1. The purpose of this policy
  2. Why do we process your data?
  3. What personal data do we collect and process?
  4. How do we use your data?
  5. Your rights in relation to your data
  6. Security
  7. Web browsing and cookies
  8. Links to other websites
  9. Data Protection Principles

 

1. The purpose of this policy

Labour Friends of Israel (‘LFI’) is committed to protecting the private personal data of staff, volunteers and everyone with whom we engage and to complying with the six data protection principles set out in section 9, below.

LFI is a company registered in England & Wales with company number 09562237. LFI is the ‘data controller’ for the purposes of this policy, except where otherwise stated. References to the processing of information includes the collection, use, storage and protection of data.

This policy applies to all staff, volunteers and anyone working for us and on our behalf and, to the extent set out below, anyone else processing data on our behalf from time to time as a ‘data processor’. It sets out how we process personal data (that is, information by which an individual can be identified) collected by us in the course of our lawful activities, in accordance with the Data Protection Act 2018, the General Data Protection Regulation and any subsequent or relevant legislation, regulations or guidance in force from time to time (‘Data Protections laws’). This policy has been put in place to protect your rights under the Data Protection laws, and it is important that you understand what we will do with your data and are happy with this. If you want to discuss any matter relating to how your data is used, please contact:

The Data Protection Officer – mail@lfi.org.uk

We may be required in certain instances to ask that your request for information be submitted in writing and that you verify your identity.

2. Why do we process your data?

Organisations are permitted to process data if they have a legal basis for doing so. LFI processes data on the basis that:

  • Express and informed consent has been given by the person whose data is being processed; and/or
  • LFI has a legitimate interest in processing the data; and/or
  • It is necessary in relation to or in anticipation of a contract, agreement or ongoing arrangement for the provision of services which someone has entered into with LFI or because someone has asked for something to be done so they can enter into a contract, agreement or arrangement with us; and/or
  • LFI has a legal obligation to process data.

If and to the extent that LFI is relying on solely consent as the basis for processing data, we are required to obtain your explicit consent and you can modify or withdraw this consent at any time by notifying us in writing, although this may affect the extent to which we are able to provide services to or interact with you in future.

We may change this policy from time to time and any such changes will be published on our website. Notwithstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.

This policy was reviewed in June 2024.

3. What personal data do we collect and process?

We process the data necessary for LFI to fulfil its objects, including working with UK Labour Party parliamentarians, members, supporters and others to promote a negotiated two-state solution for two peoples, strengthen relations between Britain and Israel and to promote a vision of coexistence founded on peace and liberal democracy, arranging events and keeping LFI supporters and others informed of our campaigns and other matters that we consider may be of interest to them. Data collected and processed may include, but not be limited to:

  • Names and contact information such as telephone numbers, email and postal addresses of staff, volunteers, supporters or others with whom we have contact;
  • Information necessary for the employment of staff, the engagement of volunteers and the maintenance of services to supporters, including that necessary to pay salaries or receive donations;
  • Such other information that is relevant and necessary for us to carry out our activities, purposes and legal obligations.

Such data may be collected, for example, when you provide it through our website, become a supporter when making a donation, submitting an enquiry, participating in our activities, events and campaigns, subscribing for a service, when you request assistance, when you tell us about yourself if you apply to work for or with us or when you otherwise provide us with personal data in some other way.

4. How do we use your data?

We process your personal data as described above, and in particular for the following purposes:

  • For internal record keeping, invoicing, communication and administration;
  • To carry out the services provided to supporters ;
  • To engage, direct and oversee the work of staff and volunteers engaged in our activities;
  • To work with external partners and their staff with whom we liaise in furtherance of the above;
  • To comply with any legal obligations and to protect parties’ interests in cases of dispute;
  • To facilitate and let you know about our activities, events and campaigns or related matters which we think may be of interest to you.

Data processed will be retained only for as long as the purpose for which it was collected or retained continues, and for as long as is reasonable and permissible in law. Accordingly, the periods for which we retain different categories of data will vary depending on the purposes for which it was collected or retained and relevant statutory or other requirements.

In addition to those circumstances mentioned above, we will only share data with trusted third parties (including those outside the European Economic Area) to the extent and where necessary for us to provide services to supporters and others and to support and promote our activities (including online platforms for secure data management and storage and for email communications, such as MailChimp), to process payments (including through online payments platforms such as PayPal) and only once we are satisfied that any such use of data will accord with our privacy policy. We will never sell your personal information and will not share it without your explicit consent, except as stated above.

5. Your rights in relation to your data

You, as the data subject, may request deletion of your data at any time in writing, subject to any overriding legal requirement for its retention, such as the need, where appropriate, to comply with legal or safeguarding obligations or the requirements of regulatory authorities such as HMRC, or to prevent the commission of or to assist in the investigation of an actual or suspected criminal offence. We may keep certain data on a ‘suppression list’ so we know, if requested, not to contact you or process your data in future until further notice.

You may request details of personal information which we hold about you. Any such request must be submitted in writing and we reserve the right to seek verification of the identity of persons making such requests before we respond. A small fee may be payable if an information request is particularly onerous.

You may choose to restrict the collection or use of your personal information, but this may impact or limit the way in which we are able to interact with you. You may, at any time, change your mind about what information we hold about you, or if we continue to hold it at all, subject to any legal basis or obligation we have to retain data, and as stated above.

You are responsible for the accuracy of data you have provided to LFI. If you believe that any information we are holding on you is incorrect or incomplete, please write to us as soon as possible. We will promptly correct any information found to be incorrect.

Where your data has been supplied to us by another party, meaning that LFI is processing it on behalf of that other party and is acting as a data processor, please note that in order to exercise your rights over your data you should submit any request relating to it to the party that supplied the data to us.

In the unlikely event that there is any kind of a breach of our duties and obligations under this policy or the Data Protections laws, we will take immediate steps to isolate and rectify the problem.  Should the breach be serious one (where there is a risk of, for example, discrimination, damage to reputation, financial loss or loss of confidential information) we have a duty to report that matter to the individuals affected and to the Office of the Information Commissioner.

You can obtain further information about Data Protection and privacy laws and your rights by visiting the Information Commissioner’s website at: https://ico.org.uk/your-data-matters/.

6. Security

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the data we process. Persons processing data on behalf of LFI do so in accordance with this policy and on the basis that we is satisfied that they can and will adhere to our high standards for data protection and security.

The transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. Please note that, unless encrypted, email messages sent via the internet may not be secure and could be intercepted and read by someone else. Please bear this in mind when deciding whether to include personal or sensitive information in any email messages you send to us.

7. Web browsing and Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline those cookies that are not essential if you prefer. This may prevent you from taking full advantage of the website.

Cookies help analyse web traffic or note when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We may use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. We may also collect and store information about your browsing device, including, where available, your IP address, operating system and browser type, together with certain anonymous statistical data about your browsing activities and patterns which does not contain any personal data.

Overall, cookies help to provide you with a better website, by enabling monitoring of which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

8. Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.

9. Data Protection Principles

Anyone processing personal data must comply with the six data protection principles set out in the GDPR, which state that personal data should be:

  • processed fairly, lawfully and transparently;
  • collected for specified, explicit and legitimate purposes and not further processed in a way which is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary for the purpose for which it is held;
  • accurate and, where necessary, kept up to date;
  • not kept longer than necessary;
  • processed in a manner that ensures appropriate security of the personal data.