BLOODY GOOD PERIOD
PRIVACY POLICY
Last updated: October 2024
WHO IS BLOODY GOOD PERIOD
​
Bloody Good Period (“we”, “our”, “us”) is a charity that fights for menstrual equity and the rights of all women and people who bleed. established in the United Kingdom with a registered office at 167-196 Great Portland Street, 5th Floor, London, W1W 5PF. For the purposes of the General Data Protection Regulation (the “GDPR”) and the UK General Data Protection Regulation and the Data Protection Act 2018 (“UK GDPR”), we are the data controller.
​
​
IF YOU HAVE A QUESTION OR PROBLEM
This privacy notice applies to the way in which we process your personal data including some sensitive personal data. The GDPR and the UK GDPR prescribe the way in which we may collect, retain and handle your personal data, and also provide you with certain rights (see below).
​
This privacy notice also details your rights and obligations in relation to your personal data and the personal data of third party recipients with which we may share such. You can contact our data privacy manager ([email protected]) to ask a question about our privacy practices or exercise your rights and choices.
​
If we cannot help you resolve your concerns, you have the right to complain to a data protection authority.
WHAT DO WE PROCESS AND HOW DO WE USE THIS?
​
​​
​LEGAL BASIS FOR PROCESSING
In many of the countries where we operate, data protection law requires us to process personal data only where we have an approved basis under the law. You have the right to understand what our legal bases are, so we explain them here. We use the following bases, depending on the activity we undertake:
Performing a contract
In most cases, the data we collect and how we use it are necessary for us to provide our services.
Complying with the law
Some of the activities we undertake are necessary to comply with our legal obligations as a charity.
Meeting our legitimate interests
We use personal data as necessary to meet our legitimate business interests. When we do, we make sure we understand and work to minimise its privacy impact. For example, we limit the data to what is necessary, control access to the data, and where we can, aggregate or de-identify the data.
What is legitimate interest?
Under UK GDPR Article 6(1)(f), companies have the ability to engage in activities without consent under a balancing test. In other words, questioning whether we have legitimate interest in engaging in the activity that is not outweighed by the interests or fundamental rights and freedoms of the data subject.
​
​OUR MARKETING AND YOUR CHOICES
​
We have a legitimate interest in engaging in marketing activities if:
-
You have requested information from us
-
Purchased a product or a service
-
Provided us with your details
-
Entered a competition or registered for a promotional activity
We respect your right to opt out of these activities, which you can do at any time by clicking the “unsubscribe” link in one of our emails or asking us to take you off our marketing list by contacting us at [email protected]. You can ask us at any time not to carry out direct marketing, or to stop using profiling and marketing cookies through contacting [email protected].
​
YOUR RIGHTS AND CHOICES
​
You have rights under the GDPR and UK GDPR. These include the following:
-
Right to access – you have a right to ask us for a copy of your personal data.
-
Right to erasure – you have a right to request that we delete your personal data, under certain conditions.
-
Right to rectification – you have a right to request that we correct any information that we believe is inaccurate. Your also have a right to request that we complete information that you believe is incomplete.
-
Right to restrict processing – you have a right to request that we restrict processing of your personal data, and to obtain personal data in a format you can share with external parties, under certain conditions.
-
Right to object to processing - this right may be limited in some citations - for example, where we can demonstrate that we have legal requirements to process your data.
-
Right to data portability – you have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
We may need to request specific information from you to help us exercise your privacy rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one (1) month from receiving the request from you. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated on expected timeframes.
You can contact our privacy representative to ask a question about our privacy practices or exercise your rights at [email protected] or via our website. If you have unresolved concerns, you have the right to complain to a data protection authority or other regulator where you live or work, or where you believe a breach may have occurred.
​
HOW IS YOUR PERSONAL DATA SHARED?
​
We don't sell personal data. We share personal data with recipients under lawful conditions as required to perform our services or operate our charity.
Service providers
Other companies help us conduct the activities described in this privacy notice.
We work with service providers, for business purposes in our legitimate interests who have access to personal data when they provide us with services, like technical infrastructure, web and app development, and marketing, analytics and survey tools. We impose strict restrictions on how service providers store, use and share data on our behalf. We also work with companies who provide consulting, administrative support, legal and financial advice for us.​
KEEPING YOUR DATA SAFE
​
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
INTERNATIONAL TRANSFERS
​
Bloody Good Period services are offered from the United Kingdom. Personal data may also be stored and accessed by service providers located in other countries such as the EU or countries that have not been found to have an adequate level of protection for personal data by the European Commission and UK government. Wherever we transfer data, we enter into contracts or seek other ways to ensure service providers treat data as required by law in the country where it was collected and enter into appropriate transfer mechanisms in line with the GDPR and UK GDPR.
​
HOW LONG DO WE KEEP PERSONAL DATA?
We keep your personal data for as long as necessary to provide our services in accordance with the appropriate statutory limitation periods. We also keep personal data for other legitimate business purposes, such as complying with our legal obligations. Because these needs can vary for different data types used for different purposes, retention times will also vary. Here are some of the factors we have considered to set retention times:
-
How long do we need the personal data to develop, maintain and improve our services, keep our website secure.
-
Have you asked us to stop using your data or withdrawn your consent? Where we can delete the data, we will process it for only a short period after this to meet your request. If needed, we will also keep a record of your request so that we can make sure it is respected in the future.
-
Are we subject to a legal obligation to keep the data? By law we are required to keep basic information about our customers for 6 years after you cease to be our customer. This includes your Identity, Contact, Financial and Transaction Information.
COOKIE POLICY
What are cookies?
Cookies are small text files that are stored on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.
Types of cookies we use
-
Essential Cookies: These cookies are necessary for the website to function properly. They enable core functionality such as security, network management, and accessibility.
-
Analytics Cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.
-
Marketing Cookies: These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
Your cookie choices
-
Consent: By using our website, you consent to the use of cookies in accordance with this policy. You can manage your cookie preferences by adjusting your browser settings or by using our cookie consent tool.
-
Opt-Out: You can opt out of non-essential cookies by adjusting your browser settings or by using our cookie consent tool. Please note that disabling certain cookies may impact your user experience on our website.
Third-party cookies
We may use third-party services that may set their own cookies on our website. These third parties have their own privacy policies and cookie practices, which we encourage you to review.