Privacy Policy
Last updated: 01/04/2022
Your trust is important to us and this page describes how your personal data is collected, used, and shared when you visit our website and/or register with us.
It also explains your rights concerning the personal data we hold.
In this policy, “Native Scientists”, “we”, “us”, or “our”, refers to the legal entities Native Scientist Ltd, registered in England and Wales, and Associação Native Scientist, registered in Portugal, collectively referred to as “Native Scientists”. The two are the “Controller” of your personal data under the General Data Protection Regulation (GDPR) and other data protection laws applicable in the United Kingdom and Portugal.
We may update this Privacy Policy from time to time in order to reflect changes to our practices or for any other reason. If we make changes, we will post the revised version on our website and update the “Last updated” date at the top of this page.
While our work involves working with children and young individuals, please note that this website is not designed to knowingly collect any personal information directly from individuals under the age of 18.
If you have any questions, concerns, or if you would like to exercise any of the rights set out below, please contact us by email at info@nativescientists.org.
1. Data we collect from you
1.1 Information you give to us
We typically use email, Google Forms, and Eventbrite to collect personal information from you. Most of the information we collect is necessary to adequately provide the work we do. When you communicate with our team members, when you get in touch with us via email or social media, or when you choose to provide us information by filling in a form or survey, the information is collected and processed based on your consent and our legitimate interest. We use the third-party provider Google Workspace to store your data and data is stored for up to 5 years. Some data might be imported to other third parties like Mailchimp, Wise, and Quickbooks after collection and as part of our data processing internal protocols.
We collect information from scientists/volunteers in our programmes, teachers/hosts of our programmes, parents who want their children to participate in our programmes, children who participate in our programmes and have parents consent to do so, people who are part of our team, people who signup for the newsletter, partners who work or collaborate with us, and people or entities who make a donation.
1.2 Information we automatically collect from your use of this website
When you visit our website, we automatically collect certain information about your device, including information about your web browser, IP address, and time zone. Additionally, as you browse our website, we collect information about what websites or search terms referred you to our website, the individual pages that you viewed, and how you interacted with them. We refer to this as “Device Information”, and we collect it using cookies, log files, web beacons, tags, and pixels. Cookies are data files that are placed on your device and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. Log files track actions occurring on the website and collect data including your IP address, browser type, internet service provider, referring/exit pages, and data/time stamps. Web beacons, tags, and pixels are electronic files used to record information on how you browse the website. Some third parties that we work with, including Facebook and Eventbrite, may use cookies and similar technologies to collect or receive information to provide measurement services and target ads. We do not control, supervise or respond to how the third parties deal with your personal data.
2. How do we use your personal data (our legitimate interests)
We will process your personal data when it is necessary to carry out or improve our practice. We will always weigh it against rights, interests, and expectations. Our legitimate interests entail the operation of Native Scientists in accordance with our non-profit objectives.
Below are some examples where we may process personal data in accordance with our legitimate interests.
-
To contact scientists about our activities, including details about date, location, age of the pupils, etc.
-
To allow our core team members and programme managers to contact teachers and scientists in order to take care of all the logistics and consents needed for our activities to take place.
-
To process expenses and reimbursements.
We may also process your personal data in accordance and compliance with our legal and regulatory obligations. For example, for tax legislation, safeguarding requirements, prevention and detection of crime, or to assist the police.
3. Your rights
3.1 You have the following rights:
-
To be informed about what personal data we hold from you.
-
To receive from us the personal data we hold about you.
-
To require us not to send you direct marketing communications.
-
To require us to correct the personal data we hold about you if it is inaccurate.
-
To require that we cease processing your personal data without affecting the lawfulness of the processing based on consent given before its withdrawal.
-
To require us to erase your personal data.
-
To request that we restrict our data processing.
-
To object to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
3.2 Opting out and accessing data
To do any of the above, you can either use the opt-out hyperlink to unsubscribe from a mailing list or send us an email to info@nativescientists.org.
To receive the personal data we hold about you, we will ask you for a valid receipt of evidence of your identity. The requested information will be provided within one month from the request date. If requests are complex and numerous, we may extend this period up to two months, which you will be notified of.
4. Our security measures and procedure for data breach
To prevent and/or minimise the impact of a data breach, the following security measures are in place:
-
Periodic checks on whether security measures are being adhered to.
-
Onboarding process and yearly email reminders on the importance of data protection and implementation of security measures.
-
Segmentation of data and only allowing staff, volunteers or consultants access to the information they need to do their job.
-
When sending an email to multiple recipients, use blind carbon copy (Bcc).
-
Working with well-established trustworthy third-party providers.
In case of a potential data breach, the following procedure is in place:
-
Notify the Native Scientists directors.
-
Directors investigate if the potential breach is real.
-
The impact on individuals and organisation is assessed.
-
The national body regulating data protection is notified within 72 hours. Only necessary if the breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality, or social-economic disadvantage.
-
The individuals concerned are notified if there may be a risk to their rights and freedoms.
-
The breach is resolved.