Privacy Policy

Policy prepared by: Peter Collecott
Approved: June 2020
Policy became operational: June 2020
Reviewed August 2024
Next review date: August 2025

BRaVE is an informal group, with no legal identity, formed in the UK to highlight human rights abuses in Venezuela to decision makers.

When BRaVE holds an individual’s personal information it does so in accordance with all applicable UK General Data Protection Regulation (UKGDPR) legislation including the Data Protection Act 1998 (“DPA”) as they are now and as they may be amended and superseded from time-to-time (together the “Legislation”).

This Privacy Policy explains

Information we may collect about you
How we collect that information
Our legal basis for holding that information
How we may use that information
Disclosure of your personal information to third parties
Security of your personal information
Data retention
Your legal rights
Uses of our website
Notification of changes to our privacy policy
Contact details and further information

BRaVE is a data controller under the Legislation. Peter Collecott is the person in the group responsible for data protection.

1. Information we may collect about you

Personal information (“Personal Data”) means any information about an individual from which that

person can be identified. Within our database we hold only such Personal Data as would normally

appear on a business card or in a published directory, for example name, organisation, position, email address, postal address, and telephone numbers.

2. How we collect that Personal Data

Our database is composed of Personal Data gathered by our members and associates from personal and business contacts, appearances at conferences and speaking engagements, as well as correspondence via our website or e-mail address. From time to time we may receive and add into our database Personal Data which is either publicly available, including from published directories or obtained from third parties. In all cases the nature of that Personal Data will be limited to that described in 1 above.

3. Our legal basis for holding that Personal Data

We hold Personal Data on either of two legal bases as set out in the UK GDPR: Consent where an

individual has given clear consent for us to hold his or her personal information; or where we have a

Legitimate Interest to hold that information, which interest has been identified and can include group

interests, individual interests or broader societal interests. We consider that we have a Legitimate Interest to hold personal data on all individuals who are included in our database either because of the nature of the group’s activities or because of a common interest in international affairs. However, when we add to our database, either with publicly available data or from third parties, we may also request explicit Consent.

4. How we may use that Personal Data

We use that Personal Data for the notification of events or activities with which BRaVE is involved, and to bring information to the attention of decision makers or others who we know are interested.

5. Disclosure of Personal Data to third parties

We will not sell, transfer or share Personal Data nor disclose Personal Data to third parties except as we are obliged to do by law.

6. Security of Personal Data

We have in place safeguards in our procedures and technology to keep Personal Data secure to a standard for an organisation of our type and size.

7. Personal Data retention

We will only retain Personal Data for as long as necessary to fulfil the purposes for which we have

collected and retained it.

8. Your legal rights

If at any time you do not wish to receive any further communications from us, you may inform us by

email at admin@bravegroup.info.

Individuals also have the rights under the Legislation, as described in full therein, to:

Request access to their personal information
Request correction of their personal information
Request erasure of their personal information
Object to processing of their personal information
Request restriction of processing of their personal information
Request transfer of their personal information
Withdraw consent to our holding their data.

9. Notification of changes to our Privacy Policy

With the development of the Legislation over time we may need to change our Privacy Policy. We may, but do not oblige ourselves to, notify individuals on our data base of such changes. However, all updated versions of our Privacy Policy will be available upon adoption on our website www.bravegroup.info .

10. Contact details and further information

This Privacy Policy is available on request from admin@bravegroup.info. All questions and requests

concerning this Privacy Policy and Personal Data held by us should be directed to that email address, which will respond within 14 days from receipt of your question or request at no charge.

DATA protection

Policy prepared by: Peter Collecott
Approved by Directors: June 2020
Policy became operational: June 2020
Reviewed: August 2024
Next review date: August 2025

INTRODUCTION

BRaVE needs to gather certain information about individuals, companies and other entities, including governments and parastatals, for the purpose of conducting its activities. These can include actual and potential suppliers, civil servants and politicians, charities and other organisations with which we may cooperate, and individuals who have attended events organised by BRaVE, or expressed an interest in what we do. (“Business Contacts”)

The information that BRaVE needs to gather is only such personal information as would normally appear on a business card or in a published directory, for example name, organisation, position, email address, postal address, and telephone numbers. (“Personal Data”)

This policy describes how Personal Data will be collected, handled, and stored to meet BRaVE’s data protection standards and to comply with applicable law.

WHY THIS POLICY EXISTS

This Data Protection Policy is to ensure that BRaVE complies with data protection laws and good practice, protects the rights of Business Contacts, is open about how it stores and processes Personal Data and about how it protects itself from the risks of data breach.

APPLICABLE LEGISLATION

DATA PROTECTION ACT

The Data Protection Act 1998 (“DPA”) describes how organisations must collect, handle and store Personal Data. These rules apply regardless of whether Personal Data is stored electronically, on paper or on other materials. To comply with the law, Personal Data must be collected and used fairly, stored safely and not disclosed unlawfully.

The DPA is underpinned by eight important principles. As we understand them, they provide that Personal Data must:

1. Be processed fairly and lawfully

2. Be obtained only for specific, lawful purposes

3. Be adequate, relevant and not excessive

4. Be accurate and kept up to date

5. Not be held for any longer than necessary

6. Processed in accordance with the rights of data subjects

7. Be protected in appropriate ways, and

8. Not be transferred outside the European Economic Area (EEA), unless that country or

territory also ensures an adequate level of legal compliance.

GENERAL DATA PROTECTION REGULATION

The legal base for the UK General Data Protection Regulations (“UK GDPR”) is the Data Protection Act of 2018 (DPA 2018) as amended by the Data Protection, Privacy and Electronic Communications (Amendments Etc)(Eu Exit) Regulations 2020.

The purposes of UK GDPR, as we understand them, are to ensure that organisations which hold certain types of information about persons:

1. Have a legal basis for doing so

2. Follow good practice in holding that information

3. The persons are aware that such information is being held and for what use and on what conditions

4. The persons can have access to that information and certain rights with respect to its holding; and

5. The persons can require that it no longer be so held.

The DPA 2018 and UK GDPR, as they are now and as they may be amended or superseded from time to time, are jointly referred to herein as the “Legislation”.

PEOPLE, RISKS AND RESPONSIBILIITES

This policy applies to BRaVE, its members and partners, associates, and volunteers working on its behalf.

It applies to all Personal Data which BRaVE holds relating to identifiable individuals, even if that information technically falls outside of the scope of the Legislation.

This policy helps to protect BRaVE from data security risks including breaches of confidentiality, failing to offer individuals the choice how BRaVE uses data relating to them, and reputational damage from unauthorised persons gaining access to personal data.

BRaVE is a Data Controller under the Legislation and BRaVE’s members are ultimately responsible for the ensuring that BRaVE meets its legal obligations. Day-to-day, Peter Collecott is the BRaVE member responsible for data protection.

Peter Collecott is the member responsible for: keeping the other members updated about data protection responsibilities, risks and issues; reviewing on a timely basis all data protection procedures and related policies and updating our procedures and policies as required; ensuring compliance with the Legislation; arranging data protection training when appropriate; handling data protection questions from associates and suppliers as well as inquiries from individuals with respect to their personal data being held by BRaVE; and for checking for data protection compliance all agreements with third parties who may handle BRaVE’s Personal Data or whose Personal Data BRaVE may handle.

GENERAL GUIDELINES

All Personal Data should be kept secure and sensible precautions taken in a manner consistent with security standards for organisations of BRaVE’s type and size including: strong passwords should be used and never shared; Personal Data should not be disclosed to unauthorised persons; and Personal Data should be regularly reviewed and updated for accuracy.

When Personal Data is stored on paper (as a result of the printing of data electronically held or otherwise), it should be kept in a secure place where unauthorised persons cannot see it.

When Personal Data is stored electronically, it must be protected from unauthorised access, accidental deletion, and malicious hacking attempts, including by: using strong passwords that are changed regularly and never shared; keeping secure any removable storage; using only approved cloud computing services; and backing up data frequently. All servers and computers should be protected by approved security software.

DATA USE

Personal Data should not be disclosed to any unauthorised person and ideally should be encrypted before being transferred electronically. It should not be transferred outside the EEA unless that country or territory also ensures an adequate level of legal compliance.

SUBJECT ACCESS REQUESTS

All individuals who are the subject of Personal Data held by BRaVE have the right to:

Request access to their Personal Data
Request correction of their Personal Data
Request erasure of their Personal Data
Object to the processing of their Personal Data
Request restriction of processing of their Personal Data
Request transfer of their Personal Data
Withdraw their consent to BRaVE holding their Personal Data

Such requests from individuals should be made by email to Peter Collecott at admin@bravegroup.info , who will take such steps as he deems necessary to verify the identity of the person making the request and then satisfy their request. Unless advised otherwise, there will not be a charge for providing this service and it should be provided within 14 days.

When a request for information is from any source for which applicable legislation allows disclosure of personal data without the consent of the relevant person, BRaVE will ensure that the request is legitimate.

PRIVACY POLICY

BRaVE aims to ensure that individuals are aware that their Personal Data is being held, the legal basis therefor, and that they understand how their Personal Data is being used and how to exercise their rights with respect thereto. To these ends BRaVE has a Privacy Policy which is to available on the website, www.bravegroup.info, or on request to admin@bravegroup.info .

Privacy Policy

DATA protection

This website uses cookies.