What is the purpose of this document?

Grun Generation is committed to protecting the privacy and security of your personal information. 

This privacy policy ('Privacy Policy') describes how we collect and use personal information about you during and after your volunteering relationship with us, in accordance with the General Data Protection Regulation (2016/679) (GDPR), the Nigeria Data Protection Regulation 2019 (NDPR), the UK Data Protection Act 2018 and other applicable EU laws that regulate the collection, processing and privacy of your personal information (together, 'Data Protection Law'). This Privacy Policy applies to all prospective, current and former volunteers.

For the purposes of Data Protection Law, Grun Generation acts as a "data controller" of the personal information we hold about you. This means that we are responsible for deciding how we hold and use personal information about you. We are required under Data Protection Law to notify you of the information contained in this Privacy Policy.

It is important that you read this Privacy Policy, together with any other privacy policy or notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. 

Data protection principles

We comply with Data Protection Law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way
2. Collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes.
3. Adequate, relevant and limited to the purposes we have told you about.
4. Accurate and kept up to date.
5. Kept only for as long as necessary for the purposes we have told you about.
6. Processed in a manner that ensures appropriate security of the personal information.
   
   

The type of information we hold about you

Personal information (which may also be called personal data), means any information about an individual from which that individual can be identified, whether directly or indirectly. It does not include data where personally identifying elements have been removed (anonymous data). We will collect, store, and use the following categories of personal information about you:

Category	Data collected	What we use it for
All volunteers	Personal contact details such as name, title, addresses, telephone numbers, social media accounts, and personal email addresses	To contact you about your volunteering and involvement with the Grun Generation. To contact you in line with your marketing preferences.
All volunteers	Recruitment information (references and other information collected as part of the application process)	Deciding about your recruitment as a volunteer.
All volunteers	Information about any criminal convictions and offences as part of the recruitment process	Deciding about your recruitment as a volunteer for the role you have applied for.
All volunteers	Date of birth	To ask for consent if the volunteer is under 18 (in circumstances where we can accept applications from under 18s).
All volunteers	Emergency contact information.	To contact someone in case of emergency.
All volunteers	Performance information	To provide a reference if requested.
All volunteers	Information about your race or ethnicity, religious beliefs, and sexual orientation collected anonymously and as an optional question only	To monitor our diversity and inclusion processes and to identify trends.
All volunteers	Information about your health, including any medical condition	To comply with our health & safety obligations and enable any reasonable adjustments to be made
Trustees	Name, title, address, telephone number, personal email address, date of birth	Registers of Directors and Members. To contact the trustee in relation to their role at Grun Generation.
Some volunteers	Photos and case studies.	If you consent, we will use your image and story to promote the work of Grun Generation in different publications e.g. volunteer newsletters, with local press or on social media posts.
Some volunteers	IP addresses, cookies and other online identifiers.	For targeted and retargeted online advertising.

How is your personal information collected?

We collect personal information about volunteers through the application and recruitment process, directly from candidates. We may sometimes collect additional information from third parties, including former employers.

We may collect additional personal information in the course of volunteering activities throughout the period of you volunteering for us depending on how you engage with Grun Generation. For example, retail volunteers will be captured in our CCTV systems, those who visit our website may have online identifiers recorded, and volunteers may choose to have their photo taken and used in a marketing campaign. We also collect personal data of volunteers from social media accounts and online collaboration tools including, but not restricted to, Instagram, Facebook, Twitter, LinkedIn, WhatsApp, Skype, Google Meet and Hangouts, and Microsoft Teams.

Please ensure that any personal information you supply to us which relates to third party individuals is provided to us with their knowledge of our proposed use of their personal information.

The lawful grounds on which we use information about you

We will only use your personal information when the law allows us to. We process your personal information for the above purposes relying on one or more of the following lawful grounds:

1. Where we need to perform the contract we have entered into with you, or in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you;
2. Where it is necessary for us to comply with a legal obligation;
3. Where you have freely provided your specific, informed and unambiguous consent for particular purposes;
4. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. In broad terms our legitimate interest is fulfilling the charitable purpose of Grun Generation, which involves sending direct marketing to our supporters, contacting our volunteers to plan and administrate activities, taking steps to ensure and monitor compliance with our legal obligations and internal standards and procedures, assessing suitability of volunteers for potential roles and keeping records of volunteer activities and performance.

We may also use your personal information in the following situations, which are likely to be rare:

1. Where we need to protect your interests (or someone else's interests), such as in a medical emergency.
2. Where it is needed in the public interest.
   
   

How we use particularly sensitive personal information

We may process 'special category' or 'sensitive' personal information, such as information regarding your ethnic origin or political, philosophical and religious beliefs, health or sex life. We will only do this with your explicit consent; in compliance with a legal obligation or, to protect your vital interests (or someone else’s interests) when you are not capable of giving your consent; or, where you have already publicized such information; or, where we need to use such sensitive data in connection with a legal claim that we have or may be subject to.

In particular, with your consent, where it is needed to assess your volunteering capacity on health grounds, subject to appropriate confidentiality safeguards, we will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work and to provide appropriate workplace adjustments.

Information about criminal convictions

We will only collect information about criminal convictions where it is appropriate given the nature of a volunteering role and we are legally permitted to do so. If it is appropriate and legal, this information may be collected as part of the volunteer recruitment process or in the course of volunteering for us, but may also be provided to us directly by you in the course of you volunteering for us.

We will use information about criminal convictions and offences in the following ways:

1. To determine, without discrimination, your suitability for the role;
2. To continue to ensure you are still suitable for the role, including by means of continual screenings, where appropriate.

We collect and process information about criminal convictions for the above purposes relying on one or more of the following lawful grounds: with your consent; to comply with a legal obligation; or, less commonly, to protect your vital interests (or someone else’s interests) when you are not capable of giving your consent; or, where you have already publicised such information; or, where we need to use such information in connection with a legal claim that we have or may be subject to.

Processing of information about criminal convictions will be in line with an appropriate policy and safeguards which we are required by law to maintain when processing such information.

If you fail to provide personal information

If you fail to provide certain information when requested, we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers and volunteers) and we may not be able to process your application to volunteer with us or offer you certain volunteering opportunities.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is related to the original purpose. <inform them when original purpose changes

Data sharing

We may disclose your information in the following circumstances:

• To other Grun Generation entities, suppliers or service providers where its necessary to do so to facilitate your volunteering. By way of example, we may disclose your email address to MailChimp, a supplier who sends out the volunteer e-Newsletter for Grun Generation.
• Where we are legally obliged to we will share the information of volunteers. We provide the Charity Commission and Companies House with basic contact details of our Trustees.
• We may provide your email address, mobile phone number or cookies or other online identifiers in an encrypted format to social media companies, such as Facebook, Instagram, Twitter or YouTube, or to digital advertising companies that display advertising on online platforms (social media and other websites). You can object to your data being used in this way by contacting our Customer Support Centre on info@grun-generation.com. However, this may not prevent our advertisements being shown to you where you have not been targeted personally.

If we share your data, we require third parties to respect the security of your data, use it only for lawful purposes and handle it in accordance with Data Protection Law.

We do not sell or rent your information to third parties for marketing purposes.

Data security

We have put in place appropriate technical and organisational measures to protect the security of your information.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those volunteers, employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. Further detail as to how we deal with data breaches can be found in our Data Protection Policy.

Transferring information outside the EU

For financial and technical reasons we may, on occasion decide to use the data hosting or data processing services of a supplier who is based outside the European Economic Area (EEA), which means that your personal information may be transferred to that supplier and processed and stored outside the EEA. This includes countries that are not considered to have the same standards for legal protection of personal information of the EEA. We will always take steps to choose highly reputable suppliers, who respect your security and will put in place suitable legal safeguards with that supplier to protect your personal information, so that it is subject to the same privacy standards of the EEA.

If and when this occurs, the supplier is usually based in the USA and we always ensure that they have adopted the EU-US Privacy Shield Framework or are subject to EU-approved contract clauses which offer a mechanism for the non-EU based supplier to comply with EU data protection requirements in respect of your personal information.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Personal information that we no longer need will be securely destroyed.

In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Your rights

You have the following legal rights in relation to our collection and processing of your personal information:

• Right to be informed -- you have the right to be told how your personal information will be used. This Policy and other policies and statements used on Grun Generation website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
• Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information (and other related information). Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exceptions that apply. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
• Right of erasure – at your request we will delete your personal information from our records as far as we don't have a valid reason for holding on to it (e.g. to comply with a legal obligation).
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. Please keep us informed if your personal information changes during your volunteering relationship with us.
• Right to restrict processing – you have the right to ask us to restrict the processing of your personal information if there is disagreement about its accuracy or whether our use is legitimate or not.
• Right to object – you have the right to object to processing where we are: (i) processing your personal information on the basis of the legitimate interests ground and we have no compelling reason we can demonstrate to continue with that processing; (ii) using your personal information for direct marketing, or; (iii) using your personal information for statistical purposes/

If you wish to exercise any of these rights, please contact the Customer Support Centre on info@grun-generation.com. For more information about your rights or if you are not happy with our response to a request, you can contact relevant data protection enforcement offices in your jurisprudence.

Data protection officer

We have appointed a Data Protection Officer (DPO) to oversee data protection standards at the Grun Generation. If you have any questions about this privacy notice or how we handle your personal information, please contact our DPO at dpo@grun-generation.com.

Changes to this privacy policy

We reserve the right to update this privacy policy at any time, and we will provide you with access to a new privacy policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this privacy policy, please contact dataprotection@grun-generation.com. 

This Policy was last updated in July 2020.