Last updated 26 October 2021
The Global Assembly is made up of a group of organisations that collectively share the values of the Global Assembly (GA). It is a new piece of international decision-making infrastructure. The core delivery team and founding organizations follow the core values of Trust in People and Integrity, in order to guide our work and maintain organisational independence. The goal of the GA is to create a space as free as possible from bias and interference for civic deliberation and therefore allow a rich diversity of people to share their voices, experiences, hopes, and fears.
Each of the participating organisations may be a controller of personal data as defined by UK Data Protection Law. This privacy notice refers to these organisations collectively as “Us’ or ‘We’. A list of the organisations is provided separately. Three key founding organizations are the direct collectors of information, Sortition Foundation, Good Help and Innovation for Policy Foundation (i4Policy). Other organisations will be added to this list in due course. In order to ensure your rights are upheld, the organisations that form the assembly have entered into a formal data sharing agreement. This is to ensure that your personal data is only used for the purposes we have informed you about which concern the Global Assembly and your potential involvement or interests in it.
The Global Assembly has established an information protection policy to protect the individual’s rights and interests whom we interact with as part of our organisation. All employees and partners shall carry out this policy in good faith.
The term “personal information” as used in this policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier, images, voices, or one or more factors specific to you.
For the purposes of processing personal data, the organisations are Data Controllers in accordance with UK Data Protection Law. The Global Assembly is not a registered organisation and not a controller of personal data.
Our data privacy principles
We will establish a security management system to prevent a leak, loss, deletion, or damage of personal information. Moreover, we will take appropriate corrective and preventive measures for accidents relating to personal information.
We will promptly respond to requests for disclosure of, inquiries about and complaints regarding personal information, by the establishment of an inquiry desk.
We will review and appropriately improve the information security management system.
As a user, you should review this policy carefully to understand our policies and procedures regarding the collection, processing, sharing, analysing, and using of your information.
When you use our website (Site), we may process your personal data in accordance with the Global Assembly policy which may include, sharing, analysis and the disclosure of your information where this is lawful. You also acknowledge and agree that we are not responsible for how third parties, providers, and service providers collect and use your information. The Global Assembly data protection policy is a policy each of the organisations that make up the Global Assembly abide by. Some data may be processed by each organisation in accordance with its own policy. Where this is the case, each organisation will notify you of such activity.
How do we apply this policy?
The terms of this policy apply to all information that you provide to us, or that we collect automatically when you visit, access, or use the Global Assembly website, interact with its content, register for services linked to, or accessed on, the website or through it, which are provided or managed by third parties.
Who collects the information?
What information is collected and how is it collected
How we use and discloses the information collected
How long the information collected is saved
Your rights to review and correct any information you voluntarily submit to us
How we protect your information
How do we comply with laws protecting children's privacy
Where to get answers to any questions you have regarding this policy
Who collects Information
Some applications in the website may be using beacons, pixels, and dynamic tags, which may allow third parties to collect information about you and your activities on the website, and to provide you or enable others to provide you with features within the website, additional customization, or pass on content suitable for you.
Links to External Sites: some applications may include links to external sites that are not operated or controlled by us. Please note that we do not control and are not responsible for the privacy or security practices of these other websites. We encourage you to research and review the privacy policies of each website you visit, and to be aware of what information you may provide to any third party.
Types of Information that we collect
Information you provide directly. You may provide your information to us when you use our website, including when you register for our email newsletter or fill other forms on the website, or ask us about, or register to use our products or services; subscribe to our publications; request marketing to be sent to you, or give us feedback. Such information you provide to us includes but is not limited to identifiable information ("PII") including your name, email address, telephone number, mailing address, and other information that may assist in identifying you.
You may also provide Non-Personal Information (NPI), such as terms used in searches within the website, and other information about your activities within the website such as your interactions and engagement with our products and services. Any information you provide through the website may be processed, transmitted, or stored by us and/or its third-party providers.
You may provide your information to us when you use our Site, including when you register for our email newsletter and SMS alert services.
Information we collect automatically. If you browse, access or use our services, we may receive and store certain information about you and your device automatically using automatic data collection technologies, including but not limited to our or third-party cookies, log files, web beacons, pixels, dynamic tag management and other technical means. This information may include but is not limited to:
Your device's location
Your device ID and contact information
The type of device and operating system you use to access our apps
Your IP address
Information associated with your Internet service provider or mobile phone service provider or your account with your Internet or mobile service provider
Like many websites, we use ‘Cookies’ to make our Site more convenient to our customers.
Cookies are small pieces of data that are transferred between a Web server and your Web browser and stored on your computer or mobile device as a file.
You may disable the function of Cookies by choosing the browser’s configuration. Please note that this may result in you not being able to use all or part of the services on our Site. We may allow selected third parties to place cookies through the Site to provide us with better insights into the use of the Site or user demographics or to provide relevant advertising to you. These third parties may collect information about a consumer’s online activities over time and across different websites when he or she uses our website.
The lawful basis for processing personal data
As Data Controllers, we are required to ensure we process your personal data lawfully. This requires us to choose the appropriate lawful grounds for such processing. We will ask you for your consent to process your data. For consent to be valid, you must be informed about the purpose for the processing, and it must be freely given. In other words, you must have a choice. It is also important for you to know that you can withdraw your consent at any time. Ways to do this will be prominently signposted.
We may also process your data in our legitimate Interest. Such processing will normally be with your reasonable expectations. Where it is deemed necessary, we will undertake a legitimate Interest balancing test which ensures our interests do not compromise your fundamental rights. Where we use such a lawful condition, you may object to the processing of your personal data.
We may also process your personal data where we have a legal obligation.
This Policy includes everything you need to know about our intended processing activities. But if you have any queries you should get in touch at firstname.lastname@example.org.
How we use your personal information
We may process and use the information we collect or receive about you to:
Provide the Site, its content, and features to you
Send email newsletter and updates to you
Process donations from you
Get in contact with you in response to your offer of volunteering or work
Help us customize the content and features you see when you use our services
Improve the content and functionality of our services
Track the demographics, interests, and behaviour of our users
Track the total number of visitors to the Site and each page or feature of the website
Carry out research on users of the Site, our services and participants of the Global Assembly
We will use your personal information to confirm your identity; to respond to your questions and provide related customer services; to detect and prevent fraud or other financial crime; to monitor and protect the security of our information, systems, and network; for internal organization intelligence purposes, to conduct research, product development, and enhancement; to inform you of changes made to our Site and other services; to ensure that content from our Site is presented most effectively for you and your device; enable you to search for information on our Site, and improve our Site.
We maintain our presence on third-party social media sites such as Facebook, LinkedIn, Twitter, etc. We do not control and are also not responsible for the collection, tracking, use, or disclosure of your information (including your personal information). Personally Identifiable Information (PII) and Non-Personally Identifiable Information (NPI) collected through social networking sites and applications, including through our pages or profiles within other applications, or otherwise as a result of your participation in the social networking sites.
We encourage you to research and learn more about cookies and other technical means, including web beacons, pixels, and dynamic tags, with which information about you may be collected by applications and websites which you are visiting. We encourage you to review the privacy policies of each third-party site or service that you visit or use, including third parties with whom you interact through our services.
We may process and use your information for any other purpose that will be disclosed to you at the time we collect or receive that information, or may do so for any legal basis, or for any purpose other than with your consent. For information about how to opt out of the use of some of these technologies, see the section: Your Choices.
How we share your personal information
Your personal information will be processed according to our policy. We may share your data with third parties but only where the law permits.
We may share your information with entities associated with us, as well as with entities that provide their services to us, including companies that provide application data analysis, data processing, and IT services including platform development and maintenance and other services. We may also disclose Non-Personally Identifiable Information (NPI) or collect Non-Identifying Information to third-party service providers without specification.
Disclosure of information to suppliers and external service providers: we may engage third-party providers and service providers to provide services related to our services, and access our services, help us manage our digital presence, and allow us to better serve our users.
We may also disclose your personal information as required by law, such as to comply with a subpoena, or a similar legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, and to any other third party with your prior consent to do so, unless notification is prohibited by the applicable law.
Where personal information relating to European-based individuals is shared with a third party located in a non-EU country that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses. In due course the EU safeguards will be replaced with International Data Transfer Agreements to reflect the requirements of UK data protection law. At that time, appropriate risk assessments will be conducted, and such approved safeguards will be implemented.
We also may work with third-party service providers and partners in different countries (for example, cloud providers, web hosting, helpdesk software providers, payment processors). Therefore, your information may be transferred outside of the European Economic Area (EEA) and stored, or processed in other countries, as part of our business operations.
International data processing.
If you are located outside of the UK will be processing your data in accordance with your rights and the laws of the country in which you reside. For example, if this is the EU it will be the EU GDPR.
How long do we retain information?
We will store your personal information, in a form that permits us to identify you, for no longer than is necessary for the purpose for which the personal information is processed. We use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically and reasonably feasible to remove it. Otherwise, we will seek to delete your personal information within a reasonable timeframe upon request.
If you have registered for our email newsletter or filled any form with personal information on our site you can access, modify or delete your Personally Identifiable Information (PII) by sending an email to us at email@example.com to request that we correct or delete any personal information you have given it to us. We may not be able to honour a request for a change of information if we believe the change would violate any law, breach legal requirements, or cause the information to be incorrect. If you cancel your registration or subscription, we may keep your personal information in our records and may continue to use and disclose such data in accordance with the provisions of this Policy, unless you request its deletion.
Notifications and location services: when you use our services, you may be asked if you wish to receive notifications on your devices. If you click Allow but change your mind at any time in the future and no longer wish to receive notifications, you can opt-out by updating the privacy settings on your browser from your device
Disclosure of "Do Not Track": we do not have a mechanism in place to respond to browser “Do Not Track” signals or other similar mechanisms used to limit the collection of information that is used in online behavioural advertising.
The right to correct your personal information
You have the right to have your information held by us corrected if it is inaccurate. If any information we hold about you needs to be updated, or if you believe it is inaccurate, please email us at firstname.lastname@example.org.
The right to access your personal information
You have the right to request access to the personal data that we hold about you. To submit this request either as an individual or as an authorized third party, you may send an email to us at email@example.com. Such access requests will be handled in accordance with the Information Regulator’s guidance.
The right to object to the usage of your personal information
You have the right, in certain circumstances, to object to us processing your personal information. If you have questions about this right, please send us an email at firstname.lastname@example.org.
We may use your email address to send you newsletters or marketing emails. We will ask for your consent in line with the applicable law when you first provide your personal information. You can opt-out by following the unsubscribe instructions included in these emails, or you can contact us via email at email@example.com.
The right to restrict the usage of your personal information
If you feel that the data we hold about you should not be processed in a certain way, please send us an email at firstname.lastname@example.org. In some cases, you will have the right to ask us to limit processing.
The right to transfer your personal information
You may have the right to request the transfer of personal information directly to a third party where this is technically feasible, please send us an email at email@example.com.
The right to be forgotten
We endeavour to process and keep your data only for as long as we need it. In some cases, you have the right to request that the personal data we hold about you be erased. If you feel we are keeping your data for longer than we need to, please send us an email at firstname.lastname@example.org.
Where we process the data of a child, we may seek the consent of a parent or guardian. However, we respect the privacy of all individuals and will endeavour to process such information in accordance with their wishes.
Our Site uses ‘SSL’ to protect personal information. By using a browser that supports security functions, when you access our Site and enter personal information including your name and e-mail address, and this information is transferred to our server, the information is automatically encrypted when transmitted and received by servers. Therefore if the transmitted data is intercepted by a third party, there is no need to worry about the content being stolen.
If you use a browser that does not support SSL, you may not be able to access our Site or input information.
We apply appropriate security measures designed to protect information collected through our Site from loss, misuse, unauthorized access, disclosure, alteration, or corruption. Access to data and technologies relating to user information is protected with different passwords and authority levels and is limited to authorized members and certain suppliers who request access to information in order to provide services to us and our subscribers. In addition, we use industry-standard technologies to maintain the security of users' information while it is on our servers. However, despite these measures, our IT systems can be compromised by parties seeking unauthorized access to our data or users' data, whether by taking advantage of a technical flaw or by human error on the part of a member, supplier, or contractor. In addition, information transmitted over the Internet or mobile data networks may be intercepted by third parties. As a result, it may happen that our efforts to protect our data and users' data from any unauthorized access may not be successful, and therefore we cannot in any way guarantee you that the security measures we take will provide absolute protection that will never be breached. By using, accessing, or registering with the Site, you agree that we shall not be responsible or liable for any loss or damage of any kind arising from or related to any breach of our security, circumvention of any privacy settings or security measures, or any interception of data transmissions. Therefore, any transmission of data by you is at your own risk.
We reserve the right to update or amend our services or this policy at any time and from time to time. If we make any material changes we will notify you by means of a notice on our Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
The latest version of this policy is available at https://globalassembly.org/privacy-policy. You should review this policy periodically to ensure that you are aware of any changes to it.
The right to complain
If you are unhappy about the way we are processing your personal data please get in touch. If you would like to complain you may do so to the regulator responsible according to the jurisdiction in which you reside. Some countries have not yet established a regulator. In such circumstances we are here to assist you to make an appropriate complaint to the most relevant authority. To find out more please contact us at email@example.com. Here are contact details for some of the countries in which there is a regulator which include but are not limited to;
The United Kingdom https://ico.org.uk/make-a-complaint/
If you have any questions or concerns regarding this policy or our privacy practices, please contact us at firstname.lastname@example.org.
Last Update: 26/10/2021