Learn more about how the South London Botanical Institute handles your personal data.
1. Who we are
At the South London Botanical Institute we respect the privacy of our supporters and visitors to our website. We take our duty to process your personal data very seriously and this policy explains how we collect, store, manage, use and protect your personal data and what controls you have over your data.
In this policy, references to ‘The South London Botanical Institute’, ‘SLBI’ or to ‘we’ or ‘us’ refers to the said registered charity in England and Wales No. 214251. A non-profit making company limited by guarantee, Registered Company Number: 116643
2. What rights you have over your data
A new data protection law (GDPR), came into force on 25th May 2018. It gives every UK/EU citizen a number of very important rights. These are the rights to:
- Transparency over how we use your personal information (right to be informed)
- Request a copy of the information we hold about you, which will be provided to you within one month (right of access)
- Update or amend the information we hold about you if it is wrong (right of rectification)
- Ask us to stop using your information (right to restrict processing)
- Ask us to remove your personal information from our records (right to be ‘forgotten’)
- Object to the processing of your information for marketing purposes (right to object)
- Obtain and reuse your personal data for your own purposes (right to data portability)
- Not be subject to a decision when it is based on automated processing (automated decision making and profiling)
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. If you would like to know more about your rights under the data protection law see the Information Commissioners Office website.
3. Your consent
For our existing members/supporters your consent to process your personal information is given to us when you have agreed to it either by the email or the letter we sent out to you recently asking you to opt in.
For any new members/supporters your consent is given when you have contacted us in the ways explained under Section 6.
4. What personal data we collect and why we collect it
When you provide your personal details to us we will use physical, electronic and managerial procedures to safeguard and secure the information that we collect. We use your information for what is known as ‘legitimate interests’ – that is to fulfil your request and/or to enable us to provide you with a specific service, appropriate marketing information, and products to provide the best and most secure experience so that we can continue to carry out our work in botanical education and all its aspects.
This will relate to a variety of specific SLBI activities; newsletter requests, volunteer registrations or membership requests, DBS checks for those who work with vulnerable people including children, ticket purchases for courses and workshops, talks and events, donations, and feedback and information you may provide on our website and public forums, i.e. on our social media sites such as Twitter, Facebook and Instagram.
You don’t have to disclose any of this information to browse our sites. However, if you choose to withhold requested information, we may not be able to provide you with certain services.
Should you at any time wish to see the data we hold on you, or wish to be removed from our database, please contact us via our details in Section 17 at the end of this policy, and we will either send you a copy of what we hold or remove your details as per your request.
Additional information: Some of our funders require us to keep monitoring forms of our visitors for reasons of demographic research regarding relevant projects; these require anonymised data such as age range, gender, ethnicity, disability and the name of the borough you live in. Your name, address and email are not included in this information.
5. How our website collects and stores personal data
This site utilises caching in order to facilitate a faster response time and better user experience. Caching potentially stores a duplicate copy of every web page that is on display on this site. All cache files are temporary, and are never accessed by any third party, except as necessary to obtain technical support from the cache plugin vendor. Cache files expire on a schedule set by the site administrator, but may easily be purged by the admin before their natural expiration, if necessary.
Event, Venue, and Organiser information
If you create, submit, import, save, or publish Event, Venue, or Organiser information, such information is retained in the local database:
- Venue information: name, address, city, country, province, postal code, phone, website, geographical coordinates (latitude and longitude)
- Organizer information: name, phone, website, email
- Event information: website, cost, description, date, time, image
Importing Events, Venues, and Organisers:
- All data present within a CSV or ICS file and external URLs (for events, venues, organisers, and tickets)
- Import origin data (URL from where events are being imported—such as Eventbrite, MeetUp, other compatible URL sources, and more, which can include similar or same data as listed above)
- Eventbrite Ticket information: name, description, cost, type, quantity
Please note that to create new events through the Community Events submission form, a user must hold a website account on this domain. This information is retained in the local database. It is also possible to create events anonymously, if the site owner has this option enabled.
We make use of certain API keys, in order to provide specific features.
These API keys may include the following third party services: Google Maps, Facebook, Meetup, PayPal, and Eventbrite (API key, auth URL and Client Secret).
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you use our contact form, we will collect the following personal data:
- Your name (howsoever you choose to provide it to us)
- Your email address
- The content of your message, which may or may not contain personally identifying information depending upon what you choose to submit
We collect your email address so that we can send you a single email to confirm the receipt of your message. This email will also contain a summary of the information you submitted to us for your records.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Links to other websites
Our website may contain links to enable you to visit other websites of interest easily. However, you should note that we do not have any control over those other websites.
For this reason, we cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites, and these sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
6. How we obtain your details
- When you provide it to us directly. We collect your personal information directly in a number of ways: when you join as a member, sign up to our e-newsletters, make an enquiry, attend an SLBI-run event or volunteer, we collect your name, postal address, and where applicable, email address, and telephone number and, if you or us are making a direct payment, or standing order, your bank details.
- When you provide permission to a third party to share your data with us (including Facebook or Twitter, Instagram, Eventbrite and Paypal). NB: When providing permission for third party organisations to share your data you should check their Privacy Policies* carefully to understand fully how they will process your data – Please see Section 7.
- When we collect it as you use our website. Please see section 5 above for more details.
We combine the information from sources 2) and 3) with the information you provide to us directly in 1).
7. Who we share your data with
If we run an event in partnership with other named organisations some of your details may need to be shared. We will notify you clearly upon registration about sharing your data in these cases.
We disclose information to third parties to allow them to perform the service they provide to us. When providing permission for third party organisations to share your data you should check their Privacy Policies carefully (see below) to understand fully how they will process your data in respect of the information we are required to provide to them for the purchase-related transactions.
Website endpoint security is provided by WordFence, who will collect the following data when you visit our site:
- Originating IP address
- Proxy IP address (if available)
- URL accessed
- HTTP header information
- HTTP request body
- Cookies (e.g., Google Analytics, WordPress authentication)
This data is collected solely for the provision of security, namely to identify website users who may be trying to bypass security measures in order to gain unauthorised access to this site or the web server it is running on. By collecting this data our service provider is helping to ensure the continued security of this site and web server software and any and all data processed thereof.
The data that is collected from your visit to this site will be transferred outside of the EEA, for which Defiant (the publisher of the WordFence software) currently has a Privacy Shield application pending. Until this application has been approved, a Model Contract Clause agreement has been entered into between ourselves and Defiant to ensure that all data transmitted outside of the EEA is done so in accordance with the requirements laid down by the GDPR.
When purchasing Eventbrite Tickets, attendee, purchaser, and order information are stored and managed by Eventbrite.
Purchase related transactions
At present we use Paypal and Eventbrite for purchase related transactions i.e. making payment for membership, courses, workshops and other events or making donations.
By buying a ticket in this way you are giving consent for The South London Botanical Institute to process your personal information as outlined above in accordance with current data protection legislation.
By paying for your ticket using the Paypal payment service you also consent to The South London Botanical Institute receiving your name, address, email and sometimes a contact number. We will store this data in our electronic and hard copy filing systems and process it in accordance with current data protection legislation.
Your data will not be passed on to any third parties, unless it is a shared event. In this instance we ask you upon registration if we have your consent to share your data in this way.
You can of course also purchase your tickets via cash or cheque or BACS payment without supplying the data outlined above in its entirety. If you do not wish your data to be used in any of the ways listed above, would like your data to be removed from our systems, or have questions about how we use your data to process transactions, please contact our Data Protection Officer using the contact details in Section 17.
Third party partner privacy policies
Please also see our Terms and Conditions for website and ticketing advice.
We send emails both directly from us here and for bulk emails, we currently use Mailchimp, a US-based email marketing content provider. Mailchimp processes some of our data activities such as the collection (e.g. via sign-up forms) and storage of personal data in order to allow us to create and use distribution lists, send marketing email campaigns. Mailchimp may also transfer some of your personal data to their approved sub-processors (who, as described in their Data Processing Agreement, perform some critical services, such as helping MailChimp prevent abuse and providing support to their customers).
8. Using SLBI WiFi
When you use our own wifi services, currently provided by The Phone Coop, it may be possible for us to collect data about the device you are using, the volume of data you use, the websites and applications that you access and your usage access time, frequency and location.
9. Access to your personal information
We will keep your details secure and will never share your data with another unrelated company and will only disclose information to third parties or individuals when:
- Obliged to by law, for purposes of national security, taxation (this includes Gift Aid processing as well as accounting rules) and criminal investigations
- You have agreed that we may do so
10. What automated decision making and/or profiling we do with user data
We may use profiling and screening methods to produce relevant communications and provide a better experience for our supporters. Profiling can help us target our resources more effectively by gaining an insight into your interests, helping us to be more effective in making sure appropriate contact can be made by us in relation to your past activities and queries. This comes under the legal basis of ‘legitimate interest’ as outlined in Section 4.
If you are under 18 please ensure you obtain your parent/guardian’s consent before sending us any personal information. We do have activities for those under 18 so we may ask your age. Before taking part please ensure you speak to your parent or guardian.
Please note that we will not knowingly market to or accept donations or orders for goods or services from persons aged under 18 years.
If you are a parent or guardian we encourage you to be aware of the activities in which your children are participating, both offline and online. If your children voluntarily disclose information, this may encourage unsolicited messages. We suggest that you discourage your child from providing any information without your consent.
When you volunteer with The South London Botanical Institute we will keep you up to date with the work that we are doing and events we are involved with. We will also let you know of any changes that might affect you volunteering with us and which you need to be aware of. We will only use this information in relation to your volunteering with us and whilst you remain a volunteer with us.
By agreeing to volunteer with the SLBI you are agreeing to us sending you emails about volunteering and your volunteer role. On other occasions we may process personal information when we need to do this to fulfil a contract (e.g. if you have signed up for a course or other event via the website or Eventbrite). We will on occasion share your email address with other SLBI volunteers, for instance in the process of organising an event you have chosen to help with.
13. Scientific and artistic data
If you supply The South London Botanical Institute with scientific or artistic data e.g. as a member, visitor or on a volunteer project, it will be carefully stored and used by us and/or our project partners. Such records may include, for example, herbarium specimens, plant and seed specimens, species information, location, dates and photographs, and art and crafts related items.
Please note any photographs you take at the SLBI cannot be used for personal gain without our permission. Please see our copyright notice.
15. How long we retain your data
We hold your information only as long as necessary for each purpose we use it for.
We can hold some personal records for longer periods if the data is solely for archiving purposes in the public interest, or scientific, historical or statistical purposes in accordance with Art.89(1) and this is subject to the implementation of appropriate safeguards.
We will regularly update, archive or securely delete information if it goes out of date, e.g. if your membership ceases or you let us know you no longer wish to opt-in, or subscribe to emails, or be contacted by us in any other way.
If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
16. How to remove your data from our records
If you decide not to support the SLBI any more or request that we have no further contact with you, we will keep some basic information in order to avoid sending you unwanted materials in the future and to ensure that we don’t accidentally duplicate information. If you would like all personal data removed please also inform us and we will remove it from our files.
You can unsubscribe from our mailing list by contacting our Data Protection Officer (DPO) using the details in Section 17 or by clicking on the unsubscribe link at the bottom of any of our Mailchimp emails.
17. How to contact us
If you wish to raise a complaint on how we have handled your personal data, please let the DPO know and the matter will be investigated. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Fundraising Regulator or the Information Commissioner’s Office (ICO).
Our DPO can be contacted by writing to:
Data Protection Officer
South London Botanical Institute
323 Norwood Road
London, SE24 9AQ
Telephone: 020 8674 5787
Email: [email protected]