COVID ACTION (formerly known as ZERO COVID) Privacy Policy
Last updated 21 December 2022
Thank you for supporting COVID ACTION (formerly known as ZERO COVID) (“we”, “us” , or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at info@covidaction.uk.
In this privacy policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us. If there are any terms in this privacy policy that you do not agree with, please discontinue use of our site and our services.
This privacy policy applies to all information collected through our websites (covidaction.uk, zerocovid.uk), and/or through any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “services” ).
What information do we collect?
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when expressing an interest in obtaining information about us or our activities, when participating in activities on the Services or otherwise contacting us.
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use.
The personal information we collect can include the following:
Personal Information Provided by You
We collect:
- first name and last name
- email address
- phone numbers
- postcode
- video recordings of public events
You may also choose to provide the following information:
- the region in which you live (so we can inform you about local activities)
- trade union (so we can inform you about activities by other members of that union)
- other campaigns or organisations you are involved in or a member of (so that we can liaise with them and inform you about other activities by their members)
- professional skills when this is relevant to our activities (for example, if you have medical expertise)
- campaigning skills
How do we use your information?
In Short: We process your information based on your consent, compliance with our legal obligations, and/or for purposes based on our legitimate interests.
We use personal information collected through our website and our Services for a variety of campaigning purposes described below. We process your information based on your consent, compliance with our legal obligations, and/or for purposes based on our legitimate interests. We indicate the specific processing grounds we rely on next to each purpose listed below.
We collect your information for the following purposes:
- To send campaign information to you: We may use your personal information to send you information about our campaign, campaign activities and related news and policy matters.
- To promote the campaign: we may publish video recordings of public events that include you.
- To send administrative information to you: We may use your personal information to send you information about changes to working practices.
- To protect our Services: We may use your information as part of our efforts to keep our Services safe and secure (for example, for fraud monitoring or member safety).
- To enforce our policies for campaign purposes.
- To respond to legal requests and prevent harm: If we receive a legal request, we may need to inspect the data we hold to determine how to respond.
- To respond to user inquiries/offer support to users: We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.
Will your information be shared with anyone?
In Short: We only share information with your consent, to comply with laws, to provide you with services, or to protect your rights.
We may process or share data based on the following legal basis:
- Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate campaign interests.
- Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
- Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.
- Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.
More specifically, we may need to process your data or share your personal information in the following situations:
- Vendors, Consultants and Other Third-Party Service Providers: We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include email delivery, hosting services and marketing efforts. We never sell, rent or trade any of your information with third parties. Unless described in this Policy, we do not share any of your information with third parties for their promotional purposes. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
- Internally within Covid Action, access to your personal information is restricted to those with a legitimate need to access it for our purposes. They are required to comply with this policy.
Who will your information be shared with?
In Short: We only share information with the following third parties.
We only share and disclose your information with the following third parties. We have categorised each party so that you may easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to revoke your consent, please contact us.
We share your data with the following third parties:
- Google Drive stores documents related to our activities which may include data about individuals. Google’s Terms of Service can be found at https://policies.google.com/terms and additional terms relating to Google Drive can be found at https://www.google.com/drive/terms-of-service/.
- Eventbrite stores your email address and name. This allows us to manage attendance at events. Eventbrite’s privacy policy can be found here: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB
- Action Network stores your email address and name. If you choose to provide this data, it may also store your region, campaign membership/involvement, trade union membership, professional skills and/or campaigning skills. This allows us to email you with relevant campaign related news and announcements. Action Network’s privacy policy can be found here: https://actionnetwork.org/privacy
- Zoom stores your email address and your name if you choose to provide this data when registering for the campaign’s Zoom meetings. Zoom’s privacy and security policies can be found here https://explore.zoom.us/trust
- We use social media platforms including YouTube, Facebook, Instagram and Twitter to share video clips from public events.
How long do we keep your information?
In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this policy will require us keeping your personal information for longer than 5 years without your renewed consent.
When we have no ongoing legitimate need to process your personal information, we will delete it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
How do we keep your information safe?
In Short: We aim to protect your personal information through a system of organisational and technical security measures.
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the services within a secure environment.
What are your privacy rights?
In Short: You have rights that allow you access to and control over your personal information. You may request to review, change, or delete your information at any time.
In the UK, you have certain rights under applicable data protection laws. These may include the right
- to request access and obtain a copy of your personal information
- to request rectification or erasure
- to restrict the processing of your personal information; and
- if applicable, to data portability.
In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please email info@covidaction.uk. We will consider and act upon any request in accordance with applicable data protection laws. If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
If you are resident in the United Kingdom and you believe we are unlawfully processing your personal information, also have the right to complain to the Information Commissioner’s Office. You can find information about making a complaint at https://ico.org.uk/make-a-complaint/.
What happens if there is a privacy breach?
In Short: We will inform you of any breach of your information.
A privacy breach occurs when there is unauthorised access to or collection, use, disclosure or disposal of personal information. You will be notified about data breaches when COVID ACTION believes you are likely to be at risk or serious harm. For example, a data breach may be likely to result in financial harm or harm to your mental or physical well-being.
In the event that COVID ACTION becomes aware of a security breach which has resulted or may result in unauthorised access, use or disclosure of personal information COVID ACTION will promptly investigate the matter and notify you not later than 72 hours after having become aware of it.
How can you contact us about this policy?
If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO) by email at info@covidaction.uk.
How can you review, update, or delete the data we have collected from you?
To request to review, update, or delete your personal information, please email us at info@covidaction.uk. We will respond to your request within 30 days.