Please use our secure online donation platform to make a donation.
To ensure we continue the good work of the charity, it’s necessary for us to collect, hold and process personal data belonging to friends of the organisation. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
The organisation collects a range of information about you. This includes:
- Your name, address and contact details, including email address and telephone number;
- Preferences about events you may be interested in or you’ve previously attended;
The organisation collects this information in a variety of ways. For example, data might be contained in a CSV or spreadsheet form or via an online platform such as Charity Checkout.
Data will be stored in a range of different places, including Dropbox for Business and email.
Why does the organisation process personal data?
The organisation needs to process data to take steps at your request to provide information to you about the charity, events that we hold and any other information of interest.
Who has access to data?
Your information will be shared internally for the purposes of alerting you to areas of interest. This includes trustees, treasurer and volunteers who assist with the charity and IT consultants if access to the data is necessary for the performance of their roles.
The organisation will not transfer your data outside the European Economic Area.
How does the organisation protect data?
The organisation takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except in the proper performance of duties.
We do not keep paper files. Our files are stored securely on Dropbox for Business.Dropbox is designed with a secure, distributed infrastructure with multiple layers of protection including secure data transfer, encryption, network configuration, and application-level controls distributed across a scalable, secure infrastructure. Regular review and updating of security policies occurs; as does security training for staff; application and network security testing (including penetration testing); risk assessments; and monitoring compliance. More information about Dropbox standards and security compliance practices are available at https://www.dropbox.com/static/business/resources/Security_Whitepaper.pdf
The majority of fundraising donations are made via our payment platform Charity Checkout. Charity Checkout commits to complying with GDPR requirements and provides information about the way in which it holds any information you disclose as part of the donation or payment platform. Further information is available at https://www.charitycheckout.co.uk/privacy/
Any individual who accesses those files does so in our offices or remotely on their own device. Any individual who is permitted access to the files does so from a PC or laptop that has security software installed. We also ensure the device being used is only accessible by a security code. Individuals have been trained in how to ensure that they only access files remotely when no third party can read the information and to set up security measures to ensure that a device cannot be accessed when not in use, even for relatively short periods of time.
We review our security arrangements with our IT and Software providers on an ongoing basis.
We carry out six monthly reviews of the files we hold for clients and delete securely any information no longer required.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
- ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact Sarah Fraser by email at firstname.lastname@example.org
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to the organisation. However, if you do not provide the information, the organisation may not be able to update you or contact you in relation to areas of interest or to process any donations you kindly wish to make.