Who we are:
Grimm & Co are a registered charity with the Charities Commission for England and Wales, charity number 1154990. We are also registered as a limited company in England and Wales under registration number 8765731.
Grimm & Co are committed to protecting your personal information and being open and transparent about what information we hold, whether you are a donor, volunteer or customer.
The purpose of this policy is to give you a clear explanation about how Grimm & Co collects and uses the personal information you provide to us and that we collect, whether online, via phone, email, in letters or in any other correspondence.
We ensure that we use your information in accordance with all applicable laws concerning the protection of personal information, including the General Data Protection Regulation (GDPR) from 25 May 2018.
For further information about our privacy practices, please contact our Data Protection Officer by:
- Writing to us at Ship Hill, Rotherham, S60 2HG.
- Calling on 01709 829750
- Emailing email@example.com.
- What information Grimm & Co may collect about you;
- How we will use that information;
- Whether we disclose your details to anyone else;
- Your choices regarding the information you provide to us; and
This policy was reviewed on 26/01/21.
What information Grimm & Co may collect about you, and why we use it:
Personal information we collect includes
- Name, address, telephone number and e-mail address
- Date of birth (especially relating to children and young people, in order to target e-mails relating to age-specific workshops).
This data is held securely on an encrypted internal network, and is backed-up to an encrypted cloud based server. Any physical data is securely locked away.
We mainly use this information in order to communicate with you regarding the apothecary, our workshops and family activities, and ways in which you can support us or get involved.
Your data may also be used:
- To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions.
- To provide the services or goods that you have requested.
- To update you with important administrative messages about your donation, an event or services or goods you have requested.
- To keep a record of your relationship with us.
- To let you know about any workshops or events suitable for your child.
- Where you volunteer with us, to administer the volunteering arrangement.
If you do not provide this information, we will not be able to process your donation, sign you or your children up for events or workshops, or provide the goods or services that you have requested.
Sensitive Personal information:
Data Protection law recognises that some categories of personal data are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
When you apply for a job role or volunteer post, we may collect sensitive personal data from you (including religion, ethnicity and medical information). We keep this information for monitoring purposes and in order to support you fully in your role at Grimm & Co.
We will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include anyone reporting serious self-harm or posing a threat to others or children contacting us and sharing serious issues such as physical abuse or exploitation.
How we collect this data:
We collect information from you in the following ways:
When you interact with us directly: This could be if you ask us about our activities, register your child with us for a workshop or an event, make a donation to us, purchase something from our apothecary in person or via our online shop, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you phone us, visit our website, make a purchase from our shop, or get in touch through the post, or in person.
When you interact with us through third parties: This could be if you provide a donation or buy a ticket through a third party such as Virgin Money Giving, Eventbrite or Tickets for Good, and provide your consent for your personal information to be shared with us.
Who will it be shared with?
The personal information that we hold will only be used by Grimm & Co staff in order to contact you in line with the consent that you have given. We promise never to share your information or sell your information to other organisations, businesses or third parties.
You can opt out of our communications at any time by telephoning 01709 829 750, writing to Grimm & Co, Ship Hill, Rotherham, S60 2HG or by sending an email to firstname.lastname@example.org.
You are also able to update your preferences or unsubscribe by clicking on the link in the footer of any newsletter/communications that you receive.
Keeping your personal information:
We keep your personal information only for as long as required to operate the service in accordance with legal requirements, audits and tax and accounting rules. Where your information is no longer required, we will ensure it is disposed of in a secure manner.
Legal basis for using your information:
In most cases, we will only use your personal information where we have your consent to contact you. We will obtain your written consent by e-mail opt-in prior to changes in data protection laws on 25 May 2018. If you join our mailing list after this point, you will be asked to give your consent at the time of signing up.
If you do not give your consent for us to contact you, we will not be able to provide you with any information on the apothecary, the charity, or any workshops or events we may provide.
We may also need to use your information in order to fulfil a contract with you (for example, because you have placed an order on our website).
However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate interest for Grimm & Co to do so.
Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance. We have checked that there is a legitimate interest in processing your data, and have completed a Legitimate Interest assessment.
Some examples of where we have a legitimate interest to process your personal information are where we contact you about your volunteering with Grimm & Co, or about your recent attendance on a writing workshop. It is reasonable to expect that we will contact you in these instances.
What are your rights:
Under GDPR, you have the following individual rights:
- The right to be informed.
You have the right to be informed about what data we hold, and how we use this data.
- The right of access.
You have the right to request access to the data that we hold on you, and you may do this by contacting Grimm & Co at email@example.com or in writing to Grimm & Co, Ship Hill, Rotherham, S60 2HG. We will provide responses to your requests within 1 month.
- The right to rectification.
You have the right to ask us to correct or remove any information that you think is incorrect, inaccurate or out of date. Please inform us verbally or in writing if any changes should be made.
- The right to erasure.
You have the right to be forgotten, and may request to be removed from our records.
- The right to restrict processing.
You have the right to request the restriction or suppression of your personal data.
- The right to data portability.
You have the right to request a copy of the information that we hold in a commonly used machine readable format. These requests should be made by e-mail to firstname.lastname@example.org.
- The right to object.
You have the right to object to any processing of your data.
- Rights in relation to automated decision making and profiling.
We do not undertake automated decision making or profiling of your data.