1.1 This policy applies to information which Making Me (the Charity) collects about individuals who interact with our organisation. It explains what kinds of information we collect, why we collect it, the legal grounds for collection, how we store and use the information, how you can manage your information, what information we share with others, and how the policy applies to young and/or vulnerable people.
1.2 The Charity recognises its responsibility to respect and protect the personal information (or data) which you or your family have provided us with, or that we obtain from other organisations, and to keep it safe.
1.3 The Charity is committed to manage this data effectively and securely so that we can deliver better services to and for you, including our fundraising activities. We will ensure that we use your information in accordance with all applicable laws concerning the protection of personal information.
1.4 This policy applies to all staff, including voluntary staff and should be read in conjunction with the Charity’s other policies, including, but not limited to the Data Protection Policy and the Safeguarding Policy.
1.5 This policy will be monitored periodically in order to judge its effectiveness and reviewed every three years. It will be updated as required in accordance with changes in the law.
- What kinds of information do we collect?
2.1 The Charity may collect different types of personal data directly from or about you, depending on the activities or services we are offering and that you are taking part in or using. This can include your name, address, telephone number, email, date of birth, data relating to your personal situation, medical data (if pertinent to the activities or services), and some financial data if you are giving us a donation. You may provide us with any or all of this data online, at an event, on paper or over the phone, including through a donation form, a sign up form (if requesting information or asking to be put on a mailing list), or by registering for and/or attending an event.
2.2 If you are accessing our website, we may also receive some analytical data from our Internet and website service providers. This is anonymous data such as IP addresses, pages visited, and time spent on the website. If you are using the Charity’s secure online donation pages you are routed through to our online donations service provider and the data you give (such as your credit card, bank and/or contact details) is supplied to us so that the transaction can take place.
2.3 In some cases, anonymous internet and website data is collected using cookies. Cookies are small pieces of data sent by a web server to collect data from a web browser. They also allow a website to recognise a user and their setting preferences the next time they visit the website and may allow some features to load more quickly. Most browsers will allow you to turn off or manage cookies. Please note that turning off or refusing to allow cookies for the Charity’s website can restrict your use of the website.
2.4 We may also receive some information about you from other organisations, for example the Post Office’s National Change of Address database, or from events organised by third parties. This can include data collected from other charities and some health and social care, education or government services. It might also include data from social media and messaging sources (e.g. Facebook, Twitter, and LinkedIn) depending on your settings, the source’s own privacy policies, or the permissions you have granted us to access the data available through your account or publicly available documents.
- Why do we collect this information and how will we use it?
3.1 We collect this data so that we can carry out our activities and develop a better understanding of the people who use our services, work for and support us. It allows us to make better decisions, to fundraise more effectively and efficiently, and to provide better communications about the Charity of interest to you, including about our work, current and future activities, and our awareness, policy and fundraising campaigns.
3.2 Data collected from surveys and research that you may have taken part in helps us to improve our services, activities and resources. Unless you have given us clear permission otherwise, this is presented as anonymous or collective data. Some types of information or data are considered ‘sensitive’ under data protection regulations. This includes information like health/medical data, race, religious beliefs and political opinions. We will not normally collect this data unless it is necessary for the activity or service you are taking part in or using, and you give us your permission to hold this data in our databases and records.
3.3 We will use the data you provide to us to perform our services, process your donations or to respond to your information requests. We may use data that we hold about you, gathered through our relationship with you, to contact you with communications and marketing by post, phone or email. It may be used to personalise our contact with you or the activities or services you are taking part in. It will also be used to administer our records.
- Legal grounds and Legitimate Interest
4.1 When we collect and use your personal information, we will make sure this is only done in accordance with at least one of the legal grounds available to us under data protection laws, including where:
- we have obtained your consent to use your information for a previously notified purpose, such as to provide you with a product, service or information at your request, or to send you marketing material;
- we have a legal obligation to use or disclose information about you – for instance, where we are ordered by a court or regulatory authority or we are legally required to hold donor transaction details for Gift Aid or accounting/tax purposes;
- we have an obligation to hold and use data necessary for the performance of a contract, or for the purpose of fulfilling our responsibilities in relation to staff and volunteers.
4.2 In certain instances, we may also collect and use personal information where this is in our legitimate interest as a charity. This includes being able to:
- send direct marketing material to supporters by post or contact them by telephone for fundraising purposes (subject to checking against the Telephone Preference Service and any existing marketing preferences). See more at paragraph 5 (Marketing materials) below;
- conduct research to better understand who our supporters are and better target our fundraising activity. See more at paragraph 6 (Fundraising) below;
- monitor who we deal with to protect the Charity against fraud, money laundering and other risks;
- maintain and administer our database and systems.
4.3 In all cases, we balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this policy and that does not intrude on your privacy or previously expressed marketing preferences.
4.4 Where we process sensitive personal data (as mentioned above), we will make sure that we only do so in accordance with one of the additional lawful grounds for processing such as where we have your explicit consent or you have made that information manifestly public. When we do this, we will tell you what sensitive personal data we are collecting and why.
- Marketing materials
5.1 We want to ensure you receive the level of information about the Charity that is right for you. If you actively provide your consent to us along with your email address and/or mobile phone number, we may contact you for marketing purposes by email or text message. By subscribing to the Charity’s emails or opting into email communication from the Charity, you grant us the right to use the email address for email marketing purposes.
5.2 If you have provided us with your postal address or telephone number, we may send you direct mail or telephone you about our work if you have consented to receive such communications. We actively check telephone numbers against the Telephone Preference Service and will only make telephone calls to you where your telephone number is listed on the TPS if you have specifically told us that you do not object to such calls and have consented to receive them.
5.3 It is always your choice as to whether you want to receive information about our work, how we raise funds and the ways you can get involved. If you do not want us to use your personal information in these ways, please indicate your preferences on the form on which we collect your data.
5.4 You may opt-out of our marketing communications at any time by replying ‘Unsubscribe’ to the marketing emails.
5.5 You can also change any of your contact preferences at any time (including telling us that you don’t want us to contact you for marketing purposes by telephone, or by post) by emailing email@example.com
5.6 We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes. However, we may retain your details on a suppression list to help ensure that we do not continue to contact you.
6.1 We carry out targeted fundraising activity to ensure that we are contacting you with the most appropriate communication, which is relevant and timely for you. To do this, we may use profiling techniques to gather general data about you and your lifestyle which you have already volunteered or made publicly available. To assist us with this work we may use third party companies, consultants or organisations that can show they are also compliant with relevant data protection policies and legislation.
6.2 This activity assists us in understanding the background of the people who support us and helps us to make appropriate requests to supporters who may have the means and the desire to give more. You can opt out of your data being used for profiling and wealth screening techniques by emailing firstname.lastname@example.org
6.3 Whilst the Charity will take all reasonable precautions to safeguard data or information transmissions over the internet, these transmissions cannot be guaranteed to be 100% secure. Any transmission of your data to the Charity through internet channels is at your own risk.
- What information do we share and with whom?
7.1 We will never sell your data to other organisations for their own marketing purposes. If we have your consent, we may share your data with partners who, with the Charity, are jointly delivering an activity or service. This could include sharing data with a third party organisation who provide a service to us and are acting as data processors; and other organisations or individuals that act as fundraisers for the Charity or provide information, marketing and communication services. We will undertake due diligence on these organisations and will require them to comply strictly with our instructions and data protection policies and legislation. We regularly monitor all our data processors.
7.2 We may also share your data when we need to:
- comply with laws such as those for national security, taxation, or criminal investigations;
- undertake due diligence, to be sure we are not being used as a channel for criminal activities.
- Privacy and young and/or vulnerable people
- How do we store and dispose of information and for how long do we keep it?
The Charity takes appropriate actions to make sure that the data we hold about you, whether on paper or electronically in a computer file or database, is stored securely. We will only hold this data for as long as it is necessary for the purposes for which it is provided to us. We will dispose of unnecessary personal data using secure deletion methods (electronic) or shredding. We will contact you periodically (at least every 4 years) to confirm that the data we hold about you is accurate and up-to-date and that we may continue to contact you. We will then update our records accordingly.
- How can I manage or delete the information you have about me?
11.1 Your rights regarding the data we hold and collect about you are outlined in the data protection policies and legislation of the United Kingdom and the European Union. These include: the right to access, edit and update, request the deletion of, and restrict the processing of your personal data, the right to object to the collection of your personal data and the right to lodge a complaint with a supervisory authority about your personal data.
11.2 If you would like to find out what personal information/data we hold about you, delete any of this data, (e.g. remove your name from any of our mailing lists), update your communication preferences, or if you have any comments or questions about this policy, please email email@example.com or write to us at:
63 Garfield Street
Bedford MK41 7RZ
11.3 If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can complain to the Information Commissioner’s Office (ICO). You can contact the ICO on 0303 123 1113, at firstname.lastname@example.org or at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.