Data Protection
Enactus UK respects your privacy and is committed to protecting your personal information. The EU General Data Protection Regulation (GDPR) came into force in the EU, including the UK, on 25th May 2018. This privacy policy informs you how we collect and manage your personal information in accordance with GDPR and outlines your privacy rights.
Controller
Enactus UK is the controller responsible for your personal data (collectively referred to as “COMPANY”, “we”, “us” or “our” in this privacy notice).
Contact details
If you want to request information about our privacy policy or the personal data we hold, you can email:
Andrew Bacon, Chief Executive Officer, Enactus UK
abacon@enactus.org
Changes to this Privacy Notice
We regularly review our privacy policies, which you can find on the Enactus UK website at www.enactusuk.org/privacy-policy. This version was last updated in August 2023.
How/where we collect your personal data, what personal information we collect, and why we collect it
Personal data, or personal information, means any information about an individual that can identify them. It does not include data where the identity has been removed (anonymous data).
Enactus UK will collect your personal data when you:
-
Deal with Enactus UK or NextGenLeaders in person, by telephone, letter, fax, email, or via our website.
-
Join the NextGenLeaders programme community as a changemaker, parent, carer, or support staff.
-
Register to attend one of our events.
-
NextGenLeaders programme events
We collect your personal information and contact details when you register for one of our events. Relevant personal data will be collected to ensure you can fully engage in the activities at the event and to provide the necessary information to protect you while on site. Once you have signed up, we will share event-related news and updates and may contact you about any future events we think may interest you.
Changemakers, carers/parents, and staff
If you register as a member of NextGenLeaders, we will collect your personal data to identify you (or your child) as a changemaker. We will only collect relevant information and will send you news, updates, and communications. Occasionally, we will ask you to participate in surveys or questionnaires to help us assess our work and programme delivery. We handle all communications through the school, using contact details supplied only for emergency purposes for our event attendees.
Interactions with Enactus UK
If you meet an employee of Enactus UK at an event and provide them with your contact details, they will retain this information to contact you about topics of interest and surveys you may wish to participate in. They may also share this information with other staff members at Enactus UK. We advise discouraging students from emailing Programme Managers directly, and instead ensuring all communications come through the relevant member of staff.
Data processing
In line with GDPR, we must have a legal basis for processing your personal information. For the situations described above, we process your personal information based on one of the legal bases set out below:
-
Legitimate interests: We may process your information where it is in our legitimate interests to do so as an organisation, without prejudicing your interests or fundamental rights and freedoms.
-
Consent: We may process your information where you give us your consent. You have the right to withdraw this consent at any time by contacting us.
Transferring data to other countries
Enactus UK will not rent or sell your personal information to third-party organisations.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data. Details of retention periods for different aspects of your personal data are available in our retention policy, which you can request by contacting us.
Change of Purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason compatible with the original purpose.
Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. We will notify you and any applicable regulator of a breach where we are legally required to do so.
Your rights
You have the right to request access to your personal information at any time. You also have the right to request correction of any personal data or ask us to delete any of your personal data from our records. To do this, you can follow any opt-out links in our marketing messages or contact us at any time.
What we may need from you
We may need to request specific information from you to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to prevent personal data from being disclosed to any person who has no right to receive it. We may also contact you to ask for further information related to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Please click on the following link to find out more about the GDPR Regulations: https://ico.org.uk/for-the-public/.
Complaints or Queries
If you have any questions about this Privacy Policy, please contact: Andrew Bacon, Chief Executive Officer, Enactus UK
abacon@enactus.org
Updated on 4th October 2024