This policy details how we, at Global Vegan Crowd Funder Ltd., use your personal data and your rights in relation to that data.
Global Vegan Crowd Funder assumes the responsibility of the data controller. We are committed to protecting your privacy.
Any questions in regards to this policy should be forwarded to our team.
We are Global Vegan Crowd Funder: Our website address is https://globalvegancrowdfunder.org.
What personal data we collect and why we collect it:
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms: Cookies
Please see our separate, detailed Cookies Policy for details.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
We may share your data with our third party service providers who may provide services to us or directly to you. These providers are;
- Website and social media administrators & maintenance
- Accountants, legal and security advisors
- Advertisers, PR, Digital and Creative agencies
- Banks, Payment Processors and Financial service providers
- Cloud software system providers, including email
- Data handlers
- External partners
- File and data transfer providers
- Insurance brokers
- Tax administration (HMRC)
- Team and remote collaboration services such as Trello
- Social media platforms
- Website and data analytics platform providers
- Website marketing, search and integration services
- Website hosting service providers
We may also disclose your information to comply with legal or regulatory obligations.
*All located within the EU or as otherwise stated
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Under the GDPR your rights are as follows;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Except in limited circumstances, whereupon special measures will protect your information, we will not transfer your data outside of Europe.
The type of data we collect
- Banking and billing information
- Contact information
- Correspondence details between us and you
- Fundraising information relating to projects
- Information needed for fraud prevention
- Identity verification information
- Legal information
- Marketing preferences
How we protect your data
We take the utmost caution in protecting your data. Where we are able, we will employ strong security measures, but please be aware that transmissions over the internet are not completely secure, and so please exercise caution. When accessing links to other websites, their own privacy policies will apply to your personal information.
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online.
In addition, please refer to the privacy policies, if you linked to our website from a third party website, of those websites.
Global Vegan Crowdfunder Ltd. will not be held responsible for any breach of security, due to internet transmissions, unless we are proven to be at fault.
What data breach procedures we have in place
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
Our procedure sets out the responsibilities and the steps that will be taken by the organisation to communicate the breach, under articles 33 and 34 of the GDPR.
All company directors and employees are required to have knowledge of and follow this procedure in the event of a data breach.
When a personal data breach has occurred, we establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk then we will notify the ICO, (Information Commissioners Office), within the required 72 hours.
If a breach is likely to result in a high risk to the rights and freedoms of individuals, the GDPR requires that we inform those concerned directly and without undue delay. In other words, this should take place as soon as possible.
In notifying the indiviual, we describe, in clear and plain language, the nature of the personal data breach and, at least:
- the name and contact details of our data protection officer, or other contact point where more information can be obtained;
- a description of the likely consequences of the personal data breach; and
- a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.
Article 33(5) requires us to document the facts relating to the breach, its effects and the remedial action taken. This is part of our overall obligation to comply with the accountability principle, and allows us to verify our organisation’s compliance with its notification duties under the GDPR.
As with any security incident, we investigate whether or not the breach was a result of human error or a systemic issue and see how a recurrence can be prevented – whether this is through better processes, further training or other corrective steps.
We may also need to consider notifying third parties such as the police, insurers, professional bodies, or bank or credit card companies who can help reduce the risk of financial loss to individuals.
What third parties we receive data from
At this time, only WordPress.com integrates for inbound data on this website.
What automated decision making and/or profiling we do with user data
At this time, we only use user data to provide services on this website and target users for advertisements to remind them of the services we provide.
Industry regulatory disclosure requirements
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are: [delete as appropriate]
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting [contact details]
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We need it to perform a public task.
(f) We have a legitimate interest.