Data Privacy Notice
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”) 1.
Who are we?
Foodsharing Copenhagen is the data controller (contact details below). This means it decides how your personal data is processed and for what purposes.
Contact details for Data controller:
On behalf of Foodsharing Copenhagen:
Name: Ann-Christin Weimann
Mail: firstname.lastname@example.org or email@example.com
Phone: +45 5030 6635
How do we process your personal data?
Foodsharing Copenhagen complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We use your personal data for the following purposes:
Completion of contract for membership
Analyses to improve volunteer management (consent is given when signing up on VolunteerLocal) this includes keeping track of volunteer activities of the individual volunteers and input from shift leaders regarding volunteer performance at events
What is the legal basis for processing your personal data?
By signing up as a volunteer through our signup form, you give us consent to process your data (name, phone number and email address). The same is the case when signing up for volunteer shifts on volunteerlocal.com (additional data collected is your phone number). By signing up you give us consent to use the data (information of which shift is taken) for analysing volunteer activities to improve Foodsharing Copenhagen’s volunteer management.
Occasionally, we might post links to signup sheets in the internal facebook groups (e.g. to sign up for an event or to buy a Foodsharing T-shirt). All data collected through these methods will be deleted as soon as it is not longer necessary, hence the event is in the past or the T-shirt has been given out and all payments have been carry out.
Surveys posted by third parties in these groups is not included in this agreement and Foodsharing Copenhagen has no access and is therefore not responsible for that data.
Sharing your personal data
We collect your data through mailchimp and volunteerlocal. Your personal data will be treated as strictly confidential. It will be shared with Google as we use Google drive as our data storage provider and Google mail as our email account, meaning data collected through mailchimp and VolunteerLocal is stored on Google drive. We will only share your data with other third parties with your consent. We have signed the updated G Suite Data Processing Amendment which include the requirements of the EU’s General Data Protection Regulation.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary for a period of your membership in order to have a complete list of Foodsharing Copenhagen’s membership. Data used for analytical purposes will be anonymised on request if you wish to do so after you leave Foodsharing Copenhagen as a member. Membership is revoked automatically after a period of six months of inactivity (no shifts at foodsharing events or active contribution to at least one of the working groups). When membership is revoked automatically, your data will only be anonymised if you request us to do so. As our data is currently stored on Google drive, after deletion “Google will comply with this [deletion] instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.”
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- To access your personal data.
- To be provided with information about how your personal data is processed.
- To have your personal data corrected.
- To have your personal data erased in certain circumstances.
- To object to or restrict how your personal data is processed.
- To have your personal data transferred to yourself or to another business in certain circumstances.
- To lodge a complaint with a supervisory authority such as the Danish Data Protection Agency if you consider that the processing of personal data infringes the General Data Protection Regulation.
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
To exercise all relevant rights, queries of complaints please in the first instance contact the data controller at firstname.lastname@example.org.