General Privacy Notice


Privacy notices can be long and full of legal jargon that is hard to understand.

So we’ve pulled out the most important questions that you might have about our privacy notice and answered them below in the Summary. It will take about 5 minutes or so to read.

If you wish, you can read the full privacy notice at the bottom of this page.

Summary

Who are we?

We are Reset Tech, a global philanthropic network. We operate out of the US, UK, Germany and Australia.

What personal data do we collect and why?

That depends on who you are and our relationship with you. We’ve set out a few examples below:

  • If you sign up to our communications we will use your name, email address, role, and organization to keep in touch with you about our work.
  • If you apply for a job we’ll use your CV (or resumé), contact information, interview content, and references to decide whether you’re a good fit for Reset Tech.
  • If we fund you (or consider funding you), we will use the contact information for the relevant staff to stay in touch, we will use the name of your senior leadership and board to run background checks, and we may use the information about your staff and beneficiaries if you include it in your reports.
  • If you are a stakeholder or expert in our sector, we will use your name, contact information, role, organization and information about your areas of interest or expertise to inform our work.
  • If you are a vendor we will use the contact details of those at your organization. And if you’re a sole trader, then we will use your bank details to pay you.

For all of the above, we will keep records of our interactions with you (for example, our email correspondence and notes of meetings).

What about sensitive personal data?

Some personal data are more sensitive than other data (for example, information about your health, your sexual orientation or sex life, your political affiliation, or your race and ethnicity). We try to minimize our collection of sensitive personal data, but sometimes it’s necessary (for example, if you’re a politician we will naturally keep a record of your political party). We will always make sure we collect and use such information lawfully.

Do we keep your personal data secure?

We try as hard as we can to keep your data safe. For example, we make sure that only people who need to can see your data, we encrypt data where we can, we have strict contracts with our vendors handling personal data, and we train our staff.

Do we share your personal data?

Yes. We share your personal data with the different entities within Reset Tech, and with contractors who provide services to us. We may share your personal data in other circumstances (for example, with funders or to comply with legal obligations on us)

Do we transfer your personal data internationally?

Yes. Reset Tech is a global network and our entities share systems. We also use vendors in different countries. We try as hard as we can to keep your personal data secure when shared internationally, including care vetting our vendors, entering into agreements guaranteeing the security of personal data and your rights, and - of course - only transferring personal data which is necessary.

What are your rights?

You have rights over your personal data and how we use it. If we’ve asked for your consent to use your personal data (for example, for our newsletter), you can withdraw your consent at any time. In certain circumstances, you can object to our use of your personal data or ask us to delete it, however we may not be able to fully do so. For more details about your rights and how you exercise them - see Your Rights section below

Who can I contact?

If you have any questions, you can email our Data Protection Officer, Molly Waiting, at [email protected]. If you feel like we haven’t addressed your concerns, you can always contact your data protection authority (for example, the ICO in the UK or the BlnBDI in Berlin).

Full Privacy Notice

1. Who we are

Reset Tech operates through a global network of entities. These include:

  • United States:

    Reset Tech and Reset Tech Action: 6218 Georgia Avenue NW Suite #1, PMB 3134
    Washington, DC 20011, USA

  • United Kingdom:

    Reset Tech UK Limited: Thames Exchange, 10 Queen Street Place, London EC4R 1BE, UK

  • Germany:

    Reset Tech GmbH: Friedrichstr. 114A, 10117 Berlin, Germany

  • Australia:

    Reset Tech Australia Limited: Level 10, 68 Pitt Street Sydney NSW 2000

In this notice, we refer to Reset Tech as a single organization and so (unless specified otherwise) we mean the entities outlined above.

2. Who does this privacy notice apply to?

We collect and use personal data about people with whom we work, people interested in Reset Tech’s work, and people we believe could be helpful in Reset Tech’s work. These include:

  • Partners (those we fund via contracts or grants) and prospective partners.
  • Stakeholders - for example, funders, advisors, public sector figures, leaders in our sector, and in the nonprofit community.
  • Applicants for jobs at Reset Tech
  • Contacts at vendors who provide services to Reset Tech
  • Online contacts, including visitors to our websites (www.reset.tech, https://au.reset.tech/), those who sign up to our newsletters, and those engage with us on social media.
  • Attendees at our events.

The notice also provides information about how we will use your personal data and your rights in relation to your personal data.

Note that we have separate notices for our staff and our research - as our use of personal data differs for these categories of individuals.

If you are a staff member, please contact: [email protected] for a copy of the Staff Privacy Notice.

If you have questions about how we handle personal data as part of our research, please email [email protected] for a copy of our Research Privacy Notice.

If we start a new project or activity, we may provide you with additional privacy notices with more information.

3. What types of personal data do we collect?

“What is personal data?”

By personal data we mean any information which identifies you or which could be used to identify you. At its simplest, this could be your name and/or email address. Personal data also includes information about your expertise in a particular area and contributions you may make (for example, when we ask you to contribute to reports).

The personal data we collect depends upon your relationship with us, and so we have set out below the types of information we collect and from whom we collect it.

Name
Partners Stakeholders Applicants Vendors Online contacts Attendees
Role & Organization
Partners Stakeholders Applicants Vendors Attendees
References from third parties
Partners Applicants Vendors Attendees
Social media accounts
Partners Stakeholders Applicants Vendors Online contacts Attendees
Communication records
Partners Stakeholders Applicants Vendors Online contacts Attendees
Background information
Partners
(if submitted as part of your funding package)
Stakeholders Applicants Vendors
(if provided as part of your contract bid)
Contact Details (email address, potentially phone and postal address)
Partners Stakeholders Applicants Vendors Online contacts
(usually email only)
Attendees
Records (for example, contracts, invoices, funding reports)
Partners Stakeholders Applicants Vendors
Bank details and tax information
Partners (if we reimburse you for expenses) Stakeholders
(if we reimburse you for expenses)
Vendors

Certain types of personal data are sensitive and merit more protection. For example, information about your race or ethnic origins, political opinions, sex life or sexual orientation, religious beliefs, health information, biometric and genetic data. Criminal information (information about convictions or allegations about convictions) also merits additional protection and special consideration. Financial information (bank details, identity documents, etc) can also cause harm when misused, so we endeavor to treat these as sensitive, as well.

We do not usually collect sensitive personal data about you. We will only process these types of personal data about you if we have a valid reason for doing so and only if the law allows us to do so. The two exceptions are if you are a job applicant or if you are on the leadership team or board of a prospective partner. In these cases, we may collect sensitive personal data about you as part of the application process / due diligence process. See sections 7 (job applicants) and 8 (partners) for more information.

4. Where do we get your personal data?

We collect your personal data from three different types of sources:

  • Directly from you. For example, when you sign up for our newsletter or send us an email.
  • Indirectly from another source. For example, when we run compliance checks on potential partners.
  • When it is available publicly. For example, if you write an article about an area in which we are interested.

5. How and why we use your personal data?

What is a “lawful basis”?

We can only use your personal data if we have a valid reason. In Europe, this is known as a lawful basis of processing. Below we explain the lawful bases which we think apply to our use of personal information. Processing sensitive personal data requires additional conditions of processing.

Lawful Bases and Conditions

Legitimate interests is a flexible lawful basis which allows us to use your personal data provided that:

  • We have a good reason to do so. For example, to evaluate whether we should invest in a potential partner.
  • You can reasonably expect that we would use your personal information in this way. In other words, our use of your personal information shouldn’t be a surprise.
  • It fits with your rights and it doesn’t affect you unfairly. Your rights are explained in section 14.

When we rely upon legitimate interests as a lawful basis, our use of your personal information must be fair and balanced, and we need to consider the points above.

Consent is when we ask for your permission to use your personal information for a specific purpose. For example, if we ask to use a quote from you to promote our work. You always have the right to withdraw your consent. Just send us an email or contact us using the details set out in section 1.

We may also need to process your personal information to comply with a legal obligation on us.

We may also need to process personal information in order to perform our contract with you. For example, where you provide us with your bank details for payment.

Finally, we all hope to avoid litigation where possible, but we may need to use your personal data as part of a legal claim.

The purposes for which we use your personal data

We use your personal data for the following reasons (relying on one or more of the lawful bases are listed above):

  • Promoting our work, our partners’ work, and our principles, for example through our newsletters, research reports and speaking engagements.
  • Evaluating our impact and areas for improvement, for example considering whether and how to support new and existing partners, sectors, and jurisdictions.
  • Administering our funding, for example due diligence, background checks, disbursing funding, receiving reports, etc.
  • Report on our use of funding and seek further funding
  • Running and participating in events
  • Handling any concerns or queries which arise during the course of our work
  • Procuring and receiving services from vendors
  • Requesting advice and guidance from our stakeholders and partners
  • Recruit talented staff to support our work.

6. When will we get in touch?

We may contact you when you give us your contact details or when we believe that you may wish to hear from us. Some of these communications may be administrative (for example, to respond to a query or request from you) and some may be promotional (for example, a newsletter with updates about our work).

We’ll only contact you when we’re allowed to do so. And you can request that we cease contacting you with promotional material at any time. Though please note that we may still send you administrative communications (for example, if you’re a contact at a partner, we will contact you about your funding).

7. What if you’re a job applicant?

We handle personal data of those who apply to work with us slightly differently than we have discussed above, so we’ve included a dedicated section. When you apply to work at Reset Tech, we will collect and use your information for the purposes of evaluating your application as part of our recruitment process.

We will collect the following types of personal information:

  • Information you provide on your CV or resumé and any associated covering letter or email.
  • Information you provide during the course of the recruitment process (for example, during the interview phase).
  • Information provided by third parties about you, including former employers and named references.
  • Information recorded in our notes and records.

We will use the personal information we collect about you to:

  • Assess your skills, qualifications, and suitability for the role.
  • Carry out background checks and reference checks (where applicable).
  • Communicate with you about the recruitment process.
  • Keep records about our recruitment process.
  • Comply with other legal and regulatory requirements.
  • If successful, enter into a contract of employment with you.

It is in our legitimate interests to decide whether to appoint you to the role, since it would be beneficial to Reset Tech to appoint a qualified and appropriate person to the role. Please note that if you fail to provide us with the relevant details that we request, we will not be able to process your application.

If you are successful in your application, we will transfer the personal information collected as part of your recruitment process to your employment record. We will also provide you with a staff specific privacy notice.

If you are unsuccessful with your application we usually retain your personal data for two years after we communicated the decision to you, unless otherwise required to do so by law (for example, where immigration regulations require the retention of recruitment notes).

8. What if you’re a partner?

Checks

Non-profits, like all organizations, are under an obligation to make sure their funding is not misused for terrorist and/or criminal activity. This means that for our grant funding (and potentially some high value contracts) we are under a legal obligation to perform checks on potential partners (and their leadership). This includes screening the name of the organization and the names of its leadership against governmental lists, like the OFAC Lists and similar lists in the EU and Australia.

In order to do this, we ask partners as part of the onboarding process to provide the names of their board members, senior leadership team, and any individuals responsible for the delivery of the funded project.

We then use a platform called Plaid to check these names against the lists. Plaid’s Monitor feature runs the names provided (as well as variations - such as common nicknames, etc) against the various governmental lists, and lets us know if the name is “cleared” (in other words, there are no potential problems) or in need of review. This could be that someone with a similar name to yours appears on a list. We will then research using publicly available sources (like your organization’s website or LinkedIn) to confirm whether or not there is an issue. Unless we are legally barred from doing so, we will not refuse funding based upon a potential “issue” with a screening without first speaking with you.

When we have reviewed a screening and decided that the name is “cleared” we will keep a record of the search and notes for why we decided it was not an issue (for example, a link to your profile on the partner’s website). We will keep these records for at least five (5) years, unless we are required to retain them for a longer period.

As a reminder, when you are completing the onboarding form and providing names of colleagues, please make sure you email them a link to this Privacy Notice!

Reports

When you receive funding from Reset Tech, partners are expected to provide reports to us on the progress of the funded project and also on any issues or difficulties partners face. The standard reports tend to include limited personal data, outside a summary of work done.

However, reports about difficulties partners face can include more personal data. For example when there is an issue with a staff member. In these circumstances, we endeavor to collect only the information we need in order to (1) ensure that we are stewarding our funding in a legally compliant and responsible manner; and (2) support the partner in proportionate ways (for example, helping the partner find expert advice). We maintain a copy of any such reports with the partner funding file.

9. Do we share your personal data?

Reset Tech operates as a federated network of entities. These entities share systems and staff, and so your personal data will be shared among these entities.

We also use vendors to help us operate. For example, we use MailChimp to send our newsletters, we use Google Workspace for our emails and document storage, we use Submittable to manage our partner information, and we use a service to check bank details of our partners in the US.

We have written agreements with our vendors that require them to help keep your personal data safe.

There are other circumstances in which we may share your information:

  • If we spin out our operation or part of our operation to another organization;
  • With co-funders or other stakeholders;
  • With our professional advisors (for example, lawyers and accountants)
  • If we’re under a legal or regulatory obligation to do so; and
  • In connection with any legal proceedings or prospective legal proceedings, in order to establish, exercise or defend our legal rights.

If we share your personal data with any other third party, we will let you know in advance, where possible.

We will not sell your personal data.

Our websites include links to other websites. This notice only covers how Reset Tech uses personal data and does not cover these other websites. We encourage you to read the privacy notices on other websites you visit.

The success of Reset Tech depends in part on people amplifying our messages, and we have provided social media links to allow you to easily share content from our website with your networks. In doing so your personal data may be disclosed to these social media platforms. When you share content using these buttons, a new page will pop up from the relevant social media platform. If you’re already logged into your account on that social media platform, then you will probably be automatically logged into this pop-up page.

We have no control over how social media platforms use your personal data. We encourage you to read the privacy notices on the various social media platforms you use (and engage with their privacy tools).

Find out more about how these social media platforms use your personal data:

11. How we keep your information safe

Security of information (particularly personal data) is important to us. We make sure to appropriate measures to protect personal data, including:

  • Requiring third parties to use appropriate measures to protect the confidentiality and security of personal data.
  • Restricting access to personal data within Reset Tech to those who have a need to know the information for the purposes described above. This may include your managers and their designees, personnel in People Operations, IT, Legal, Finance and Accounting and Internal Audit.
  • Global policies on IT security and data protection, with training provided to staff, as needed.
  • Implementing industry best practices in data protection, such as zero trust models, least privilege access, encryption of data at rest and in transit, and cross-platform authentication services

Interested in learning more about online safety? Check out the National Center for Cyber Security.

12. Where your information is used

Reset Tech is a global network. We have offices in Washington DC, Berlin, London and Australia. We also have staff working throughout Europe and vendors working all over the world. This means that we transfer your personal data to these various locations (as necessary for the purposes outlined above).

We remain under an obligation to make sure your information remains safe and secure. We vet our suppliers and have strict contracts in place covering the transfer of personal data to other countries.

13. How long we keep your information for

We keep your personal data for as long as we reasonably need it for the purposes set out in sections 5, 7 (job applicants) and 8 (partners).

We have set out below a few examples of the periods of time that we retain certain types of records:

  • Partner records: 10 years following the end of our funding
  • Unsuccessful potential partners: 3 years’ from our decision not to fund
  • Unsuccessful job applicants: 2 years from the communication of decision
  • Vendor contracts (and related records): 7 years from the end of the contract

14. Your rights

You are in control of your personal information. When we use your personal information you have the right to:

  • Ask for a copy of the personal information we hold about you. We may ask you for proof of your identity. We will give you a copy of your personal information unless we consider that an exemption applies. If we withhold any of your personal information, we’ll explain why.
  • Ask that we erase the personal information we hold about you. We may not be able to erase your information (for example, we may be legally obliged to keep your personal information), but we will consider and respond to your request.
  • Ask that we correct any personal information that we hold about you that you believe to be incorrect.
  • Ask that we restrict the use of your personal information if you believe the information we hold is incorrect, or if we don’t have a valid reason for using your personal information.
  • To change your mind and withdraw your consent.
  • Ask us to stop using your personal information, if we are relying on legitimate interests as our lawful basis.

Other rights may apply under various legal regimes, which will not obviously apply to the way in which we use your personal data. For example, European data protection law allows you to port (or transfer) your personal data to a third party in certain circumstances.

15. Who to contact

If you have questions about Reset Tech, this privacy notice or how we handle personal data, please contact our Data Protection Officer, Molly Waiting, at [email protected]

If you have any concerns about the way we are handling your personal information, or if you’ve raised a question or a complaint that we haven’t dealt with, you can (in certain cases) contact your data protection regulator directly. For example, the Information Commissioner’s Office in the UK or the Berliner Beauftragte für Datenschutz und Informationsfreiheit in Berlin.

16. Updates to this notice

We may update this notice from time to time. If we update this notice in a way that significantly changes how we use your personal data we will bring these changes to your attention where reasonably possible. Otherwise, you can access the latest version on our website.

Last updated: 15 March 2024