We do not engage in processing related to automated decision-making activity.
How we store your information
It is important to us that any information we hold about you is safe. We seek to maintain a high level of security in relation to the collection, storage and disclosure of your information. For example, our computer network is protected and monitored.
We restrict access to your information only to those staff members whose job roles require such access and who have received suitable training in data protection and security.
We make use of trusted external providers to work on our behalf (see ‘When we share your information’ below). We only do this after making contractual arrangements with them to ensure your information is held securely and deleted when the task has been fulfilled. When we use external companies, we remain responsible for your information.
We do not store your credit or debit card details. These are passed securely to trusted payment processors. We may hold bank account details for the purpose of collecting direct debits and standing orders in accordance with direct debit mandate rules.
We keep your personal information only for as long as required for the relevant purpose and in accordance with legal requirements. For example, we will retain details of donations to meet tax and accounting requirements, but we will only hold sensitive medical information provided to participate in an overseas trip until the trip is completed. Where your information is no longer required, we ensure it is deleted or disposed of in a secure manner.
Legacies are an important way many supporters choose to give to us. We may retain limited information for longer periods to administer legacies, for example to demonstrate how long someone has supported us or to communicate with the families of those leaving legacies to us.
Our policy is to remove personal information from our database after 10 years of no incoming contact (unless you have been a donor, member, employee, volunteer; have requested no contact from us; or if you have indicated you will leave a legacy).
When we share your information
Your privacy is important to us. We never share your information with other organisations for their own purposes.
In order to serve you better and to fulfil our charitable objectives efficiently, we use trusted external suppliers and may need to share information with them on a limited basis. For example:
- In order to send our postal mailings to you, we may need to share your name and address with mailing partners, such as Yeomans and EPLS.
- In order to store your data securely and to manage your preferences and our communications, we may need to share your data with a customer relationship management service provider, such as Salesforce.
- In order to send our emails to you, we may need to share your name and email address with our email providers, such as Google and Campaign Monitor.
- In order to provide relevant adverts to you on search engines, we may need to pass your details to a search engine such as Google.
- In order to connect with you via a social media network, such as Twitter, Facebook or WhatsApp, we may need to share your relevant social media identifier with that network. If you do not wish us to use or share a particular online identifier, then please do not give it to us.
- In order to receive a donation from you, we may need to share your name, address, and bank details with a customer relationship management service provider, such as Salesforce, and a payment processor, such as Stripe, SmartDebit and FinDock.
- In order to collect independent feedback from you on our performance, we may share your name and contact details with a research organisation with your consent.
- In order to reclaim Gift Aid on your gifts, we will need to share your name, address and the values of gifts you have given with HMRC.
- In order to process your application for a role with us, or to share the reference you submitted about an applicant, we may share the information you have given to us with a training provider, such as Moorlands College, or an assignment partner, such as SIL
- In order to let one of our members or partner organisations know about a donation you have given for their support, we may need to share your name, contact details and the values of gifts you have given with that member or partner organisation, unless you have asked for your donation to be anonymous.
In each case, we share only the information necessary to fulfil the purpose, and the data may only be used by them for that reason, and must be deleted by them when no longer needed.
We may exceptionally need to share your information to comply with legal obligations or in an emergency situation (see ‘The legal basis for using your information’).
You may receive targeted advertisements through our use of social media audience tools. This depends on your settings or the privacy policies for social media platforms such as Facebook, Twitter, Instagram, and Google. For example, Facebook’s ‘Custom’ and ‘Lookalike’ Audiences’ programmes enable us to display adverts to our existing supporters or other people who have similar interests or characteristics.
For more information, or to manage your social media ad preferences, please see:
You can set your browser to disallow cookies, and can delete any cookies that are already on your computer. More information about how to do this can be found at https://cookiepedia.co.uk/how-to-manage-cookies.
Updating your information and preferences
The accuracy of your information is important to us. We want to communicate with you in ways that you are happy with. We appreciate you letting us know when your details or preferences change.
To change how we communicate with you, or update the information we hold, please contact us using the contact details at the top of this policy. Alternatively, you can use our website to manage your subscriptions.
We’re happy to help you with anything, including your legal rights to:
- receive information about our processing (which is contained in this policy);
- withdraw your consent to our processing at any time;
- object to any of our processing;
- obtain a copy of the personal data we hold about you, including in a machine-readable format (‘Subject Access Request’);
- have any incorrect or incomplete data corrected;
- have your personal data held by us deleted, except where we have a legal obligation to retain it;
To contact us about any of these, or to make a complaint about the use of your personal data or report a security issue, please see our details at the top of this document.
If you are unsatisfied with our response, you can contact the Information Commissioner’s Office (ICO). Further information can be found at https://ico.org.uk/
Changes to this policy
This policy was last updated on 22 November 2022. We may update this policy from time to time to take account of changes to our processes or to legislation and any new version will be posted on our website.