This privacy notice tells you what to expect when the Sustainable Markets Initiative collects, processes, shares and stores your Personal Data.
1. Who are we?
The Sustainable Markets Initiative (“SMI”) is a Community Interest Company (CIC) that operates globally to create sustainable markets and put Nature, planet and people at the heart of global value creation. In this Notice wherever you see the words ‘we’, ‘us’ or ‘our’, it refers to the SMI.
2. Introduction to the GDPR
The Sustainable Markets Initiative is legally obliged to comply with the provisions of the General Data Protection Regulation 2018 (GDPR).
The personal details collected through our website, our Partners, Members and provided by you, the user, will be processed in line with the legislation. We will not sell, license or trade any personal information to others. We do not provide personal information to direct marketing companies or other such organisations.
3. What is Personal Data?
Throughout this policy we will refer to a number of definitions of data as outlined below:
Personal Data: Any information relating to an identified or identifiable natural person.
Financial Data: Data about a company that tells you about its financial health and performance i.e. Financial accounts, mergers and acquisitions, frameworks etc.,
Confidential Data: Any information disclosed which is designated as "Confidential," "Proprietary" or some similar designation.
Highly Confidential: This type includes data elements that require protection under laws, regulations, contracts, relevant legal agreements and/or require notification of unauthorized disclosure/security incidents to affected individuals, government agencies or media.
4. Where do we collect information from?
The SMI will obtain, hold and process all Personal Data in accordance with GDPR. In all cases the information collected, held and processed might include Personal Data (as defined in 3 above).
Both Personal Data and other data (as defined in section 3) will be treated in accordance with the below statements unless otherwise stated.
4.1 By Consent
a) People who are interested in, and wish to be kept informed of, the activities of the SMI.
b) Subject to the person’s consent, this may include information selected and forwarded by the SMI on activities relevant to Members of the SMI by other organisations.
Note: this will not involve providing the person’s Personal Data to another organisation.
The information collected may additionally contain details of any particular areas of interest about which the person wishes to be kept informed.
The information provided will be held and processed solely for the purpose of providing the information requested by the person.
4.2 By Contract
People who sell goods and/or services to, and/or purchase goods and/or services from the SMI. The information collected will additionally contain details of:
a) The goods/services being sold to, or purchased from the SMI;
b) Bank and other details necessary and relevant to the making or receiving of payments for the goods/services being sold to, or purchased from the SMI.
The information provided will be held and processed solely for the purpose of managing the contract between the SMI and the person for the supply or purchase of goods/services.
4.3 By Legal Obligation
People where there is a legal obligation on the SMI to collect, process and share information with a third party
The information provided will be held, processed and shared with others solely for the purpose meeting the SMI’s legal obligations.
4.4 Legitimate Interest
Members, Partners and volunteers
In order to be able to operate efficiently, effectively and economically, it is in the legitimate interests of the SMI to hold such Personal Data on its Members, Partners and volunteers and executive directors as will enable the SMI to communicate with its Partners, volunteers on matters relating to the operation of the SMI, e.g.:
the holding of meetings;
providing information about the SMI’s activities – particularly those activities which, by their nature, are likely to be of particular interest to individual Members, Partners and/or volunteers;
seeking help, support and advice from Members, Partners and/or volunteers, particularly where they have specific knowledge and experience;
ensuring that any particular needs of the Members, Partners and/or volunteers are appropriately and sensitively accommodated when organising meetings and other activities of the SMI.
5. What data do we collect?
The types of Personal Data that the SMI may collect include:
Full name (including any preferences about how they like to be called);
Full postal address;
Telephone and/or mobile number(s);
Data related to specific contracts / services performed fo
In some limited circumstances, the Personal Data that the SMI collects may include information that is considered ‘sensitive data’. This may include Personal Data regarding racial of ethnic origins, health etc. Where this information is collected, we will tell you so you know why it is needed and how it will be stored.
6. Your rights
Under the General Data Protection Regulation 2016/679, you have a number of rights. These include:
access and obtain a copy of your data on request;
ask us to change incorrect or incomplete data;
ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
object to the processing of your data where we are relying on our legitimate interests as the legal ground for processing;
request a copy of the data you have provided to us in an agreed format, so that you can reuse it or transfer it to another data controller if you wish;
ask us whether we use automated decision making or profiling when processing your data.
Please note that none of these rights are absolute and we reserve the right to refuse your request where exceptions apply. If you would like to contact us in regard to above rights please email firstname.lastname@example.org.
7. Who else can access your Personal Data
We are committed to protecting your data and therefore it will never be sold to external organisations and will only be disclosed to those acting as agents and data processors carrying out work on our behalf. Where we enter into a relationship with an external party, any such arrangements will be subject to a formal agreement between the SMI and that organisation to protect the security of your data. These Parties may include:
Suppliers who send out communications on our behalf, such as invitations to our events;
Members who participate in SMI events and activities;
Partners who lead and sponsor SMI events and activities;
Other charities of HRH The Prince of Wales* and our Executive Board or Operational Committees where we share information for internal procedures and policies only.
Should we merge with another organisation to form a new entity, your data may be transferred to the new entity
*For more information please visit this website.
8. How we secure your data
We do our best to keep your Personal Data safe through having the appropriate physical, technical and managerial controls in place for example encryption of all personal data entered onto the website. Safe protocols are used for communication and transferring Personal data where required (such as password protection and encryption).
Where we use external companies to collect or process data on our behalf, we ensure that they have the appropriate security in place to keep your data safe and expectations are clearly documented. We may need to transfer your personal data outside of the European Economic Area (EEA) to allow them to perform services on our behalf. In doing so your data may be stored or processed outside of the EEA. Where this happens, we will endeavour to ensure that your data is being processed in accordance with the appropriate security requirements in line with our legal responsibilities, and by submitting your details in such circumstances you agree to this transfer.
Despite all of our precautions no data transmission over the internet can be guaranteed to be 100% secure. So, whilst we will always strive to protect your personal information, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention that you do so at your own risk.
9. Cookies and other technologies we use
10. Contact us
If you have any queries about this Notice or any complaints with regard to the administration of the Privacy Notice please contact us on email@example.com
The laws governing how your Personal Data can be used are:
General Data Protection Regulation 2016/679
The Privacy and Electronic Communications Regulations 2003
Data Protection Act 2018
You can also contact the Information Commissioner’s Office (ICO) at www.ico.org.uk to find out more or report a concern. The ICO is UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We work with them to make sure that we collect, store, and use your information appropriately and not do anything you would not reasonable expect us to do with your data.