Privacy Policy for OnePlusOne
Effective Date: November 2024
1. Introduction
OnePlusOne ("we," "us," or "our") is a registered charity that operates a business website within the UK/EU area. We are committed to protecting and respecting your privacy. This Privacy Policy sets out how we collect, use, disclose, and protect any personal information you provide to us when using our website and related services. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
OnePlusOne are the designated data controller for the purposes of the General Data Protection Regulations. Certain third-party services we use will be designated as a data processor on our behalf.
We have appointed a Data Protection Officer (DPO) to oversee data privacy compliance. You can contact our DPO for any data-related queries:
Data Protection Officer: [email protected]
2. Information We Collect
We may collect and process the following types of personal information:
Information you provide by filling in contact forms on our website, including your name, email address, phone number, and any additional comments you choose to provide.
Information you provide when signing up for our newsletter service, which is facilitated through a service called Mailchimp. This includes your name and email address. You have the option to unsubscribe from our newsletters at any time by clicking the "unsubscribe" link in the email.
Information you provide when signing up for our lunch and learn communication, including your full name, email address, and county council or organisational representation. This communication is also managed through the MailChimp service.
Information collected automatically through functional and statistical third-party services, such as Google Analytics, Vimeo, TypeForm, Stripe (for donations), and Memberstack. This information may include your IP address, browser type, operating system, and other technical data about your device and its interaction with our website.
Information collected through cookies. Please refer to our Cookie Policy for more details on our use of cookies.
3. How We Use Your Information
We use your personal information for the following purposes:
To communicate with you and respond to your inquiries.
To provide you with information about our services and newsletters if you have opted to receive them.
To manage our lunch and learn communication.
To improve our website and services through data analysis and statistical insights.
To process donations and other transactions made through our website.
To comply with legal and regulatory obligations.
To personalise content and improve user experiences, based on consent.
To analyse data to improve our website and services.
Carry out research to develop our interventions (covered by our Research Privacy Policy). To carry out research as described in our Research Privacy Policy.
4. Legal Basis for Processing
We process your personal information on the following legal bases:
With your consent when you voluntarily provide us with your information.
To fulfil contractual obligations when you sign up for specific services.
For legitimate interests, such as improving our website and services, and providing you with relevant communications.
Legitimate research data voluntarily provided from you by participating in our research events.
5. Data Sharing
We may share your personal information with third-party service providers who assist us in operating our website and providing services to you. These service providers are contractually obligated to handle your data securely and only process it on our behalf. We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may also share your personal information with collaborative researchers for legitimate research purposes, as described in our Research Privacy Policy. We ensure all third parties comply with UK GDPR by signing data processing agreements, outlining their responsibilities for data security.
6. Data Transfers
We do not transfer your personal data outside of the UK/EU area. If we transfer your data outside the UK or EU, we will ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your rights in accordance with the UK GDPR.
7. Data Security
We implement reasonable technical and organisational measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. We use encryption for data storage and data transfer using SSL. Access to certain data is controlled through access management controls.
We conduct regular vulnerability assessments, penetration testing, and provide staff training on data security as per ICO guidance
8. Your Rights
Under the GDPR, you have the following rights regarding your personal information:
Right to access: You can request a copy of the personal information we hold about you.
Right to rectification: You can ask us to correct any inaccuracies in your personal information.
Right to erasure: You can request the deletion of your personal information (please also refer to our Research Privacy Policy).
Right to restrict processing: You can request that we limit the processing of your personal information (please also refer to our Research Privacy Policy).
Right to data portability: You can request to receive your personal information in a structured, machine-readable format.
Right to object: You can object to the processing of your personal information in certain circumstances.
Right to withdraw consent: If you have given your consent for specific processing, you can withdraw it at any time (please also refer to our Research Privacy Policy).
Right to lodge a complaint with the ICO if you believe your data rights have been violated.
9. Changes to Our Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page, and the updated Privacy Policy will be effective from the date of posting.
10. Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your personal information, please contact us at:
Email: [email protected]
Research Privacy Policy
Last Updated: November 2024
Introduction
1.1. This Research Privacy Policy outlines how OnePlusOne collects, processes, and protects personal data for research purposes, including the handling of sensitive data. We are committed to ensuring the confidentiality and privacy of all individuals participating in our research.
1.2. For the purposes of this policy, "personal data" refers to any information that can directly or indirectly identify an individual, including sensitive data types like sexual orientation and health.
1.3. As part of our commitment to advancing scientific knowledge and improving relationship support services, we may collaborate with academic researchers and institutions. Such collaborations are governed by strict confidentiality agreements and data protection protocols.
Data Collection for Research
2.1. OnePlusOne conducts research to contribute to a better understanding of relationship dynamics, well-being, and related topics. We collect personal data solely for legitimate research purposes in accordance with the principles laid out in the General Data Protection Regulation (GDPR).
2.2. We collect the following examples of personal data solely for legitimate research purposes in accordance with the principles laid out in the General Data Protection Regulation (GDPR):
Demographic information: Name, age, occupation, etc.
Contact details: Email address, phone number, postal address, etc.
Responses to questionnaires, interviews (both audio and video), and surveys
Information volunteered by participants during research activities
2.3. OnePlusOne does not collect or process sensitive data types, such as sexual orientation and health, without obtaining explicit consent from the individuals concerned. This could include the following with your consent:
Racial or ethnic origin.
Sexual orientation.
We do not collect any other special category data and if this has been disclosed by the participant, it will be deleted and not form part of our research.
Purpose of Data Collection
3.1. The personal data collected for research is used solely for academic and scientific purposes. The data helps us gain insights into various relationship dynamics, develop evidence-based interventions, and contribute to academic publications. The research findings are anonymised and aggregated to protect the identity of participants. While individual-level data may be shared with research collaborators, all published findings will be anonymised and aggregated to protect the identity of participants.
3.2. The legal basis for processing personal data for research purposes is based on the legitimate interests pursued by OnePlusOne in conducting scientific research (GDPR Article 6(1)(f)). This includes sharing data with academic collaborators for legitimate research purposes, including peer-reviewed publications.
Data Retention and Anonymisation
4.1. Personal data collected for research will be retained only for as long as necessary to achieve the research objectives. Once the data is no longer required for research purposes, it will be anonymised or deleted, in accordance with data minimisation principles.
4.2. Anonymisation of data involves removing any identifiable information that could link the data to an individual, ensuring that research outcomes cannot be traced back to participants.
4.3 Data collected using audio or video format will be transcribed using an artificial intelligence service (I.e., Microsoft Teams Transcribing Features), and the audio and video files will be deleted within 6 months.
4.4 Transcription data will be anonymised or deleted, in accordance with data minimisation principles.
4.5 When sharing data with research collaborators, we may maintain identifying information where necessary for research integrity and validity, subject to appropriate data sharing agreements and confidentiality protocols.
Data Security
5.1. OnePlusOne implements appropriate technical and organisational measures to protect personal data collected for research against unauthorised access, accidental loss, alteration, or disclosure.
5.2 We employ encryption techniques at rest and SSL encryption using HTTPS whilst our data is in transit.
5.3. Access to personal data is restricted to authorised personnel within the OnePlusOne research team, who are bound by confidentiality obligations, and will only be stored within the UK/EU.
5.4. When sharing data with academic collaborators, we ensure that:
Appropriate data sharing agreements are in place
Collaborators are bound by confidentiality obligations
Data transfer and storage meet our security standards
The sharing is limited to what is necessary for the research purpose
Consent and Withdrawal
6.1. Participation in our research is entirely voluntary. Participants have the right to provide or withhold consent for the collection and processing of their personal data.
6.2. If we collect sensitive data types, such as sexual orientation and gender, explicit consent will be sought separately, clearly explaining the purpose and scope of data processing.
6.3. Participants may withdraw their consent at any time, and their data will be promptly anonymised or deleted, as per their request. However, if data anonymisation has already been completed, we will not be able to remove your contributions at this stage.
6.4. When consenting to participate in our research, participants acknowledge that their data may be shared with academic research collaborators for legitimate research purposes, including peer-reviewed publications. This sharing will be conducted under strict confidentiality protocols.
Contact Information
7.1. For any inquiries, requests, or concerns related to this Research Privacy Policy or the handling of personal data for research purposes, please contact us at:
Email: [email protected]