Courage Lab GDPR Policy (updated: 19 May 2020)

Summary:

At Courage Lab, we adhere to the EU’s General Data Protection Regulations (GDPR).

This policy explains how we collect and treat any information you give us. You won’t find any complicated legal terms or long passages of unreadable text. We’ve no desire to trick you into agreeing to something you might later regret.

Our policy covers:

  1. Why we value your privacy

  2. How we collect information

  3. What information we hold

  4. What we use your information for

  5. Who’s responsible for information at Courage Lab

  6. Who has access to information about you

  7. The steps we take to keep your information private

  8. How to get us to change or remove your data

  9. Your rights under GDPR

  10. How to complain

  11. Changes to the policy


1- Why we value your privacy

We value your privacy as much as we do our own, so we’re committed to keeping your personal and business information safe. We’re uncomfortable with the information companies, governments, and other organisations keep on file, so we ask for only the bare minimum from our customers and website visitors.

We’ll never use your personal information for any reason other than why you gave it, and we’ll never give anyone access to it unless we’re forced to by a lawful court order.


2- How we collect information

  • When you contact Courage Lab via our website, we will ask for contact information including your name and email address so that we can reply to your enquiry.

  • We use Google analytics which builds profiles of your internet activity. Here is Google’s GDPR compliance.

  • We collect your email address when you sign up for our newsletters. We use Mailchimp and they have certified they are GDPR compliant.

  • If you go on to be a customer, we will add you to our financial system, Xero. They have committed to GDPR compliance and. their privacy policy is here

  • Gmail is our email system. Here is Google’s GDPR compliance.

  • When we do online workshops, these will be recorded on Zoom. Zoom’s GDPR compliance is here.

  • We store key documents, including mediation agreements and neutral assessment reports, on Google Docs (we use two-factor authentication).

  • All our computers are password protected. We always use a second layer of authentication, where this is available.


3- What information we hold

  • When you contact us we will ask for your name, email address, phone number, and the company you work for.

  • If you sign up for a newsletter, we only collect your email address and name.

  • When you buy something from us, we collect your name, email address, phone number, and a delivery address.

  • If you do business with us, we also collect your business name and bank details and keep records of the invoices we send you and the payments you make.


4- What we use your information for

We use your contact information to send you details of our products and services. When we do, you have the option to unsubscribe from these communications and we won’t send them to you again. We might also email or phone you about our products and services, but if you tell us not to, we won’t get in touch again. We will use your information to send you invoices, statements, or reminders.


5- Who’s responsible for your information at our company

Beccie D’Cunha, our founder, is responsible for the security of your information. You can contact her by email at beccie@couragelab.co or by phone on 07816 274882 if you have any concerns about the information we store.


6- Who has access to information about you

When we store information in our own systems, only the people who need it have access. Our management team has access to everything you’ve provided, but individual employees have access to only what they need to do their job.

We stand against state surveillance. There may however be times when we are compelled by government or other state agencies to disclose information we hold. To date this has never happened.

We will only release your data on production of a lawful court order. In addition, we will, unless the court says we may not, let you know if your data is requested in this way.


7- The steps we take to keep your information private

Where we store your information in online services, we restrict access only to staff who need it.

Where it is offered, we use two-factor authentication for all online services.

Courage Lab’s own computers are all password protected and use external authentication.


8- How to get us to change or remove your data

We want to help. As it is your data, our starting presumption is that we will make the changes you need.

You can unsubscribe from our marketing at any time (at the bottom of every Mailchimp email).

You have a right to see, and correct other data we hold on you. Please just contact beccie@couragelab.co


9- Your rights under GDPR

The right to be informed – You have a right to know about our personal data protection and data processing activities, details of which are contained in the Courage Lab GDPR Policy.

The right of access – You can make what is known as a Subject Access Request (“SAR”) to request information about the personal data we hold about you (free of charge). If you wish to make a SAR please contact beccie@couragelab.co

The right to correction – Please inform us if information we hold about you is incomplete or inaccurate in any way and we will update our records as soon as possible, in any event within 24 working hours. We will take reasonable steps to communicate the change to any third parties to whom we have passed the same information.

The right to be forgotten – Please notify us if you no longer wish us to hold personal data about you (although in practice it is not possible to provide our Service without holding your personal data). Unless we have reasonable grounds to refuse the erasure, on receipt of such a request we will securely delete the personal data in question within 24 working hours. The data may continue to exist in certain backup, but we will take steps to ensure that it will not be accessible.We will communicate the erasure to any third parties to whom we have passed the same information.

The right to restrict processing – You can request that we no longer process your personal data in certain ways, whilst not requiring us to delete the same data.

The right to data portability – You have a right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know a format which suits you). You may also request that we transfer your personal data directly to a third party (where technically possible).

The right to object – Unless we have overriding legitimate grounds for such processing, you may object to us using your personal data if you feel your fundamental rights and freedoms are impacted. You may also object if we use your personal data for direct marketing purposes (including profiling) or for research or statistical purposes.

Right around automated decision making – You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent. At Courage Lab we do not use these sorts of techniques.

Right to withdraw consent – If we are relying on your consent as the basis on which we are processing your personal data, you have the right to withdraw your consent at any time. Even if you have not expressly given your consent to our processing, you also have the right to object (see above).


10- How to complain

We take complaints very seriously. If you’ve any reason to complain about the ways we handle your privacy, please contact beccie@couragelab.co


11- Changes to the policy

If we change the contents of this policy, those changes will become effective the moment we publish them on our website.