What data we collect
You may actively opt-in to receive communications by 1) signing up to our newsletter and/or other communications using an online form; 2) signing up to e-communications at an offline event,3) donating to GEN Europe.
If you give us your details, we will ask you to provide only the minimum amount of information required so we can keep in contact and/or provide the service/s we have promised. Usually, the information we ask for will consist of name, address, email address. However, when you decide to donate to GEN Europe, we will also ask for relevant banking information and address. At some of our offline events you will have the option to give us your phone number if this is appropriate. We do not swap your information, and never would. We would never sell your information to any third party and consider it exploitative to profit from your personal data.
If you set up a recurring payment with us, such as a Direct Debit, we will need to store the account details linked to your gift. All our Direct Debit gifts are covered by the security of the Direct Debit guarantee. If you make a cash donation using your card, we will not store your full account details. You can read more about donating securely below.
When we’ll be in touch with you
You will only ever receive communications electronically and after you have consented to receive it. And we want to make sure we communicate with you in the way you want. If you have provided us with your email address and opted in to our newsletter, we’ll send you our email updates. You may also be interested in receiving news on specific programmes, projects, our consultancy services or fundraising too. If you are a member of GEN Europe, you will be signed up to our discussion lists as described in the membership benefits.
If you would like to withdraw your consent for us to contact you through our newsletter or in whatever form you originally asked us to, you can contact us and we will immediately remove your data from our servers and data processor services.
Your data, your rights
The Global Ecovillage Network believes that data sovereignty and control are fundamental in the digital age. Therefore, in line with GDPR, we encourage you to exercise your rights to data control, which include:
● Right to rectification: you can ask us via postal mail or electronically to update or ‘rectify’ any inaccurate data that we hold on you. We will fulfill your request within 31 days.
● Right of access: you can apply in writing for copies of all the information we hold on you. We will send this to you via the same means you applied i.e. via either if by postal mail or electronically. We will send you this information within 31 days of your request.
● Right to erasure: you have the right to be forgotten which means you can apply to us in writing or verbally to delete all of your data from our servers and data processor services. We will comply within 31 days of your request.
Help us improve
We are always looking for new ways to improve our services and what we can offer our supporters. If you have a complaint please do contact us We will treat your complaint seriously and confidentially and resolve it as soon as possible. You can lodge a complaint by emailing secretariat[at]gen-europe.org. If you are not happy with our response to your complaint, you can take it further by contacting the Agencia Espanola de Proteccion de Datos.
The Global Ecovillage Network endeavours to keep the data which we hold as up to date and accurate as possible. If you are on our database and any of your details change, please contact us at any time to update this information. We also respect your right to know what information about you we hold, and are happy to send this to you, please contact us for further information about this service.
The limited circumstances in which we may share your details
We may share your details with certain organisations, such as postal services or emailing service hosts. if we do not have the resources to do so in-house. If we do use third-party services, we make sure it is under a contract and in compliance with the relevant data regulations.
The carefully selected agencies we use will only store and use supporters' information for the purpose of the service we contracted them to deliver. The only other occasion in which we would disclose your personal data is if the law requires it under special circumstances, such as a legal investigation.
We ensure that all third party services we use are compliant with the GDPR and will never disclose personal information to organisations not in compliance.
The majority of the processors and service providers we use are based in the cloud, and include: Financial Services (e.g Paypal); Communications and mailing services (e.g. Mailchimp); Website / Wordpress plug-ins (e.g. Woocommerce); Databasing services (such as Google Drive).
Due to GEN Europe’s networked characteristics, and the fact that many of our staff and collaborators work remotely across the globe, we require the use of above services to further our charitable objectives.
It is possible that if you attend a GEN Europe event you will be photographed. We ensure that all events we run circulate consent forms so that GEN Europe may afterwards use the photos taken for digital and print communications, such as on our website or in an event flyer.
If you do not wish photos of yourself to be used in this way, please be sure to notify the event management as soon as possible.
We often work with photographers outside GEN Europe staff so we can collect beautiful photos of events and moments unseen by ourselves. We are sure to store agreements with each of these third party photographers that they have sought consent from the subjects in their photos.
It is possible that we may still use a photo you are in if it was taken in a public space. We will however of course uphold your right to privacy should you notify us. If you see a photo of yourself that was taken in such a space in our communications, please contact us on secretariat[at]gen-europe.org so we can immediately remove them.
If, in the unlikely circumstance, we detect a data breach or misuse of your information that is our responsibility, we are required under GDPR to report this to the AGPD wthin 72 hours. We will also notify you so that you can take appropriate measures to protect yourself.
We will always securely store any data that is entrusted to us, whether it's held online or offline. All credit or debit card payment via our online store, for events, or in donation are processed by Paypal or Stripe. These are both highly reputable services and offer secure systems of processing payments to organisations.
Both of the payment processors we use - Paypal and Stripe - are PCI compliant (Payment Card Industry Data Security Standard). This means we only store the last four digits of your card details electronically, and once your donation has been processed, we destroy any record of the 3 digit security number on the back of the card.
By ensuring our processors are compliant in this way, we can guarantee any payments you make to GEN are secure and the risk of your data being used maliciously is significantly reduced.
What are cookies and do we use them?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the site owners about how people are using their site. You can find out more about how these different cookies work and how to manage them here.
Data and international borders
Due to GEN Europe being international in nature and that our team are based internationally, it follows that data is often shared across borders, such as through Google Drive. We do take the security of your data very seriously and have stringent processes in place to reduce the risk of data breaches.
Translation of this policy
● If you would like to read this document in another language, please copy the document to Google Translate here.