Who we are
We are Go Vegan Community (https://govegan.community), owned by Community of Healing (HK), Company number 1849455.
In this privacy notice, we will refer to ourselves as “we“’, “us” or “our“.
We are the Data Controller of the personal information we collect, hold and use about you, as explained in this notice.
You can get hold of us in any of the following ways:
- by emailing us at email@example.com
- by writing to us at Community of Healing (HK) Ltd.Room 303 East Ocean Centre 98 Granville Road, Tsim Sha Tsui, East Kowloon.
We take the privacy, including the security, of personal information we hold about you seriously. This privacy notice is designed to inform you about how we collect personal information about you and how we use that personal information. You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you.
We do not have a data protection officer, but if you have any questions about matters relating to data protection at our organization, including any matters in this privacy notice, or issues arising from it, you should contact our web development team at Synion Collective (firstname.lastname@example.org)
We may issue other privacy notices from time to time, including when we collect personal information from you. This privacy notice is intended to supplement these and does not override them.
We may update this privacy notice from time to time. This version was last updated on October 12, 2020.
The key terms that we use throughout this privacy notice are defined below, for ease:
Data Controller: under EU data protection law, this is the organization or person responsible for deciding how personal information is collected and stored and how it is used.
Data Processor: a Data Controller may appoint another organization or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller. (This might be the hosting of a site containing personal data, for example, or providing an email-marketing service that facilitates the mass distribution of marketing material to a Data Controller’s customer base.)
Personal Information: in this privacy notice, we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified. It does not apply to information that has been anonymized.
Special Information – certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life, and sexual orientation and also includes genetic information and biometric information.
What personal data we collect and why we collect it?
We collect information about you during the signup process as well as some basic activities such as the dates you make purchases, login to the site, or cancel/pause/resume your subscriptions with us.
When you subscribe with us, we’ll ask you to provide an email address. We’ll use this information for purposes, such as, to:
- Send you information about your account and subscriptions. This may include payment receipts, password reset emails, and payment reminders.
- Create your membership account
When visitors leave comments on our site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
User information submitted through the contact forms on our website is not stored on any database outside of the email server. Your email address will not be associated with any email marketing.
If you leave a comment on our site you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
How long we retain your data
We store information about you for as long as your account exists.
Who on our team has access
Members of our team have access to the information you provide us. For example, site Owner/Administrators can access:
- Order information such as your membership subscriptions, payment dates and amounts, and username / email address.
Any additional information added in your Member Profile can also be visible to the Administrator(s).
What we share with others
We share information with third parties who help us provide additional contact services to you; for example – Facebook Ads, Google Analytics, Active Campaign Email Marketing Analytics
We accept payments through PayPal and Stripe. When processing payments, some of your data will be passed to the payment gateway, including information required to process or support the payment, such as the purchase total and billing information.
We do not store any credit card information on our own database. All sensitive data is sent through an encryption layer and processed by PayPal or Stripe directly.
Details of special information that we collect and hold about you
Special information is explained in section 1 above. We do not collect or hold any special information about you.
We do not collect information from you relating to criminal convictions or offenses.
Details of how and why we use personal information
We are only able to use your personal information for certain legal reasons set out in data protection law. There are legal reasons under data protection law other than those listed below; but, in most cases, we will use your personal information for the following legal reasons:
- Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you;
- Legitimate Interests Reason: this is where the use of your personal information is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms or interests;
- Legal Obligation Reason: this is where we have to use your personal information in order to perform a legal obligation by which we are bound; and
- Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or specific reasons.
So that we are able to provide you with services, we will need your personal information. If you do not provide us with the required personal information, we may be prevented from supplying the services to you.
It is important that you keep your personal information up to date. If any of your personal information changes, please contact us as soon as possible to let us know. If you do not do this, then we may be prevented from supplying the services to you.
Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information – in which case, we will confirm that reason to you.
We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information. Please also note the following:
- if we use the Legitimate Interests Reason as the legal reason for which we can use your personal information, we have also explained what that legitimate interest is; and
- for some of the purposes, we may have listed more than one legal reason on which we can use your personal information, because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying on to use your personal data for that purpose, please contact us using the contact details set out at the start of this privacy notice.
|Purpose||Legal Reason(s) for using the personal information|
|To enrol you as a customer||Contract Reason, Legitimate Interests Reason (in order to [offer you other goods, services and/or digital content which helps us to develop our business)|
|To process your order, which includes taking payment from you, advising you of any updates in relation to your order or any enforcement action against you to recover payment||Contract Reason, Legitimate Interests Reason (in order to recover money that you owe us)|
|To manage our contract with you and to notify you of any changes||Contract Reason, Legal Obligation Reason|
|To comply with audit and accounting matters||Legal Obligation Reason|
|For record keeping, including in relation to any guarantees or warranties provided as part of the sale of goods, services and/or digital content||Contract Reason, Legal Obligation Reason|
|To improve the goods, services, and/or digital content that we supply||Legitimate Interests Reason (in order to improve the goods, services, and/or digital content for future customers and to grow our business)|
|To recommend and send communications to you about goods, services, and/or digital content that you may be interested in. More details about marketing are set out in section 11 below||Legitimate Interests Reason (in order to grow our business)Consent Reason|
|To ensure the smooth running and correct operation of our website||Legitimate Interests Reason (to ensure our website runs correctly)|
|To understand how customers and visitors to our website use the website and interact with it via data analysis||Legitimate Interests Reason (to improve and grow our business, including our website, and to understand our customer’s needs, desires and requirements)|
Sometimes we may anonymize personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together with other personal information and you are not identifiable from that combined data we are able to use this.
Under data protection laws, we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) we told you about. If we want to use your personal information for a different purpose that we do not think is compatible with the purpose(s) we told you about, then we will contact you to explain this and what legal reason is in place to allow us to do this.
Details of how we collect personal information and special information
We usually collect Identity Information, Contact Information, Payment Information, Transaction Information, Survey Information, and Marketing Information directly from you when you fill out a form, survey or questionnaire, or purchase goods, services and/or digital content from us, or contact us by email, telephone, in writing or otherwise. This includes the personal information that you provide to us when you subscribe to our mailing list and/or complete a survey.
We may receive some of your personal information from third parties or publicly available sources. This includes:
- Identity Information and Contact Information from publicly available sources such as Companies House;
- Website, Device and Technical Information from third parties such as analytics providers (like Google)
Details about who personal Information may be shared with
We may need to share your personal information with other organizations or people. These organizations include:
- Third parties who may include:
- Suppliers: such as IT support services, payment providers, and administration providers who are based in the UK;
- Government bodies and regulatory bodies: such as HMRC, and fraud prevention agencies who are based in the UK;
- Our advisors: such as lawyers, accountants, auditors, insurance companies who are based in the UK;
- Email platforms who are based in the UK and USA;
- any organizations that propose to purchase our business and assets, in which case we may disclose your personal information to the potential purchaser.
- On Go Vegan website under resource section shared with community members which would include webinar replays
Depending on the circumstances, the organizations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. Where we share your personal information with a Data Processor, we will ensure that we have in place contracts that set out the responsibilities and obligations of us and them, including in respect of the security of personal information.
We do not sell or trade any of the personal information that you have provided to us.
Details about transfers to countries outside of the EEA
If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA, then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring personal information outside of the EEA that are available to us – these are known as “derogations” under data protection laws). We may need to transfer personal information outside of the EEA to the third parties listed above in section 6 who may be located outside of the EEA.
The safeguards set out in data protection laws for transferring personal information outside of the EEA include:
- where the transfer is to a country or territory that the EU Commission has approved as ensuring an adequate level of protection;
- where personal information is transferred to another organization within our group, under an agreement covering this situation, which is known as ‘binding corporate rules’;
- having in place a standard set of clauses that have been approved by the EU Commission;
- compliance with an approved code of conduct by a relevant data protection supervisory authority (in the UK, this is the Information Commissioner’s Office (ICO);
- certification with an approved certification mechanism;
- where the EU Commission has approved specific arrangements in respect of certain countries, such as the US Privacy Shield, in relation to organizations that have signed up to it in the USA.
Details about how long we will hold your personal information
We will only hold your personal data for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the personal information (see section 4 above) and whether we are under any legal obligation to keep the personal information (such as in relation to accounting or auditing records or for tax reasons). We may also need to keep personal information in case of any legal claims , including in relation to any guarantees or warranties that we have provided with the goods, services, and digital content.
You can contact us (using the details at the beginning of this notice) to request a copy of our retention policy, which sets out how long different types of personal data will be kept for.
Your rights under the data protection law
Under data protection laws, you have certain rights in relation to your personal information, as follows:
- Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information that we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
- Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
- Right to erasure: (this is often called the ‘right to be forgotten’).This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
- Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
- Right to data portability: this right allows you to request us to transfer your personal information to someone else.
- Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 4 above) and there is something about your particular situation that means that you want to object to us processing your personal information. In certain circumstances, you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).
In addition to the rights set out in section 9.1, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. Further details about this are set out in section 4.5.
If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice. If you do make a request, then please note:
- we may need certain information from you so that we can verify your identity;
- we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and
- if your request is unfounded or excessive, then we may refuse to deal with your request.
You may receive marketing from us about similar goods and services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes.
However, we will give you the opportunity to manage how or if we market to you. In any email that we send to you, we provide a link to either unsubscribe or opt out, or to change your marketing preferences. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes, you can always contact us on the details set out at the beginning of this notice.
Webinar replays will be used as part of marketing collateral related to the Go Vegan Community.
If you do request that we stop marketing to you, this will not prevent us from sending communications to you that are not to do with marketing (for example in relation to goods, services, and digital content that you have purchased from us).
We do not pass your personal information on to any third parties for marketing purposes.
Our website uses “cookies” to help you personalize your online experience. A cookie is a text file that is placed by us or our remarketing partners on your hard drive by a web page server. Our cookies do not run programs or deliver viruses to your computer. Cookies are uniquely assigned to your computer and can only be read by a web server in the domain that issued the cookie to your computer.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The cookie tells the server that you have returned to a specific page. For example, if you personalize the website pages, or register with the website, a cookie helps the website recall your specific information on subsequent visits. This simplifies the process of recording your personal data, such as your billing address or site preferences. When you return to the same website, the information you previously provided can be retrieved, so you can easily use the website features that you customized.
We may place the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of the website. They include, for example, cookies that enable you to log into secure areas of our website or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around the website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognize you when you return to the website. This enables us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to the website, the pages you have visited, and the links you have followed. We will use this information to make our website more relevant to your interests and for remarketing as described below.
If you do not want to receive cookies, you can usually choose to opt-out by modifying your browser settings to decline them. If you choose to decline cookies, you may not be able to access all or parts of, or to fully experience the interactive features of our services or web pages you visit.
If you are unhappy about the way that we have handled or used your personal information, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.
Changes to this Policy
We will occasionally update this policy to reflect company and customer feedback. We encourage you to periodically review this policy to be informed of how we are protecting your Personal Information.