Privacy Policy - Bright Blue

Last updated: 29 May 2019

Privacy Policy

Our full privacy policy is explained below, but the main points to note are:

We will only ever ask for what we really need to know
We will collect and use the personal data that you share with us transparently, honestly and fairly
We will always respect your choices around the data that you share with us and the communication channels that you ask us to use
We will put appropriate security measures in place to protect the personal data that you share
We will never sell your data

Bright Blue Campaign’s contact details are:

Bright Blue,
Second Floor,
4 – 8 Ludgate Circus,
London, EC4M 7LF

Tel: 020 3887 1753

Data Protection Manager: Weronika Patyk at weronika@brightblue.org.uk

Bright Blue Campaign is responsible for the data we collect about you and is committed to safeguarding your privacy and to being transparent about how we collect and use your data. This privacy policy sets out our data collection and processing practices and your options regarding how your personal information is used.

We follow the relevant legal requirements and take all reasonable precautions to safeguard personal information. By providing your personal information to us, you acknowledge that we may use it in the ways set out in this privacy policy.

We may update this Policy from time to time. By using our website, you’re agreeing to be bound by this Policy.

Who are we?

We are Bright Blue Campaign (Company number: 7940506), an independent think tank and pressure group for liberal conservatism. We defend and champion liberal, open, democratic and meritocratic values, institutions and policies. To achieve this we conduct research and formulate analysis and ideas to influence government policy and public discourse.

How we use personal information to help us run Bright Blue Campaign effectively

We may use your personal information to:

Carry out our obligations arising from any contracts entered into by you and us
Send you communications which you have requested and that may be of interest to you.
Process a job application
Keep relevant records of past events and stakeholders
Notify you of changes to our organisation

Who do we collect personal information about?

We might collect you personal information if you are:

Present and past Bright Blue Campaign members
Individuals who attend or register for Bright Blue Campaign events
Individuals who subscribe to receive Bright Blue Campaign communications
Individuals who enquire about supporting Bright Blue Campaign
Users of the Bright Blue Campaign website
Members of the public who contact Bright Blue Campaign with enquiries
Individuals whose employment, profession or political position is connected with the work of Bright Blue Campaign (for example, politicians, journalists, civil servants)
Participants in social research projects
Job applicants, employees and former employees
Customers of our products and services

When do we collect personal information?

We might collect your personal information if you:

Apply to be a Bright Blue Campaign member
Apply for a job with Bright Blue Campaign and if you are employed throughout and beyond the period of your employment
Register (or someone on your behalf registers you) to attend a Bright Blue Campaign event
Subscribe (or someone on your behalf subscribes for you) to receive marketing communications and/or news from Bright Blue Campaign
Make an enquiry about the work of Bright Blue Campaign
Participate in a research study conducted by us or our agents
Use our website

We might also collect personal information not supplied directly by you, if: we have collected the information from sources in the public domain (for example, websites), or third parties supply us with the information, in a way that is compatible with both their and our privacy policies.

What information do we collect?

The type and amount of information we collect depends on why you are providing it. We will usually ask you for your name and telephone or email contact details.

We may request other information where it is appropriate and relevant, for example if we are processing an order that you have submitted. This additional information might include:

Your physical address, bank details or debit/credit card details.
Information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views.
If you are a job applicant the information you are asked to provide is as set out in the application and necessary for the purposes of considering the application.

Do we process sensitive personal information?

Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases Bright Blue Campaign may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent.

Children’s data

We do not knowingly process data of any person under the age of 16. If we come to discover, or have reason to believe, that you are 15 and under and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly.

How do we collect your personal information?

We may collect your non-sensitive personal and sensitive personal information:

face-to-face (directly from you)
by telephone
by email
via our website
via membership forms (submitted directly by you)
via various event registration and attendance forms
via direct debit forms and expenses claim forms
from survey data collected through third party surveys
via an individual at your organisation who is responsible for sharing that information
from individuals or colleagues who have registered you for an event
from event organisers, exhibitors and any other such third parties who are involved in organising or contributing to Bright Blue Campaign events and/or conferences
from third parties to verify your identity and the accuracy of the information you have provided
from publicly available sources including but not limited to internet search engines, public records and registers and social media (for example, LinkedIn and Twitter)
from third parties including but not limited to public affairs agencies and industry databases that maintain information on professional stakeholders ( for example, journalists and politicians)

Purposes for which we process your personal information

We use your personal information for a number of different purposes. Under data protection law, for each purpose we must be able to rely on a lawful basis for processing your personal information.

Members, representatives of affiliates and commercial subscribers

Purpose: membership administration, and providing you with membership benefits. Lawful basis: to fulfil our contract with you
Purpose: to market products and services related to your membership; policy reach and influence. Lawful basis: our legitimate interests as a think tank and pressure group.

Electronic communication that constitutes direct marketing is provided to market products and services to existing customers. Any electronic communication that constitutes direct marketing unrelated to promoting a product or service is based on you consenting to receive communications from us. You can opt-out of electronic communications that constitute direct marketing at any time.

Former members

Purpose: retaining historic membership data. Lawful basis: archiving for historical research

People who attend or register for events

Purpose: for the administration of events. Lawful basis: to fulfil our contract with you.
Purpose: marketing of future related products and services; policy reach and influence. Lawful basis: our legitimate interests as a think tank and pressure group.

Electronic communication that constitutes direct marketing is sent on the basis of your consent to receive communications from us. You can opt-out of electronic communications that constitute direct marketing at any time.

People who subscribe for communications

Purpose: marketing of products and services; policy reach and influence. Lawful basis: your consent.

Other customers of goods and services

Purpose: fulfillment of purchase order. Lawful basis: to fulfil our contract with you
Purpose: for marketing of related products and services. Lawful basis: our legitimate interests as a think tank and pressure group.

Electronic communication that constitutes direct marketing is provided to market products and services to existing customers. You can opt-out of electronic communications that constitutes direct marketing at any time.

Professional contacts

Purpose: for marketing of products and services; political education and influence. Lawful basis: our legitimate interests as a think tank and pressure group.

Electronic communication that constitutes direct marketing is provided to professional contacts as the representatives of businesses and other corporate bodies. This does not require your direct consent but you can opt-out at any time.

Job applicants, employees, former employees
Purpose: employment administration and compliance with employment legislation. Lawful basis: our legitimate interests as a think tank and pressure group.

Any sensitive data about you is only used for the establishment, exercise or defence of legal claims.

Lawful processing

We are required to have one or more lawful grounds to process your personal information. Three of these are relevant to us:

(1) Consent

We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing and fundraising emails, for targeted advertising, and if you ever share sensitive personal information with us.

(2) Contractual relationships

Most of our interactions with subscribers and website users are voluntary and not contractual. However, sometimes it will be necessary to process personal information so that we can enter contractual relationships with people. For example, if you apply for employment or to volunteer with us, or if you purchase something via our online shop.

(3) Legitimate interests

Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights). We will rely on this ground to process your personal data when it is not practical or appropriate to ask for consent.

When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.

Your rights and how consent works

You have a choice about whether or not you wish to receive information from us. If you do not want to receive communications from us about the work we do and our services, then you can unsubscribe using the link on all communications.

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:

Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.
Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 40 days to comply. As from 25 May 2018, we will have 30 days to comply.
Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it.
Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.
Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.

To exercise these rights, please send a description of the personal information in question using the contact details provided. Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we may ask you for (i) personal identification and/or (ii) further information.

Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr.

You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner’s Office (“ICO”). For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information. The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us.

Data retention

In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records five years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you ask us to delete it, we will remove it from our records at the relevant time.

In the event that you ask us to stop sending you direct marketing/fundraising/other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. You can request to remove your personal information at any time by emailing weronika@brightblue.org.uk.

Who do we share your personal information with?

We may disclose your personal information to the third parties listed below for the purposes described in this privacy policy. You can contact us for details of specific disclosures made in respect of your personal information. The third parties listed below will only use your personal information under our strict instruction and are under an obligation to ensure appropriate security measures are in place.

We may also disclose your personal information to other third parties where: the disclosure is required by law or by a regulator with authority over us or you, such as where there is a court order, statutory obligation and we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.

How do we protect your personal information?

Bright Blue Campaign is committed to keeping your personal information secure. We keep your personal information in secure computer systems and have appropriate security measures in place in our physical facilities. Personal data is always transmitted using secure means. We require high security standards from our commercial suppliers and agents and anyone else who receives data from us. All representatives of the society with access to personal data are required to follow our security and privacy policies.

Whilst we strive to protect your personal information, due to the nature of the internet we cannot guarantee the security of any information you transmit to us. With this in mind, any transmission is at your own risk and we urge you to take every precaution to protect your personal information while you are online.

What do we do with your data?

All the personal data that we process is handled by our employees who are based in the UK. All our employees are subject to an obligation of confidentiality and are aware of our data protection policies.

We do not carry out any automated decision making and we do not transfer data outside the European Economic Area (EEA).

We do not share data with any other organisation but we do use Mailchimp, a third-party provider to deliver our emails and Eventbrite, a third-party provider to manage our event guest list. When you request that we add your details to our mailing list in order to receive event invitations and email communications, MailChimp and/or Eventbrite, will receive your contact details to allow us to fulfil this request.

We use Mailchimp to gather statistics about the number of emails opened and clicks made using industry standard technologies. This helps us monitor and improve our mailings. For more information, please see MailChimp’s privacy notice. We use Eventbrite to register attendees for our events. Attendee lists including names, emails, and places of work are then both stored on Eventbrite and also transferred over to MailChimp to our mailing list. For more information, please see Eventbrite’s privacy notice.

Communications and marketing

When you express an interest in our work by requesting to be added to our mailing lists to receive our emails or event invitations, we use your email address to contact you about events, publications, and other news relating to our work.

We also contact professionals who have asked to be kept informed about out work, or those who have a specific interest in an area of research or policy development in which we specialise.

Where you have provided us with your physical address, we may contact you by post; and where you have provided appropriate consent, also by e-mail, with targeted communications to let you know about our events and/or activities that we consider may be of particular interest; about the work of the Bright Blue Campaign; and to ask for support.

Information for Visitors to our Website

We make every effort to ensure the information on our website is accurate and up-to-date. We cannot accept responsibility, however, for any loss or inconvenience caused by reliance on inaccurate material contained on our site. Publications on our website use the most appropriate data available at the time of publication but are not updated to reflect subsequent data releases. Links to other sites are provided for your convenience and do not imply our endorsement of them. We cannot be responsible for any information contained on other websites. If you link to these sites, they may collect information in accordance with their own privacy policies. External sites are not within our control and are not covered by this privacy policy.

When someone visits www.brightblue.org.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to analyse the effectiveness of our site by tracking, for example, the number of visitors to different sections. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Event Attendee Images and Live Streaming

At our events, photographers will be taking images of event speakers and the event will be often be live streamed. Event attendee images may be captured and processed when photographing or filming events. Event photographers and film-makers will focus on event speakers. Event images selected for inclusion on website crop out most event attendees and live streaming cameras are positioned to exclude capturing images of event attendees where possible. Any images of event attendees captured in event photographs and live streaming footage is used on the basis of our legitimate business interest. Event attendees have the right to object to this processing.

Third-party payments

We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process financial transactions or complete mailings).

These third parties have access to your Personal Information only to perform these specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Policy amendments

We keep this Privacy Policy under regular review and reserve the right to update from time-to-time by posting an updated version on our website, not least because of changes in applicable law. We recommend that you check this Privacy Policy occasionally to ensure you remain happy with it. We may also notify you of changes to our privacy policy by email.

Updating information

You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at weronika@brightblue.org.uk.

Contact

We are not required by law to have a “Data Protection Officer” – however we have a Data Protection Manager. Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed.

Bright Blue Campaign’s contact details are:

Bright Blue,
Second Floor,
4 – 8 Ludgate Circus,
London, EC4M 7LF

Tel: 020 3887 1753

Data Protection Manager: Weronika Patyk at weronika@brightblue.org.uk

Sign up here to receive news and bulletins

Contact us