Compliance Manager

3.1.    Our Director responsible for Data Compliance is Lindsey Noakes. You can contact her in writing using the following contact details: [email protected]. The tasks of our Director responsible for Data Compliance include (for example) monitoring our compliance with applicable data protection laws and acting as contact for individuals whose data is processed by us.

3.2.   If you have any questions about anything to do with this Privacy Statement, our data processes and practices or simply to exercise your privacy rights, please contact Lindsey Noakes using the contact details above.

4.      Your privacy rights

4.1.    We have summarised below your privacy rights. Some of these rights are complex, and not all of the details have been included in our summaries below. For this reason, you should read the applicable data protection laws and guidance from the UK Information Commissioner for a fuller explanation of these rights. You can do so by using this link https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

4.2.   You may exercise any of your rights below in relation to your personal data by contacting our Director responsible for Data Compliance in writing using the following contact details: [email protected]

4.3.   Your principal rights under the applicable data protection laws are:

o     the right to access;

o     the right to rectification;

o     the right to erasure;

o     the right to restrict processing;

o     the right to object to processing;

o     the right to data portability;

o     the right to complain to the UK Information Commissioner; and

o     the right to withdraw consent.

4.4.   Right to access: You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

4.5.   Right to rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. You can ask us to make any necessary changes to ensure that your personal data is accurate and kept up to date.

4.6.   Right to erasure: In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary for: exercising the right of freedom of expression and information; compliance with a legal obligation; for the establishment, exercise or defence of legal claims. The consequences of erasing your personal data are, for example, that you will be unable to access some content on our Website and will be excluded from marketing communication communications including (for example) newsletters, event information, blogs etc.

4.7.   Right to restrict processing: In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another individual or legal person; or for reasons of important public interest.

4.8.   Right to object to processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

4.9.   Right to object to processing (direct marketing): You have the right to object to our processing of your personal data for direct marketing purposes (including, for example, profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose. You may exercise this right at any time by (a) hitting the unsubscribe button in the email footer of the newsletter we send you, or (b) by contacting our Director responsible for Data Compliance in writing using the following contact details: [email protected]

4.10.                  Right to object to processing (scientific, historical research or statistics): You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

4.11.  Right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

4.12. Right to complain to the UK Information Commissioner: If you consider that our processing of your personal data infringes the applicable data protection laws, you have a legal right to lodge a complaint with the UK Information Commissioner (www.ico.org.uk) which is the UK data protection regulatory body.

4.13. Right to withdraw consent: To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

5.      Changes to the Gather Hub Privacy Statement

5.1.    We may update the Gather Hub Privacy Statement from time to time by publishing a new version on our Website. If we make changes to this Privacy Statement, we will post the revised Privacy Statement on our Website and update the “Effective Date” date at the top of this Privacy Statement.

5.2.   If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email. If you disagree with the changes to the Privacy Statement, you should contact our Director responsible for Data Compliance ([email protected]) writing requesting the erasure of your personal data and, if you receive our newsletter, unsubscribe from them.

5.3.   If you continue accessing and/or using of our Website, receiving our communications, contacting us, and/or signing up /attending our events and webinars etc. this will constitute acceptance of the revised Privacy Statement.

6.     What personal data we collect

6.1.    We use many different kinds of personal data. They are grouped together as in the table below. The groups are all listed here so that you can see what we may know about you. We don’t use all this personal data in the same way. Some of it is useful for marketing, or for providing services to you.

6.2.  Website data

This is data on how you use our Website and may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and Website navigation paths, as well as information about the timing, frequency and pattern of your use of our Website.

Service data

This may include billing data, your name and contact details such as your email address contained in/relating to services we provide (if you enquired to hire us or you decided to hire us).

Correspondence data

This may include personal data contained in or relating to any communication that you send to us or that we use to communicate with you.

Marketing data

This may include personal data you provide to us if you sign up to receive our newsletters and choose whether you wish to receive promotional communications (e.g. offers, invitations to promotional activities such as events, webinars etc.) from us by email, post, telephone and social media.

Cookies & similar technology data

This includes personal data that we obtain about you through cookies and similar technologies. For more information, see our Cookies Policy [insert link].

Profile data

This may include your name and contact details and some of the other personal data set out in this table e.g. Third-Party data, registration data.

Registration data

This may include information you provide to register for events, webinars, surveys, etc. and may include your name and contact details e.g. an email address.

Applicant data

This may include your name and contact details and any other additional personal information as well as a CV. Third-Party data This may include your name and contact details we obtain from third parties such as third-party services providers, lead generation companies, social media etc.

Other data

This is personal data other than the ones set out in the table above.

7.      How we collect your personal data

We collect your personal data from various sources. These are as follows:

7.1.    Personal data you provide us about you: We collect your personal data that you provide us when you do the following:

o     fill a contact webform on our Website;

o     get in touch with us by email, telephone, letter, and/or some other means;

o     subscribe to receive marketing communications from us such as newsletters informing you of our news, events etc.;

o     apply for a job through our Website; and

o     provide us with your name and contact details (e.g. on a business card) at (a) an event or webinar we have organised and/or attended, and/or (b)pitching events;

o     participate in a survey, market research etc.

7.2.   Data we collect about you automatically: We collect your personal data when you contact us or automatically when you access and/or use our Website and through the use of cookies (see our Cookies Policy). The types of personal data we will collect include, for example:

o     name and address;

o     demographic data;

o     the originating IP address;

o     the site that you visited immediately prior to visiting our Website;

o     the type of browser and operating system used (if provided by the browser);

o     the type of device model and version, device identifier (or “UDID”), and your HubSpot Subscription service.

o     URL of the referring page (if provided by the browser);

o     the specific actions that you take on our Website, including, for example, the pages that you visit; and

o     the time, frequency and duration of your visits to our Website.

7.3.   Data we collect about you from others:We also collect personal data about you from others such as (for example):

o     name and address;

o     online through social media we use and the internet in general;

o     contact details sourcing software we use;

o     event organisation software we use to organise events if you signed up and attended one of our events e.g. meetups.

o     webinar software we use to organise webinars if you signed up and watched one of our webinars;

o     third parties we use to source potential client leads for us such as lead generation companies.

o     companies (e.g. companies that recommend us such because they are current/previous clients) and/or individuals (e.g. your colleagues) that introduce you to us; or

o     employers (if you apply for a job and we contact your employer).

8.     How we use your personal data

8.1.    Below, you find a list of the ways that we may use your data and which of the legal reasons we rely on to do so.

Website

Processing Purpose: To analyse your use of our Website as well as to develop, operate, improve, protect, personalise, customise and optimise our Website.

Legal Basis: The legal reasons for this are our legitimate interest of the proper administration and operation of our business and/or to comply with a legal obligation.

Services

Processing Purpose: To provide you with information you requested about our services when you are considering whether to hire us or not (e.g. a quote) and, if you decide to hire us, to provide you our services.

Legal Basis: The legal reason for this is to perform our contract with you and/or take steps, at your request, to enter into such a contract.

Communications (Non-Marketing)

Processing Purpose: To communicate with you (e.g. by email, by post, by phone etc.) as well as to process the communications you send to us.

Legal Basis: The legal reasons for this is to perform our contract with you and/or our legitimate interest of the proper administration and operation of our business.

Operations

Processing Purpose: To perform general administrative and operational activities e.g. billing, debt recovery etc.

Legal Basis: The legal reason for this is our legitimate interest of the proper administration and operation of our business.

Marketing & Advertising

Processing Purpose: To send you newsletters and promotional communications (e.g. offers, invitations to promotional activities such as events, webinars etc.) from us by email, post, telephone, SMS and/or WhatsApp that may be of interest to you based on your preferences as well as to advertise our business and services to you through a variety of different channels which may include Twitter, Facebook or LinkedIn.

Legal Basis: The legal reasons for this is our legitimate interest of conducting marketing (including, for example, advertising) including any soft opt-in to undertake direct marketing to promote our business and services. To the extent that we are required to obtain consent for electronic marketing and we are not relying on your opt-in, our legal reason for this is consent.

Profiling

Processing Purpose: To create a profile of you by combining data you provided to us by you or we got from other sources such as social media, the internet and lead generation companies in order to update, expand and analyse our data records, lead generation, and create more tailored marketing (including, for example, advertising) and/or to personalise the services we provide to you.

Legal Basis: The legal reasons for this is our legitimate interest of (a) the proper administration and/or operation of our business, and/or (b) conducting marketing (including, for example, advertising) to promote our business and services. To the extent necessary for providing services to you, the performance of the contract between you and us.

Security, Risk & Crime

Processing Purpose: To protect our website and business, prevent fraud, spam, abuse, security incidents, harmful and/or illegal activity, conduct security investigations and risk assessments, and/or to verify or authenticate information.

Legal Basis: The legal reasons for this is our legitimate interest of protecting our website and business, to comply with a legal obligation, to perform our contract with you, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Research and Analysis

Processing Purpose: To carry out research (e.g. market research), business and statistical analysis (e.g. develop statistical models, analyse the performance of our marketing (including, for example, advertising) campaigns etc.

Legal Basis: The legal reason for this is our legitimate interest of the proper administration, monitoring and/or operation of our business and services.

Business improvement

Processing Purpose: To develop or improve our services and business.

Legal Basis: The legal reason for this processing is our legitimate interest of the proper administration and operation of our business and services as well as to monitor our business and services.

Data Retention

Processing Purpose: To retain, store, archive and/or destroy the data.

Legal Basis: The legal reasons for this processing is the performance of a contract between you and us, our legitimate interest of the proper administration and operation of our business, to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Audits

Processing Purpose: To carry out audits.

Legal Basis: The legal reason for this processing is our legitimate interest of the proper administration and operation of our business as well as to monitor and improve our business and services.

Sharing (Service Providers)

Processing Purpose: To disclose your personal data such as your name and contact details to third party service providers we use.

Legal Basis: The legal reasons for this is our legitimate interest of administering, operate and/or managing our business, and/or performance of a contract between you and us.

Sharing (Consent)

Processing Purpose: To share your data (including personal information) where you have provided consent, for the purpose(s) described at the time we ask you for your consent.

Legal Basis: The legal reason for this is consent.

Sharing (Aggregated Data)

Processing Purpose: To share aggregated information (information about our individuals that we combine together so that it no longer identifies or references an individual) and non-personally identifiable information in order to conduct industry and market analysis, demographic profiling, marketing (including, for example, advertising).

Legal Basis: The legal reason for this is our legitimate interests of the proper administration and operation of our business.

Sharing (Sale/Investment): Processing Purpose

If there is (a) a sale or an asset transfer to a third party of, and/or (b) an investment in Gather, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the (a) sale or asset transfer, and/or (b) the investment.

Legal Basis: The legal reason for this is our legitimate interest of the proper administration and operation of our business.

Sharing (Internal re-organisation & Insolvency)

Processing Purpose: To pass on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration.

Legal Basis: The legal reason for this is our legitimate interest of the proper administration and operation of our business.

Sharing (Insurers & Professional Advisers)

Processing Purpose: To disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes.

Legal Basis: The legal reason for this is our legitimate interest of the proper administration and operation of our business, to comply with a legal obligation and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Sharing (Legal Disclosures)

Processing Purpose: To disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Legal Basis: The legal reasons for this is to comply with a legal obligation, and/or the protection and assertion of our legal rights, your legal rights and the legal rights of others.

9.     Providing your personal data to others

9.1.    Third-party service providers: We may disclose your personal data such as your name and contact details to our third-party service providers to help us administer, operate and manage our business provide services related to us and/or our Website. Service providers may be located inside or outside of the EEA. For example, service providers may help us provide customer service, advertising, or marketing. These service providers have limited access to your personal data to perform these tasks on our behalf and are contractually obligated to use it consistent with this Privacy Statement.

9.2.  Aggregated Data: We may also share aggregated information (information about our individuals that we combine together so that it no longer identifies or references an individual) and non-personally identifiable information for industry and market analysis, demographic profiling, marketing (including, for example) advertising, and other business purposes.

9.3.   Sale/Investment: If there is (a) a sale or an asset transfer to a third party of, and/or (b) an investment in Gather, part of that sale, asset transfer and/or investment may include your personal data. Purchasers, investors and/or their advisers may have access to your personal data as part of the corporate due diligence they perform as part of the (a) sale or asset transfer, and/or (b) the investment. However, use of your personal data will remain subject to this Privacy Statement.

9.4.   Insolvency: Your personal data may be passed on to a successor in interest as part of a corporate re-organisation or in the unlikely event of an insolvency event such as a liquidation, insolvency, bankruptcy or administration. In the case of an insolvency event, our customer database may be sold separately from the rest of the business, in whole or in a number of parts. It could be that the purchaser’s business is different from ours too.

9.5.   Our insurers & professional advisers: We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and/or managing legal disputes.

9.6.  Legal compliance: In addition to the specific disclosures of personal data set out in this Section 8, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another individual.

10.   How do you make use of social media?

10.1. We use social media accounts and pages in different ways. For example:

o     to promote, market, advertise and communicate. We use social media to promote, market and advertise our brand and services. We also use social media to communicate with each other.

o     to generate leads for our business: If you connect with us through your social media account and/or communicate with us through that account, the information you choose to share with us may include the basic personal data available in your social media profile and also the information you provide to us when you communicate with us e.g. name, your contact details (e.g. email address, phone number) etc. We may also add your name and contact details to the CRM, sales and marketing software we use (e.g. HubSpot) to help us understand who is interested in our business and/or services.

o     We have also integrated social media features and plugins on our Website. These features and plugins may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the feature to function properly. Also, when you click on one of the social buttons, you will be re-directed to our social media account page on the relevant social media. If at our account page, you are logged and you click on one of the buttons (such as Facebook’s ‘Like’ button) certain information is shared with these social media providers. Your social media provider may relate this information to your social media account and possibly present your actions on your social media profile to be shared with others in your network. These social media features and plugins are governed by the privacy policies of the social media providers and not our Privacy Statement.

11.     International transfers of your personal data

11.1.   We may transfer your personal data to countries outside the EEA. This may happen as follows:

o     Our Website is hosted in eu-west-1 (Dublin, Ireland)[LN1] 

o     The business software we use (e.g. Slack, HubSpot etc.) may be hosted outside the EEA e.g. the US. If that is the case, we rely on the adequate safeguards they have put in place to keep this personal data safe and secure.

o     These legal safeguards vary depending on which country the data is transferred to. For example, if the personal data is transferred outside the EEA, then they could, for example, be (a) part of the E.U.-U.S. Privacy Shield (www.privacyshield.gov) for data transfers to the US, or (b) using what is called ‘Standard Contractual Clauses’ put in place by the EU, or (c) the EU has decided that a particular non-EEA country provides the same/equivalent level of data protection as in the EU.

11.2.  You acknowledge and agree that if you submit personal data for publication through our Website or social media accounts, this data may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

12.   Security of personal data

12.1.  We maintain administrative, technical and physical safeguards designed to protect your personal data provided to us. While no system or process is full-proof (e.g. hacking), we believe the measures implemented reduce our vulnerability to security problems to a level appropriate to the type of personal data involved and the current state of technology.

13.   Retaining and deleting personal data

13.1.  We have data retention policies and procedures in place, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

13.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We will retain and delete your personal data as follows:

o     sign-up for newsletters will be retained for 24 months following month of sign-up, at the end of which period it will be deleted from our systems.

o     sign-up for webinar will be retained for 24 months following month of sign-up, at the end of which period it will be deleted from our systems.

o     identified via legitimate interest will be retained for 24 months following month of addition to CRM], at the end of which period it will be deleted from our systems.

13.3. In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

o     Engagement statistics for social media data.

o     the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements e.g. whether (and for how long) we are required by law to retain your personal data.

13.4. However, we may retain your personal data

o     where such retention is necessary for (a) the performance of a contract we have with you, (b) the compliance with a legal obligation to which we are subject, and/or (c) or the establishment, exercise or defence of legal claims; and/ or

o     in order to protect your vital interests or the vital interests of another individual.

14.   Third Party websites

14.1.  Our Website may contain links to third party websites. Please note that if you follow a link to any such website, we do not accept any liability and/or responsibility, because these websites have their own terms & conditions and Privacy Policies.