We are Global Partners Governance (our full company name is Global Partners Governance Practice Limited and our registered company number is 8435805), referred to as ‘GPG’ in this notice. Under data protection law we are what is known as a ‘controller’, which means that we collect personal information about you when you engage with us and we determine how that personal information is used. In this Privacy Notice (the ‘Notice’), we set out our data processing practices and your rights and options regarding the ways in which your personal information is collected (including through our website) and used.
GPG is committed to protecting your privacy. At all times we aim to respect any personal information you share with us, or that we receive from other organisations, and keep it safe. Personal information means any information about individuals including name or email address and can include the IP address of your device when you access our website.
This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information.
The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, you will be unable to receive our alerts for publications and updates.
- We collect personal information about you
- What personal information do we use?
- Why we use your personal information
- Lawful bases
- Communications for marketing
- Children’s personal information
- How long do we keep your personal information?
- Will we share your personal information?
- Security/storage of and access to your personal information
- International Data Transfers
- Exercising your Rights
- Changes to this Notice
- Links and third parties
- How to contact us
We collect personal information about you:
- When you give it to us directly
For example, personal information that you submit through our website by signing up for our alerts or personal information that you give to us when you communicate with us by email, phone, letter or social media.
- When we obtain it indirectly
For example, your personal information may be shared with us by third parties including, for example, our business partners; sub-contractors in technical, analytics providers and search information providers. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
- When you visit our website
When you visit our website, we automatically collect the following types of personal information:
- Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
- Information about your visit to the websites, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.
We also collect and use your personal information by using cookies on our website – please see our Cookie Notice.
In general, we may combine your personal information from these different sources for the purpose set out in this Notice.
What personal information do we use?
We may collect, store and otherwise process the following kinds of personal information:
- Your name and contact details, including email address and where applicable, social media identity;
- Information about the country in which you are currently based;
- Information about your computer/mobile device and your visits to and use of this website, including, for example, your IP address and geographical location;
- details of your qualifications and experience and organisations you work with;
- Information about our services which you use which we consider may be of interest to you and or
- Any other personal information which you choose to share with us as per clause 1.
Do we process special categories of data?
The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions.
In certain situations, GPG may collect and/ or use these special categories of data (for example, when we build profiles about associates which includes their political affiliation). We will only process these special categories of data if there is a valid reason for doing so and where the GDPR allows us to do so.
Why we use your personal information
Your personal information, however provided to us, will be used for the purposes specified in this Notice. In particular we may use your personal information:
- To provide you with services, products or information you have requested;
- To provide you with updates on our publications and our alerts where you have requested to receive this;
- To provide further information about our work services, activities or products (where necessary, and only where you have provided your consent to receive such information);
- To answer your questions/requests and communicate with you in general;
- To manage relationships with our networks, stakeholders and those who engage with our services and publications;
- To further our organisational aims in general;
- To analyse and improve our work, services, activities, products or information (including our website), or for our internal records;
- To report on the impact and effectiveness of our work;
- To run/administer our website, keep them safe and secure and ensure that content is presented in the most effective manner for you and for your device;
- To register and administer your participation in events;
- To process your application for a job or volunteer role with us when you apply through our job vacancies page;
- For training and/or quality control;
- To audit and/or administer our accounts;
- To satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering);
- For the prevention of fraud or misuse of services; and/or
- For the establishment, defence and/or enforcement of legal claims
The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the grounds listed below to be relevant:
- Where you have provided your consent for us to use your personal information in a certain way (for example, we may ask for your consent to use your personal information to send you our alerts and we may ask for your explicit consent to collect special categories of your personal information);
- Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services);
- Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, if you apply to work for/volunteer with us);
- Where there is a legitimate interest in us doing so
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).
In broad terms, our “legitimate interests” means the interests of running GPG as a company working in the area of political and institutional development through policy work, strategic analysis and direct support to senior politicians, ministers and officials in managing the process of change.
When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
Communications for marketing
We may use your contact details to provide you with information about our work, events, services and/or publications which we consider may be of interest to you.
Where we do this via email, SMS or telephone, we will not do so without you prior consent (unless allowed to do so via applicable law).
Children’s personal information
We do not generally collect or process children’s personal information. If we do process children’s personal information, where required we will not do so without their consent or, where required, the consent of a parent/ guardian.
How long do we keep your personal information?
In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
Will we share your personal information?
We do not share, sell or rent your personal information to third parties for marketing purposes. However, in general we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Notice.
Non-exhaustively, those parties may include:
- Members of our group, which means our subsidiaries, our holding company and its subsidiaries;
- professionals and organisations invloved in our work and in facilitating development/strategic in political environments;
- Suppliers and sub-contractors for the performance of any contract we enter into with them, for example IT service providers such as website hosts, cloud storage providers and mailing clients such as Mailchimp;
- Financial companies that collect or process payments on our behalf;
- Professional service providers such as accountants and lawyers;
- Parties assisting us with research to monitor the impact/effectiveness of our services;
- Social media platforms;
- Analytics and search engine providers.
In particular, we reserve the right to disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal information to the (prospective) seller or buyer of such business or assets;
- If substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
- If we are under any legal or regulatory duty to do so; and/or
- To protect the rights, property or safety of GPG, its personnel users, visitors or others
Security/Storage of and access to your personal information
GPG is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your personal information.
Your personal information is only accessible by appropriately trained staff and stored on secure servers with features enacted to prevent unauthorised access.
International Data Transfers
Given that our work is international, and because we use agencies and/or suppliers to process personal information on our behalf, it is possible that personal information we collect from you will be transferred to and stored in a location outside the European Economic Area (“EEA”), for example the United States.
Please note that some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses or working with entities in the US that are certified with the EU-U.S. Privacy Shield Framework) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Notice. If you have any questions about the transfer of your personal information, please contact us using the details below.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.
Exercising your right
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes or to unsubscribe from our email list at any time. You also have the following rights:
- Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
- Right to erasure – at your request we will delete your personal information from our records as far as we are required to do so. In those cases where you ask us to delete your personal information due to our use for marketing, we will suppress further communications to you, rather than delete all of the information.
- Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/ up to date.
- Right to restrict processing – you have the right to ask for processing of your personal information to be restricted in certain circumstances, such as if there is disagreement about its accuracy or legitimate usage.
- Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests ground, (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.
- Right to data portability – to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another service provider – in a machine-readable format.
- Rights related to automated decision making – you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal effects or similarly significant affects on you, unless such a decision (i) is necessary to enter into/ perform a contract between you and us/ another organisation; (ii) is authorised by EU or Member State law to which GPG is subject (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing personal information requested to you.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details below.
You are further entitled to make a complaint about us or the way we have processed your personal information to the data protection supervisory authority in your home country. In the UK, the data protection authority is the Information Commissioner’s Office – www.ico.org.uk. For further information on how to exercise this right, please contact us using the details below.
Changes to this Notice
We may update this Notice from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an update notice on our website. This Notice was last updated in June 2018.
Links and third parties
We link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
How to contact us
Please let us know if you have any questions or concerns about this Notice or about the way in which we process your personal information by contacting us at the following channels:
+44(0) 20 3848 9440
Global Partners Governance,
10 Boundary Street,
London, E2 7JE