Privacy Policy

Introduction

This Privacy Notice governs the collection and use of personal information by WeSpeak Charitable Trust (WeSpeak) and our affiliates, partners, or other third-party service providers. References to “our”, “our organisation”, “us”, or “we” within this Privacy Notice are to WeSpeak.

WeSpeak is committed to protecting your privacy and ensuring appropriate security for your personal information. This Privacy Notice explains the types of personal information we collect; how we use that information; who we share it with; how we protect that information; and your legal rights.

This Privacy Notice is designed to support individuals protected under Bermuda’s Personal Information Protection Act (PIPA) and the European and United Kingdom’s General Data Protection Regulation (GDPR) as we collect information about our customers, board members, and coaches located in Bermuda or Europe. Read this Privacy Notice together with any other policy we may provide you on specific occasions when collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other such notices and is not, save where expressly provided to the contrary, intended to override them.

For the purpose of applicable data protection laws, the data controller is WeSpeak of P.O. Box HM 2798, Hamilton, Bermuda HM LX, Bermuda registered charity number 1017. This means that we are responsible for determining how and why your personal data is processed. 

Contents

How we collect information                                                                                                   

How we use personal information

Who we share personal information with 

Where we store your personal information

How long we keep your personal information for

Your Choices & Rights 

Changes to this Privacy notice

Contact us

How we collect information

Information covered by this Privacy notice

This Privacy Notice explains how we collect and process personal information via our website and the WeSpeak Connect platform.  In this Notice, “personal data” or “personal information” means information that (either in isolation or in combination with other information) enables you to be identified as an individual or recognized directly or indirectly. This may include, but is not limited to:

• your name;

• your age

• your postal or physical address;

• your email address;

• your phone number;

• your geographical location;

• your race or ethnicity;

• your gender;

• your nationality;

• your education and employment information;

• details of the preferences you express to us;

• your comments and questions; or

• technical information from the devices you use to access our website.

Information you provide to us

We may collect personal information from you when you

• access our website;

• contact us;

• communicate with us;

• make a donation online;

• purchase a product from us;

• register for services from us on our website; or

• provide information to us, including:

  • information relating to your online browsing activities on the WeSpeak website;

  • your communication preferences;

  • diversity and experience data (including religion, ethnicity, the experience of the criminal justice system, and experience of domestic abuse);

  • any other personal data contained within correspondence and communications between you and WeSpeak.[1] [2] 

In some cases, you may provide personal information to us about another person.  In such cases, it is your responsibility to ensure that you have the authorization of such individual before you disclose such information.

Providing your personal data may be necessary for the purposes of entering into a contract with us or may otherwise be voluntary. If you do not wish to provide your personal data to us, we may not be able to:

(a) provide the product or service you request;

(b) respond to your queries; or

(c) provide you with updates about our organization.

Third-party sources and publicly available sources

We also work closely with third parties (such as fundraising sites and event organizers), who may provide us with information that we may combine with the information you have provided to us.  We process all personal data we obtain from such other sources in accordance with this Privacy Notice.

Using our website and other information collected automatically

When you visit our website, we may use cookies and other technologies to automatically collect the following information:

• Technical information, including your IP address, browser type, and version, device identifier, location (country) and time zone setting, browser plug-in types and versions, operating system and platform, page response times and download errors;

• information about your visit, including the websites you visit before and after our website; and

• length of visit to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), and methods used to browse away from the page.

To learn more about how we use cookies and how to control which cookies are used, please see our Cookie Notice.

How we use personal information

We will only use your personal data to the extent the law allows us to. We will use your personal data in the following circumstances:

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

• Where we need to perform a contract we are about to enter into or have entered into with you;

• Where we need to comply with a legal obligation; or

• On the basis of your consent.

We use the personal information we collect from and about you for several reasons and based on one or more legal justifications specified below:

Relationship Management

Purpose: To manage our relationship with you, including but not limited to:

• responding to your comments, queries, and other correspondence;

• coach-matching activities;

• processing donations or other payments;

• providing you with services you have requested via our website;

• registering you for marketing, events, or promotions;

• metrics or reporting (KPIs or performance); or

• providing you with products purchased from us.

Information: We will require certain personal information, and any additional personal data provided by you via email or phone to manage our relationship with you. Where you make an online payment, your card information is not held by us, it is collected by our third-party payment processors, who specialize in the secure online capture and processing of credit/debit card transactions.

Justification:

• Necessary for our legitimate interests (e.g. to operate our business effectively and respond to your queries).

• Performance of a contract, where we have a contract with you or are about to enter into a contract with you.

Eligibility

Purpose: To assess your eligibility for our products or services and/or to tailor or refine our product or service offering.

Information We require and will analyse certain personal information in order to assess your eligibility for our products or services.

Justification:

• Necessary for our legitimate interests (e.g. to tailor our offering and/or ensure that the correct individuals are receiving our products and services).

Accessibility

Purpose: To monitor the accessibility of our products or services.

Information: We collect and will process certain personal information to monitor the accessibility of our services.

Justification:

• Necessary for our legitimate interests (e.g. to monitor the success of our business).

Monitor Success

Purpose: To monitor the success of our services.

Information: We collect certain information such as self-assessments (e.g. self-assessment of confidence) in order to measure the impact that our service has had. 

Justification: Necessary for our legitimate interests (e.g. to monitor the success of our business).

Service Quality

Purpose: To monitor the quality of our services.  

Information: We administer surveys, collect recordings and notes of coaching sessions, etc. in order to monitor the quality of our services.  

Justification: Necessary for our legitimate interests (e.g. to monitor the quality of our services and to resolve any safeguarding issues).

Internal Records

Purpose: To maintain our internal records.

Information: We will keep records of your personal information in order to administer our business.

Justification:

●      Necessary for our legitimate interests (to administer our business).

●      Compliance with our legal obligations, where we are required to retain the information by law.

Website Security & Management

Purpose: To keep our website and WeSpeak Connect platform safe and secure

Information: We may need to process your personal information in order to keep our website safe and secure and protect against illegal or fraudulent activity, such as cyberattacks.

Justification:

• Necessary for our legitimate interests (e.g. to detect and prevent fraud, other crimes, and the misuse of our website and WeSpeak Connect platform).

• Compliance with our legal obligations.

Auditing Purposes

Purpose: To collect and analyse information on your recent visits to our website and how you move around different sections of our website.

Information: as listed above

Justification: Necessary for our legitimate interests (e.g. to review the performance of our website in order to improve its functionality).

Stay Current

Purpose: To keep an up-to-date suppression list where you have asked not to be contacted, in order for us to not inadvertently re-contact you.

Information: We understand that you may prefer for us not to contact you with details of our products, services, or promotions.  We keep records of your preferences to ensure that we do not contact you if you have asked us not to.  We may need to process certain of your personal information (such as your name and email address) in order to do this.

Justification: Necessary for our legitimate interests (e.g. to maintain an up-to-date suppression list and ensure that we do not contact you where you have asked us not to).

Updating You

Purpose: To provide you with updates about our organisation where this has been requested by you.

Information: When you sign up to receive our newsletter, we will use your name and contact information to send you our newsletter.

Justification: Processing based on the consent of the individual.

PR & Marketing

Purpose: To capture images to use in marketing materials.

Information: We may ask your consent to take photographs and capture videos of your involvement in our organisation in order to demonstrate the different ways that women get involved with us. 

Justification: Processing based on the consent of the individual.

Who we share personal information with

Your personal information is intended for us and may be shared with third parties in certain circumstances.

Our website may, from time to time, contain links to and from the websites of our partners, affiliates or other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we have no control over how they may collect or use your personal information. You should check the privacy notices of third-party websites before you submit any personal information to them.

We may share your personal information with the following third-party organizations:

Our service providers.

We use other firms, companies, or contractors (“Service Providers”) to perform services on our behalf.  We may share personal information with the following categories of Service Provider:

• Website management;

• Infrastructure and IT services;

• Cloud service providers;

• Insurance companies;

• Corporate service providers;

• Legal advisors;

• Auditors;

• Event support;

• Project managers;

• Payment service providers; and

• Accountants.

Specific service providers include but are not limited to:

• Appleby Global Services (Bermuda) Limited (http://www.applebyglobal.com/privacy-policy)

• Walkers (https://www.walkersglobal.com/images/Policies/Privacy-Statement.pdf)

• The Whitfield Group (http://www.whitfield.bm/privacy-policy/)

• Chronus (https://chronus.com/privacy-policy)

• Cvent (https://www.cvent.com/en/privacy-policy)

• The TLC Group of Companies (https://www.thetlcgroup.pro/privacy%20policy/)

• Impact ID - Online Education Content

In the course of providing such services, these Service Providers may have access to your personal information.  However, we will only provide our Service Providers with the information that is necessary for the services that we engage them to perform, and we ask them not to use your information for any other purpose.  We will always use our best efforts to ensure that all the Service Providers we work with will keep your personal information secure.

Third parties permitted by law.

In certain circumstances, we may be required to disclose or share your personal information in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, regulators, government agencies, or to judicial or administrative authorities).  We may also disclose your personal information to third parties where disclosure is necessary for our legitimate interests of protecting or defending our legal rights.

Third parties connected with business transfers.

We may transfer your personal information to third parties in connection with a reorganisation, restructuring, amalgamation, merger, acquisition, business combination, or transfer of assets.  In the event of such a transaction, we will ask the receiving party to treat your personal information in a manner consistent with this Privacy Notice.

International Transfers

We may transfer your personal information to third parties outside of Bermuda for its use on our behalf or for the third party’s own business purposes. We will only transfer your personal information outside of Bermuda to the extent permitted by applicable law and where we either:

a)  Reasonably believe that the level of protection afforded to your personal information by the third party outside of Bermuda and the law applicable in such overseas jurisdiction is comparable to the level of protection required by PIPA; or

b) Employ contractual mechanisms and other means to ensure that the third party provides comparable levels of protection as PIPA.

We may also transfer your personal information outside of Bermuda without complying with the above paragraph if either (a) the transfer is necessary for the establishment, exercise, or defense of legal rights; or (b) we have assessed all the circumstances surrounding the transfer and reasonably consider that the transfer is (i) small scale, (ii) occasional, and (iii) unlikely to prejudice your rights.

Regardless of how or when we transfer your information outside of Bermuda, we remain responsible for compliance with PIPA in relation to your personal information.

Where we store your personal information

The personal information that we collect from you may be transferred to and stored at a destination outside Bermuda.  It may also be processed by staff operating outside of Bermuda and who work for us in Bermuda or for one of our Service Providers.

If we send your information to a country that is not in Bermuda, we will take all steps reasonably necessary to ensure that your personal information is protected in accordance with applicable data protection laws, including, where required, entering into Bermuda standard contractual clauses (or equivalent measures) with the party outside Bermuda (as applicable) receiving the personal information.

How long we keep your personal information for

We will only retain your personal data for as long as it is reasonably necessary for the purpose for which that data was collected and to the extent permitted by applicable laws (including for the purpose of satisfying any legal, regulatory, tax, accounting, or reporting requirements).  We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. When we no longer need to use your information, we will remove it from our systems and records and/or take steps to promptly anonymize it so that you can no longer be identified from it. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

Security

We have implemented technical and organizational security measures in an effort to safeguard personal information in our control, including but not limited to,  limiting access to personal information only to employees and authorized Service Providers who need to know such information for the purposes described in this Privacy Notice, as well as other technical, administrative and physical safeguards.

While we endeavor to always protect our systems, sites, operations, and information against unauthorised access, use, modification, and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.

Your Choices & Rights

Your choices and privacy rights (if you are in Bermuda)

If you are in Bermuda, you have rights in relation to the processing of your personal information, each of which is explained below.

Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. Under Bermuda’s PIPA, on receipt of your request for access in writing, we will aim to respond as soon as possible (or within 45 days). If we require additional time to respond, we will advise you of

• the reason for delay; and

• when you can expect a response from us.

Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.

Erasure. You have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.

Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise, or defense of a legal claim. 

If the processing is based on marketing, public relations, or advertising purposes, your objection will be acknowledged and we will immediately halt any further processing of your personal information for that purpose.

Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. 

Your choices and privacy rights (if you are in the EEA or UK)

If you are in the EEA or UK, you have various rights in connection with our processing of your personal information, each of which is explained below.

Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.

Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.

Deletion. You have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

Restriction. You have the right to restrict our processing of your personal information where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it. In such case, we would mark stored personal information with the aim of limiting particular processing for particular purposes in accordance with your request or otherwise restrict its processing.

Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you and (c) the data is processed by automated means.  Additionally, you have the right to require us to transmit

such personal data directly to another controller, where technically feasible. This right is not applicable if it adversely affects the rights and freedoms of others.

Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.

Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge.  This includes where you wish to opt-out from marketing messages.

You can make a request to exercise any of these rights in relation to your personal information by sending the request by mail to WeSpeak, P.O. Box HM 2798, Hamilton, Bermuda HM LX or email to hello@wespeak.bm. Please note that we may require you to prove your identity before providing the requested information. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request or otherwise to expedite our response.

You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with our data protection obligations. If you are based in, or the issue relates to, Bermuda, the Privacy Commissioner’s Office can be contacted as follows:

Telephone: +1 (441) 543-7748
Email: PrivCom@privacy.bm
Website: Privacy.bm
Address: Maxwell Roberts Building, 4th Floor, 1 Church Street, Hamilton, HM11 Bermuda

Note that the rights outlined above only extend to personal information.

Changes to this Privacy notice

This Privacy Notice is written in English and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this notice, the English version shall prevail.

We reserve the right to change our Privacy Notice from time to time.  If we decide to change our Privacy Notice we will notify you by adding a notification to the home page of our website.

Contact us

If you have any questions about this Privacy Notice or about the privacy policies and practices of our service providers, please contact us at hello@wespeak.bm, or at WeSpeak, P.O. Box HM 2798, Hamilton, Bermuda HM LX.