Privacy & Cookies Policy
In this section we have set out:
- How we collect information from you
- How and why is your information used
- Lawful Processing
We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
We may process your account data (“account data”). The account data may include your name and email address. The source of the account data is you. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process your information included in your personal profile on our website (“profile data”). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, and social media ids. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is consent.
We may process your personal data that are provided in the course of the use of our services (“service data”). The service data may include name, address, email address, details of donations made or items ordered. The source of the service data is you. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process information that you post for publication on our website or through our services (“publication data”). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is consent.
We may process information contained in any enquiry you submit to us regarding products and/or services (“enquiry data”). The enquiry data may be processed for the purposes of offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is consent.
We may process information relating to transactions, including donations or purchases of goods and services, that you enter into with us and/or through our website (“transaction data”). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data”). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
We may process any of your personal data identified in the other provisions of this notice where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Please do not supply any other person’s personal data to us, unless we prompt you to do so.
Who has access to your information?
We may disclose your personal data to any member of our group of charities in the Home-Start network insofar as reasonably necessary for the purposes set out in this notice.
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
Financial transactions relating to our website and services are handled by our payment services providers, e.g. PayPal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at:
Paypal (URL https://www.paypal.com/ie/webapps/mpp/ua/privacy-full)
Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the follow will apply:
- Your data will be made available to our website provider
- The data that may be available to them include any of the data we collect as described above.
- Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
- They will store your data for a maximum of 7 years.
- This processing does not affect your rights
In addition to the specific disclosures of personal data, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
How long is your information kept for?
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain and delete your personal data as follows:
(a) All personal data will be retained for a maximum of (seven years) following the date it was submitted, at the end of which period it will be deleted from our systems, unless requested by users.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Third party websites
Our website includes hyperlinks to, and details of, third party websites. This privacy notice only governs our websites and we are not responsible for the privacy policies that govern third party websites even where we have provided links to them. If you use any link on our website we recommend you read the privacy notice of that website before sharing any personal or financial data.
We operate a number of social media pages including Facebook, Linkedin, Twitter and YouTube. Although this notice covers how we will use any data collected from those pages it does not cover how the providers of social media websites will use your information. Please ensure you read the privacy notice of the social media website before sharing data and make use of the privacy settings and reporting mechanisms to control how your data is used.
Personal data of children
Our website and services are targeted at persons over the age of 16. If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
We use Google Analytics, Hotjar and Funnelytics to analyse the use of our website. Google Analytics, Hotjar and Funnelytics gather information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website.
Our website may also use the HotJar website recording services. Hotjar is a product that may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. The data collected by Hotjar is for Home-Start Central Bedfordshire’s internal use only. The information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
Our Supporters – Fundraising & Communications
How do we collect information from you?
We obtain information about you in the following ways:
Information you give us directly
For example, we may obtain information about you when you take part in one of our events, make a donation, apply to volunteer for us, purchase products and services or when you register to receive one of our weekly newsletters.
Information you give us indirectly
Your information may be shared with us by third parties, which might include:
independent event organisers, for example the London Marathon and fundraising sites like Just Giving;
subcontractors acting on our behalf who provide us with technical, payment or delivery services, our business partners, advertising networks analytics providers and search information providers.
What type of information is collected from you?
The personal information we collect, store and use might include:
- your name and contact details (including postal address, email address and telephone number);
your date of birth;
- information about your activities on our website and about the device used to access it, for instance your IP address and geographical location;
- your bank or credit card details. If you make a donation online or make a purchase, your card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions;
- information as to whether you are a UK taxpayer so we can claim gift aid; and
- any other personal information shared with us.
Data protection laws recognise certain categories of personal information as ‘special category’ and therefore requiring greater protection, for example information about your health, ethnicity and religion.
We do not usually collect special category data about you unless there is a clear and valid reason for doing so and data protection laws allow us to. For example, we may ask for your health information if you are taking part in one of our fundraising running events.
Where appropriate, we will make it clear why we are collecting this type of information and what it will be used for.
We supplement information on our supporters with information from publicly available sources such as annual reviews, corporate websites, public social media accounts, the electoral register and Companies House in order to create a fuller understanding of someone’s interests and support. For more information, please see the section on ‘Building Profiles’ below.
How and why is your information used?
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the vital work we do for families and the exciting products and services you can buy, then you can select your choices by ticking the relevant boxes situated on the form used to collect your information.
We may use your contact details to provide you with information about the vital work we do for families, our fundraising appeals and opportunities to support us, as well as the products and services you can buy, if we think it may be of interest to you.
We will only send you marketing and fundraising communications by email, text and telephone if you have explicitly provided your prior consent. You may opt out of our marketing communications at any time by clicking the unsubscribe link at the end of our marketing emails. We may send you marketing and fundraising communications by post unless you have told us that you would prefer not to hear from us.
How long is your information kept for?
We are committed to putting you in control of your data so you are free to change your marketing preferences (including to tell us that you don’t want to be contacted for marketing purposes) at any time.
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted and will retain your details on a suppression list to help ensure that we do not continue to contact you. However, we may still need to contact you for administrative purposes like where we are processing a donation or thanking you for your participation in an event.
We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfil our statutory and regulatory obligations (e.g. health/safety and tax/accounting purposes). We review our retention periods on a regular basis.
Who has access to your information?
We do not sell or rent your information to third parties.
We do not share your information with third parties for marketing purposes.
However, we may disclose your information to third parties in order to achieve the other purposes set out in this notice. These third parties may include:
Third parties working on our behalf
We may pass your information to our third party service providers, suppliers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process donations and send you mailings). However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. We will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so..
Third Party Product Providers we work with
Our trusted third party product providers provide a range of quality and reliable products and services designed to meet the needs of families. When you enquire about or purchase one or more of these products, the relevant third party product provider will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. They will be acting as a joint controller of your information and therefore we advise you to read their Privacy Notice. These third party product providers will share your information with us which we will use in accordance with this notice.
Data protection law requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:
Where you have provided specific consent to us using your personal information in a certain way, such as to send you email, text and/or telephone marketing.
Performance of a contract
Where we are entering into a contract with you or performing our obligations under it, like when you buy Homestart named products and services.
Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like the Charity Commission or Fundraising Regulator.
Where it is necessary to protect life or health (for example in the case of medical emergency suffered by an individual at one of our events) or a safeguarding issue which requires us to share your information with the emergency services.
Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights).
- We consider our legitimate interests to be running a charitable organisation in pursuit of our aims and ideals. For example to:
provide our services to support you and your family;
- send postal communications which we think will be of interest to you;
- conduct research to better understand our supporters and to improve the relevance of our fundraising;
- understand how people choose/use our services and products;
- determine the effectiveness of our services, promotional campaigns and advertising;
- monitor who we deal with to protect the charity against fraud, money laundering and other risks;
- enhance, modify, personalise or otherwise improve our services /communications for the benefit of our customers; and
- better understand how people interact with our website.
When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
When we use sensitive personal information, we require an additional legal basis to do so under data protection laws, so will either do so on the basis of your explicit consent or another route available to us at law (for example, if we need to process it for employment, social security or social protection purposes, your vital interests, or, in some cases, if it is in the public interest for us to do so).
We may also use your personal information to detect and reduce fraud and credit risk.