Introduction
As a customer facing charity, enei holds and processes information, including personal information that enei collects from you, when you interact with the various enei departments and services: to receive membership services; to receive training and consultancy services; to access our e-learning and digital tools; to attend face-to-face and digital events; to apply for a job at enei; to process a financial transaction; to supply us with goods and services; or to be sent information by email or post about the services we provide or the events we hold.
Your privacy is important to us as an organisation, so this notice is one of the ways in which we can demonstrate our commitment to ensuring your data is always protected and remains confidential, by being transparent and open.
If you would like further information about Data Protection, the law and good practice, please see the Information Commissioner’s website: https://ico.org.uk/
Who are we and how can you contact us?
We are Employers Network for Equality & Inclusion (enei) and we are the data controller for your personal data. We are a registered charity in England (1101366) and we are a company with registration number 04549009. We are registered with the ICO under registration number ZA152190.
You can contact us using the following details:
Postal address:
Data Protection Officer
Employers Network for Equality & Inclusion
Unit 113, ScreenWorks
22 Highbury Grove
London
N5 2EF
Tel: +44 (0)20 3 053 6730
Email: info@enei.org.uk
How we collect your personal data
We receive your personal data both directly and indirectly.
Receiving your personal data directly
We will collect information from you when we communicate with each other by correspondence, telephone, email, social media, or face-to-face. We also collect information from you when you use our website, for example when you complete an application form or one of our other online forms.
Receiving your personal data indirectly
We may also obtain personal information from other sources that may be held on your record. This information is held in enei’s Record of Processing Activities (ROPA). For example, we indirectly obtain information from:
- Social media profiles
- Companies house
- Charity commission
We may receive information from other organisations where you have agreed that they may share your details with us, including:
- Event organisers or third-party websites.
- Other organisations that we are working with to deliver services, such as strategic partners (only if you have agreed that they may share information with us).
When you use our website
Like most websites, we use ‘cookies’ to help us make our site, and the way you use it, better. Cookies are small text files that sites transfer to your device (computer, phone or tablet) and make interacting with a website faster and easier – for example, by automatically filling in your name and address in text fields.
enei may store information about you and your activity in cookies. If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies.
For more information about cookies, how we use them and your personal consent preferences, please click here.
What personal data do we collect?
We will routinely collect the following basic information from you:
● Your name.
● Your contact details, including postal address, email address, telephone numbers, along with your preferences as to which of these we should use to contact you in the future.
● Job title.
● Financial information when you make a payment to us, for example bank account details and debit/credit card details.
● Other personal information or sensitive data you share with us.
We will also collect the following information from you if you apply to work for us:
● Criminal record check documents.
● Confirmation of your right to work in the UK.
● Your CV, including relevant experience, qualifications or training.
● Personal and professional references.
We will also collect the following information for the procurement and insurance claims process: name;
● Contact details (e-mail, address, business telephone number, mobile number, fax number, postal address, company and department, country of residence, if applicable, and internet address).
● Bank account details.
● Document for identification.
● Documents relating to insurance cover.
● Information from third parties, eg references.
We may also be collecting and processing the following sensitive data which requires us to ensure there is a higher level of protection against the processing of this data:
● Racial or ethnic origin.
● Religious or philosophical beliefs.
● Gender identity.
● Sexual orientation.
● Marital status.
● Disability.
● Health condition.
● Political opinion.
● Trade union membership.
● Any other sensitive data that is afforded special protection by Article 9 of the UK GDPR.
Protecting your personal data
enei has put in place appropriate safeguards and technical measures to protect your personal data. As an organisation, we recognise that any personal data handled by enei is held on your behalf and that we ensure we will respect that responsibility by adopting and maintaining high standards regarding the handling and use of that personal data.
enei will always consider and address the privacy risks first when planning to use or hold personal information in new ways, such as when introducing new electronic systems.
We provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Why do we process your personal data?
When we use your personal data, we will always explain to you how and the reason for using your personal information. In summary, we use your data to deliver our services to you, to conduct our sales, fundraising and marketing activities, for recruitment purposes, and to work with our suppliers and insurers.
No personal information you have given us will be passed on to third parties for commercial purposes.
The below table shows the purposes for which we process your personal data and the lawful bases we rely on for those purposes.
Purposes |
Lawful basis |
Provide you with the information or services you have requested, for example about our events. | Your consent; or legitimate interest, as we have an interest in providing you with the information or services you have requested. |
Managing your involvement in events, for example if you have completed a form about an event or responded to an invitation. Where appropriate, we will use the information you provide to identify any help we can offer, specific to the event you have signed up for, and to provide necessary information to event organisers. | Legitimate interest, as we have an interest in running our events properly and ensuring you are informed about events you have expressed an interest in. |
To reply to compliments and also investigate and respond to complaints. | Legitimate interest, as we have an interest in handling your compliment or complaint. |
To keep you up to date with the work you are supporting. Promotional marketing campaigns. To ask for financial and non-financial support. Contact you with information about products and services. Contact you about job opportunities.
To ensure we know how you prefer to be contacted. |
For communications sent by electronic mail or SMS: consent.
For communications over the phone or by post: legitimate interest. |
Processing and recording financial transactions and to prevent fraud. | Legitimate interest, so that your payment can be properly processed and received by us and so we can ensure the payment is legitimate. For financial contributions, to fulfil our legal obligations under Part 8 of the Charities Act 2011. |
Keep a record of your correspondence, questions you have asked us, or comments or complaints you have made. | Legitimate interest to communicate with you and improve our activities. |
Recruitment: to process applications for employment submitted to enei; to complete the interview and assessment process; to verify any references and information about qualifications or training you provide to us; to verify your right to work in the UK; to assess your suitability as a candidate; for equal opportunities monitoring; and to inform you of employment opportunities at enei. | Contract – processing is necessary in the context of a (prospective) employment contract.
Legal obligation (right to work checks). Consent – for any sensitive data (equal opportunities monitoring). |
Suppliers/Insurers (including contractors, sessional workers, and agency workers):
● to carry out a due diligence check; ● to set up payment systems on enei’s invoicing system; and ● to provide enei insurers, following a claim or potential claim, the necessary information to proceed with the claim being made. |
Legitimate interest – to provide information to our insurers for the purposes of making a claim.
Legal obligation (financial records/right to work). Contract – for the supply of consultancy to clients and for insurance cover. |
Understand how we can improve our services, and the resources or information we send out. Identify areas for future development. Carry out market research. | Legitimate interest so that we can improve our activities. |
Sensitive data – for the delivery of diversity, equality and inclusion advice and consultancy. | Consent |
enei may also use your personal data, after it has been anonymised, to allow for the statistical analysis of data to enable the organisation to target and effectively plan the provision of services. In deciding what personal data to collect, hold, and use, enei is committed to ensuring that it will comply with the data protection legislation.
Specific details about the purposes and legal basis for which we are processing your personal data is held on the organisation’s ROPA.
Who do we share your personal data with?
The information you provide us with may be shared, for example, with the Department of Work and Pensions (DWP), HMRC, and the Home Office. There will be times that the information will be disclosed to our partner organisations that provide services on behalf of enei.
enei may disclose personal data to third parties, but only where: it is necessary to comply with a legal obligation, or where permitted under data protection legislation, for example, where the disclosure is necessary for the purposes of the prevention and/or detection of crime; or where it is necessary for a third party working for or on behalf of enei and/or to provide services to you.
Some of your information will be passed to third-party service providers that perform functions on our behalf, such as:
- Payment processing.
- Sending postal mail.
- Email.
- Analysing data.
- Research and lead generation.
If you would like to obtain further information about the organisations your data is shared with, please contact us.
International data transfers
Due to the nature of servers and cloud-based storage all over the world, this may mean that, during the processing of your data, it leaves the UK. Although they may not be subject to the same data protection laws as in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law.
For data that is stored outside of the UK, we share data to countries for which an adequacy decision is in place. For data transfers to the United States, we rely on the UK Extension to the EU-U.S. Data Privacy Framework. If there is no adequacy decision in place, we have Standard Contractual Clauses (SCCs) in place with the relevant third parties.
If you would like further details of the protections we have put in place regarding international data transfers, please contact us.
How long do we keep your personal data?
We intend to minimise the amount of personal data that we store about you. We will keep personal data for the shortest time necessary in accordance with our policies.
Where there are legal obligations in place, we may have to keep your data for longer. For example, we will keep a record of any donations you have made for at least seven years.
If you ask us to cease communications with you, we will keep a record of your contact details and appropriate information to enable us to comply with your request.
The table below shows the retention period/criteria for our most common types of processing.
Type of data |
Retention period/criteria |
Members’ contacts data | Generally, retained for 7 years post-membership (statutory financial record retention obligation under Part 8 of the Charities Act 2011). |
Unsuccessful recruitment candidates | 12 months |
Website enquiries | 6 months |
Suppliers | Generally, retained for 7 years post-agreement (statutory financial record retention obligation under Part 8 of the Charities Act 2011). |
If you would like to request further information about our retention periods, please contact us.
Your data rights
You have the following rights under data protection law. You can exercise your rights by contacting us using the contact details at the top of this privacy notice. We will respond to your request without undue delay and in any case within one month. It may be necessary to take steps to ascertain your identity if there are reasonable doubts about your identity, in which case we may request further information from you.If you would like to request further information about our retention periods, please contact us.
Right of access
You have the right to ask for a copy of the information we hold about you.
Right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. If there are any discrepancies in the details we provide, please let us know and we will correct them.
Right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Right to restriction of processing
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Right to object and withdraw consent
You have the right to object to the processing of your personal information in certain circumstances. Where processing is based on consent, you have the right to withdraw your consent at any time. You can also change or stop what you receive from us by following the instructions at the bottom of any postal communication or email.
Right to portability
You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Complaints and questions
If you have any concerns or questions about our use of your personal information, you can contact us using our contact details at the top of this Privacy Notice. We will respond to you within one month.
If we are unable to resolve your concerns, you can also complain to the ICO or your local supervisory authority.
ICO website: https://www.ico.org.uk
Changes to this Privacy Notice
We may update this Privacy Notice from time to time to ensure it provides fully up-to-date information. The latest version of our Privacy Notice can always be found on this page. For any major changes, we may contact you to inform you of these.