This policy exists to give you a clear explanation of how we collect and use your personal information. The Community of Women in Water (CWiW) will only use personal information in a way or for a purpose that you would reasonably expect and that does not intrude on your privacy. We will use all personal data responsibly and in accordance with all applicable laws and data privacy regulation.
We will always want to ensure that any personal information we hold for you is accurate and up to date so that we can most effectively support you. If your contact details have changed or you think any information we have about you is incorrect or incomplete, please do contact us to update or correct the information at info@cwiw.org. You can also contact us at the same address if you have any questions about your data or our privacy policy and our Data Protection Officer will be happy to help you however we can.
If you sign up for our newsletter, become a member, or attend one of our events, we will collect some data on you to allow us to offer you the relevant service. We may also collect data on you or your organisation if we partner with you on a project. What data we collect, how we use it, and why we need it is laid out below.
Subscribers to our newsletter:
Anyone who is interested in the work of CWiW can sign up for our newsletter here (http://eepurl.com/gfyf7n) or through the website.
| What personal data is processed? | Name, email address, city/country, organization, role, areas of professional interest and experience. (We will not ask you for any data defined as sensitive personal data under GDPR or UK Data Protection Act 2018). |
| What is the source of the personal data? | Provided by you. |
| Is the data shared with third parties? | No |
| Where is the information stored and processed? | We use Mailchimp to collect, process, and store data. Mailchimp’s servers are located in the United States of America and also incorporate the Standard Contractual Clauses and continue to protect EU personal data in accordance with Privacy Shield Principles. We download data from Mailchimp in order to deduplicate our data and avoid sending you multiple emails. This data will be stored and processed in the UK. |
| What is the purpose(s) for processing the data? | Sending you our regular newsletter and other relevant announcements. Tailoring communications to your professional interests. |
| How long do we retain the data? | We will keep your personal data for as long as we are providing you with email communications. We will not keep your personal data for longer than is necessary to send you any email updates you have requested or to respond to any questions or comments that you send us directly. |
| What is our legal basis for processing the data? | Article 6(1)(a) – Consent |
Members
Any women working on or studying water issues can become a member of CWiW by joining our LinkedIn group (https://www.linkedin.com/groups/12177522). LinkedIn is the data controller for information on LinkedIn. LinkedIn’s Privacy Policy can be found here: https://www.linkedin.com/legal/privacy-policy. In order to avoid duplicate records, we will list your name from LinkedIn in our membership list, but we will not download or store any other personal information.
Those women who would prefer not to join the LinkedIn group can also register as a member when you sign up to receive our newsletter or attend one of our events.
| What personal data is processed? | For members of the LinkedIn Group: Name For members signed up for the newsletter and/or events: Name; Email address; City/Country; Organisation; Job Title; Professional interests and experience (We will not ask you for any data defined as sensitive personal data under GDPR or UK Data Protection Act 2018). |
| What is the source of the personal data? | Provided by you |
| Is the data shared with third parties? | With other members of the Community in order to provide you with professional opportunities and to promote collaboration. |
| Where is the information stored and processed? | If you registered as a member through our newsletter sign up, we will use Mailchimp to collect, process and store data. Mailchimp’s servers are located in the United States of America. Because Mailchimp incorporates the Standard Contractual Clauses into its Data Processing Addendum and continues to protect EU personal data in accordance with Privacy Shield Principles, they can lawfully receive EU data. If you registered as a member through an event, we will use Google Forms to collect, process and store data. Google has committed to provide capabilities and contractual commitments created to meet data protection recommendations provided by the EU’s Article 29 Working Party. We download data from Mailchimp and Google Forms, and list names from LinkedIn, in order to deduplicate our data and avoid sending you multiple emails. This data will be stored and processed in the UK. |
| What is the purpose(s) for processing the data? | In order to arrange events and produce material that we believe will be relevant to our members’ professional interests and backgrounds and to invite you to or share them with you when appropriate. Where you have expressed an interest, to invite you to speak at or organise events or to connect with other members. Where possible, we may also attempt to alert you to specific professional opportunities we believe will be of interest to you. However, due to the number of opportunities and members, we cannot commit to always contacting you individually. All appropriate opportunities will be advertised in the LinkedIn Group or in our newsletters and announcements, which we hope you will continue to check. |
| How long do we retain the data? | We will only retain your personal information for as long as you remain a member. If you have also registered as a subscriber or event attendee, we may also keep the personal information you have provided us with for the length of time required for those services. For subscribers, this will be for as long as you are subscribed to our newsletter. For event attendees this will be for between 12-24 months after the event. (For more details, please see the relevant sections in this policy.) |
| What is our legal basis for processing the data? | For names of members of LinkedIn group, Article 6(1)(f) – Legitimate Interests (ensuring our data on members is correct and avoiding duplication of data). For all other data Article 6(1)(a) – Consent |
Event Attendees
| What personal data is processed? | Name, email address, city/country, organization, role, areas of professional interest and experience. (We will not ask you for any data defined as sensitive personal data under GDPR or UK Data Protection Act 2018). |
| What is the source of the personal data? | Provided by you |
| Is the data shared with third parties? | If you ask us to in advance, we will share your name and email address with other attendees at the event you joined in order to allow you to continue the conversation. |
| Where is the information stored and processed? | We use Google Forms to collect, process, and store data. Google has committed to provide capabilities and contractual commitments created to meet data protection recommendations provided by the EU’s Article 29 Working Party. We download data Google Forms in order to deduplicate our data and avoid sending you multiple emails. This data will be stored and processed in the UK. |
| What is the purpose(s) for processing the data? | To send you relevant information about the event(s) and to tailor the event(s) to your professional interests and experience; to invite you to similar future events and to join the Community or subscribe to our newsletter; to track which topics and events have been most successful. |
| How long do we retain the data? | The personal data collected as part of each year’s series of events will be deleted at the end of the next calendar year. As a result, we will retain the personal data provided for each event for between 12-24 months depending on when in the year the event takes place. |
| What is our legal basis for processing the data? | Article 6(1)(a) – Consent; Article 6(1)(f) – Legitimate Interests (ensuring our data on members is correct and avoiding duplication of data; measuring the success of events; marketing our work to existing customers). |
Current, former and prospective partners, suppliers and other organisations we may contract with
| What personal data is processed? | Name; Addresses; Telephone numbers; Email addresses; Bank details. |
| What is the source of the personal data? | Provided by you |
| Is the data shared with third parties? | No |
| Where is the information stored and processed? | In the UK |
| What is the purpose(s) for processing the data? | Maintaining records for work we undertake for or with you or your organisation, or any services which you or your organisation provide to us; Processing orders and fees if required; Sending you invitations to events hosted by us; Direct marketing; Complying with legal requirements (e.g. taxation); Other purposes directly connected with any partnership. |
| How long do we retain the data? | Personal data will be deleted six years after CWiW’s work on or responsibility for any project is complete. |
| What is our legal basis for processing the data? | For current partners, Article 6(1)(b) – contract; For former and prospective partners, Article 6(1)(f) – legitimate interests (communicating with you about potential projects relevant to your position and interests). |
How do we use data on our website?
When someone visits cwiw.org, we use Google Analytics as a third-party service to collect standard internet log information and details of patterns of visitor behaviour. We do this to find out details like the number of visitors to different parts of the site. This information is not processed in a way that could identify you or anyone else. We do not make, and do not allow Google Analytics to make, any attempt to identify people visiting our website.
What are your legal rights?
CWiW uses and protects the data of EU citizens under the EU’s General Data Protection Regulation (GDPR) and UK citizens under the Data Protection Act 2018 (the UK’s implementation of the GDPR). These regulations provide legal frameworks for protecting your data and for granting you rights over your data. In summary, in certain circumstances, you have the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erase
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Under GDPR also have the right to raise a complaint your national Data Protection Authority if you feel that anyone has not dealt correctly with your personal data. In the UK you have the right to raise a complaint with the Information Commissioner’s Office.
If you wish to exercise any of the rights set out above, email your request to info@cwiw.org.
Changes to this privacy policy
We keep our privacy policy under regular review and will place any updates on this webpage. This privacy policy was last updated on 31 December 2020.