Policies / Our Promises and Agreements

Available Policies

Privacy and Data

last updated: 13 March 2024

TeamKinetic is fully GDPR Compliant. All data is stored on private servers hosted in the UK and all data centres hold ISO 27001 certification.

The Data Processing policy constitutes a data processing agreement between the Parties the Customer (The Data Controller) and TeamKinetic Ltd the Supplier (Data Processor)

For the purposes of this clause, the following definitions apply;

  1. ‘Data Controller’, ‘Data Processor’ and ‘process’ have the meanings given to them in the Data Protection Act 2018 and from May 2018 the General Data Protection Regulation 2018;
  2. Service Users shall mean those users who sign up to use the Services. 
  3. ‘Personal data breach’ has the meaning given to it in article 4(12) of the General Data Protection Regulation 2016/679; 
  4. ‘Personal Data’ shall mean the personal data of the Service Users including their name, contact details, email, address, disability information, gender and employment or education experience.
  5. ‘Privacy Laws’ means the PECR (Privacy and Electronic Communications Regulations); and
  6. ‘Privacy notice’ means a notice providing individuals with information about the purpose for which and how their personal data will be processed and the organisations undertaking that processing.

With respect to the parties’ rights and obligations under this Contract, it is acknowledged and agreed that the Customer is the Data Controller and the Supplier is the Data Processor in relation to the Personal Data.

  1. How The Data Processor will collect The Data Controllers data;
    1. Data collection is undertaken via SSL secured web form and SSL secured API in the case of native applications.  
  2. How The Data Processor will process The Data Controllers data ;
    1. The data will be used to provide services to enable volunteering. It will not be used for any third party or external services. The Private Data will be solely used for the purpose and no other. 
    2. In addition personal data is combined with behavioural and historical data sets to provide analytics and reporting to administrative users.
    3. Private Data will not be matched with any other Personal Data otherwise obtained by the Data Controller, or any other source, unless specifically authorised in writing by the Data Controller.
    4. The Private Data will not be disclosed to any third party without the written authority of the Data Controller. Access to the Private Data will be restricted to those employees /agents /contractors of the Data Processor, directly involved in the processing of the Private Data in pursuance of the Purpose.
    5. No steps will be taken by the Data Processor to contact any Data Subject identified in the Private Data and no Private Data will be reproduced in any other format than the agreed digital system.
    6. Personal Data used for research will not be published in identifiable form unless the persons concerned have given their consent and in conformity with other safeguards laid down by domestic law.
  3. How The Data Processor will store the Data Controllers data;
    1. All data is stored in fully secured hosted servers in the UK. A full list of server centre accreditations can be found here. Data at rest is encrypted using encrypted at rest with the AES-256 symmetric encryption algorithm. Our data storage policy is available on request.
  4. The Data Processor and third parties;
    1. No data is shared with third parties unless requested by the Data Controller
  5. What is the purpose for The Data Processor in processing the Data Controller’s data;
    1. Data processing is performed to enable volunteers to access, find and join volunteering opportunities and to provide the services required to enable this.
    2. Outcomes include but are not limited to; Increased recruitment, retention and reward of volunteers and the development of insight regarding the volunteer audience and motivations, actions and experiences.
  6. Where processing Personal Data on behalf of the Customer the Supplier agrees to;
    1. provide the Services in compliance with all relevant Privacy Laws;
    2. not do anything (or permit anything to be done) which would put the Customer in breach of its obligations under Privacy Laws;
    3. only process the Personal Data in accordance with the Customer’s instructions and only for the purpose of delivering the Services and not for any other purpose; 
    4. implement and maintain the technological and organisational measures to protect the Personal Data against accidental or unlawful loss, alteration, destruction, or unauthorised disclosure, dissemination or access, or alteration; 
    5. not disclose or transfer the Personal Data to any third party (save where disclosure has been specifically authorised by the Customer under this Contract) and only provide access to the Personal Data to your personnel where such access is necessary for the provision of the Services;
    6. take reasonable steps to ensure the reliability of any of your personnel who have access to the Personal Data, ensure that those personnel are aware of their obligations set out in this clause 1 and have undergone adequate training in the care, use and protection of personal data in compliance with the Privacy Laws.
  7. Upon the Customer’s request, the Supplier agrees to permit the Customer or its authorised agents to inspect the Supplier’s premises, data processing activities and systems, and/or have access to, and be provided with copies of any information (including without limitation the Personal Data) to enable the Customer to be satisfied the Supplier are complying with the obligations under this agreement.
  8. The Supplier must not sub-contract or assign any of its rights or obligations under this Contract without the Customer’s prior written consent. 
  9. Where the Customer provides written consent to subcontracting of the Services under clause 1.6, then the Supplier agrees to impose a binding legal obligation on their sub-contractor to comply with the obligations in this agreement where that subcontractor has access to, or will be otherwise processing, the Personal Data. For the avoidance of doubt, any such subcontract shall not relieve the Supplier of its obligation to comply fully with this agreement and the Supplier shall remain fully responsible and liable for ensuring full compliance with this agreement in all respects.
  10. The Supplier will not transfer any Personal Data processed under or pursuant to this Agreement outside of the European Union without the Customer’s prior written authorisation. Where the Customer authorises the transfer of Personal Data outside of the European Union, the Supplier agrees to comply with any instructions the Customer may issue which are necessary to achieve compliance with the Privacy Laws.
  11. The Supplier agrees to notify the Customer as soon as practical, and in any event within two working days, if the Supplier receives;
    1. a request from an individual to access their Personal Data or to exercise the rights of individuals under Privacy Laws including the rights of rectification, restriction, blocking, data portability and/or erasure; a complaint relating to the processing of Personal Data under this Agreement; 
    2. notification that an individual wishes to withdraw their consent, or otherwise objects, to the processing of their Personal Data under this Agreement; or
    3. any communication from the Information Commissioner or any regulatory authority in connection with the Personal Data.
  12. The Supplier agrees to comply with The Customer instruction regarding the response to and handling of a complaint, request, notification or communication described in clause 1.9 and provide such reasonable assistance to the Customer as is required to ensure that the Customer can comply with its obligations under the Privacy Laws.
  13. The Supplier agrees to notify the Customer promptly, and within 24 hours, in the event of an actual or suspected personal data breach involving the Personal Data processed under this Agreement. The Supplier agrees to cooperate with the Customer fully to investigate such a breach by furnishing the Customer with information as may be reasonably required about the breach and the Supplier’s processing activities. The Supplier also agrees to comply with the Customer’s reasonable instructions regarding the management of and response to the breach and any steps necessary to prevent an equivalent breach in the future. 
  14. The Supplier agrees to comply with the Customer’s instructions as to the period for which the Personal Data shall be retained and regarding secure destruction or return of the data to the Customer following the expiry of the Term. 
  15. The Supplier agrees to indemnify and keep indemnified the Customer against all claims, demands, actions, proceedings, charges, costs and expenses (including legal costs and expenses) which may be brought against us in respect of or in any way arising out of or in connection with;
    1. your breach of the obligations in this agreement; or
    2. a claim that we are in breach of our obligations under the Privacy Laws as a result of any of your actions.

Suite 5, Parkway Five,
Manchester.
M14 7HR
UK

Never miss out, subscribe to our newsletter and podcast

© TeamKinetic, 2024. All rights reserved.

0161 914 5757

Please tell us a little about you and your organisation, then pick a time and date for us to get in touch.