INTRODUCTION   

Stemettes (that’s us) respects your privacy. This privacy policy will tell you how we look after your personal data and tell you about how the law can help protect your privacy.  

  1. IMPORTANT INFORMATION AND WHO WE ARE   

PURPOSE OF THIS PRIVACY POLICY   

 This policy applies to all members of Stemettes, their parents/guardians, any of our volunteers or anyone else who uses our website or interacts with us (collectively referred to in this policy as “individuals”).  

This privacy policy gives you information about how we process your personal data, including any data collected by us on this website and any data we collect through the Stemette Supporters list, the OtotheB app or the Stemette Society.  

In this policy, the word “processing” means anything that happens to, or that we do to or with, your personal data. This includes collecting, using, storing, adapting and sharing your personal data.  

 It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why we are using your personal data.  

WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA? 

We are the controller and this means that we are responsible for your personal data.  

CONTACT DETAILS   

 If you have any questions about this privacy policy or our privacy practices, you may contact us in the following ways: 

 Full name of legal entity: Stemettes 

Email address: team@stemettes.org  

Address: Studio 409, Pelican House, 144 Cambridge Heath Road, London, E1 5QJ 

 You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, like the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance using the details in this section. 

2. THE DATA WE COLLECT ABOUT YOU   

Personal data, or personal information, means any information which identifies you or any information that can be used to identify you. It does not include data where your identity has been removed (anonymous data). 

We may collect, use, store and transfer different kinds of your personal data. We organise the personal data that we collect about you into the following groups:  

  • Identity Data includes your name, title, date of birth, gender and photos that identify you. 
  • Contact Data includes your billing address, delivery address, email address and telephone numbers. 
  • Financial Data includes your bank account and payment card details. 
  • Transaction Data includes details about payments to and from you. 
  • Technical Data includes your IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.  
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. 
  • Usage Data includes information about how you use our website, products and services. 
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your preferred way of being contacted.  

We also process Aggregated Data; this is data about many different users that we gather and combine to perform statistical analysis of, for example, the percentage of users accessing certain parts of our website. Aggregated Data could be derived from your personal data, but is not considered personal data in law as it will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data, and will only use it in accordance with this privacy policy.  

We also process Special Categories of Personal Data; this is data about your racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, trade union membership, physical or mental health or condition, sex life and sexual orientation or genetic and biometric data. We will only process this type of data with your explicit consent.  

We do not process personal data relating to criminal offences or convictions.  

IF YOU FAIL TO PROVIDE PERSONAL DATA   

If you fail to provide personal data when we need it, you may not be able to take part in our events or subscribe to our publications. If this is the case, we will let you know at the time.

KEEPING YOUR PERSONAL DATA ACCURATE AND CURRENT 

  It is important that the personal data we hold about you is accurate and current. Please contact us at team@stemettes.org if your personal data changes during your relationship with us.  

3. HOW WE COLLECT YOUR PERSONAL DATA 

We use different methods to collect data from and about you including through: 

  • Direct interactions. You may give us your Identity or Contact Data by filling in forms or by communicating with us by post, phone, email or any other method. This includes personal data you provide when you: 
    • apply for or use any of our services; 
    • attend any of our events; 
    • subscribe to our materials; 
    • complete our surveys that will be used for our impact reporting or publications;  
    • request marketing to be sent to you;  
    • give us feedback; or  
    • contact us. 
  • Automated technologies or interactions. When you use our website, we will automatically collect Technical Data about your equipment, browsing actions (for example mouse movements and clicks) and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see the section on cookies below for more information.  
  • Third parties or publicly available sources. We will receive personal data about you from various third parties, including: 
    • Identity and Contact Data from schools, colleges, universities and other educational institutions. 
    • Identity and Contact Data from our sponsors and other professional partners. 
    • Identity, Contact, Profile, Technical and Marketing and Communications Data from providers of event organisation services, IT administration services, data analytics services, advertising networks and search information providers. 
    • Contact, Financial and Transaction Data from providers of technical services. 

4.  HOW WE USE YOUR PERSONAL DATA   

We will only process your personal data when the law allows us to. Most commonly, we will process your personal data in the following circumstances: 

  • where we need to use your personal data to perform a contract we are about to enter into or have entered into with you; 
  • where it is necessary for our legitimate interests; this is where we process your personal data to support our activities and help us grow and our interests are not overridden by the impact that our use of your personal data will have on you;  
  • where we need to use your personal data to comply with the law; or
  • where you have given your explicit consent to allow us to use your personal data, which you may withdraw at any time.  

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA   

 In the table below we have set out a description of all the ways we plan to use your personal data and which lawful basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.  

You should know that we may process your personal data for more than one of these reasons, depending on what we are using your personal data for. Please contact us at team@stemettes.org if you need more details about which lawful basis we are relying on to process your personal data, where more than one reason has been set out in the table below. 

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest 
To register an individual with Stemettes(a) Identity 
(b) Contact 
Necessary for our legitimate interests (to facilitate our activities, to collect impact measurements that help improve our services and to help Stemettes grow as an organisation) 
To manage our relationship with you which will include: 
(a) Notifying you about changes to our terms or privacy policy 
(b) Asking you to provide personal data to keep our records up to date 
(a) Identity 
(b) Contact 
(c) Profile 
(d) Marketing and Communications 
(a) Performance of a contract with you 
(b) Necessary to comply with a legal obligation 
(c) Necessary for our legitimate interests (to keep our records updated and to help Stemettes grow as an organisation) 
 
To develop our activities and publications, such as our Zine (a) Identity 
(b) Contact 
(c) Marketing and Communications
(d) Special Categories of Personal Data 
(a) Necessary for our legitimate interests (to facilitate our activities and to help Stemettes grow as an organisation) 
(b) Your explicit consent, where required under law 
 
To administer and protect our business, this website and our applications (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity 
(b) Contact 
(c) Technical 
 
(a) Necessary for our legitimate interests (for running our business, the provision of administration and IT services, network security and to prevent fraud) 
(b) Necessary to comply with a legal obligation 
 
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the content we serve to you (a) Identity 
(b) Contact 
(c) Usage 
(d) Marketing and Communications
(e) Technical 
(a) Necessary for our legitimate interests (to help us understand our members and other individuals, to keep our website updated and relevant, to help develop Stemettes and to inform our marketing strategy) 
(b) Your explicit consent, where required under law 
To use data analytics to improve our website, products/services, marketing, and experiences (a) Technical 
(b) Usage 
(a) Necessary for our legitimate interests (to help us understand our members and other individuals, to keep our website updated and relevant, to help develop Stemettes and to inform our marketing strategy) 
(b) Your explicit consent, where required under law 
To make recommendations to you about how you could get involved with Stemettes (e.g., via our alumni network) (a) Identity 
(b) Contact 
(c) Technical 
(d) Usage 
(e) Marketing and Communications 
Your explicit consent 

MARKETING   

We will try to provide you with choices when we use your personal data for marketing.   

PROMOTIONAL OFFERS FROM US   

 We may use your Identity, Contact, Technical and Usage Data to form a view on what activities or events we think may be of interest to you. 

 You will receive marketing communications from us if you have requested information from us or purchased goods from us and you have not opted out of receiving that marketing. 

OPTING OUT   

  You can ask us to stop sending you marketing messages at any time by contacting us at team@stemettes.org. 

  CHANGE OF PURPOSE   

 We will only use your personal data for the reasons that we collected it. However, we may use it for another reason, if that other reason aligns with the original purpose. You can contact us at team@stemettes.org at any time if you would like an explanation about how the processing for the new reason aligns with the original reason. 

 If we need to use your personal data for an unrelated reason, we will tell you that we are doing this and explain the legal reasons that allows us to do so. 

 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

5.     WHEN WE SHARE YOUR PERSONAL DATA 

THIRD PARTIES  

We may share your personal data with third parties for the purposes set out in the table above. 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for certain reasons which we agree with. The types of third parties that we share your personal data with include:  

  • service providers, acting as processors who provide event organisation services, IT administration services, data analytics services, advertising services or search information services; 
  • professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services; 
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based who require reporting of processing activities in certain circumstances; 
  • schools, colleges, universities and other educational institutions to facilitate our activities and events; and 
  • third parties who may buy parts of our business or assets, or businesses we may choose to buy. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy. 

THIRD-PARTY LINKS   

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or using those plug-ins or apps may let third parties collect or share data about you. This means that someone other than Stemettes may be able to access data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit. 

6.      WHEN WE SEND YOUR PERSONAL DATA ABROAD   

We may transfer or store your personal data outside the European Economic Area (EEA). If we do transfer your personal data outside the EEA, we will make sure that it is protected in a similar way to how it would be inside the EEA by: 

  • Transferring your personal data to countries that the EU says provide an adequate level of protection for personal data. You can see a list of these countries on the ICO’s website
  • implementing specific contracts that have been approved by the EU (also known as “Standard Contractual Clauses”) which allow your personal data to be protected in the same way it would be in Europe; or 
  • by transferring your personal data to organisations in the USA who are part of the Privacy Shield program.  

Please contact us at team@stemettes.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. 

7.     KEEPING YOUR PERSONAL DATA SAFE 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, revealed, used or accessed in an unauthorised way. In addition, we only give access to your personal data to employees, agents, contractors and other third parties who need to see your personal data. They will only process your personal data under our instructions, and they must keep your personal data confidential. 

We have put in place procedures to deal with any suspected personal data breach and will let you know about any breach that happens. We will also tell any applicable regulators of the breach where we are legally required to do so.  

 8.    HOW LONG WILL YOU USE MY PERSONAL DATA FOR?   

We will only keep your personal data for as long as we need it to fulfil the purposes set out in the table above. If we no longer need your personal data for these reasons, we will either: 

  • anonymise your personal data (so that it can no longer be associated with you) and process it for research or statistical purposes; or 
  • delete your personal data.  

In some circumstances, you can ask us to delete your personal data, please below for more information.  

9.     YOUR DATA RIGHTS   

Under certain circumstances, you have certain rights under data protection laws in relation to your personal data, which are set out below. Please contact us at team@stemettes.org if you need any more information about whether they apply or if you wish to request to exercise these rights. 

  • Request access to your personal data (also known as a “data subject access request”). This means that you can have a copy of all of the personal data that we hold about you. You can find out more about this right from the ICO by clicking here
  • Request correction of the personal data that we hold about you. This gives you the option of having any incomplete or inaccurate data that we hold about you corrected. We may, however, need to verify the accuracy of the new data you provide to us. You can find out more about this right from the ICO clicking here
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below); where we may have processed your information unlawfully; or where we are required to erase your personal data to comply with the law. However, we may not always be able to comply with your request of erasure for specific legal reasons, which we will we tell you about at the time. You can find out more about this right from the ICO by clicking here. 
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel that our processing your personal data affects fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may have compelling legitimate grounds to process your information which overrides your right to object to processing. You can find out more about this right from the ICO by clicking here. 
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain circumstances. You can find out more about this right from the ICO by clicking here. 
  • Request the transfer of your personal data to you or to a third party. Upon your request, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided your consent for us to use or where we used the information to perform a contract with you. You can find out more about this right from the ICO by clicking here. 
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness or any processing carried out before you withdraw your consent. If you withdraw your consent, you may not be able to take part in our activities or receive our materials. We will tell you if this is the case at the time you withdraw your consent.  

NO FEE USUALLY REQUIRED   

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. 

WHAT WE MAY NEED FROM YOU   

 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who does not have a right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

TIME LIMIT TO RESPOND   

 We try to respond to all valid requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will let you know and keep you updated. 

10.    COOKIES  AND SIMILAR TECHNOLOGIES 

WHAT ARE COOKIES AND SIMILAR TECHNOLOGIES? 

Cookies are a standard feature of websites that allow us to store small amounts of data on your computer about your visit to our website. Cookies help us learn which areas of our website are useful and which areas need improvement.  

You can choose whether to accept the use of cookies and similar technologies in general by changing the settings on your browser, or by submitting your preferences on the cookie banner on our website. However, if you disable cookies and similar technologies, your experience on our website may be diminished and some features may not work as intended. 

WHAT COOKIES AND SIMILAR TECHNOLOGIES DO WE USE? 

Below we list the different types of cookies and similar technologies that are used on our website.  

  • Essential Cookies enable you to navigate our website and to use its services and features. Without these absolutely necessary cookies, our website will not perform as smoothly for you as we would like it to and we may not be able to provide our website or certain services or features. 
  • Preference Cookies collect information about your choices and preferences, and allow us to remember language or other local settings and customise our website accordingly.   
  • Analytics Cookies collect information about your use of our website and enable us to improve the way it works. For example, Analytics Cookies show us which are the most frequently visited pages on our website, help us record any difficulties you have with our website, and show us whether our advertising is effective or not. This allows us to see the overall patterns of usage on our website, rather than the usage of a single person. We use the information to analyse website traffic, but we do not examine this information for individually identifying information. 
  • Advertising Cookies are set to display targeted promotions or advertisements based upon your interests on our website or to manage our advertising. These cookies collect information about your activities on our website and other sites to provide you with targeted advertising.  

We also use Google Analytics, which uses cookies and similar technologies to collect and analyse information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources.  You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.  

Cookie name Type of cookie Description of purpose Persistent or session cookie?  When do persistent cookies expire? First party (set by the site being visited) or third party (across different sites)?   
local_storage_support_test HTML, Essential  Local storage function on the website, which allows web to load faster. Persistent  Twitter  
PYPF HTTP, Essential PayPal login function on the website. 27 days  PayPal objects  
lang HTTP, Preference Remembers user language version of the website. Session CDN Syndication (Twitter as provider) 
_ga HTTP, Analytics Registers unique ID and creates statistics on how user engages with the website. 2 years Stemettes  
_gat HTTP, Analytics Google Analytics. 1 day Stemettes  
_gid HTTP, Analytics Registers unique ID and creates statistics on how user engages with the website. 1 day Stemettes  
collect HTTP, Analytics Sends data to Google Analytics.  Session Google Analytics 
_widgetsettings HTML, Advertising Unclassified. Persistent  Twitter  
01A1 HTTP, Advertising  Collects technical information about the user’s browser, IP address, operating system and screen resolution. 1 year Abmr.net 
GPS HTTP, Advertising Registers unique ID on mobiles to enable GPS tracking. 1 day YouTube  
i/jot Pixel, Advertising Registers unique ID for the visitor.  Twitter  
i/jot/syndication  Pixel. Advertising Unclassified. Session Twitter  
IDE HTTP, Advertising  Registers and reports user actions after viewing advert.  1 year  Stemettes  
r/collect Pixel, Advertising Send data to Google Analytics about visitor’s device and behaviour. It tracks the victors across devices and marketing channels.  Session Doubleclick.net via Google Analytics 
test_cookie HTTP, Advertising  Checks if user’s browser supports cookies. 1 day Doubleclick.net 
VISITOR_INFO1_LIVE HTTP, Advertising Estimates user bandwidth on pages with integrated YouTube videos. 179 days YouTube  
YSC HTTP, Advertising Registers unique ID to keep statistics of what YouTube videos the user has seen. Session YouTube  
yt-remote-cast-installed HTTP, Advertising Stores user’s video player preferences using embedded YouTube video. 179 days  YouTube  
yt-connected-devices HTML, Advertising Stores user’s video player preferences using embedded YouTube video. Persistent YouTube  
yt-remote-device-id HTML, Advertising Stores user’s video player preferences using embedded YouTube video. Persistent YouTube  
yt-remote-fate-check-period HTML, Advertising Stores user’s video player preferences using embedded YouTube video. Session YouTube  
yt-remote-session-app HTML, Advertising Stores user’s video player preferences using embedded YouTube video. Session YouTube  
yt-remote-session-name HTML, Advertising Stores user’s video player preferences using embedded YouTube video. Session YouTube 
_iub_cs-90757315 HTTP, Unclassified Unclassified.  1 year Stemettes 

HOW DO I MANAGE COOKIES AND SIMILAR TECHNOLOGIES?  

You can change your settings for cookies and similar technologies by using the cookie banner on our website.  

In addition, you can refuse or accept cookies from our website at any time by activating the settings on your browser. Information about the procedure to follow in order to enable or disable cookies can be found on your Internet browser provider’s website via your help screen. Please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on commonly used browsers. Please be aware that if cookies are disabled, not all features of our website may operate as intended. 

You can delete cookies that have already been placed on your device by following these instructions: 

To find information relating to other browsers, visit the browser developer’s website. Please be aware that if cookies are disabled, not all features of our website may operate as intended. Please contact us at team@stemettes.org if you have any questions or concerns. 

If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three programs that clean out tracking cookies: 

This policy was last updated on [24/01/2020].