GDPR and Personal Data

This advice is for everyone volunteering for Extinction Rebellion in the UK and using

information which identifies actual people
Chat communication tools such as Mattermost or Signal
The Hub to find people in roles and circle membership
Meeting services e.g. Big Blue Button (BBB), Jitsi, Zoom for your circle’s meetings and work

Personally identifiable information (PII) includes

names, email, phone number
home address,
nickname if this clearly associates with only one person,
photos and video
or any other information which can directly identify a person

Sometimes it is the combination of information which identifies a person (e.g. there might be 2 people in a house, only one adult, so age and address combined identifies a person)

Personal data

declared race or ethnicity or religion
health issues/ records
sexual orientation
political views (affiliation to XR is a political view)
records of conversations, donations, etc

Watch the short 6-minute video explainer of why GDPR is important to you and XR.
Check your understanding using our GDPR training deck. Quick and easy exercises to help you remember the core concepts!
Or use the interactive GDPR training at Rebellion Academy.

Why understanding GDPR is important

We want to take care of each other, and that includes being careful with information about each other, so complying with GDPR rules is totally in accordance with our XR Principles and Values.

Our purpose in holding personal data

Within Extinction Rebellion UK we need to share information with each other, cooperating to achieve Our Demands. To do this we share personal data so we can form teams, and reach other teams.

Be careful with this personal data, and to use it only for Extinction Rebellion’s purpose.

Consequences

If we have people in Extinction Rebellion (XR) who go beyond these guidelines, we risk

alienating each other - breaking trust
letting others outside XR get information which might damage our goals or be a risk to the people whose information is shared.
having a negative effect on the reputation of XR, and on other people’s willingness to support the movement

Planning for the personal data we need to hold

A big part of doing this right it to only hold the personal data we need for a specific purpose, and make sure we only allow access as needed. All that and more comes into doing a "data plan".

If your team uses personal data, check out the Data Plan checklist below.

If you:

want to gather personal data - you need to make a Data Plan.
already have personal data and you haven't created a Data Plan yet
are changing how you use personal data - update your Data Plan needs updating.

Here's the link to the detailed Data Plan checklist - please read through this, then contact the GDPR team who will help you from then on.

Unsubscribing and data deletion

Self-service

Action Network emails lists
Follow this link to find more information about how to unsubscribe, update details or join a new local group.

Hub, Forum, Cloud, Mattermost and Vault
You can remove yourself from The Hub, Forums, Cloud, Mattermost and the Vault - click the person icon at the top right of the Hub, click Settings, then click Delete me.

Getting help to unsubscribe

If you don't want to hear from XR services again e.g. from The Hub, Mattermost, Volunteer website, Rebel Toolkit, Rebellion Academy, CRM systems, Action Network, TESN, Arrestee & Legal Support or Finance contact dataprotection@rebellion.earth. Please specify in your email which systems you want to stop messages from (otherwise someone has to spend a long time checking all of them).

If you want to be removed from our systems, contact dataprotection@rebellion.earth. It would help us to know which systems you want to be removed from (otherwise someone has to spend a long time checking all of them). In some cases we won't be able to remove all your entries - in which case we'll let you know which we need to keep.

You can contact us via our GDPR & Security Reception channel on Mattermost or by email at dataprotection@rebellion.earth.