TeamKinetic

Build better volunteer communities with FREE volunteer management software

Category: Technical Updates (Page 1 of 3)

GDPR Frequently Asked Questions for TeamKinetic

This document will continue to develop over time as we respond to more questions from our customer and users.  Please feel free to subscribe to stay up to date.

1. Do we need to get renewed consent from every volunteer and provider?

We will be asking all volunteers and providers to review their consent settings for communications and the sharing of their data with volunteer opportunities. You can see this email here 

Renewed consent and acceptance of the new EULA will be required when logging in.

We think the consent we have already obtained from volunteers and providers provides us sufficient cover under the ‘legitimate use’ to ensure we do not need to delete users accounts.

2. How long do you keep data after someone has unsubscribed or withdrawn consent?

Unsubscribed relates to email/SMS correspondence, and users are removed immediately from all mass communication and newsletter emails. They will still receive transactional emails specifically related to them and their volunteering. If a user withdraws consent or asks to be removed their volunteer data is immediately anonymised. Data in backups will disappear after our 30 day retention period.

3. What is your process if anyone exercises their right to be forgotten.

We will immediately start the removal process for any volunteer requesting to be forgotten or who asks to be removed.

4. How long would it take to delete their data entirely?

Volunteer data is made anonymous immediately. Personal data is immediately unavailable to volunteer administrators and providers. Data in backups will be removed after our 30 day retention period.

Data in backups is only accessible by our network administrators and not by any users at any level of our applications.

5. Do you have an archive of all the data we hold in the database?

All data is transactionally backed up daily and stored encrypted. Backups are maintained for 30 days.

6. Is the data anonymised at any point?

If a request for removal is received then volunteer data is immediately anonymised.

7. Is your data encrypted?

Password data is stored using a one-way hash using a randomised SALT with a length sufficient to prevent practical brute force or collision attacks.

All data at rest in backup or in transit is encrypted using a minimum 30 character length password.

8. Can the TeamKinetic privacy policy be found on the database by volunteers?

Yes. Our full terms and conditions and specifically our privacy policy can be found at https://teamkinetic.co.uk/vk/shared_includes/termsandconditions.htm#privacy.

9. When were your terms and conditions and privacy policy last updated?

Attached to this post are links to:

Our very latest End User License Agreement that was updated May 2018. We ask Volunteers and Providers to Acknowledge this new document when they logon. You can view it at;

https://teamkinetic.co.uk/vk/shared_includes/termsandconditions.htm

The email we will be sending to all user regarding their current communication settings that you can view at;

https://teamkinetic.co.uk/vk/shared_includes/gdpr-email.htm

And our new Privacy policy document was updated May 2018; you can view at;

https://teamkinetic.co.uk/vk/shared_includes/termsandconditions.htm#privacy

I have also included the new Schedule that I will be sending as an addendum to all customers to outline our responsibilities to you under GDPR.

10. Is the website hosted on UK based servers?

All our hosting servers are UK based.

11. Do you have an ICO certification number?

You can find our details at https://ico.org.uk/ESDWebPages/Entry/ZA036104

Registration number: ZA036104
Date registered: 14 January 2014
Registration expires: 13 January 2019
Data controller: TeamKinetic Ltd
Address:
Office 14 Parkway 2
Parkway Business Centre
Princess Road
Manchester
M14 7HR

12. Where do you explain to the volunteer that data is shared with other parties

Our email to all volunteers will reiterate that data is shared with providers and potentially external administrators where a volunteer opts to volunteer on an opportunity outside their application.

For all new volunteers, this consent is explicitly captured during the initial sign up process.

13. What fields can a provider see on a volunteer

Providers can see (but not edit);
Age
Contact phone number
Email address
Gender
Special requirements and disabilities (if the volunteer has chosen to share)
Criminal record check status
Unlocked custom registration fields

14. Can “Admin” users set some “Custom Fields” to be visible to “Providers” or not visible?

Our next release in June 2018 has enabled custom fields to be locked to admins only.

15. Can you make custom registration fields compulsory?

Yes, custom fields can be made compulsory.

16. How long do we store data on volunteer and providers?

TeamKinetic believe volunteering is a lifetime pursuit and as such see no reason to remove a volunteer profile on behalf of a volunteer due to inactivity.

We do believe it is important for a volunteer or provider to have the ability to remove themselves as and when they see fit

We appreciate that some organisations will not share our view, so we will provide a tool that will allow Admin users to search the database for inactive users based on Admin set criteria of time. This will provide a list of inactive volunteers the admin user will be able to remove from the system on mass.

17. Is there any further information of TeamKinetic and GDPR

You can read my last blog on this subject at https://teamkinetic.co.uk/blog/tag/gdpr/

And you can download our whitepaper on this subject at https://teamkinetic.co.uk/vk/shared_includes/are-you-ready-for-gdpr.pdf

18. Do we maintain Data Processing Records

Yes. We have a record of all Data Processors details and access to the data is maintain under strict regulation. We have detail records for the purpose of processing, descriptions of categories, detail data flow diagrams and full documentation of all third party data processors we work with. This is complemented by our policies on security, continuity and privacy.

19. Does TeamKinetic have a Sub-processor or level 2 processor change request process?

TeamKinetic shares very limited data with sub-processors and that data is anonymised. All sub-processes are legally bound by TeamKinetic to meet our data standard as outlined in schedule 6.


All customers are asked to review the schedule below. This will be sent in a separate email to all existing customers as an addendum to our current agreement and will require signing as soon as possible.

Schedule 6 Data Protection
1. Data Protection

1.1 For the purposes of this clause, the following definitions apply;
(i) ‘Data Controller’, ‘Data Processor’ and ‘process’ have the meanings given to them in the Data Protection Act 1998 and from May 2018 the General Data Protection Regulation 2016/679;
(ii) Service Users shall mean those who sign up to use the Services.
(iii) ‘Personal data breach’ has the meaning given to it in article 4(12) of the General Data Protection Regulation 2016/679;
(iv) ‘ Personal Data’ shall mean the personal data of the Service Users including their name, contact details, email, address, disability information, gender and employment or education experience.
(v) ‘Privacy Laws’ means the Data Protection Act 1998, Directive 95/46/EC, the General Data Protection Regulation 2016/679 qne the Privacy and Electronic Communications Regulations 2003; and
(vi) ‘Privacy notice’ means a notice providing individuals with information about the purpose for which and manner in which their personal data will be processed and the organisations that will be undertaking that processing.

1.2 With respect to the parties’ rights and obligations under this Contract, it is acknowledged and agreed that the Customer is the Data Controller and the Supplier is the Data Processor in relation to the Personal Data.

1.3 Where processing Personal Data on behalf of the Customer the Supplier agrees to;
(i) provide the Services in compliance with all relevant Privacy Laws;

(ii) not do anything (or permit anything to be done) which would put the Customer in breach of its obligations under Privacy Laws;

(iii) only process the Personal Data in accordance with the Customer’s instructions and only for the purpose of delivering the Services and not for any other purpose;

(iv) only process the Personal Data in such manner as is described in the Contract and, in any event, only process the Personal Data to the extent that is necessary to deliver the Services;

(v) implement and maintain the technological and organisational measures to protect the Personal Data against accidental or unlawful loss, alteration, destruction, or unauthorised disclosure, dissemination or access, or alteration;

(vi) not disclose or transfer the Personal Data to any third party (save where disclosure has been specifically authorised by the Customer under this Contract) and only provide access to the Personal Data to your personnel where such access is necessary for the provision of the Services

(vii) take reasonable steps to ensure the reliability of any of your personnel who have access to the Personal Data, ensure that those personnel are aware of their obligations set out in this clause 1 and have undergone adequate training in the care, use and protection of personal data in compliance with the Privacy Laws.

1.4 Upon the Customer’s request, the Supplier agrees to permit the Customer or its authorised agents to inspect the Supplier’s premises, data processing activities and systems, and/or have access to, and be provided with copies of any information (including without limitation the Personal Data) to enable the Customer to be satisfied the Supplier are complying with the obligations under this Schedule 6.

1.5 The Supplier must not sub-contract or assign any of its right or obligations under this Contract without the Customer’s prior written consent.

1.6 Where the Customer provides written consent to sub-contracting of the Services under clause 1.6, then the Supplier agrees to impose a binding legal obligation on their sub-contractor to comply with the obligations in this Schedule 6 where that subcontractor has access to, or will be otherwise processing, the Personal Data. For the avoidance of doubt, any such subcontract shall not relieve the Supplier of its obligation to comply fully with this Schedule 6 and the Supplier shall remain fully responsible and liable for ensuring full compliance with this Schedule 6 in all respects.

1.7 The Supplier will not transfer any Personal Data processed under or pursuant to this Agreement outside of the European Union without the Customer’s prior written authorisation. Where the Customer authorises the transfer of Personal Data outside of the European Union, the Supplier agrees to comply with any instructions the Customer may issue which are necessary to achieve compliance with the Privacy Laws.

1.8 The Supplier agrees to notify the Customer as soon as practical, and in any event within five working days, if the Supplier receives;

i. a request from an individual to access their Personal Data or to exercise the rights of individuals under Privacy Laws including the rights of rectification, restriction, blocking, data portability and/or erasure;
ii. a complaint relating to the processing of Personal Data under this Agreement;
iii. notification that an individual wishes to withdraw their consent, or otherwise objects, to the processing of their Personal Data under this Agreement; or
iv. any communication from the Information Commissioner or any regulatory authority in connection with the Personal Data.

1.9 The Supplier agrees to comply with our instruction regarding the response to and handling of a complaint, request, notification or communication described in clause 1.9 and provide such reasonable assistance to the Customer as is required to ensure that the Customer can comply with its obligations under the Privacy Laws.

1.10 The Supplier agrees to notify the Customer promptly, and within 24 hours, in the event of an actual or suspected personal data breach involving the Personal Data processed under this Agreement. The Supplier agrees to co-operate with the Customer fully to investigate such a breach by furnishing the Customer with information as may be reasonably required about the breach and the Supplier’s processing activities. The Supplier also agrees to comply with the Customer’s reasonable instructions regarding the management of and response to the breach and any steps necessary to prevent an equivalent breach in the future.

1.11 The Supplier agrees to comply with the Customer’s instructions as to the period for which the Personal Data shall be retained and regarding secure destruction or return of the data to the Customer following expiry of the Term.

1.12 The Supplier agree to indemnify and keep indemnified the Customer against all claims, demands, actions, proceedings, charges, costs and expenses (including legal costs and expenses) which may be brought against us in respect of or in any way arising out of or in connection with;
i. your breach of the obligations in this Schedule 6; or
ii. a claim that we are in breach of our obligations under the Privacy Laws as a result of any of your actions.

 

TeamKinetic Academy: Facebook Live Training Dates for TeamKinetic 1.0

facebook-live-brand-awareness

With so many new features and products in TeamKinetic 1.0 (TK1.0) we thought it would be best to invite you all to a series of master class sessions with Steve and the team.  This new version has the potential to take your volunteer management to a new level.

Join us on Facebook to see our interactive demos and join in the conversation directly with Steve.  As you know we love to talk through how and why we have made some of our changes. We also love to hear yours and your volunteers thoughts and feedback and this heavily informs our next versions.

These sessions are designed to be short and easy to follow, with loads of opportunity for you to ask questions.

References Wednesday 25th April 13:30
TeamLeaders Friday 27th April 13:30
Setting Maximum Sessions Wednesday 2nd May 13:30
TeamKinetic Chatter – Opportunity Chat Rooms Friday 4th May 13:30
Managing External Opportunities Wednesday 8th May 13:30
Reporting Update Friday 11th May 13:30

If you can’t make one of these sessions, don’t worry, we will be keeping the video on Facebook, as well as adding it to our YouTube channel and where appropriate putting them into the help documents.

Of course, you can always get in touch via the support tickets, email, phone or chat function. We want to know what you think, so please get in touch.

We look forward to seeing you this Wednesday for the first session

To find out more information on TeamKinetic, please feel free to get in contact with one of our Team by:

Email:                    james@teamkinetic.co.uk

Phone:                    0161 914 5757

For over ten years TeamKinetic has been developing innovative technological solutions for third sector organisations. We pride ourselves on our volunteer-centric approach and intuitive design.

Volunteer Management Software that WORKS for Third Sector Organisations.

 

TeamKinetic Academy: TeamKinetic V 1.0 Software Update

TeamKinetic is pleased to announce on Sunday, 22 April 2018, the latest update of our volunteer management software went live.Combining the Volunteer, Access and Club Kinetic into one singular application. TeamKinetic V 1.0 brings with it a host of new features and functionality, in this blog we look to explain specifically what they are:

Why TeamKinetic v 1.0?

We have now fully integrated Volunteer, Club and AccessKinetic and our old version numbering was based on our VolunteerKientic releases. So it’s time for a new beginning.

What should I look out for in this release?

This is a huge update with great additions to TeamKinetic’s functionality as well as under the hood changes to improve speed and reliability.

Look out for TeamLeaders, volunteer referencing, our new ‘Focus’ design, Android and iOS apps, more customisation and GDPR compliance.

Check out the new features on the demo site before they go live on your site

To access the demo site as an admin click here

From here you can see the new layouts, features and improvements.

 

Data Protection and Security

GDPR changes

You can see a summary of the changes we have applied for GDPR here

Information Governance ToolKit

As part of our commitment to the highest standards of data protection and information governance, TeamKinetic has undergone extensive self-assessment and external assessment by the NHS Information Governance team.

Apps and mobile

iOS and Android

As the march to mobile’s dominance in how many people interact with digital technologies continues, TeamKinetic have been working hard to catch up with this trend and provide an effective user experience available across all mobile devices. We have created a single mobile app that all volunteers can access.

Version 1 of the iOS and Android App is now available for your volunteers from the Apple App store and the Google Play store.  From your mobile device, you can access the app store and SEARCH “TeamKinetic” and you will be presented with our app to download for FREE.

Below you can see how this should look.  The Apps are only accessible to your existing users.  All new users must create an account via the website before they will be able to use the app. This is just for Volunteers at the moment, but still includes all the basic features you would expect including searching for opportunities and logging hours etc.

This is our first attempt in the mobile space so as always we welcome your feedback on your experience as we will look to improve this over the next 12 months.

We plan to prompt users to download the app when they log onto the site. App Acreen Shots

TeamKinetic now on Google Play and iOS APP Store.

Design and usability improvements

Volunteer opportunity management area

Making it easy for a volunteer to manage their opportunities continues to be of the greatest importance to our design process as this significantly influences the volunteer’s engagement with the site.  We have looked to bring all elements of opportunity management into a single area so a volunteer can easily join/ leave sessions, leave feedback, log hours, see a map of the opportunity location and join the opportunity Chat.

Using the new focus layout, volunteers can quickly see the navigation and actionable areas of the page.

1 Design Improvements

More customisable emails

It has long been our ambition to give you the ability to edit all emails that the system sends.  Over the next few months, you will notice the editable ‘customise emails’ list will grow as we expand this function.

Combined viewing and editing volunteer profile page

Volunteer information is now neatly and logically situated on a side menu, allowing easy access to all their information.  We have removed the EDIT button and instead made the fields editable directly from each page.

Combined viewing and editing opportunity page

We have replaced the opportunities green menu bar and replaced it with a slicker side menu, removing the need to scroll down endlessly to find what you are looking for.

 

Shorter improved menu for volunteers

In design, less is often much more. This is why we continue to strive to reduce clutter and simplify the volunteer experience.  It has been our aim to have all key volunteer functions only one click away from the front page.

The Volunteer front page acts as a snapshot of everything that volunteer needs to know.  This will continue to be a work in progress as we look to improve the user experience, but this is the largest overhaul to the volunteer pages since we started some 10 years ago. As always are keen to hear your feedback.

Full set of sharing icons for volunteers to share opportunity details to social media

5 social sharing

Where possible we have tried to make it simple for volunteers and providers to share their opportunities via existing social media, leveraging their existing audience reach.

“If you want more volunteers you need to ask!” is the simple advice when it comes to volunteer recruitment.  Building an audience for your opportunities using social media makes asking even easier.

Simplified volunteer qualification and document upload and review

Many opportunities require volunteers to hold specific certified skills or qualifications, these might be achieved through in-house training or awarded by an external body. We have simplified how a volunteer can record their qualifications and training.

We have also added the ability for Admin users to be able to add training and qualifications on behalf of volunteers and lock these documents so volunteers can not remove or alter them.

Each volunteer now has a single page where they can quickly review all relevant certification and training.

New Features

References       

References…References…References!!! The bane of many volunteer managers lives.  All that paper flowing around, and waiting for people to respond can be a nightmare.

TeamKinetic now offers a complete digital solution, allowing you to create your own custom reference forms which are automatically emailed out to referees.  When the referee completes the form, they are automatically attached to the volunteer ready for you to review.

This mean no more referees getting bombarded with the same referee form, as they can be reused for other opportunities.  You can also create higher level reference forms for more demanding opportunities, allowing you to customise your questions in relation to the role.

Say goodbye to references stuffed in filing cabinets and say hello to the digitisation of your entire volunteer reference system.

TeamLeaders

Teams of volunteers often have a leader, someone who has been volunteering for years, the ‘go to’ person when things go wrong.  For many organisations this person is a very valuable asset to your volunteer programme, and often knows what is happening on the ground more than the administrator or the provider of the opportunity.

You can now mark these people as TeamLeaders within the system, giving them a superior status, and more importantly allowing them to confirm when volunteers have attended.  This automatically logs the hours on behalf of the provider allowing a more accurate representation (in real time) of what is happening on each volunteer opportunity.

Maximum sessions per event

When an exciting event is added to your system there is often a rush by volunteers to get on the best opportunities, as many volunteers will be aware that they may not be accepted for every one they apply for, they often try and join many more than they can practically manage.

For this reason we have built a ‘Max Limit’ function into each event, allowing you to stipulate how many sessions each volunteer can join on a single event.

Map view when searching opportunities

Over the past few months we have had a number of requests to make it more simple to find opportunities based around a particular location.  The addition of a map view whilst searching opportunities offers a very effective visual tool to help volunteers look for opportunities that are near them.

Opportunity chat rooms

Do your volunteers use facebook groups or WhatsApp to communicate amongst themselves?  This can pose some potential risks to you and your organisation. To understand more about these risks read our article on the subject here.  To mitigate the need to use external sites such as these we have added an “Opportunity” chat room.  This is an area where volunteers can talk to other volunteers or the provider on an opportunity.

User safety is of paramount importance so we have equipped the chat room with language filters that limit the use of offensive language, as well as users having the ability to report offensive or inappropriate comments.  Only volunteers on that particular opportunity can use these rooms, so access is strictly managed and people can be removed or blocked from commenting if they are not using the chat room in good faith.

Volunteers do not automatically share any personal data with each other in the chat unlike with other social media.

This function can be disabled for your application if you do not wish to use it, we want to improve the social side of volunteering in a safe setting and we saw this as an important first step.

Minimum notice for leaving a session

This particular feature has been under debate for a long time and has been asked for by a number of customers.  As an administrator, you will now be able to set a minimum notice period that a volunteer must give if they intend to leave an opportunity.

For example, volunteers will not be able to leave an opportunity less than 48 hours before it takes place.  Instead, if they attempt to do that they will be presented with a pop-up message on the screen that says if you wish to leave this opportunity “please contact the provider on Tel no…..”  And the provider can remove the volunteer from the session, but the volunteer will be prevented from removing themselves.

Please be aware of the unintended consequence of enforcing this feature.  Volunteers who can’t leave the sessions may just not turn up, and you may be unaware and under-resourced as a provider.

New sharing page for administrators to track what opportunities are being shared and from where

You can now see which systems are sharing opportunities on your search pages, and how many opportunities they are sharing.  Ideal for when you want to find out information about a particular external opportunity.

Reporting

Additional reports and quick stats

We have compiled some new exciting statistics for you and revamped the reporting library.  You can now see how a full breakdown of how many volunteers are engaged with the system including; How many have joined at least one opportunity, how many have joined and logged hours and how many have joined multiple sessions.

The reporting page is also broken down into sections by using a side menu, making it much easier to navigate. And it includes a handy DATE RANGE facility, allowing you to integrate particular periods of time.


Zooming capabilities on web analytics graph

The Web Analytics reports now include the ability to select a specific date range, allowing you to pin point particular time periods when you have done promotional drives or canvasing, so you can see in more detail what impact your work has had in regards to people using your system.

8 reporting zoom
Identifying inactive volunteers

The following definitions have been developed to create better clarity
For some time, Admin users have been asking how they can easily identify the level of participation volunteers have with your volunteer programmes.  To help simplify this process we have developed the following definitions to describe a volunteers level of participation:

A “Converted” is volunteers who have joined one or more opportunity sessions.
An “Active” is a volunteer that has attended and logged hours for one or more opportunity sessions.
A “Repeat” is a volunteer who has joined sessions on two or more opportunity sessions.

TeamKinetic hopes you are as excited about these changes as we are.

If you have any additional questions or would like to find out more, please feel free to get in touch with one of the team via email or phone us on 0161 914 5757.

Please note this list is comprehensive but not exhaustive.

Are you ready for GDPR?

A whitepaper to help you get ready for GDPR and find out what it means for your data.

Whitepaper – Are you ready for GDPR – Download the paper here.

What should you be doing now?

If you haven’t started preparing your organisation for compliance then the next 3 months are crucial. If you have started getting ready for the GDPR deadline,  keep going.

Make sure your board is bought in to the importance of the project. Having the support you need from the top is vital to the GDPR compliance process.

ONCE THE GDPR COMES INTO FORCE, YOUR BUSINESS MUST:*

  1. Keep a record of data operations and activities and consider if you have the required data processing agreements in place
  2.  Carry out privacy impact assessments (PIAs) on products and systems
  3.  If applicable to your organisation, designate a data protection officer (DPO)
  4.  Review processes for the collection of personal data
  5.  Be aware of your duty to notify the relevant supervisory authority of a   data breach
  6. Implement “privacy by design” and “privacy by default” in the design   of new products and assess whether existing products meet GDPR standards

 

What are TeamKinetic doing right now

See what we have already put in place, to be ready for 25th May 2018.

https://teamkinetic.co.uk/blog/2018/02/07/teamkinetic-updates-new-eula-and-data-policy/

We continue to work with our customers to ensure compliance and understanding.

Are you ready for GDPR?

Deadline – 25th May 2018

Information sourced from UKFast, Berwin,Leighton,Paisner and Onside Law

Contents

Let’s refresh

Why has the GDPR come about?

What about Brexit?

What should you be doing now?

Data security is EVERY business’s business

Key changes to consent

Key changes to breach notifications

Are the rules different for electronic communications?

What is TeamKinetic doing right now?

Disclaimer: The information in this whitepaper is for your general guidance only and is not and shall not constitute legal advice. If you need advice on your rights or responsibilities or any legal advice around data protection matters, please obtain specific legal advice and contact an adviser or solicitor.

Let’s refresh…

What is the GDPR? The General Data Protection Regulation (GDPR) is a binding legislative act from the European Union for the protection of personal data. The Regulation tackles the inconsistent data protection laws currently existing throughout the EU’s member states and facilitates the secure, free-flow of data.

Why do you need to know about it?

As of April 2016, businesses have been preparing for the legislation coming into effect on 25th May 2018. Although we are in the process of leaving the EU, working towards GDPR compliance remains crucial.

If you fail to comply with the Regulation you could find yourself being fined up to 4% of your company’s global annual turnover and your reputation damaged beyond repair.

That is 4500% increase on current fines that can be issued by the ICO!!

Now that the deadline is just 3 months away, is your organisation ready?

Why has the GDPR come about?

There is a need in Europe and beyond for a standardised data protection framework that addresses the rapid technological advancements that have taken place in recent years, putting the personal data of the masses at risk.

Where do vulnerabilities lie?

Everywhere. All organisations are at risk of a cyber-attack, despite common misconceptions that some industries are more secure than others.

The results of a survey carried out by the Information Commissioner’s Office (ICO) of 173 councils at the end of 2016 reveals that more than 15% of councils do not have data protection training for employees processing personal data and a third do not carry out privacy impact assessments (PIAs) as required by the GDPR.

The survey’s release coincided with the news that the ICO had fined Norfolk Council £60,000 for a data breach in which social work files were discovered in a cabinet bought in a second-hand shop by a member of the public.

Capgemini: The Currency of Trust, February 2017

74% of UK SMEs had a security breach in 2016.

While leaving vulnerable information in a cabinet or on a train may seem like a problem from 1997 rather than 2017 – when cloud technology means physical files never need to leave the office – the overarching security challenge remains.

Professionals across the public and private sectors must be aware of the nature of the data they are accessing from their home networks and ensure they are doing so securely.

Computer Weekly: Many Councils Still Unprepared for GDPR, March 2017

What about Brexit?

Despite the vote to leave the EU, UK businesses must continue to work towards GDPR compliance. Not only has the UK government stated that it is good business practice to do so, but the legislation applies to all businesses working within the EU and with EU data. A failure to comply can lead to significant fines and irreparable damage to a company’s reputation.

The latest thinking is that the UK could replace the 1998 Data Protection Act (DPA) with legislation that mirrors the GDPR, enabling the UK to achieve free data flow with the EU post-Brexit. The government has warned that it may take two to three years for the European Council (EC) to decide that the UK has an adequate data protection regime.

While the impact of the Investigatory Powers Act on the UK’s GDPR compliance has yet to be fully understood, it is possible that the mass surveillance and data retention practices carried out under the Act could cause issues when the EC comes to decide whether the UK’s practices are adequate. The existence of these two extraordinarily contradictory legislations could result in a UK equivalent of the Privacy Shield agreement held between the US and the EU to facilitate secure transatlantic data flow.

If your business activities are contained within the UK or elsewhere within Europe, you will have to observe the protections afforded by the GDPR for citizens.

What happens if my business is not complaint?

The GDPR introduces a two-tier fine system that emphasises just how small a financial deterrent existed under the Data Protection Act (DPA).

As of the 2018 deadline, any data controller or processor that fails to comply with the Regulation will face the following fines:

 

Tier 1

If a data breach occurs that puts highly important data at risj, the data controller/processor will be fined upto €20M (£17.25M) or 4% of the previous year’s global annual turnover, whichever is greater.

Tier 2

Any other data breach could lead to fines of up to €10M (£8.6M) or 2% of the previous year’s global annual turnover, whichever is greater.

 

It is estimated that if breaches remain at the same level as in 2015, the fines given will raise 90 fold from €1.4 billion to €122 billion

Key changes to consent

Do you ask your customers for permission before you use their data? Do you go a step further and tell them what it will be used for? If the answer to either – or both – of these questions is no, you could be in trouble if you don’t start changing your ways before the GDPR deadline.

 

Why is consent important?

Consent enables your business to lawfully process data.

Organisations applying the GDPR’s standards are giving individuals greater control over their information and, in turn, building trusting relationships that ultimately keep customers coming back for more.

Any business found to be misusing personal data will be fined according to the highest level of the two-tier system and – most poignantly – is at serious risk of damaging its own reputation. When is consent required? You must have the data subject’s consent to lawfully process their data. However, just to confuse things, there are instances that will call for consent to be acquired via alternative methods; we’ll clarify this shortly. Consent is also needed under ePrivacy laws if you’re in the business of tracking communications and installing software and apps on devices.

If you want to use someone’s personal data they must give you explicit consent to do so. This means in practise no pre-ticked boxes, a user must always choose to tick the box.

If you want to use an individual’s personal data for multiple purposes, they must give consent for each purpose, separately

 

Who might need an alternative method of gaining consent?

Most commonly, data controllers in a position of power such as public authorities and employers who are likely to find getting valid consent challenging and so must consider the alternative options.

For example, if you are a highly successful eCommerce business is bringing on board a new supplier of garden furniture, you will need a contract with them that clarifies the role of each party and enables you to lawfully process their data.

Whether you are the data controller or processor, you must always record how consent was given, who from, when, how, and what the interested parties were told.

You must not bundle your consent request with your standard terms and conditions.

 

Does your consent process meet GDPR standards?

Carry out a thorough review of existing consent processes and asses whether they meet the Regulation’s requirements. if they do, there is no need to request consent from the subject again.

Key changes to breach notifications

Europe had a phenomenally inconsistent data protection landscape. It meant that when a Switzerland-based business suffered a data breach affecting people in Greece, Italy and Spain, the organisation would need to comply with the breach notification standards of each of the three member states.

This lack of uniformity throughout Europe means that while some member states, such as Spain and Germany, are recognised for their rigorous data breach privacy laws, there are also member states with minimal to no regulations in place.

In this environment, organisations in lax member states have not needed to notify an authority of a breach.

The GDPR smooths all this out with the introduction of a single breach notification requirement.

 

What is a personal data breach?

A personal data breach is not simply the loss of data but a breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

When must the relevant supervisory authority be notified?

The relevant supervisory authority must be informed of any data breach that puts an individual’s rights and freedoms at risk. This includes a loss of confidentiality and financial loss.

Data controllers must inform the supervisory authority without undue delay and within 72 hours of learning of a personal data breach. They must state:

  1. Its nature
  2. The approximate number of people affected
  3. The contact information for the organisation’s DPO (if one has been appointed)

The controller must also pin-point the likely consequences of the breach and the measures taken to reduce further risk to those affected.

Data processors must tell the data controller about a data breach without undue delay after having become aware of it.

If a breach is significant enough that it is in the public interest, those responsible – be that the controller or processor – must do so without undue delay.

The impact of data breaches If we hark back to our real world TalkTalk and Yahoo examples, we can see that the severe consequences each company experienced following their respective breaches were related to how they handled the aftermath of the breach and not simply because the breach happened in the first place.

What should you be doing now?

A personal data breach is not just the loss of that data but a breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

  • Educate your employees about    personal data breaches and how to   spot when one has occurred.
  • Set-up an internal process for reporting   a personal data breach.
  • Make sure you have the internal resources and processes in place to   detect and investigate breaches. Speak to any third-party data processers if they are storing your data.
  • Put an incident response plan in place.

Are the rules different for electronic communications?

No, not really. The EU has introduced a complementary legal framework to the GDPR to clarify exactly what data controllers and processors must be doing to protect individuals’ communications; electronic or otherwise.

  1. New cookies responsibilities   for browser providers Users must be given the choice to consent to cookies as part of the browser software set-up. This should reduce or eliminate cookie banners on websites entirely.
  2. Extra-territoriality and 4% fines The Regulation no longer applies solely to the EU. It applies to anyone in the world that provides publicly-available “electronic communications services” to acquire data from the devices of EU citizens. Any organisation that breaches the Regulation will be subject to the GDPR’s two-tier fine system. That means you should be paying attention even if your business is contained within the UK.
  3. The Regulation application is expanded Unlike its predecessor, the ePrivacy Directive, the ePrivacy Regulation goes beyond the traditional telecommunications organisations and internet service providers. It incorporates messaging apps like WhatsApp, and email providers, amongst other communications suppliers such as Facebook and Snapchat.
  4. New rules for processing communications data The Regulation introduces new rules for handling: what was said, who said it, where and when. This data is confidential; interfering with it could result in a Tier 1 fine.
  5. Exemption analytics cookies Businesses are exempt from the cookie consent requirement when using firstparty analytics. However, using third-party analytics platforms such as Google Analytics requires user consent.

For the non-techy amongst you, ‘party’ refers to the website that places the cookie. So when you visit www.ukfast.co.uk, and you find the domain of the cookie placed on your computer is www.ukfast.co.uk, this is a first-party cookie. If you visit www.ukfast. co.uk and a cookie by a suspiciously dissimilar name appears, this cookie has been placed by a third party.

Like the GDPR, the ePrivacy Regulation will come in to effect on the 25th May 2018.

Source: http://privacylawblog.fieldfisher.com/2017/the-new-e-privacy-regulation-what-you-need-to-know/

Introducing ‘Focus’, TeamKinetic’s design principle for better volunteer management

TeamKinetic is now a mature and fully featured volunteer management solution. As it has matured we have been able to more rigorously enforce a design principle for better impact across all user interfaces that we call Focus.

Focus is a collection of typography, grids, spacing, colour, layout and sizing rules that aim to achieve consistency of design, fluid layout for smaller screens and help to retain user focus on important tasks.

Volunteers, providers and administrators are presented with large amounts of information and we have been working hard to make this volume of information easy to digest in our Volunteer management application so the individual user focus is on the most pertinent information.

The biggest layout difference you will see is the support for a two-pane design with navigation elements in the left pane and the action area in the right pane. This layout also encourages the collection of tasks into one area, either functionally similar tasks or tasks commonly undertaken at the same time.

ocus-two column or two pane layout

A two pane layout with a navigation bar on the left and the action panes on the right

Colours are restricted to a limited palette so that actionable areas like buttons, menus and links, are obvious and easy to find.

Font sizes are consistent and changes in font size are restricted to key text and headings.

Animation are used to indicated areas of focus when information is updated or the user enters a new area.

Panels are elevated when active using an animated shadow effect

Message and information areas are distinguished by a thick left border, the colour is contextual and can refer to the category, message type or other information.

Thick left borders indicated messages or important content areas

Where possible we want to avoid page refresh as this slows the users experience and can break their focus on the task at hand.  Volunteers, Providers and Admin users all want to be able to undertake tasks with the need for a screen refresh.  Extended use of AJAX , a method of performing user interactions immediately without reloading a new page, enables us to keep the user focused on their task without the interruption of a page refresh and the subsequent visual scan of the page to locate the last point of focus.

AJAX methods are employed extensively across the admin area, especially when editing opportunities or volunteer profiles.

Grids and spacing automatically adjust to screen size and allow navigation areas to collapse to icon only links and wide content to collapse into vertical stacks keeping readability high.

Collapsible elements retain readability and usability for small screens

We just wanted to let you know what’s behind some of the design decisions in the brand new TeamKinetic v1 release and our design intent going forward.

Please add any comments you have below, thanks, The Team.

Accessibility and TeamKinetic

I wanted to talk a little about how we adhere to the accessibility standards laid out by the W3 web consortium. These are termed Web Content Accessibility Guidelines or WCAG.

The WCAG documents explain how to make web content more accessible to people with disabilities. Web “content” generally refers to the information in a web page or web application, including:

  • natural information such as text, images, and sounds
  • code or markup that defines structure, presentation, etc.

These guidelines help people using assistive technologies, such as screen readers and text-only browsers, to navigate ever more complex websites.

An example of how the correct mark up can help is in navigation elements. We’ve all seen the standard top or side navigation bars in websites, that often have multiple sub-menus and let a user navigate quickly to any area of the website.

For instance, the Amazon navigation bar has over 100 such links hidden away in the navigation bar.

What is not apparent to users that are not using assistive technologies is that this navigation bar appears first in the content flow of the website. As a visual user you can quickly skip over that part and get on with buying a new TV by just averting your eyes. A screen reader however must read over that entire navigation section and read out every link, EVERY time a page is loaded, can you imagine the inconvenience and annoyance that would cause!

To overcome this web designers can use a specific HTML 5 element, plus a few other attributes from the ARIA set, to define a navigation section. This lets assistive technologies know that everything following that declaration is navigation, and the user can skip over them easily if they want to.

Check out this YouTube video of the old inaccessible amazon website to see just how annoying this would be.

So as you might imagine the first thing we do here at TeamKinetic is to make sure all the navigation elements are enclosed in the correct element tags so assistive technologies can render them correctly.

At a minimum, we seek to make sure every public page has no errors when scanned with the WAVE accessibility checker and on each audit we attempt to address any alerts that appear.

This is the list of major conventions we use to help us adhere to the WCAG standards;

  • All navigation elements are enclosed in an HTML 5 nav element that is given the role=”navigation” so that newer and older assistive technologies will recognise the enclosed section as navigation
  • All images have a meaningful alt tag so the user gets an idea of what the image means
  • All anchor or link tags have meaningful text, this is sometimes hidden from the non-assistive browser in the case of icon buttons for instance.
  • Text colour and the background is selected to have a contrast exceeding that recommended for the text size.
  • All input form elements have a label tag which describes what data should be inserted into the form element.
  • The tab order of form elements is logical and follows the on-screen order so that people can tab through a form easily.
  • ARIA roles and landmarks are used where appropriate.

In our next audit, we are attempting to improve the experience for our dynamic content. This is content which may appear or disappear without a new page being loaded. This means that users of assistive technology may become stuck on an alert or page overlay without knowing that it is there.

There are always ways to improve and if you have any comments or suggestions we would welcome them below.

TeamKinetic: New EULA and Data Policy

On Friday 26th January 2018 our new EULA and Data Policy was enacted.

Since 2016, organisations have been preparing for the reformation of data protection in the form of GDPR (General Data Protection Regulation). For many organisations operating within the third sector, a certain apprehension has loomed, driven by concerns for their volunteer’s database.

TeamKinetic, as providers of volunteer management software, wanted to offer reassurance to our beloved customers and those interested that we are aligned with the new legislation in preparation for the 25th May 2018 deadline.

As the biggest change to data legalisation since the Data Protection Act, GDPR is poised to revolutionise how individuals can manage organisations use their data.  TeamKinetic have undertaken an extensive review of all our policies and procedures with the imminent launch of GDPR and have made some changes to some of our most important agreements.

Below is a concise summary of the major changes made. However, we strongly recommend you read the more detailed policies accessed in our Terms & Conditions which includes full details [click here]

If you have any concerns after reading this, please get in touch with me at chris@teamkinetic.co.uk.

 Things that have not changed

TeamKinetic will still never sell your data to a 3rd party.

We are still registered as a data controller with the Information Commissioners Office (ZSA036104)

Privacy by design, Privacy by default

We have always taken user privacy seriously at TeamKinetic, carefully balancing that with the desire by our users to access the opportunities they are most interested in seamless fashion.

The new policy is significantly more detailed. The significant changes are outlined below:

  • As a company, we have explored in much greater detail the role of data usage across our business, and this is reflected in our policy introduction, legislation, and scope. We felt it was important to establish what parts of the business this document will directly address.
  • GDPR requires a much greater level of detail on what user data is collected, we have tried to make it clear what data we are collecting and in what context we will be using that data.
  • Since our last policy review, we have added an iPhone and Android applications which make use of additional phone features. As part of our GDPR policy review, we have added a stand-alone “Mobile” section that addresses the specific differences between mobile and traditional desktop usage.
  • Data sharing is essential for the operation of the TeamKinetic, but we want our users to feel confident that the data they trust us with is being shared Our new Data Protection and Privacy Policy identifies what data is shared with whom in much greater detail.
  • TeamKinetic collects a range of data including personal data, some of which is of a more sensitive nature, we also collect a range of metadata which we use to improve the performance of the software. Our new Policy identifies the types of data that are collected and how we use, share and store that data.
  • Tracking and analytics systems such as Google and Nielsen are fundamental to the operation of the internet. These systems track user and site behaviour online and require TeamKinetic to provide a range of anonymous data; the new policy explains our approach to these systems.
  • Social media plays a significant role in TeamKinetic, and as such we have identified the role of social media specifically in the use of data in these platforms.
  • We explicitly define that all TeamKinetic data is stored in the UK.
  • As part of our policy review, we have established Information Governance best practise guidelines that now forms part of all company employees ongoing training and induction. These guidelines are listed in detail.
  • Finally, we have added sections to our policy that deals with “Subject Access Rights” and “Compelled ”

These policy changes have been reflected in our whole business and our updated End User Licence Agreement.

Kind Regards,

Chris

If you have concerns about these changes or wish to discuss in more detail what it might mean for you and your application, please do not hesitate to get in touch with Chris Martin on 0161 914 5757.

Plugin with Do-It and TeamKinetic

Here at TeamKinetic we’re excited to tell Volunteer Managers about the launch of our new Do-It plugin. We believe we are the first volunteer management application that offers a direct method for leveraging the power and reach of Do-It’s opportunities finder right there on your dashboard.

Do-it.org is the UK’s largest database for posting volunteer opportunities, with an established presence and heritage since 2000. Since then it has connected millions of volunteers to opportunities available throughout the UK. The database hosts more than 50,000 volunteer opportunities which appear in the top results of Google organic searches for volunteering in the UK. As a result, Do-it.org is a great platform to promote volunteering opportunities to a wide audience of potential volunteers and is frequently the first port of call for first-time volunteers.

TeamKinetic understands that it is great to be able to post opportunities nationally, but organisations also need to be able to track the attendance of their volunteers, receive feedback and produce data driven reports. Since its conception, these functionalities have been core to the TeamKinetic software service.

For the last eight years, TeamKinetic has been improving volunteer manager’s ability to manage their workforce through the intelligent volunteer management software. It has been used by Local Authorities, Universities, National Governing Bodies and a host of other third sector organisations. Collectively their volunteers are quickly approaching the one million hours logged and tracked through TeamKinetic software.

We believe that by combining the use of Do-It.org with TeamKinetic’s volunteer management software, third sector organisations will be able to harness the full potential of both systems. Do-it.org is a great place to advertise opportunities and TeamKinetic is ideal for managing the volunteers to fill those opportunities. Our new plug in will let you do just that.

When creating new opportunities, simply enable the “share nationally” option and that’s all there is to it. In the background, the plugin creates the opportunity and uploads the provider details. The opportunity is searchable on Do-it.org and Google almost instantly.

After a prospective volunteer finds the opportunity they will be directed back to your opportunities page, where they can then sign up and join in. You’ll get the benefits of TeamKinetic’s management tools plus the advantage of being listed on Do-it.org, the UK’s largest volunteer website. Win-win!

Stevie Wonders: Signed, Sealed and Delivered (V 7.3)

 

Stevie Wonders: Signed, Sealed and Delivered (V 7.3)

Breathing a sigh of relief following the successful release of the latest update for TeamKinetic, I wondered just how many changes and tweaks we had made to the system since our last update. Although tempted to create a song about them, our initial pre-production proved more challenging than expected. We decided a list would have to suffice (for now at least).

We acknowledge as a tech-based company there is a certain expectation that we release regular updates, debugging our system, improving functions and performing general maintenance. But I would argue that TeamKinetic take customer feedback to a whole new level in terms of integrating it into our updates, where the vast majority of new functions come directly from customer requests and workshops.

Our first method is our annual TeamKinetic Conference, hosted in Manchester, where we spend the whole day listening to our clients and industry leaders t0 construct a roadmap for the development of our system.

The second is through speaking and listening to our clients through regular phone calls, emails, conversations and training sessions.

Knowing we take the time to listen and deliver to our customers gives us great satisfaction, and I believe sets us above the rest.

Having gone through the extensive testing process to get our latest version of VolunteerKinetic signed off. I re-examined the list of updates and thought a few of our customers would appreciate the shear number of changes that have been made, and would probably identify many updates in relation to conversations they have had with us.

We understand that for many, just knowing that the functions work is satisfactory, but for those who express a greater interest in our system we thought we would share a complete list of version 7.2 updates.

Volunteer Registration
New address lookup and controls for provider, Volunteers, Opportunities, System Profiles, TryVolunteering registration
The ability for Admins to HIDE emergency contact from volunteer registration pages.
Ability for Super Admin to change REGISTER AS PROVIDER button colour
Make Vol and Prov registrations optional via admin switch so the functions are hidden from the homepages

 

Volunteer Opportunities
Move Opportunity Categories to the SUPER ADMIN menu, under OPTIONS
Create more help videos for creating opportunities
Create one-way sharing limiter on the search, so linked organisations can opt to share opportunities one way with other systems
Remove Add Event section from CREATE OPPS page as this can be confusing to users
Allow providers to convert opps from regular to flexible.
Allow admin to action MULTIPLE OPPORTUNITIES at the same time (including authorising opportunities)
Update: Ability for OPPS to be filtered by ACTIVITY (providers & admin)
Time stamp when volunteers join an opp (this will be used for reporting and export functions)
Set character limits on the PERKS and SKILLS boxes?
Allow Documents to be uploaded to opportunities, which are visible to volunteers

 

Volunteer Manager Reports
Change provider reports so they reflect only their volunteers (YOUR VOLS and LINKED VOLS) not a global report on ALL vols on system
Move reports to 2 columns with a SIDE MENU
Volunteer HourTrades
Ability to download hourtrade data
Add toggle for HourTrade, remove from menu when off
Move HOUR TRADE VOUCHERS page to menu

 

Volunteer Surveys
Change hover over tip to Survey field – Volunteer ID Parameter Name
Add Survey links to opportunities
Add Survey link Unique Parameters (so each volunteer gets sent a unique survey which can be traced back to them)

 

Events
When a volunteer is not on any events, a notice should reflect this on their EVENTS page
Improve the layout of the EVENTS PROFILE edit box
When an admin or provider adds an EVENT there should be a default banner image

 

Address Lookup
EDIT  address lookup and controls for ADMINS, PROVIDERS, and VOLUNTEERS in 17 pages
Add select COUNTRY to all address pages
make ADDRESS LOOKUP field RED (so it is highlighted) on the Volunteer EDIT page

 

Volunteer Achievement Badges
Improve achievements page and added a download format
Allow download of achievement badges and who has attained each badge level

 

User Guides
Create PROVIDERS online user guide page
populate PROVIDERS guide with relevant information on every function

 

Volunteer Timelines
Add timeline and stats to volunteers achievements page
Allow admin to view volunteers timelines

 

Courses
Ability to DELETE an application form from a course

 

Other
Download Volunteer or Provider DATA should show ACTIVE or REMOVED fields
Auto Refresh page after a group is added or removed.
Change provider link to only show currently linked and then have a search bar/auto suggest adding new links. Only include active providers.
Ability to sort feedback on provider or volunteer by thumbs up or thumbs down
Remove the CLUB tab from providers page, if the org hasn’t purchased the module
Put Clients T&Cs above our T&Cs

Why TeamKinetic has gone mobile

As TeamKinetic makes it iOS application available to its customers and existing volunteers, we discuss the evidence that has driven this change and our hopes of making volunteering even more accessible.

The march of technology is relentless, and the pressure on organisations in sport and the 3rd sector to offer multi-channel and multi-platform solutions to better engage with their stakeholders continues to grow as they compete for attention against a sea of other content. These trends mean that making TeamKinetic available on mobile was essential.

mobile usage by country – Comscore

The data shows that the time spent on mobile has surpassed that spent on other web-enabled devices, and this trend is consistent in developed and developing economies. It is not a case of “if mobile is important?”, but to acknowledge its predominance in the decision-making process for future development.

Dominance of multi-platform applications

The evidence is clear; consumers now expect a multi-platform product that allows them to switch between the different versions of the platform, undertaking some tasks on their desktop and others on their phone or tablet. With other data suggesting these browsing choices are time of day dependent.

on-line device usage by time of day

When looking at how to engage with your audience, in our case volunteers. We have to accept these trends and offer a product that can cater to the desires and expectations of the user.

Using the mobile platform, both in its native application format and via the mobile browser, not only have we been able to increase the potential reach and time available to browse, we can also access additional functionality.

The use of GPS and geo-location services, open-auth protocols to make signing in and staying signed in easier and using the camera or address book are all examples of technologies that work particularly well on a phone to improve customer experience. Our founding belief at TeamKinetic is to always keep the volunteer and their experience central to our design philosophy, so the decision to create the app was easy to make.

This is our first step of many as a truly multi-platform company, no doubt we have plenty to learn if we want to recreate our desktop experience on a much smaller device, but working with our customers, that’s our ambition. The rewards for success for our customers, the Sports Clubs, charities and communities are potential too great to ignore.

We must constantly challenge ourselves to look at our organisations and consider how well we provide services and how accessible they are. We must push to deliver to stakeholders the experience they have come to expect.

TeamKinetic products will provide that level of service at a fraction of the cost of in-house development.  Please get in touch to see a demo of our system and how it might improve your stakeholder engagement, build your community and change your world.

Page 1 of 3

Powered by WordPress & Theme by Anders Norén