You are also referred to INASP’s Safeguarding and Digital Safeguarding Policy, Safeguarding in relation to INASP Moodle and, for those registering with AuthorAID, the AuthorAID Terms and Conditions with which you are deemed to agree when you use that service.
Who is responsible for your data?
INASP is responsible for the processing of your data when you engage with us directly or through our projects, programmes or other activities, including our Moodle-based e-learning platform and AuthorAID and their associated websites and services. INASP will either process data as a data controller or as a data processor within the meaning of the Data Protection laws. INASP will be a data controller where you have submitted your data directly to us and we exercise control over how it is processed, for example when you register for our courses or activities. INASP will be a data processor when your data has been shared with us by another organisation acting as a data controller under an agreement by which we provide services to that organisation, and which specifies the particular purposes for which we may process your data. Where this is the case, we rely on the party sharing data with us to obtain and comply with all requisite permissions, consents or other legal bases for data sharing. In any event, your data will always be processed in accordance with this policy and the Data Protection laws.
Our registered office is The Old Music Hall, 106-108 Cowley Road, Oxford OX4 1JE, UK. We are registered as a company in England and Wales under company number 04919576 and charity number 1106349. We are registered with the Information Commissioner’s Office with number Z5289330.
What information do we collect about you?
Information may be collected from you in a variety of ways, including when you contact us, subscribe to or register for a service, course or activity, apply to work with us or otherwise engage with us in any way where your personal data is shared with us by you directly or through another data controller. Further data may be collected during your participation in a course or activities or through your other engagement with us in any capacity. This personal information may include, but is not limited to that outlined below:
When it is collected:
Your name, email address, telephone number, address and gender.
When you contact us and register or subscribe for an account, course or activity or if this is done on your behalf, including our Moodle and AuthorAID platforms.
Information necessary for us to be able to advance our purposes and charitable objects, including that about funders, grant makers, project partners, stakeholders and others.
During the course of research or interactions with such individuals.
Further background information, for example, your academic background, professional background, country, institution, direct quotes.
When you fill in forms/surveys within a course or learning space you are enrolled in.
Such additional information as may be relevant and necessary for our engagement with you in whatever capacity, such as payment details, personnel records and references, records of participation in courses or activities or other details pertaining to your role as a participant, member of staff or volunteer.
When you apply to work with us or are employed or engaged by INASP as an employee or volunteer (including trustees) or in the capacity of a contractor or freelancer.
Communication we have with you including but not limited to: emails, forum posts, direct messages, messages in chat rooms, forms/surveys, contributions to online meetings or sessions, white boards or documents.
When you get in touch with us.
When you respond to our requests for information or feedback.
When you contact other website users on the online forums, through direct messaging, or in chat rooms.
Actions you have performed on our website along with the timestamp and your IP address, together with other information about your participation in a course or activity.
When you view resources, participate in activities, create/update any content, fill in forms/surveys.
When you update your profile or account information.
When you enrol in a course or leave a course.
Grades you have obtained.
When you complete graded activities in a course.
Further information about you including cookies, your location and how you use our webpages, mobile application, information about your interests and preferences.
When you use our digital systems and services.
When you accept our cookies placed on your device.
When you update your account information.
When you fill in forms on our website.
When you respond to our requests for feedback.
When you opt in to receiving messages from us.
Sharing content and use of networks
When you post content (or send messages) on any of our platforms, any personal data that is included in that content may be viewed by other users and so you should always be careful about the information you choose to disclose. We reserve the right to view private messages sent using our platforms in order to protect the safety and welfare of users from abuse and to investigate reported incidents of abuse, bullying or other inappropriate or prohibited behaviour.
The AuthorAID website enables direct sharing of information displayed with your AuthorAID ID and photo, if you uploaded one, with other users and visitors. The AuthorAID website keeps track of content that you have disclosed but does not control that disclosure and is not liable in any way for anyone's use or misuse of the information in the disclosure, so caution and judgement should always be used.
Cookies and passive data collection
INASP automatically receives and records information on our server logs from your browser, including your IP address, cookie information, and the pages you request.
IP addresses also help us to diagnose problems with the server, to administer the INASP website, and to otherwise provide our various services to users. IP addresses may be disclosed to a third party if we believe in good faith that the law or legal process requires it, or to protect the rights or property of INASP, its users or the general public.
Website and online sessions
These essential cookies maintain your login from page to page and provides continuity.
Content management system cookie
This cookie is essential to be able to use members areas in our websites. It is only set when you log into the members area and is deleted when you log out.
This cookie provides anonymous statistical data to show usage trends. If you'd like to opt-out, please follow this link.
Users should be aware that other websites visited before or after visiting ours might place personally identifiable information within a User's URL during a visit to their website, and INASP has no control over such websites. Accordingly, some of this information may be logged by a subsequent website that collects URL information.
Why we collect your data and how we use it
Organisations are permitted to process personal data if they have a legal basis for doing so. We process data on the basis that either:
• Express and informed consent has been given by the person whose data is being processed or, in the case of a child who is too young to provide such consent, by their parent/guardian; and/or
• We have a legitimate interest in processing the data; and/or
• It is necessary in relation to a contract, agreement or ongoing arrangement for the provision of services which someone has entered into with us or because someone has asked for something to be done so they can enter into a contract, agreement or arrangement with us; and/or
• We have a legal obligation to process the data.
Your personal information will be used by INASP to maintain records of your engagement with us, to process your requests, provide or administer INASP services and to display content you have provided to use on our webpages (including submissions, comments or course or activity participation content). We may also use your data to inform you about INASP’s projects, programmes and activities and other matters that we think may be of interest to you, subject to obtaining the requisite permissions and your preferences. We may also process your data for internal statistical analysis, and to improve the delivery of our services to you.
Location and security of data
INASP websites are hosted on a secure server located in the UK. We also use some services and resources operated by Microsoft, based in the EU. All data is stored on our database which is SSL encrypted. The server is protected by strong password controls and is monitored for unusual activity such as DDoS attacks and potential data breaches. Furthermore, regular software updates are applied to avoid software vulnerabilities, and daily backups are encrypted.
Please note that when using and interacting with networks, blogs and message boards, and personal data you disclose may be viewable by persons outside of the United Kingdom and the European Union and in jurisdictions that may not operate under the high standards of data protection applicable in the UK and EU.
How long we keep your data
Your data will be kept only for as long as the purpose for which it was collected subsists, including for a reasonable period after the end of your participation in an activity, after which time it will be automatically deleted unless there is another legal basis for retaining the data for longer.
At any point you can request a copy of your personal data and/or to delete all your personal data, subject to any overriding legal basis for us retaining it. Such requests must be in writing and we will comply with your request within 30 days, once we have verified your identity. We may also keep a minimal amount of data on a suppression list so we know to avoid contacting you after you have asked us not to. See the section "Your rights" below.
How we protect your data
We have put in place appropriate technical and organisational measures to protect the data we process against unauthorised or unlawful processing and the accidental loss or destruction of or damage to data to ensure a level of security appropriate to:
the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
the nature of the data to be protected;
and we take reasonable steps to ensure compliance with these measures.
We may communicate with you by email. Email is not a fully secure means of communication, and we cannot guarantee our emails are free from viruses and other harmful effects, although we do our best to make them as secure as possible. The transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping confidential any password you use to login to our website.
We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.
Sharing your data
Except as stated in this policy, we will not sell, distribute or lease your personal information to third parties unless we have your permission or disclosure is required by law. In some instances, however, INASP may use trusted third parties to process your information in order to keep your data secure and to allow us to provide services to you such as; secure data storage and back-up, messaging platforms to inform you about activities and programmes for which you are registered or which we believe may be of interest to you or for administrative purposes such as the scheduling of events. These might include Google Groups, WhatsApp, Survey Monkey, Mailchimp, or similar services, and in all such cases such third parties are expected to comply with this policy and the Data Protection laws and are explicitly prohibited from using your data for any other purpose. You should be aware that such external service providers will operate under their own privacy policies to which you should refer to understand why and how your data is being processed and your rights. If you do not wish for your data to be used or shared in this way you can decline to use these services, but we may not be able to provide services to you to the full extent that would otherwise be the case.
Where we are acting in the capacity of a data processor (having received your data from another data controller in order for us to provide a service to it), we may share your data with that other data controller, such as information relating to your participation in a course or activity.
You are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict or object to the processing of your data subject to any overriding legal requirement for its retention. You can export and/or delete your personal data by initiating a request from the "privacy and policies" section of your profile. We may keep certain limited data on a ‘suppression list’ so we know, if requested, not to contact you or process your data in future until further notice.
If you have any questions or concerns, or to exercise any of your rights, you can send an email to our data privacy officer at firstname.lastname@example.org or you can write to us at Data Protection, INASP, The Old Music Hall, 106-108 Cowley Road, Oxford OX4 1JE, UK. Certain requests about your data must be submitted in writing and we reserve the right to verify your identity before disclosing information to you.
We will respond to Subject Access Requests within 30 days once we have verified your identity. There is no charge for most requests, but if your request is particularly onerous or repetitive, we may ask you to pay a reasonable administration fee.
You can obtain further information about Data Protection and privacy laws by visiting the Information Commissioner’s website at: https://ico.org.uk/your-data-matters/.