Terms & Conditions

Association of Sustainability Practitioners

Terms and Conditions

This website is provided by the Association of Sustainability Practitioners (ASP).   By using this website you agree to be legally bound by these terms of use. If you do not wish to be bound by these terms of use you may not use this website.

Privacy Policy and Data Protection

ASP is committed to protecting your personal data and using it in accordance with your wishes and the GDPR EU Directive, 25th May 2018.

All personal information collected, whether on paper, electronically or by other means, is handled, stored and shared in accordance with the new Data Protection Act.  At the time of writing, ASP does not collect any such information โ€“ if in future ASP opts to do so, our processes for the handling, storage and sharing of data will be posted below.

Data provided by you

You agree that all data you send or upload to this website (including, but not limited to, survey responses, comments, suggestions and emails) is legal, not offensive, decent and truthful, complies with all laws and regulations, does not infringe the intellectual property rights or other rights of us or any third party, is not defamatory, unreliable or misleading  or otherwise objectionable and is free from bugs, worms or viruses.

You are solely responsible for your data. If we consider that any part of your data exposes us to the risk of a claim or complaint by a third party, we may block access to all or part of this website and remove all or part of your data.  You must provide all reasonable assistance in this respect.

By responding to any surveys on this website you grant us a nonexclusive, royalty free, transferable, perpetual licence to use the data in the survey for research or other purposes.

Service availability

We endeavour to make this website available at all times, but we cannot be liable if, for any reason, the website is unavailable for any period of time.

Copyright

This website contains data and information, which are protected by trademark and/or copyright laws. No part of this website may be published, distributed, extracted, re-utilised, or reproduced in any material form (including photocopying or storing it in any medium by electronic means and whether or not transiently or incidentally to some other use of this publication) except in accordance with separately agreed permissions or as permitted by the Copyright Designs and Patents Act 1988 or the Copyright and Rights in Databases Regulations 1997, as applicable. We reserve the right at any time at our discretion to withdraw or modify the licences we grant for use of our content.

Links to other websites

Our website may offer links to other websites thereby enabling you to leave our website and go directly to linked websites. We are not responsible for the content of any linked website or any link in a linked website. We are not responsible for any transmission received from any linked website. Such links are provided to assist users of this website and the inclusion of a link does not imply that we endorse or have approved the linked website.

Please note that the terms of use and privacy policy of linked websites may differ from the terms of use and privacy policy of our website.  We encourage users to be aware of this when they leave or website, and to read the terms and use and the privacy policy of uch third party websites.

Liability

We do not accept any liability for the accuracy, completeness or suitability for a particular purpose of any content published or made available on or by means of our website, unless liability cannot be restricted by any applicable law.  We will not be liable for any damages arising in contract, tort or otherwise from the use of or inability to use this website or another website linked to or from our website or any material contained therein, or from any action or decision taken as a result of using this website.  We shall not be liable for any damage which may result from the download, installation, storage or use of software or consent from our website.

Governing law and jurisdiction

Your use of this website shall be governed by and construed in accordance with the laws of England and Wales. Any dispute arising out of use of this website shall be referred to the English courts.

Privacy Policy

This privacy notice tells you what to expect when ASP collects personal information. It applies to information we collect about:

  • Visitors to our website
  • Supporters and donors
  • Individuals who make enquiries or raise complaints
  • Individuals we work with and to whom we provide products and service
  • Any other means by which ASP gathers personal information

ASP is committed to protecting your personal data and using it in accordance with your wishes and the GDPR EU Directive, law on 25th May 2018.

Visitors to our website

When you visit www.sustainabilitypractitioners.org we may use third party services Google Analytics or HotJar to collect standard internet log information and details of visitor behaviour patterns.  We may do this to track interest on specific pages, see how the site is being used and look at how we can make improvements to the site. The information would be processed in a way that does not identify anyone. We would not make, and would not allow Google Analytics or Hotjar to make, any attempts to find out the identities of those visiting the ASP website. Should we ever have good reason to link our cookies and tracking information, we will be upfront about it, explaining why and what we intend to do with it.

Use of cookies by ASP

Our website does not currently use cookies.  Third party services set cookies of their own. If we start to use cookies, a cookie policy will be included below.

Our newsletter

We invite you to sign up and to unsubscribe to our newsletter via third party provider, Constant Contact. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see the Constant Contact privacy notice.

We send our newsletter so that you can find out more about our work, our products and services, our campaigns. and how you can support us. We will never sell or share your details to any third party for their marketing purposes. You can Unsubscribe at any time by clicking on the unsubscribe link on our newsletter or by writing to asp.coordination@gmail.com. If you ask to be removed, we will do so within 1 day of the message being read (nb. this inbox is not monitored daily).

WordPress

The ASP website is built with WordPress. The site uses standard WordPress services to collect anonymous information about usersโ€™ activity on the site, for example the number of users viewing pages on the site and how long they spend on a given page. We do this to monitor and report on the effectiveness of the site and help us improve it.

Donations to ASP can be made directly via webform. This form does not retain personal contact details, nor can we see them.

Contact us form

The Contact Us form on our website, does not store email addresses, instead it forwards enquiries to our general ASP email inbox. We will respond as soon as we are able and will not store any personal information without consent.

When and how we will get in touch

When you give us your personal details โ€“ for example when you sign up to receive email updates, register for an event, take part in a campaign, or make a donation โ€“ you may receive follow up information from us directly relevant to this activity, including how your support is helping.  Newsletter sign-ups are asked to confirm their continued consent annually. People attending events and following campaigns which may have a bounded time period, are given the option to continue contact by signing up for our newsletter โ€“ if you tell us you want to stay in touch to find out about our ongoing activities then we will treat this consent as lasting for twelve months.

We always act on your instructions, and aim to put you in control of your relationship with us. Our aim is to communicate with you in a way that makes you want to stay involved with us for as long as possible, as you see the value and impact of your support.

In the event of a security breach, we will notify all those who may be affected at the earliest possible opportunity. Allowing for immediate remedial action, we will be in touch with precautionary advice as soon as possible.

What details we ask for and why

There are minimum levels of information we need to obtain for different purposes โ€“ if you are signing up for an event or a campaign or to receive our newsletter then we will ask you for an email address and for the two former activities also a contact phone number and postcode.

We ask for your house number and postcode so that we hold a valid postal address for you. We need this information for the following reasons:

  • To set up Direct Debits and one-off card payments
  • To claim Gift Aid
  • To deliver items to you (items you have purchased or event materials for example)
  • If you have agreed to receive post from us, we will use your postcode and address to send you relevant information.

How to stop or change how we can communicate with you

If at any time you wish to stop or change how we communicate with you, or update the information we hold, please do get in touch, using one of the following options

  • Write to us at : 10 Earlham Drive, Poole, Dorset, BH14 0HH
  • Email: asp.coordination@gmail.com
  • Call: 0779 563 2607 (Mon-Fri 1200-1700)

We undertake to act on your instructions within three working days.

 ยญ

GDPR Policy

Introduction

This policy sets out how ASP collects, uses, stores, and protects personal data in line with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the European Union GDPR when applicable.

As a member-based organisation, we are committed to safeguarding the privacy and rights of our members, volunteers, and supporters.

Scope

This policy applies to all personal data processed by the organisation, whether in electronic or paper format, and to all staff, volunteers, contractors, and third parties who have access to personal data.

Definitions

  • Personal Data: Information relating to an identified or identifiable person.
  • Special Category Data: Sensitive data such as health, ethnicity, political opinions.
  • Data Subject: An individual whose data is processed.
  • Data Controller: The organisation determining how and why personal data is processed.
  • Data Processor: A third party that processes data on behalf of the controller.
  • Processing: Any operation performed on personal data.
  • Consent: Freely given, specific, informed, and unambiguous indication of the data subject’s wishes.

Legal Basis for Processing

We collect and process data on the following legal bases:

  • Consent (e.g., newsletter subscriptions)
  • Contract (e.g., membership administration)
  • Legal obligation (e.g., financial records retention)
  • Legitimate interests (e.g., event promotion, member engagement)

Types of Data Collected

We may collect:

  • Contact information: Name, email address, phone number, postal address
  • Membership information: Join date, renewal date, membership type
  • Event participation data
  • Newsletter subscription preferences
  • Donation history and payment data
  • Website analytics (cookies, IP address)

Data Collection and Use

  • WordPress Website: Members may submit contact details via forms; member information is stored securely in the site’s backend with restricted access.
  • Eventbrite: Used to manage event registrations; only necessary attendee information is collected. Where users have opted in, name and email address may be shared with organisations we co-host events with, solely for post-event follow-up.
  • Mailchimp: Used to send newsletters and updates; subscribers opt-in via clear consent forms.
  • Give App (hosted on WordPress): Facilitates donations; records donor contact and transaction data.
  • Gagglemail: Used to manage email lists and group communications with certain members who have opted in to this form of contact.
  • Internal Membership Tracking: We maintain a secure spreadsheet/database to track member status, renewal dates, and history

Data is used to:

  • Administer memberships
  • Communicate organisational updates and events
  • Process donations and thank donors
  • Track engagement and participation
  • Comply with legal and financial requirements

Data Subject Rights

Data subjects have the right to:

  • Access their data
  • Request correction of inaccurate data
  • Request deletion (where applicable)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time

Requests can be made via email to [gwynbryanjones@gmail.com].

Consent Management

  • Consent is collected via checkboxes/forms on our website and third-party tools.
  • Records of consent are stored securely.
  • Withdrawal of consent is processed promptly and without detriment.

Data Storage & Retention

  • Personal data is stored securely on encrypted cloud systems and the WordPress CMS.
  • Event and mailing data are retained in Eventbrite, Mailchimp and Gagglemail respectively.
  • Financial/donation records are kept for 6 years in compliance with HMRC requirements.
  • Membership data is reviewed annually and removed 2 years after inactivity unless there is a legal reason to retain it.

Data Security

  • Access to personal data is role-based and password protected.
  • WordPress site is maintained with security plugins and regular updates.
  • Mailchimp, Eventbrite, Give App, and Gagglemail accounts are protected with 2FA and secure logins.
  • Regular staff and volunteer training on data protection is conducted.

Third Parties & Data Sharing

We work with the following data processors:

  • Eventbrite (Event registration)
  • WordPress (Website and member data management)
  • Mailchimp (Email communications)
  • Give App (Donation processing)
  • Gagglemail (Group email communications)

All third parties comply with GDPR and have appropriate Data Processing Agreements in place. Data is not transferred outside the UK/EU without appropriate safeguards.

Where users have explicitly opted in via Eventbrite, we may share their name and email address with co-hosting partner organisations solely for the purpose of post-event communication.

Data Breach Protocol

  • All suspected data breaches must be reported immediately to the designated Data Lead.
  • Serious breaches will be reported to the ICO within 72 hours.
  • Affected individuals will be informed if the breach presents a high risk to their rights.

Roles & Responsibilities

  • Michelle Furtado is responsible for data protection compliance.
  • All directors, staff and volunteers are required to understand and follow this policy.

Policy Review & Updates

This policy will be reviewed annually or in response to regulatory or operational changes.