‘Personal Data’ is defined in accordance with GDPR.
This document should be read together with the Data Processing Agreement which lays out in further detail the roles and responsibilities of each party. This Data Processing Agreement is signed by more onion and our clients as a part of the Impact Stack contract that all clients must sign to use the Impact Stack platform.
As providers of the technology platform more onion acts as ‘Data Processor’ of all personal data held, in line with GDPR definitions. The client using the platform is the ‘Data Controller’.
What data do we collect?
The nature of the data collected and stored by Impact Stack is determined by clients, but may include:
- Personal identification information (Name, email address, postal address phone number, etc.)
- Information on donations made and other forms completed, including any form field values (amount of donation, motivation, messages to politicians etc)
- No sensitive personal data (as defined by GDPR) may be collected through Impact Stack
- We do not collect or store any credit card information. This type of information is passed directly to payment processors the client has a direct relationship with
- We do collect payment information when clients choose to ask for bank account and sort codes to process direct debits
How do we collect your data?
The data is collected through several methods:
- Encrypted data files transferred to us by the client
- Data files loaded into Impact Stack or a given to us via a secure file sharing folder by the client
- Data inputted into Impact Stack forms directly by supporters
- Data automatically imported from other tools, such as email marketing tools used by the client
How will we use your data?
Data is collected and stored for the sole purposes of clients. For further details on how this data will be processed by clients, please consult clients’ own Privacy Policies.
Personal Data will be processed to the extent necessary to provide the Impact Stack platform in accordance with both the contractual agreement and the client’s instructions (as Data Controller). We process Personal Data only on behalf of the Controller. Processing operations include, but are not limited to:
- sending emails to campaign targets as designed by clients
- sending data to third party services such as email broadcast tools and CRMs through integrations and webhooks
- processing donations, storing form completion data. This operation relates to all aspects of Personal Data processed
- Analysing the data on behalf of the client
How do we store your data?
Your information may be stored in a number of locations, including:
- In databases and log files on our webservers
- Our secure file transfer service, NextCloud
- On local computers for the purpose of data processing
Our data centres (applicable to 1. and 2.) are based in Germany and we never move personal data outside of the EU.
We will never use supporter data held in Impact Stack for marketing purposes.
What are your data protection rights?
Supporters are entitled to the following:
The right to access – You have the right to request that More Onion Ltd or More Onion GmbH provides copies of personal data held about you. We have the right to charge a reasonable fee for the administrative costs of such requests if they are manifestly unfounded or excessive; or if an individual requests further copies of their data following a request.
The right to rectification – You have the right to request that we correct any information that you believe to be inaccurate. You also have the right to ask us to complete information that you believe to be incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
Supporters should exercise these rights by directly contacting the client, ie Data Controller, who will in turn instruct us as Data Processor to action this request.
What are cookies?
Cookies are placed on your computer to collect standard Internal log information and visitor behaviour information. When you visit our websites (including more-onion.com and www.mpact-stack.org), we may collect information from you automatically through cookies or similar technology.
For further information, visit https://www.allaboutcookies.org/
- Understanding how you use our website
- To improve your experience of the website
- To allow our clients to further tailor communications with you
What types of cookies do we use?
How to manage your cookies
You can set your browser to not accept cookies, and the above website will tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Privacy policies of other websites
This policy will be reviewed and updated from time to time. This policy was last updated 9th August 2019.
How to contact us
You can contact us at email@example.com if you have any questions or would like to exercise one of your data protection rights.
How to contact the appropriate authorities
Should you wish to make a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.