We collect, store and process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 and Data Protection Act 2018 (“data protection legislation”) and as set out in this policy. We are a controller in respect of your information that we hold and process and are responsible for this personal data. The terms used in this policy have the same meanings as those given in the data protection legislation.
What data we collect about you
We collect the following types of data about you:
- Information you give us
You may give us information about you by contracting with us, engaging in projects with us, filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you enter into any contracts with us, personally or through your employer, subscribe to our ETP e-news or social media updates, request a membership application pack or use any other interactive areas of the ETP site. The information you give us may include your name, address, e-mail address and phone number.
- Information we collect automatically
With regard to each of your visits to our site we may automatically collect the following information:
- technical information, including your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- profile information, such as any information created when you set up an account on our website, including your username and password, and any phone number used to call us; and
- website use information, including the full URL clickstream to, through and from our site, pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information and methods used to browse away from the page.
- Information we receive from other sources
We may receive information about you from other sources, for instance if you engage with our members or partners, where information about you is publicly available, or if you use any of the other services we provide. Your employer may share certain information to enable us to work or contract with them.
We do not request any of the following “special categories” of personal data about you: your race or ethnicity, religious or philosophical beliefs (other than your desire to engage in ethical trading), sex life, sexual orientation, political opinions, trade union membership, criminal convictions or offences, information about your health or genetic or biometric data. If you volunteer this information we may hold it where it is in recorded format.
How we use your personal data
We use information held about you in the following ways:
- to provide you with the information and services that you request from us or expressly indicate are relevant to you;
- to notify you about changes to our services;
- to allow you to participate in interactive features of our service, when you choose to do so;
- where you or your employer is a member of ETP, to communicate with you including access to any information granted to us by your employer;
- to stay in contact with you and to provide you with information about our organisation and our campaigns
- where we enter into contracts with you, to meet contractual arrangements with you including payment of invoices;
- to ensure that content from our site is presented in the most effective manner for you and your computer;
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
- in order to keep our site safe and secure.
Where we combine information we receive from other sources with information you give to us and information we collect about you, we will use it for the same purposes.
When we collect information the purpose should be clear. If you have any questions or are uncertain of the reason it is being collected, please let us know.
Sharing your data with third parties
We may also share information with third party subcontractors who assist us with some of our services, or to enable us to deliver a contract with you or your employer.
We may disclose your personal information to third parties:
- in the event that any of the responsibilities of ETP pass to another person, organisation or body whether corporate or unincorporated;
- to protect the rights, property, or safety of ETP, our members, other users of our website, materials or services or others; or
- where this will help us to provide our services to you more effectively, in ways you are expressly aware of. In particular, we work with the online email marketing platform Mailchimp in order to store your contact details and provide you with any e-newsletters and other information which you expressly ask for. In doing so we take the measures set out below to ensure your data is protected to at least the minimum standards set out in the GDPR.
We will take reasonable measures to ensure third parties understand the confidential nature of your personal data and any limitations on its use, and have appropriate security controls in place. These include:
- we may run background checks on such parties to make sure they are themselves GDPR-compliant;
- we conduct due diligence on all our partners to make sure they are suitable partners of the ETP; and
- we require such parties enter into contractual clauses with us which require that they will not use your information inappropriately or share it further.
Basis for our use of your personal data
We will only use your personal data where we have a lawful basis to do so. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you or your employer;
- Where it is necessary for our legitimate interests (including operating ETP, and promoting and supporting the ethical values of ETP and our members) or those of a third party, and your interests and fundamental rights do not override those interests; or
- Where we need to comply with a legal obligation or to protect or enforce our rights.
Generally, we do not rely on consent as a legal basis for processing your personal data. You do have the right to withdraw your consent from receiving marketing communications from us at any time by contacting us.
Keeping your personal data up to date
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Where we store your personal data
The data that we collect from you will be stored on secure data management systems provided by Microsoft which provide access to secure data storage services with additional backup facilities to reduce the risk of data loss.
Before reaching these systems, your data may be transmitted via internet servers outside of the United Kingdom. You should take note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Once we have received your information, we will use reasonable procedures and security features in our systems to try to prevent unauthorised access, including encryption of our hardware. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
How long we keep your personal data
The data that we collect from you will be retained by ETP for as long as it remains useful in serving the purpose for which it was submitted, after which it will be deleted unless we are required to retain it by law.
We may also hold your data for longer periods with your consent, for instance:
- where we have entered into a contract with you, we may retain your details in case we wish to contract with you again; or
- where you cease to be an ETP member, we may retain your details in case you wish to become a partner in one of our wider programmes.
We may use the personal data you have given us to form a view on which of our other products, services or offers may be relevant for you and contact you about these (“marketing communications”). You may receive such marketing communications from us if you have requested information from us or purchased our services and you have specifically asked to receive that marketing.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at the address below.
We will ensure we have your express consent before we share your personal data with any third party for marketing purposes.
In certain circumstances, you have additional rights under data protection legislation in relation to your personal data. In particular, you may have the right to:
- request access to your personal data;
- request correction or erasure of your personal data;
- object to processing of your personal data of request a restriction of it;
- request transfer of your personal data to another person; and
- withdraw any consent you have given to its processing.
If you wish to exercise any of the rights set out above, please contact us at the details given below.
Our site may contain links to and from other websites, including those of our partners and members, and we may refer you to other material including blogs and articles on tea sustainability issues. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you are unhappy with the way we have handled your data, you have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.