From time to time, as part of running our business, we collect and use certain personal information about individuals with whom we have contact, including in relation to our Twine software products and related services that we provide (we refer to such individuals in this notice as “contacts” or “you”).
Under data protection law, we have certain legal responsibilities about how we collect, use and share your personal information.
This policy explains our privacy practices and covers the following:
- Whose personal information do we collect
- What personal information about you we collect and use
- How we use your personal information
- Who we share your personal information with
- How long we retain your personal information for
- Where your personal information is stored
- How we legally justify using and sharing your personal information
- Your legal rights in relation to your personal information
- Other relevant information, including how to contact us
Whose personal information do we collect
We collect and use personal information relating to the following types of individuals:
- Our existing customers - we collect and use contact details of people who we liaise with at organisations who are our existing customers i.e. organisations who use the Twine software and related services.
- Our business partners - we collect and use certain personal information about contacts who work at organisations who provide goods and services to us, i.e. our suppliers and organisations with whom we partner to provide our products and services.
- Potential customers - you may express an interest in our Twine software and services, for example by phoning us or registering an interest on our website. We also send marketing communications to potential customers – please see paragraphs 5(d) and 9 below for more information.
- Other third parties - from time to time we may also collect information about contacts at other third party organisations, such as potential partners, community businesses, grantees (organisations who are nominated for a Twine account), organisations who provide grants and contacts who work for other organisations in the industry.
What personal information about you we collect and use
Regardless of whose personal data we collect and use as indicated above, the information will only include (as a maximum) your name, email, phone number (work and/or possibly your personal mobile number), place of work and job title. The Twine app also features a "location reminder" which, when enabled (it is off by default) and given permission to use your smartphone's location, will remind end-users to create a volunteering log when they leave the premises at which they volunteer. This is used only to send such reminders; location data is not used for any other purpose.
Please also see under paragraph 4(b) below regarding some situations where certain individuals may voluntarily provide our customers with details of their age and gender and other more sensitive information.
Sources of personal information
Referrals - occasionally we receive referrals from customers, partners and other third parties, passing someone’s contact details to us who they think may be interested in our Twine products and services.
b. From our customers - if you are a client of our customer, or end user of the Twine app, then we may receive personal information about you from our customer, for instance if you interact as a client or volunteer with a local business, then we may receive your email address, your phone number, and, at your discretion, your age and gender, ethnicity and details of any disability (which we process on our Twine apps and software).
c. Information from your employer ► your employer may pass us your contact details.
d. Information you provide - the information you provide when you get in touch with us, for instance registering an interest via our website or if we meet at a networking event and your provide your business card or via your use of the App itself.
How we use your personal information
Day to day communications – we need to communicate effectively and efficiently with our customers, end users, partners and other parties, in order to facilitate our provision of high quality and timely communications, products and services. Similarly, where your organisation provides services to us, we will need to know which individuals at your organisation we need to communicate with and keep details of your personal information on our systems. Therefore, we use personal information for day to day communications with such parties. Our communication methods include social media, written correspondence, email, telephone and face to face meetings.
b. Use in our Twine software and services – when handling personal data in providing the Twine software, app and related services, we only process such personal data (including location data) based on the instructions of a customer and/or in accordance with the contract which we have with that customer.
c. Managing accounts – we process personal information in relation to setting up and managing accounts with our customers, suppliers and partners, and will use personal information in this regard, for related internal administration.
d. Marketing – as a business, we want to make people aware of the range of products and services which we can offer, for instance making existing customers aware of new solutions and special offers, but also telling potential customers about our Twine software and services. We keep lists of contacts on our client relationship management (CRM) system called Hubspot (see paragraph 6 below for further details of Hubspot), and from time to time we may send marketing information to you by phone and email. However, we will only send you marketing emails and other communications where we have first obtained your consent to our doing so, for instance we may telephone you to discuss our Twine software where you have expressly asked us to do so. Please see paragraph 9 below regarding your right to object at any time to receiving direct marketing information.
e. Campaigns – surveys and competitions - If you are a customer or end user of Twine software, we will, from time to time, send you survey campaigns and feedback questionnaires about the Twine software and services. This is a simple questionnaire which asks you to rate the software – it does not collect any more data about you, and it is up to you whether or not you choose to fill in the questionnaire.
Parties who we share your personal information with
We share your personal information with the following parties:
a. Hubspot – provider of our CRM system, who provide a hosted solution and will have potential access to the details set out at paragraph 2 above.
b. Various other providers of miscellaneous, software and cloud services, that we appoint for the provision of supporting tools, that enable us to store and manage contact information, but on a more ancillary basis than in respect of the third parties listed above. This may include organisations such as MailChimp, Calendly, GoogleDrive, Skype, and other similar providers of such software and cloud services whom we may appoint from time to time.
Note that these services listed are those on which we store data about organisations using Twine (Hubspot) or dispatch emails to organisations using Twine (Mailchimp). These third parties are not shared personal data about end users (volunteers and visitors/service users).
How long we retain your personal information for
The length of time that we retain your personal information for varies, according to the type of individual whose personal information we have collected, and what this is being used for:
Type of Individual
Applicable retention period
Our existing customers
- Providing our Twine software and services, day to day communications
- Managing and setting up the account
For the duration of the contract between us and the customer
Clients of our customers
Use in our Twine software and services
As instructed by the customer (unless we are required to retain the data longer by law).
End users of the Twine software
Providing our Twine software and services
As instructed by the customer (unless we are required to retain the data longer by law).
Our business partners
- Receiving services
- Managing and setting up accounts
For the duration of the contract between us and the business partner + 7 years. However, we will seek to anonymise as much personal information as soon as possible once the contract comes to an end.
We will review the personal information that we hold on such individuals every 6 months and unless we have regular contact with you or a reasonable prospect of establishing a relationship with you or your organisation, we will delete or anonymise such personal information.
Other third parties
Day to day communications, marketing
Transfers of your personal information
Under data protection law, when personal information is being transferred outside the European Economic Area (EEA) there exists an obligation for data controllers to ensure that such transfer is performed in a manner that ensures that your personal information is adequately protected. While Twine is a data processor and we only transfer data in ways made explicit by our contract with organisations, we have taken additional details to detail how any such transfers meet this obligation set out below:
|Party to whom we transfer personal information||Amazon Web Services||Hubspot|
|Country to where we transfer||United Kingdom||United States|
|What that party does with the personal information||As part of operating the Twine App, we use a hosting provider, Amazon Web Services (AWS). Our availability zone for data storage is based in the UK. ||Hubspot provide a CRM platform for us and host the data on their servers in the United States. |
|How that data is protected in accordance with data protection law||In these circumstances the personal information will be transferred to and stored by AWS in accordance with the EU-U.S. Privacy Shield, which has been approved by the European Commission as offering adequate levels of protection and therefore complies with data protection law.||In these circumstances the personal information will be transferred to and stored by Hubspot in accordance with the EU-U.S. Privacy Shield, which has been approved by the European Commission as offering adequate levels of protection and therefore complies with data protection law.|
|How to find out more information||You can find more information about AWS’s certification with Privacy Shield at: https://aws.amazon.com/complia...||You can find more information about Hubspot’s certification with Privacy Shield at: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active|
As mentioned above and on our list of third-party providers located on our FAQ, we may in future provide additional services in relation to Twine which may involve additional data transfers. Such alterations will be done with prior consent from user organisations.
Legal grounds for processing your personal information.
Every use that we make of your information must meet a legal ground in the list set out by data protection law. The legal grounds which we rely on are as follows:
a. For marketing purposes - the legal ground which is relevant to us contacting you to provide you with marketing information (whether by phone or email) is your explicit consent. You can withdraw your consent to this at any time by informing us in writing (including by email), which will mean that we will no longer send you such marketing communications.
- enabling us to provide effective communications with our customers and partners,
- managing accounts and relationships with customers and partners;
- to operate our software and related services efficiently; and
- to help us improve the use of data and learning in the community organisations sector.
Your rights in relation to your personal information
If you have any questions in relation to our use of your personal information, you should first contact us using the contact details in paragraph 11 below. If you are a user of our Twine app or software, or if you are client of one of our customers, you should contact the customer directly, because they are the data controller, against whom you would exercise the below rights.
Under certain conditions, you may have the right to:
a. require us to provide you with further details on the use we make of your personal information;
b. require us to provide you with an electronic copy of personal information that you have provided to us;
c. require us to update any inaccuracies in the personal information we hold;
d. require us to transfer a copy of your personal information to another data controller, in a structured, machine readable and commonly used format;
e. withdraw consent to us sending you marketing information, which you can do at any time;
f. require us to delete any personal information that we no longer have a lawful ground to use;
g. require us to restrict our use of your personal information;
h. complain to the Information Commissioner at any time;
i. object to use of your personal information for direct marketing purposes;
j. object to our uses of your personal information which are based on the 'legitimate interests' legal ground, as indicated above. If any of our uses of your personal information based only on this legal ground is causing you undue harm, then we must cease using your personal information for that purpose.
Your exercise of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes, or protecting legal privilege. If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
If you are not satisfied with our use of your personal information or our response to you, you can complain to the contact listed at paragraph 10 below.
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to your personal information, by contacting us as set out below.
We are required to employ adequate technical and organisational security measures to protect your personal information from any loss, destruction, damage or unlawful disclosure. However, no transmission over the internet can ever be guaranteed as secure. Consequently, please note that we cannot guarantee the security of any personal information which you transfer via the internet to us.