MESH is a Charitable Incorporated Organisation. CIO charity number 1180429. MESH exists to promote access to education for adult migrants in the Yorkshire and Humberside region, and further afield as the trustees see fit. In particular but not exclusively by providing comprehensive information about local opportunities for language education.
MESH wants to represent best practice in good information governance and data protection, so we want to tell you that:
- If you ever want to know what information we hold about you, you can ask for it using the contact details below.
- We will tell you what we would use your data for, and give you an opportunity to control what we do with it. You can do this at any time, as often as you like. We will always respect your decision.
MESH is known as a ‘controller’ of the personal information you give to us and we collect it for the following reasons:
- To be able to keep in touch with you and update you about our work
- To be able to log accurate information about ESOL classes on the Learning English in Yorkshire and the Humber website and to contact providers if there is a problem
- To be able to link students looking for ESOL classes with available classes
The kind of information we collect includes:
- Name, job title and business contact details including email address;
- Information about classes and venues;
- Information about students;
This is detailed more fully below.
When a user clicks to contact a class provider we process and store their
- Email address
- IP address
When a user clicks to contact Learning English in Yorkshire and the Humber we process and store their
- Email address
- Phone number
- IP address
When a user clicks to send class to a friend we process and store their
- Email address
- Friends email address
- IP address
When a provider registers we process and store
- Any personal details such as their name, phone number, email address, job title plus a username and password to login;
- Any business details such as business name, email address, contact person, phone number and any business addresses.
When a provider logs-in we process and store
- Their attempted access in the system logs as well as a database log showing any recovery actions used, such as lost password or forgotten username.
When a provider adds a course we process, store and make public
- Full details of the business including the business name, contact person, phone number, email address and address along with any extra information such as additional locations and free text.
When a provider adds contact buttons we process and store
The students name and email address;
- Any contact made via the Learning English in Yorkshire and the Humber website by way of system-logs and database captures.
When a student contacts a provider listed on Learning English in Yorkshire and the Humber
When MESH collects data
- MESH will be clear and explain why this information is being collected and the way it is to be used, however, only with your consent. At the same time ensure your privacy rights are protected;
- MESH collects information if you visit/use our website please refer to Cookies policy (under review);
- We do not share the information we hold about people with anyone. However, we would disclose information on request to the Police or any other statutory authority or regulator who has a reasonable need for these data to effectively conduct their business e.g. criminal investigations;
- When you provide permission to other organisations to share it with us (including Facebook or Twitter).
How we use your information
We will only use your information for the purpose or purposes for which it was collected for (or for closely related purposes). These purposes include:
- Using information provided to produce clear and accurate information about English classes available. Sometimes, with your consent, we will process your personal data to provide you with information that you have requested about our work or our activities;
- We use personal data for administrative purposes (ie to carry out the work of our organisation). This can include processing grant applications, maintaining a database of supporters and helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we will keep a record of this);
- Where we need to do this to fulfil a contract, or where we are required to do this by law or other regulations;
- When it is in our legitimate interests to do this and when these interests do not override your rights. These legitimate interests include providing you with information of our work and future events, fundraising, newsletter requests, feedback, and other activities. Please see section 9 on ‘Legitimate Interest’ for more information.
- We hold your information only as long as necessary for each purpose we use it. We regularly review what information we hold and delete what is no longer required;
- If you request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future and to ensure that we do not accidentally duplicate information.
- We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of, your personal information;
- Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means);
- Our electronic data is stored on a secure cloud server located in the UK (EEU). Our UK data centre is ISO27001:2013 certified. It has modern security features including: Photo ID and swipe card entry, 24-7 security on site, CCTV inside and out, gated access and secure perimeter fencing, redundant and uninterruptible power supplies. We use a third party web developer to manage our hosting and can provide any additional information upon request;
- Paper copies of any personal data that are stored in secure locked cabinets.
- Keeping you in control
We want to ensure you remain in control of your personal data. The new General Data Protection Regulations (GDPR), which were brought into force in May 2018, give everyone a number of very important rights. These include:
- the right to ask us to remove your personal data from our records (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to request a copy of the information we hold about you;
- the right to ask us to stop using your information for marketing or profiling, and;
- where technically feasible, the right to obtain and reuse your personal data for your own purposes.
Remember, you can change the way you hear from us or withdraw your permission for us to process your personal data at any time by using the contact details at the bottom of this policy.
Cookies and website
We use traffic log cookies to identify which pages of our website are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from our system.
Under the new GDPR laws started in May 2018, we have a number of lawful reasons that we can use (or ‘process’) your personal information. One of these lawful reasons is called ‘legitimate interests’.
Legitimate interests mean that we can process your personal information if:
- We have a genuine and legitimate reason and we are not harming any of your rights and interests.
When you provide your personal details to us we use your information for our legitimate business interests to carry out our work to make education accessible to adult migrants across Yorkshire and Humberside. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.
Some typical examples of when we might use this approach are for preventing fraud; direct marketing; maintaining the security of our system; data analytics; enhancing, modifying or improving our services; identifying usage trends; and determining the effectiveness of our campaigns and fundraising.
MESH will use various ways to achieve our mission and to support our objectives; we believe that people who share our values would love to know how to support us. We will process the personal information you have supplied to us to conduct and manage our business to enable us to give you the most appropriate marketing, information, service and products and provide the best and most secure experience. These are what we consider to be our ‘legitimate interests’ for holding and processing your data.
When we process your personal information for our ‘legitimate interests’, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent, or are otherwise required or permitted to by law).
Remember, you can change the way you hear from us or withdraw your permission for us to process your personal details at any time by contacting us.
Changes to the policy
Should you require further information regarding your rights under the Data Protection Act 1998, this may be obtained from the Information Commissioner’s Office.
How to contact us
If you have any questions about the policy or how we use your data, please get in touch using the details below.
Director of MESH
Or email email@example.com
This policy was last updated: August 2019