Our commitment to privacy
Personal information we collect
We collect personal information from you in various ways, for example:
- if you supply personal information when using this Website;
- when you supply personal details in the course of registering support;
- when you provide personal details in the course of registering as a potential beneficiary or proposing a potential project;
- when you make a donation through our fundraising platforms, Virgin Money Giving, Charity checkout, Just Giving, DonorSee and Stripe in which case they will provide us with this information – see also section headed Third Party Platforms below;
- when you sign-up to receive newsletters or email notifications from us;
- if you order any merchandise; and/or
- if you raise a query or issue with us.
The type of personal information we collect includes your name, email address, home (or work) address, phone number and other personal details which you may choose to provide. Any credit card or debit card data you provide is securely handled by our third party payment processor (or such other third party payment processor) as we use from time to time. We never store your credit or debit card details.
Use of personal data
We may use your Personal Data about you for the following purposes:
- providing you with access to our Website as well as administering or developing Website features or content;
- fundraising or direct marketing purposes. Where you have expressly consented to us doing so in accordance with applicable law, we may contact you for these purposes by telephone or electronic message (e.g. email or SMS). If you wish to update your Personal Data or opt-out of receiving further fundraising or marketing communications from us please get in touch at the address shown in the Contact section below;
- administering any on-going donations or support you provide;
- providing you with news about us or any projects, campaigns or events that we may be involved in;
We may also contact you for other purposes that you consent to from time to time.
We may process or disclose your Personal Data for our legitimate interests or those of a third party (such as a transaction counterparty or a partner to a project) to:
- manage and administer any projects relating to beneficiaries
- assess and process any applications or requests made by you
- send updates, information and notices or otherwise correspond with you in connection with projects
- address or investigate any complaints, claims, proceedings or disputes
- provide you with, and inform you about, our work and opportunities to support us
- monitor and improve our relationships with our supporters and beneficiaries
- comply with applicable regulatory obligations, including anti-money laundering, sanctions and ‘know your client’ checks
- assist our transaction counterparties and partners to comply with their regulatory and legal obligations (including anti-money laundering, ‘know your client’ and sanctions checks)
- manage our risk and operations
- comply with our accounting and tax reporting requirements
- comply with our audit requirements
- assist with internal compliance with our policies and process
- ensure appropriate group management and governance
- keep our internal records
- prepare reports on incidents / accidents
- protect against fraud, breach of confidence, theft of proprietary materials, and other financial or business crimes (to the extent that this is not required of us by law)
- analyse and manage commercial risks
- seek professional advice, including legal advice
- monitor communications to/from us using our systems
- protect the security and integrity of our IT systems
We only rely on these interests where we have considered that, on balance, the legitimate interests are not overridden by your interests, fundamental rights or freedoms.
We may process or disclose your Personal Data where it is necessary for compliance with an applicable legal or regulatory obligation to which we are subject to:
- undertake our donor and beneficiary due diligence, and on-boarding checks
- carry out verification, know your client (KYC), terrorist financing, sanctions, and anti-money laundering checks
- comply with requests from regulatory, governmental, tax and law enforcement authorities
- for surveillance and investigation purposes
- carry out audit checks
- maintain statutory registers
- prevent and detect fraud
- comply with sanctions requirements
We may process or disclose your Personal Data with your consent. If we rely on your consent to process personal data, you have the right to withdraw this consent at any time. Please contact us or send us an email at email@example.com at any time if you wish to do so.
We aim to collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes but is not limited to national laws implementing the EU Data Protection Directive (95/46/EC), which will be replaced on 25 May 2018 by the General Data Protection Regulation (2016/679).
Disclosing personal data to third parties
We have also contracted with a third party platform provider, Salesforce.com, Inc (‘Salesforce’) to manage our customer relationship management (‘CRM’) database. This means that your Personal Data may be hosted by Salesforce who are signed up to the EU-US Privacy Shield Framework which means that they are committed to protecting personal data to standards that meet those applicable legal standards in the UK and EU. For more information about their respective privacy policies, please see:
- Salesforce: http://www.salesforce.com/company/privacy/
You should be aware that, in general, legal protection for personal data under applicable law in the United States (and other non-EU countries) may not be equivalent to the protection provided in the European Union and/or under UK law. In all cases, Personal Data you provide will only be disclosed to staff, volunteers and contractors who share our commitment to treating Personal Data responsibly and we always aim to make sure your Personal Data is treated to the same security standards you would expect in the United Kingdom.
Your access rights
In accordance with your legal rights under applicable law, you can request to receive information regarding the Personal Data that we collect about you; what we use that Personal Data for and who it may be disclosed to. Please write to our UK data protection officer at the email address in the ‘Contact’ section below. Where applicable law allows, we may request a fee to cover our administrative expenses in responding and may also require further information to verify your identity or locate the specific information you seek before we can respond in full.
Security to protect personal data
We employ appropriate technical and organisational security measures to protect Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We also endeavour to take all reasonable steps to protect Personal Data from external threats. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data disclosed or transmitted to us.
We will retain certain Personal Data in respect of financial transactions for at least as long as the law requires us to for tax or accounting purposes (which in the UK may be up to 6 years after a particular transaction). In respect of the holding of Personal Data for fundraising or direct marketing purposes, we will retain this data for a limited period in line with recommendations of the ICO and other competent regulatory authorities
By using this Website, you consent to us using ‘cookies’ and similar technologies that can track your activity. Cookies are small pieces of information sent by a web server to a web browser (e.g. Internet Explorer, Safari, Google Chrome or Firefox) on the computer or device you use to access this Website, which enables our server to collect information from your device browser.
Enabling some of these cookies is not strictly necessary for the Website to work but it should enable us to provide you with a better browsing experience. Cookies can be deleted or blocked through changing your web browser settings, however some features of the Website may not work as intended and you may not be able to access parts of the Website. The cookie-related information will not be used for personal identification of individuals and data relating to usage patterns on our Website is kept under our control. These cookies will used for the following purposes:
- to improve Website usability;
- so we can remember your device or computer between successive actions or sessions; and
- to perform anonymous statistical analysis to improve functionality of our Website or any services we offer through the Website.
Our Website also makes use of Google Analytics and similar or related analytic products to store information that you send to the server when using the Website. This data includes IP address, pages accessed, and documents uploaded, modified or deleted. For more information about Google Analytics and its privacy practices, please see: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.
Third party platforms
If you have further queries or requests relating to how we use Personal Data please contact our UK data protection officer at firstname.lastname@example.org. If you are not satisfied with our response or believe we are processing your Personal Data not in accordance with applicable law you can complain to the Information Commissioner’s Office (available at: https://ico.org.uk/global/contact-us/).