Pluggin
Privacy Policy
- Purpose of the policy
The purpose of this Privacy Policy is to outline the lawful basis under which Pluggin Ecosystem Limited, trading as Pluggin (Data Controller registration reference ZB617096) processes an individual’s personal data. This includes the collection, usage transfer and retention of personal data. The Policy also sets out an individual’s right to access and amend their personal data.
We may need to change this Privacy Policy from time to time. If we do, we will update this policy to reflect changes in the law and/or our privacy practices. We encourage you to check this Privacy Policy for changes whenever you visit our website.
- Who we are
Pluggin Ecosystem Limited (trading as 'Pluggin') is a Social Enterprise entity registered in England and Wales (11392570).
This Privacy Policy applies to Pluggin registered address is York Hub, Popeshead Court Offices, Peter Lane, York. YO1 8SU.
- The lawful basis for processing business data
Our mission is to enable people, places and the planet to flourish. We envision a world that is resilient, rebalanced and regenerative, where everyone can fulfil their potential. Pluggin operates at the forefront of significant social impact. With our proven methodology, innovative ideas platforms and UK network of charities, social enterprises, political, non-political, business and public sector members we unite people and ideas in collective action to create opportunities to regenerate communities.
Pluggin holds and processes business data on the basis of legitimate interest. This includes undertaking sponsorship; promoting charities & social enterprises, public bodies and businesses; maintaining our records, accounts, and commercial activities; and managing the overall running of the Pluggin ecosystem, including the monitoring and evaluation of its performance and effectiveness. We also process personal data to provide administrative and support services to our staff. We track those who use our technology either as business members, enablers or beneficiaries and also to ensure we do not send unwanted information to supporters who have informed us they do not wish to be contacted.
Additionally, we process business data because it is necessary for the performance of a contract or in order to take steps at an individual organisation’s request prior to entering into a contract. For example, interacting with individual businesses before they apply to be a Business Member.
We also process business data in circumstances where we have specific consent to do so, for example to support Members/Enablers/Beneficiaries to form networks, run events and projects, and collaborate. It also enables us to send marketing information about our projects, sponsorship activities where we have the consent or are otherwise allowed to.
Our website and associated 3rd party online platforms are available to all, in line with our value proposition as a social enterprise. Our community share their professional identities, engage with our networks, exchange knowledge and find opportunities through our online platforms including Social Impact Register® section of our website.
- Personal information we collect
Personal Information is collected in different ways depending on your membership of the ecosystem outlined below.
4.1 Applying for a job to work with us
We collect personal data via the employment application and recruitment process, and when you enter into a contract as an employee of Pluggin. Data gathered during the recruitment process is used for shortlisting and interviewing purposes and for equality and diversity monitoring. The processing of employee personal data includes payroll and pension administration, management of absence records, performance management, and disciplinary and grievance procedures.
4.2 Attending events or involvement in our projects
We gather information on those who participate in projects or attend our events, including names and e-mail addresses. This enables us to record our campaigning actions and those of our supporters; to meet our wider legal obligations, such as those of our grant funders; to invite people to become involved in our work and projects.
4.4 Charity or Social Enterprise (CSE) membership as part of Social Impact Register®
CSE joining via the online form is to create an account within the Register, data gathered includes organisational data relevant to due diligence sponsors will undertake on the background of the organisation. In addition a contact individual’s name, email address will be collected which is used to issue access credentials. Data is not shared externally with any third parties and is only visible to registered members of the ecosystem seeking to engage with the CSE organisation for sponsorship or to collaborate in dual impact activities.
4.5 Research
A range of personal data is collected through our research activities. This may include: details about a person, such as their name, family information and work details; a person’s thoughts or feelings; or their views or opinions on specific research areas. Data is collected in a variety of ways, such as through questionnaires, interviews and focus groups, and from individuals themselves or others.
We only collect personal data that is needed for research purposes and only keep the information in a way that enables individuals to be identified, for as long as is necessary. Individuals are provided with an information sheet relating to the specific piece of research they are participating in, which includes information on the collection, use, and retention of their personal data.
Our research may include special category data such as ethnicity, political or religious views, genetic data and health data. When we process special category data, we must meet one of the conditions in the data protection legislation (Article 9 of the UK GDPR). The use of special category data in our research activities is on the basis that ‘processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes’ (Article 9(2)(j) of the UK GDPR).
We ensure that it is in the public interest when we use personal data from people who have agreed to take part in research. This means that if you agree to take part in a research study, we will use your data in the ways needed to conduct and analyse the research study. Some of your rights, such as deletion of your data from the research project, may be limited, as we need to manage your data in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum amount of personal data possible.
4.6 Website use and social media interaction
We log usage data when you visit or otherwise engage in our work, such as when you view or click on content or perform a search. We use logins, cookies, device information and internet protocol ("IP") addresses to identify you and log your use. This helps us to understand your engagement with our content, and the preferences of our communities, allowing us to improve the targeting of our communications as detailed below in the section on Profiling.
We may process personal data collected through this website or other electronic networks used by Pluggin, for the purposes of advertising, marketing, public relations and general advice services.
4.7 Your device and location
When you visit or leave our website (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next.
We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our website from a mobile device, that device will send us data about your location. Most devices allow you to prevent location data from being sent to us and we honour your settings.
4.8 Messages
We collect information about you when you send, receive, or engage with messages in connection with our Service, including through the Social Impact Register®. Messages are stored for up to three years and are accessed only if we receive a complaint or to perform an aggregated analysis of usage.
4.9 Profiling
Profiling is a common technique used in communications and involves analysing data to improve the targeting of content. Pluggin uses profiling techniques to help ensure our communications are relevant. Profiling allows us to target our resources effectively, which users consistently tell us is a key priority for them. It enables us to generate sponsorship sooner, and more cost-effectively, than we otherwise would.
When building a profile, we may analyse geographic and other information relating to you, as well as your previous responses to our content. This helps to maximise the effectiveness of our campaigns and to minimise the wastage that would result from sending marketing information where it is not of interest.
4.10 Other
Our work is dynamic, and we often introduce new features, which may require the collection of new information. If we collect materially different personal data or materially change how we use your data, we will notify you and will also modify this Privacy Policy.
- How we share information
5.1 Our members
We do not share our data with third parties unless compelled to do so or in a strictly controlled way to certain Service Providers working on our behalf as set out below.
The profiles contained on the Social Impact Register® section of our website are shared with other users within the Pluggin ecosystem. If you join an ecosystem community, we share a user’s digital profile to all.
5.2 Service providers
We use others to help us provide our work, including our website and other core online services, including our Customer Relationship Management System (CRM), User Experience Platform, single-sign-on (SSO) and mailing tools (e.g. for maintenance, analysis, audit, payments, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
Pluggin has contracted with Fuse Universal Limited to provide a community platform that helps bring users together for discussions, events, sponsorships and content. As set out in Fuse’s Data Processing agreement, the personal data to be transferred are:
- Account information – email address, name and password. This information may be used by Fuse Universal to:
o Set up and authenticate your account. This may include sharing this information with any enabled Single-Sign On provider.
o Communicate with you, including sending service-related communications.
o Deal with enquiries or complaints made by or about you relating to the Website, App or Services.
- Identifiers – IP addresses, unique device identifiers, etc. Other than information you choose to provide to Fuse, information about your precise location is not collected. However, your device’s IP address may help to determine an approximate location. Fuse may use the information to:
o Monitor and detect fraud or suspicious activity relating to your account.
o Tailor how the Website, App, or Services are displayed to you (such as the language in which it is provided to you).
o Share with its sub-processors (AWS, Baremetrics, Bugsnag, Cloudflare, Google Analytics, Mixpanel, Segment, TrackJS) for the purposes of personalising Fuse’s service and data analytics.
- User-generated content (e.g. posts, comments, likes). This information is used by Fuse to provide to you the features and functionality of the Website, App, or Services. Fuse does not share this information with any third-party provider. However, other users of the Website, App or Services may view any content that you make public.
- Cookies:
o Information about how you access and use Fuse’s Website, App, or Services is collected automatically. For example: what time you accessed the Website, App or Services, the duration spent on the Website, App or Services, how frequently it is accessed, the site from which you came onto the Fuse Website and the site to which you are going when you leave, the Fuse Website pages you visit, the links you click, whether you open emails or click the links contained in emails.
o Log files and information about the device you use to connect to the Website, App, or Services is automatically collected. This information includes details about your device, unique device identifying numbers, operating systems, browsers and applications connected to the Website, App, or Services through the device, your mobile network, your IP address and your device’s telephone number (if it has one).
o The above information is shared with Fuse’s sub-processors (AWS, Baremetrics, Bugsnag, Cloudflare, Google Analytics, Mixpanel, Segment, TrackJS) for the purposes of personalising Fuse’s service and data analytics.
If you contact Fuse directly, e.g., by email or phone, they will record your comments and opinions. This information will be used to address your questions, issues and concerns. The information may also be used to improve the Website, App, and Services. Fuse may also share this information with Help scout, the provider of Fuse’s customer support platform, which processes customer support queries.
5.3 Legal disclosures
It is possible that we will need to disclose information about you when required by law, warrant, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you; (3) investigate and defend ourselves against any third-party claims or allegations; (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of Pluggin.
5.4 Cross-border data transfers
We process data both inside and outside of the United Kingdom. Where we transfer data, we do so either within the EEA, under the ‘Adequacy Regulations’, ‘Appropriate Safeguards’ or under one of the exclusions permitted by the UK GDPR.
- Data Retention
Personal data is stored in line with Pluggin’s Data Protection and Records and Retention Management Policies.
We retain the data you provide as needed to carry out our work. We keep data for three years. All other data is deleted.
We retain data even after a user or organisation has ceased their use to comply with legal obligations (including law enforcement requests), meet our regulatory and financial requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfil your request to "unsubscribe" from further messages from us.
If you are a member of staff, should you cease working for Pluggin we will retain your personal data for six years after you leave.
- Your right to access and control your personal data
You have a number of rights under data protection legislation:
- Information – where personal data is collected from you, you have the right to information about the collection and use of your personal data. This includes details about the purpose(s) for processing and retention periods for that personal data, and who it will be shared with;
- Information – where your data is not obtained from you, you have the same right to the information above, as well as details about what personal data is collected and by whom;
- Access – you have the right to confirmation of whether or not we are processing your personal data and to obtain a copy of your data. This is known as a subject access request;
- Rectification – you have the right to rectify any inaccuracies in personal data concerning you;
- Erasure – you have the right to be forgotten in some circumstances, i.e. to have your data erased;
- Restriction – you have the right to restrict the processing of your personal data in certain ways; Where there is a request to rectify, erase or restrict the processing of data, we will let any recipients of that data know, where possible. You have the right to know who those recipients are;
- Data portability – you have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transfer your data to another controller;
- Objection – you have the right to object to certain processing of your personal data by us, such as direct marketing;
- Decision making – you have the right not to be subject to a decision based solely on automated processing, including profiling; and
- Withdrawal of consent – where your consent is the legal basis for our processing, you have the right to withdraw your consent.
- Other important information
8.1 Cookies
Cookies are files placed on your computer to collect standard internet log information and visitor-behaviour information. This helps us to understand visitor behaviour, to remember your preferences and improve user experience.
8.2 Security
We implement security safeguards designed to protect your data and regularly monitor our systems for possible vulnerabilities and attacks.
8.3 Content provided by third parties published on our website
We often publish and link to reports, biogs and articles written by users and others who are not members of staff at Pluggin. We are not responsible for the accuracy of either the content or any personal data contained within such content.
- Further information
If you would like more information, or have any questions about this policy, please contact our Data Protection team by emailing us at data.protection@pluggin.org calling us on 0121 0121 828 78287 (Mon-Fri 9am-5pm), or writing to us at:
The Data Protection Officer
Pluggin
Grosvenor House, 11 St Paul's Square, Birmingham
B3 1RB WC2N 6EZ
To make a formal complaint about Pluggin’s approach to data protection or raise privacy concerns directly with our Data Protection team, please contact us at the email address or postal address given above. The Data Protection Policy includes the process to be followed should a data breach occur.
You also have the right to make a complaint direct to the UK's data protection authority, the Information Commissioner's Office (ICO). The ICO can be contacted at: https://ico.org.uk/global/contact-us/