The Good Future Foundation Privacy Policy

Last Updated: 11 April 2024

  1. 1. Introduction

    1. This is the privacy policy (the “Policy”) for The Good Future Foundation, a non-profit based in England & Wales ( also referred to as the “TGFF”, “us” or “we” throughout this Policy). Any reference to “The Good Future Foundation”, “TGFF” “we” or “us” is a reference to the non-profit (“Non-Profit”). This Policy provides details of the ways in which we process personal data when using our website, and any sub-sites where this notice appears in line with our obligations under data protection law including the General Data Protection Regulation (No 2016/679) (“GDPR”) and the UK’s implementation of the GDPR, the Data Protection Act 2018 (“DPA”), collectively referred to as “Applicable Data Protection Laws”.
    2. For the purposes of Applicable Data Protection Laws, TGFF is the ultimate controller of any  personal data collected from you or otherwise for the purpose of conducting or developing our relationship with you. We are a non-profit based in England & Wales specialising in education. Our Data Protection Officer can be contacted at: legal@goodnotesapp.com

  2. 2. Background and Purpose

    1. The purpose of this Policy is to explain what personal data we process and how and why we process it when interacting with the Non-Profit’s websites and any related sub-sites. For the purposes of this Policy, personal data means any information relating to an identified or identifiable person. Please read this Policy carefully as it provides important information about how we use personal data and explains your legal rights.
      In addition, this Policy outlines our duties and responsibilities regarding the protection of such personal data. The manner in which we process data will evolve over time and we will update this Policy from time to time to reflect changing practices and law. We will notify you of any changes, either the next time you visit a website or to the contact details we hold for you.
    2. In order to meet our transparency obligations under data protection law, we will incorporate this Policy by reference into various points of data capture used by us (e.g. submission forms etc.) and may provide additional information where relevant.

  3. 3. TGFF as a Data Controller

    1. We will act as a data controller in respect of personal data provided to us by various individuals in connection with the operation and administration of TGFF. Such individuals will generally include but are not limited to the following:
      • Website visitors;
      • employees;
      • volunteers and ambassadors;
      • corporate sponsors and partners.

      We sometimes use third party providers to collect this information on our behalf such as Google and Webflow.

    2. The types of personal data we collect are described in paragraph 3.3. In order for us to provide our services to you we require certain personal data from you. This personal data is processed by us for the following purposes:
      Purpose of Processing
      Maintaining contact details of subscribers and members, and communicating with them through various means including email.
      Lawful Basis under GDPR
      Necessary for the Non-Profit’s legitimate interests as a non-profit, where photographs or details are published, the consent of the relevant individuals.
      Cookie
      Publishing and circulating newsletter, Non-Profit updates, website updates and communications with individuals who have signed up to our mailing list.
      Purpose
      The consent obtained from relevant individuals when they sign up to our mailing list form.
      Cookie
      Website services, including for troubleshooting, data analysis, and survey purposes.
      Purpose
      We have a legitimate interest in operating a website and for related purposes.
      Cookie
      Statistical information that cannot be related back to individuals to help us improve the services we offer.
      Purpose
      We have a legitimate interest in operating a website and for related purposes.
    3. What information do we collect from you?

      When you interact with our website, you may choose to provide the following personal data:

      • Name;
      • Affiliation (Employee, School or other associations);
      • Job title and role; and
      • Email.

  4. 4. Individual Data Subject Rights

    1. Applicable Data Protection Laws provide certain rights in favour of data subjects (the “Data Subject Rights”), including the right:
      • of a data subject to receive detailed information on the processing (by virtue of the transparency obligations on the controller);
      • of access to personal data;
      • to rectify or erase personal data (right to be forgotten);
      • to restrict processing;
      • of data portability;
      • to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
      • to object to automated decision making, including profiling, and where we rely on its legitimate interests to process your personal data (for example, for marketing purposes).
    2. You may make a request to us to exercise any of the Data Subject Rights by contacting the Non-Profit using the contact details above. Your request will be dealt with in accordance with data protection law.

  5. 5. Data Security and Data Breach

    1. We have technical and organisational measures in place to protect personal data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. Personal data are held securely using a range of security measures including, as appropriate, IT measures such as encryption, and restricted access through approvals and passwords.
    2. The Applicable Data Protection Laws oblige data controllers to notify the relevant data protection supervisory authority and affected data subjects in the case of certain types of personal data security breaches. Any data breaches identified in respect of personal data controlled by us will be dealt with in accordance with data protection law and our internal data breach procedure.

  6. 6. Good Future Foundation and Data Processors

    1. We will engage certain event, ticketing and surveying service providers (including Google and Webflow) to perform certain services on our behalf which may involve the collection and processing of personal data. To the extent that such processing is undertaken based on the instructions of us and gives rise to a data controller and data processor relationship, we will ensure that such relationship is governed by a contract which includes the data protection provisions prescribed by data protection law.

  7. 7. Disclosing Personal Data

    1. From time to time, we may disclose personal data to third parties, or allow third parties to access personal data which we process (for example where a law enforcement agency or regulatory authority submits a valid request for access to personal data).

  8. 8. Data Retention

    1. We will keep personal data only for as long as the retention of such personal data is deemed necessary for the purposes for which that personal data are processed (as described in Section 3.2 of this Policy). The retention period depends on a number of factors including statutory limitation periods, consents provided by users and other legal requirements.

  9. 9. Data Transfers outside the EEA

    1. In the event that we are required to transfer personal data to countries outside the European Economic Area we will ensure that such processing of your personal data is in compliance with data protection law. If the country is not recognized as adequate by the European Commission, we will either rely on the EU-US Privacy Framework or enter into Model Contractual Clauses (as published by the European Commission). If you require more information on the means of transfer of your data or would like a copy of the relevant safeguards, please contact us at the details provided below.

  10. 10. Cookies

    1. To the extent that we collect Personal Data with the help of Cookies (which are small text files that include a small quantity of information sent to the browser of users, by a web server, and stored on the hard disk drive of a computer for purposes of archiving, collecting navigation data for statistical analysis purposes, and offering services related to your interests or location), we will process it in accordance with this Privacy Policy and our Cookies Policy which can be found at Cookies Policy.

  11. 11. Further Information/Complaints Procedure

    1. For further information about this Policy and/or the processing of your personal data by or on behalf of the Good Future Foundation please contact the Non-Profit at the contact details listed in Annex II.
    2. While you may make a complaint in respect of our compliance with data protection law to the relevant data protection supervisory authority in your jurisdiction, we request that you contact the Non-Profit (at the contact details listed below) in the first instance to give us the opportunity to address any concerns that you may have. A list of data protection supervisory authorities is available here.
© 2024 Good Future Foundation. All Rights Reserved.