Skip to main content

Privacy Notice

We, at Good Law Project, are committed to protecting your privacy. This is our service user privacy notice and explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others.

Privacy Notice

We, at Good Law Project, are committed to protecting your privacy. This is our service user privacy notice and explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others.

Your personal data is defined as any information that can directly or indirectly identify you. This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them.
If you have any questions regarding our Privacy Notice and our use of your personal data or would like to exercise any of your rights, please get in touch via the following page: https://goodlawproject.org/about/contact/

How and when do we collect information about you

We collect information about you in the following ways:

  • when you register for events or news articles
  • when you sign up for marketing emails
  • when you make a donation
  • when you undertake a survey
  • when you participate in our social media activities
  • when you participate in a campaign, for example when you sign a petition, share your experience or do another campaign action
  • when you contact us by email or another form of communication
  • when you share your information directly on other platforms like Tiktok or Meta to sign up for our campaigns or marketing.

Information is safely stored in our online database system.

Types of information collected about you

We may collect the following information about you:
Name, address, phone number, post code, voting intentions, general information like which companies you use, comprehensive demographic data, annual household income, age.

The information collected may include special category of data, which include health information, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data.

How is your information used?

We use your information for the following reasons:

  • Offering you ways to fund our work.
  • Inviting you to campaign with us.
  • Keeping you updated on our campaigning work.
  • Inviting you to participate in surveys or research.
  • Providing you with information or products that you have requested from us.
  • Providing you with information that is relevant to your interests.
  • Processing donations received from you.
  • Making enquiries or informing you about your interactions with us like resolving issues with donations, or informing you of changes to events.
  • Responding to any complaints from you.
  • Informing you of volunteering opportunities.
  • Analysing and refining our advertising, campaigning and other operations to increase our effectiveness.
  • Monitoring your information to prevent fraud.
  • Working with authorities in cases of fraud or criminal investigations.

You may opt out of our fundraising and marketing communications at any time by clicking the unsubscribe link at the end of our marketing emails.

Lawful Basis for Processing

We rely on the following lawful basis for processing your personal data, identified in Article 6 of UK GDPR.

  1. When you register for an event to attend it or participate in our social media activities, we rely on legitimate interest.
  2. When you access our services through our project, we rely on our legitimate interest.
  3. When you make donations on third-party websites like Crowd Justice or on our website, we rely on our legitimate interest.
  4. When you subscribe to our news updates or online updates, we rely on consent.
  5. When you share your information directly on platforms like TikTok, Meta, or LinkedIn, we rely on your consent.
  6. When we process special category of data, the lawful basis is identified in Article 9(2)(g), substantial public interest (UK GDPR) and Schedule I, Part II, Condition 8, ‘equality of opportunity or treatment’ of the DPA 2018

For processing criminal records data, we rely on Art 10 of the UK GDPR, and Condition 10 from schedule 1, Data Protection Act 2018, ‘preventing or detecting unlawful acts.’

Confidentiality, data sharing

At Good Law Project, we handle your data with utmost confidentiality and take all necessary steps in this regard. Please be assured that we will never sell your details to any third party.

We engage with several third parties to process your personal data. These third parties act as data processors of your data. Goodlaw Project will either sign a data processor agreement with such processors or will review the terms and conditions of such processors’ agreements to ensure compliance with Data Protection Legislation.

Further, where personal data is stored outside of the UK and the EEA, safeguards to protect personal data may include but are not limited to the UK Addendum used in conjunction with the EU Standard Contractual Clauses (SCCs), or UK International Data Transfer Agreement (IDTAs). Such safeguards will be subject to Transfer Risk Assessments (TRAs).

We will engage the following third parties for our activities:

  • CRM: Salesforce is our CRM, which would help us store data of our stakeholders, partners, supporters and those involved in our wider work
  • Marketing: Nationbuilder and Mailchimp will primarily be our marketing platform, which also be used to store data regarding actions supporters have taken in the past, and profile and target supporters
  • Petitions: The data processed from our petitions will be stored in Mailchimp, Salesforce and Zapier.
  • Crowdfunding: Our donation systems are powered by Stripe, PayPal and GoCardless. We also partner with SmartRaise to deliver a better user experience. We do not access any payment information stored in the systems of Stripe, Paypal and Gocardless.
  • Events: We use WordPress and Eventbrite for registration of events. We use Eventbrite, Mailchimp and Salesforce for storing data of attendees from events.
  • Communications: We use Front to manage incoming emails from our supporters and anyone who contacts us to enquire about our work or undertake any actions for supporters like cancelling recurring donations.
  • Advertisements: We use Blueprint for capturing data contact details from Meta ads which are later stored in our CRM.
  • Surveys: we collect data through Typeform or 123forms which act as our survey tools
  • Cookies: For how we use cookies, please see the section on cookies in this privacy notice below.
  • Profiling: for data collected through our screening and profiling techniques, please see the section below on ‘Profiling’.
  • Data collected directly on other platforms: We may use platforms like TikTok or Meta to directly collect personal data of service users, which we then transfer to our relevant database like Mailchimp and Salesforce.

Keeping your information safe

We take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to ensure that your personal information is secure when under our control, both on and offline, from improper access, use, alteration, destruction and loss.

When we are provided with personal information about you, steps are taken to ensure that it is treated securely. Electronic data is stored on a secure server provided by a third party and is accessed via password-protected computers that are used only by our employees.

Any personal information that is shared with third parties mentioned in this privacy notice will be communicated via secure systems. We have put appropriate systems in place to enable third parties to communicate information securely, and third parties are provided with information regarding how to do so. We cannot, therefore, be held accountable for the security of any personal information sent from a third party which is not sent via secure arrangements.
Whilst we make every effort to protect your personal information we cannot guarantee the security of any information you transmit to third parties, and you do so at your own risk. When we receive information about you, best efforts are made to ensure its security on their systems.

Profiling

In order to identify potential high value supporters and expand our support network, we may use profiling and screening techniques. We would gather publicly available information regarding previous support, connection to our cause, previous philanthropic activity, credibility, geographical, demographic, and career information, financial soundness, peer networks and other publicly available information (e.g. age, address, listed Directorships, hobbies and interests).
This information also allows us to understand how likely it is that you would be interested in supporting us so that we can better tailor our communications such as telling you about the things you are likely to be interested in, letting you know of ways to fundraise with us which are relevant to you and making sure that we only talk to you about a financial level of giving that is appropriate to you.

In case of a generous donation that would classify you as a major donor, we would undertake in-house research as part of our due diligence process and note information including name, the date the donation was received, the value of the donation, how the donation was received, currency, any conditions given with the donation and details of previous donations. Additionally, we would gather publicly available information on interests, source of wealth, and involvement or association with any networks, societies, membership organisations or political parties from sources including Companies House, the Electoral Register, ‘rich lists’, company websites, social networks such as Linkedin, political and property registers and news archives. This information ensures that the donation has not come from an illegal or unethical source and that there are no public concerns about you or your activities.

If you have already engaged with us, we may also profile information that you have provided to us during your engagement, including information such as occupation, title, details of any correspondence you have had with the Good Law Project, Date of Birth, fundraising appeals responses, event participations, and details of your reasons to engage with the Good Law Project.

We rely on our legitimate interest in order to profile and screen your information. If you would rather we did not do this, please just let us know and we will, of course, respect your wishes. Otherwise, following our initial profiling and screening, we will contact you either via phone or via e-communication if you agree for us to process your information. During our conversation, we will inform you of our processing and of your rights as data subject (which include right to object, to restrict our processing and to have your data deleted). If you are happy to engage with us, we’ll proceed with establishing our relationship with you, which will include further engagement and profiling.

Additionally, we sometimes ask existing supporters, board members and volunteers whether they would be prepared to open their networks up to us. An existing supporter may tell us about an individual previously unknown to us and facilitate an introduction. We would then advise our board member or existing supporter about our data responsibilities and ask them to ensure that the person they would like to introduce to us is happy for an introduction to take place. Following the introduction, we would direct the individual to this privacy notice and confirm their marketing consent preferences before communicating with them further. We will also share a link to our privacy notice in the footer of all of our marketing email communications.

Online advertising

When we do online (paid) advertising, this is targeted at those using websites we think will attract new supporters to us, or at those web users who have shown an interest in the organisation or related subjects. We do not store data received in this way, as we place ads according to online behaviours and interests (see Cookie Policy below).
We use Meta’s API, lookalike ads and Meta pixel in this process. Please view Meta’s policies on how they process your data stored with them in this process. We also may use Google, TikTok and LinkedIn ads to target subjects for the reasons mentioned above. 

We also use retargeting ads (for eg. via Meta) to show you ads for our campaigns, projects and for encouraging contributions for our activities, and we use this to reach out to people who have already shown interest in our work i.e. if you have previously donated to us, or when you visit our website or if you have opted in for our marketing emails.

The information collected through retargeting ads is used by us to show you relevant ads for our campaigns and the work we do. You can usually opt out of such ads by clearing your browser’s cookies, but please read the relevant provider’s policy to know about this in detail. 

Cookies

We use cookies and similar technologies to collect and store information (which may include your personal information) about how you interact with our website. We may use these technologies to help us deliver relevant information about our organisation.

Cookies are small text files placed on your device which uniquely identify your device. Cookies cannot be used to run programs or deliver viruses to your device. For more information about our use of these technologies please contact us by using the details set out above.
We use Google Analytics 4, Google Tag Manager, Meta, Facebook, Linkedin, Stripe, Google, Twitter and ReCaptcha . Please refer to the cookies policies of these respective providers to understand how your information is stored.

How long is the data retained for

We keep your data as long as necessary. If you’ve made a donation, or showed interest in supporting us, we may keep your data for 6 years.

For our event attendees, people undertaking surveys and petitioners, we store the data for 6 years. For our subscribers to our newsletters, we retain the data till consent is withdrawn.

Data is destroyed or deleted in a secure manner as soon as the retention date has passed.

Your Rights

Under data protection laws in the UK and EU, you have certain rights over the personal information that we hold about you. If you would like to exercise your rights, please get in contact by using the details listed above. Here is a summary of the rights we think apply:

Right to be Informed
You have the right to be informed as to how we use your data and under what lawful basis we carry out any processing. This Privacy Notice sets this information out. However if you would like further information, please get in touch.

Right of Erasure – also known as the right to be forgotten
You may ask us to delete some or all of the information we hold about you. Sometimes where we have a legal obligation we cannot erase your personal data.

Right to Object
You have the right to object to processing where we are using your personal information, such as where the processing is based on legitimate interests, or for direct marketing.

Inaccurate personal information corrected
Inaccurate or incomplete information we hold about you can be corrected If any of your information is out of date or if you are unsure of this, please get in touch through any of the contact details listed in this notice.

Right of restriction
You have a right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or if we are not lawfully allowed to use it.

Right to Access your information
You have a right to request access to a copy of the personal information that we hold about you, along with the information on what personal information we use, why we use it, who we share it with, how long we keep it for and whenever it has been used for automated decision making. You can make a request for access free of charge. Proof of identity is required.

Automated decision making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to question the outcome of automated decisions that may create legal effects or create a similar significant impact on you.

Right to withdraw consent
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.

Making a complaint

If you think your data rights have been breached or you are not happy with how we handle your data, you are able to raise a complaint with us by contacting us here. You can also contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.

Changes to our Privacy Notice

This privacy notice is kept under regular review. If we make any significant changes to the way in which we process your information, we’ll make the required changes to this Privacy Notice and will notify you so that you can raise any concerns or objections with us.
When making less impactful changes, we’ll update this notice and post a summary of the changes on our website.

This privacy notice was last updated on 17 Nov 2023.