01 Sept 2021
How to Change the World
This notice explains who we are, how and why we collect your personal information (“personal data”) and what we will do with it.
Our contact details
Name: How to Change the World Global Limited (“HTCTW”)
Address: 14 Casbeard Street, London, United Kingdom
Summary of our approach
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing your personal data are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting firstname.lastname@example.org
(b) We have a contractual obligation;
(c) We have a legal obligation;
(d) To protect your or another individual’s vital interest(s); or
(e) We have a legitimate interest.
We explain which lawful basis applies in the case of each type of information we collect, and whose information is in each case being collected, below.
The types of personal data we collect
We currently collect and process the following information:
Personal identifiers, contacts and characteristics (for example, first names, middle names, surnames; contact details including home addresses, temporary (e.g. term time) addresses, email addresses, home and mobile telephone numbers.)
Images in photographs, telephone recordings of conversations with you
Membership and course information including record academic study and attainment.
Limited sensitive (known as “special category data”) information such as health, welfare and dietary information, information about family structure and circumstances and information in identification documents. Where we collect this information, we ensure it is necessary for us to collect and use it and we additionally take steps to safeguard such information as set out in the section headed “Special Category Data” below.
Further details of the information we collect and process and the basis for processing it are set out in the table here:
How we get the personal data and why we have it
Most of the personal data we process is provided to us directly by you (as the recipient or reader of this notice) for one of the following reasons:
We also receive personal data indirectly, from the following sources in the following scenarios:
Universities, networking and other partner organisations who have themselves collected your data in their capacity as a data controller; where we receive data from such controllers, we do so in the capacity of data controller or data processor and for the purposes of providing services and information to you.
Specific details of how we use such information are set out in the table above.
How and when we share your personal data
We will never sell your data and will only share it with another person or entity where we have a lawful purpose for doing so.
We will share your data only as follows:
(a) when necessary or appropriate and consistent with the purposes for which we hold your information, with:
(i) our offices and entities; and
(ii) other universities and networking organisations
and only where we have put in place data sharing agreements to ensure such data is processed to similar standards as set out in this notice, subject to any local, jurisdictional compliance requirements
(b) in the course of providing information and services, to various external providers of professional services (such as academic and teaching personnel and subject matter experts) who work with us to facilitate and deliver such information and services to you
(c) also, in the course of providing information and services to the providers of support services (such as word processing, translation, document review, photocopying, event hosting, conference and IT facility and support services)
(d) to any future owner of our business or any part of it, in the event that we sell our business, in order to enable the new owner’s continuation of the business; or
(e) to government and regulatory bodies where we are required to do so to comply with legal or regulatory requirements
How we store your personal data
Your information is securely stored.
We keep personal data only for so long as is necessary to fulfil the purpose or purposes for which we have collected it. We will then dispose your information in accordance with our data retention policy, which complies with the GDPR and other applicable data protection laws.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal data.
Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
How to register a concern or complaint
If you have any concerns about our use of your personal data, you can raise that concern or file a complaint with us at firstname.lastname@example.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Water Lane, Wilmslow
Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk