SoGood Community: Privacy and Cookie Policy

Home » Privacy & terms » SoGood Community: Privacy and Cookie Policy

Last updated: 28 May 2024

This Privacy and Cookie Policy (“Privacy Policy”) notice is served by SoGood Partners Ltd, a company registered in England with company number 14889615 of 20 Wenlock Road, London, N1 7GU, United Kingdom (hereafter, the “Data Controller”).

The Data Controller offers a platform “SoGood Community” (hereafter, the “Platform”) to its users who have subscribed to the Platform and, as such, have a user account (hereafter, the “Users”). The Platform is available at the following URL https://sogood.community/

The Data Controller uses a third-party supplied solution called “Hivebrite” to deliver the Platform. This solution enables the import and export of user lists and data, the management of content and events, the organisation of emailing campaigns and opportunity research and sharing as well as the management of funds and contributions of any kind.

In providing the Hivebrite solution to its Users, the Data Controller collects and processes User’s personal data in accordance with this Privacy Policy.

ARTICLE 1.
OUR COMMITMENT TO PROTECTING YOUR PERSONAL DATA

1.1. This privacy policy is intended for the Users of the Platform of the Data Controller.

1.2. We work within the guidelines and advice provided by and made available by the Information Commissioner’s Office, the regulator of the Data Protection Act 2018 and abide by the ICO’s requirements.

1.3. We seek to comply with the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Electronic EU Regulations 2011 and the EU General Data Protection Regulations (GDPR). If you wish to find out more, please visit https://ico.org.uk/.

1.4 .The Data Controller has appointed a Data Protection Officer (hereinafter “DPO”) who you may contact at the following address: dpo@sogood.partners. The Data Controller is registered with the ICO office (The Information Commissioner’s Office in the United Kingdom) as a Data Controller and Data Processor with Registration Number ZB688255.

ARTICLE 2.
COLLECTED PERSONAL DATA  AND HOW IT IS USED

2.1 When subscribing on the Platform

When subscribing to the Platform, the User is informed that the following personal data is collected for the purpose of creating a user account:

Mandatory data:

  • First name
  • Last name
  • Email address
  • Your organisation ( the user must select from a pre-defined list of organisations that have been configured beforehand.)

Optional data:

  • Personal mobile telephone number
  • An ‘about me’ personal statement, which is a few words to introduce yourself to the community.

The User is informed that it is not possible to access the Platform without providing the mandatory data strictly necessary to create an account and authenticate the User.

2.2 During the use of the Platform

The User may publish, at their own discretion, any content on the Platform which shall be kept by the Company. Such content may include but is not limited to:

  • Posts (general updates which are shared with the community)
  • Events 
  • Files (media such as images or documents which are stored for access by the community members)

The User is aware that when using the Platform, the User may decide to provide sensitive data within the meaning of Data Protection Law, for example, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, concerning sexual orientation, etc. By providing such sensitive data, the User agrees to their processing by the Platform in the conditions set forth in this Privacy Policy. 

2.3 Restrictions on use of the Platform  

You agree not to upload, email, post, publish or otherwise transmit any material for any purpose that may (a) menace or harass any person or cause damage or injury to any person or property; (b) involve the publication of any material that is false, defamatory, harassing or obscene; (c) violate privacy rights or promote bigotry, racism, hatred or harm; (d) constitute unsolicited bulk e-mail, “junk mail”, “spam” or chain letters; (e) constitute an infringement of intellectual property or other proprietary rights; (e) harvest or collect e-mail addresses or other contact information of third parties by any means for the purposes of sending unsolicited e-mails or other unsolicited communications; (f) use automated scripts to collect information from or otherwise interact with the Platform; (g) send or store infringing, obscene, threatening, libellous, or otherwise unlawful or tortious material, including material harmful to children or that violates of third party privacy rights; (h) use the Platform to send or store material containing Malicious Code; or (i) otherwise violates applicable laws, ordinances or regulations.

2.4 Aggregate usage statistics

We may disclose aggregate statistics about Platform usage and engagement in order to describe the solution to new prospective Users and for other lawful purposes, but these statistics will include no personally identifying information.

2.5 Disclosure when required

We may disclose personal information if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of the Data Controller, its Data Processor or Users.

ARTICLE 3.
THE PURPOSE OF THE DATA PROCESSING

The Data Controller, its Data Processor and subprocessors shall process personal data that is freely transferred by the User when accessing the Platform for the following purpose:

PurposeLegal basis 
Creation and management of a user account;We use your consent lawfully under the GDPR to process your information when you explicitly consent to subscribe to the Platform to deliver the service. 
Providing the User with all functionality of the Platform, meaning: Sending invitations for events organised by Data Controller or other Users, if the User has accepted to receive such invitations;Invite the User to events organised by the Platform Creating posts which other members may react to or comment on.Responding to posts from other members with commentary or reactions
Management of data subjects rights according to the Personal Data Legislation.Storage of User personal data; 
Gathering usage data in order: to improve the quality of the services proposed by the Platform;to improve the usage functionality of the Platform; 
Gathering usage data regarding the effective use of the Platform; 
Reporting regarding the different levels of activity on the Platform. 

ARTICLE 4.
DATA RETENTION PERIOD

The Data Controller informs the User that the personal data related to the User Account is retained only during the length of the User’s subscription on the Platform.
Inactive User Accounts may be deleted after two years of inactivity.
Following the termination of said subscription, the data collected upon the subscription, as well as the content published by the User on the Platform, shall be deleted after a period within thirty (30) to ninety (90) days following the termination of a subscription, notwithstanding any deletion request directly from Users.

ARTICE 5.
DATA TRANSFERS

The Users’ data are stored in the European Economic Area (EEA) by the Data Controller and its trusted service providers. However, depending on the processing, the Users’ data may also be transferred in a country outside the EEA, to our trusted service providers.

When transferring data outside the EEA, the Data Controller ensures that the data are transferred in a secure manner and with respect to the Data Protection Law. When the country where the data are transferred does not have a protection comparable to that of the EU, the Data Controller uses “appropriate or suitable safeguards”. 

When the service providers to whom personal data are transferred are located in the United States, these transfers are governed by the standard data protection clauses adopted by the Commission. 

Personal data transfers may take place outside the EU/EEA in order to ensure the functioning of the solution. 

The countries outside the EU/EEA where your personal data may be transferred are:

  • United Kingdom;
  • Switzerland;
  • The United States of America;
  • Australia.

These transfers are based on one of the following guarantees:

  • an adequacy decision regarding personal data transfers to the United Kingdom and Switzerland;
  • the Standard Contractual Clauses of the EU Commission (available here);
  • your consent.

ARTICLE 6.
COMMITMENT OF THE DATA CONTROLLER

The Data Controller commits to process User’s personal data in compliance the Data Protection Law and undertake to, notably, respect the following principles:

  • Process User’s personal data lawfully, fairly, and in a transparent manner;
  • Only collect and process the Users’ data for the strict purpose as described under Article 3 of the present Privacy Policy;
  • Ensure that the personal data processed are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Do the best efforts to ensure that the personal data processed are accurate and, if necessary, kept up to date and take all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • Keep personal User’s data for no longer than is necessary for the purposes for which they are processed;
  • Put in place all necessary technical and organisational appropriate measures in order to ensure the security, confidentiality, integrity, availability and the resilience of the process systems and services;
  • Limit the access to the Users’ data to the persons duly authorised to this effect;
  • Guarantee to the Users their rights under the Data Protection Law in relation to the processing of their data and make the best efforts to satisfy any request, where this is possible.

ARTICLE 7.
EXERCISE OF THE USERS’ RIGHTS

The User is duly informed that it disposes at any time, depending on the legal basis of the processing, a right to access, to rectification, to erasure, to restriction of processing, to data portability, and to object.

When processing is based on User’s consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

The User can exercise its rights by sending an email to dpo@sogood.partners provided that the User justifies their identity.

In addition, in the event the User considers that its rights have not been respected, the User of which the personal data is collected can lodge a complaint before the competent supervisory authority. For any additional information, you can review your rights on the websites of the competent authorities. 

The competent supervisory authorities are listed on the following website: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

ARTICLE 8.
RECIPIENT AND PERSONS AUTHORISED TO ACCESS THE USERS’ DATA

Only authorised persons working for the Data Controller (including employees, volunteers, trainees, etc.) working for the Data Controller, can access your personal data. The Data Controller makes its best effort to ensure that these groups of people remain as small as possible and maintain the confidentiality and security of User’s personal data.

The Data Controller will use a trusted service provider (acting as Data Processor) who is provided with the information they need to perform the Service and will not use your personal data for any other purpose. The Data Controller is contractually bound to comply with GDPR and UK Data Protection Act 2018 data privacy obligations.

The Data Controller will use reasonable commercial endeavours to ensure that any trusted service providers only process the personal data on our documented instructions and provide sufficient guarantees, in particular in terms of confidentiality, expert knowledge, reliability and resources, to implement technical and organisational measures which will meet the requirements of the applicable legislation, including for the security of processing. 

Details of the Data Processor:

Data ProcessorServicePrivacy policy
KIT UNITED
5 RUE DES ITALIENS75009 ParisFrance
HIVEBRITE solution
https://hivebrite.io/privacy-policy 

The Data Processor uses sub-processors to assist in providing the Hivebrite solution. A sub-processor is a third-party data processor engaged by the Data Processor who agrees to receive personal data from Data Processor intended for processing activities to be carried out (i) on behalf of the Data Processor; (ii) in accordance with the Data Controller instructions as communicated by Data Processor; and (iii) in accordance with the terms of a written contract between Data Processor and the sub-processor.

An up-to-date list of the names, purposes and locations of all sub-processors is available on this link: https://hivebrite.io/legal/subprocessors 

The Data Processor uses third-party services providers located outside the EU for the following purposes:

  • Hosting of personal data, including images, profile pictures, backups, etc.;
  • Production and storage of error logs enabling Platform developers to correct the code;
  • Sending of emails;
  • Customer support;
  • Direct messaging module;
  • Analysis of the User’s journey of the Platform.

The Data Processor has contractually indemnified the Data Controller for any damage and claims that may arise from non-compliance by a sub-processor.

ARTICLE 9.
HIVEBRITE COOKIES

The Data Controller informs the User that its Data Processor (Hivebrite) and sub-processors use a tracking technology on its terminal, such as cookies, whenever the User navigates on the Platform subject to the conditions described in the Data Processor’s Cookie Policy https://hivebrite.io/privacy-policy

In particular, Hivebrite may use a cookie called “Amplitude” to enable analytics of the User’s journey on the platform. This cookie involves a transfer of personal data to the United States of America. Hivebrite has signed Standard contractual clauses in order to comply with the requirements of the GDPR on personal data transfer, and will not use this cookie without gathering your consent first.