RC collects and saves personal data on the legal grounds of “Legitimate interest” (in Swedish).
What personal details do we collect?
We collect personal details you submit when registering for newsletters, make donations, become a volunteer or sign up for courses, seminars and other events arranged by RC. The amount of data varies depending on what you sign up for.
When you become a member, we register your name, address, email address, mobile phone number and year of birth or national identification number. We may also update your name, address, national identity number and phone number retrospectively. We also save a part of your interaction with RC. This means that we save information about course participation, volunteering, donations or similar activities.
When you become a volunteer at RC, your personal details will be shown to other volunteers. This is clearly written in our volunteering policy.
Why do we save your personal details?
RC saves personal details so that we can stay in contact with and provide helpful service to our members, donors, clients and volunteers. Your personal details also help us to develop our work for a more circular world. We keep statistics of the digital interactions of our clients, members and other stakeholders with RC, in order to be able to develop our activities and the services which we provide.
RC is dependant on grants, gifts and membership fees to fund our organisation. RC may therefore contact you via telephone/ text or email for the purposes of service or fundraising. If you do not want to be contacted, you are welcome to contact us (see contact details below).
How long do we keep your contact details?
RC keeps your data for as long as you are a member, donor or else have some other type of interaction with the organisation, as well as for an additional three years following this contact. RC never collects the following sensitive personal details: religious/philosophical beliefs, political opinions, trade union memberships, sexuality, nationality/ ethnicity/race, health status, biometric or genetic information. At any point, you can demand to receive all of your personal data which we have saved, or demand that we remove your personal details (see contact details below, or read more below “your rights” below).
Is your personal data forwarded?
RCS never sells your data to third- party buyers. However, we use an external service (Mailchimp) for our newsletter, to which your email may be saved. When you make a donation or become a member, your details are managed by a payment service provider. When we pass your details onward to sub- contractors (e.g. mailchimp or the payment service provider) this is regulated in the personal data processing agreement of the supplier.
For users who register as a user on our website forum, we also save the personal details which you provide in your user profile. You can see, edit or delete your personal details whenever you like (with the exception that you cannot change your username).
If you leave a comment on our website, you can choose to save your name, email and website address as cookies. This is for your ease, so that you do not have to fill out these details again the next time you comment. These cookies are valid for a year.
If you have an account and log in to this website, our website will create a temporary cookie to control that your browser accepts cookies. This cookie does not include any personally identifiable information and disappears once you close your browser.
When you log in, we create several cookies to save the information about your log-in and your preferences for the screen layout. The log-in cookies are valid for two days and the layout- cookie is valid for a year. If you select “remember me” your cookie will be kept for two weeks. If you log out from your account, the log- in cookie will be removed.
In case you edit or publish a post, an additional cookie will be saved to your browser. This cookie does not contain any personal details; it specifies a post-ID for the post you just edited. This cookie is valid for one day.
Read more about cookies here (in Swedish).
When visitors leave comments on the website, we collect the data which is shown in the comment section and the IP-address and user agent-string of the visitor, to aid the detection of junk messages and spam.
An anonymised string which is created based on your email address (also known as hash- value) may be sent to the service Gravatar to determine whether you are registered there. The integration policy for Gravatar can be found here. When your comment is approved, your profile picture will be publicly shown together with your comment.
If you upload pictures to the website, you should avoid uploading files with EXIF-data which includes data from your GPS location. Website visitors can download and extract all positioning data from pictures on the website.
Embedded content from other websites
We may publish photos on our websites from events which we arrange or participate in. They may in certain cases be of the character that they constitute personal data and therefore, we make a judgement as to if the photo could be of privacy- sensitive nature before publishing it.
How we protect your data
We use Google’s cloud service Drive and they guarantee, as a personal data processor, security and protection in accordance with GDPR. You can read more at GDPR.
Our procedures for data leaks
We use encrypted data leaks to log into the cloud. We also have a webmaster who continuously controls for any possible intrusion and creates security reports. Additionally, we make sure that only the people who have a need to view our registers are able to do so. Should any data be leaked, we will inform those who are concerned as soon as possible, at the latest 72 hours after the detection. We continuously work with digital security.
You have the right to access the personal details which we have saved, have wrong details corrected and have your personal data deleted. You have the right to know how long we save your data.
To have your personal data deleted from our register, you need to contact us (see our contact details below). This does not include any details we may need to save for administrative, legal or security reasons.
You also have the right to turn directly to the Swedish Authority for Privacy Protection, which is the relevant regulatory authority for the processing of personal data, when filing a complaint.
If you have any questions regarding how we handle your personal data, or if you would like us to change or delete your details, please contact us at firstname.lastname@example.org.