How We Collect, Use and Store Personal Data
The processing of your personal data is carried out by or on behalf of EachOther, a registered charity (number 1167370).
HOW CAN YOU CONTACT US?
The Data Protection Officer
2.4, Resource for London
356 Holloway Road
Telephone: 020 7697 4019
EachOther is committed to data protection and to operating in a way that complies with the General Data Protection Regulation. We promise to:
- Treat all personal data as confidential
- Use personal data in the most efficient and effective way to deliver our services
- Strive to collect and process only the data or information which is needed
- Use personal data only for such purposes as are described at the point of collection, or for purposes which are legally permitted
- Strive to ensure information is accurate
- Not keep information for longer than is necessary
- Securely destroy data which is no longer needed
- Take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing, and accidental loss or damage of data)
- Ensure that information is not transferred abroad without suitable safeguards
- Ensure that there is general information made available to the public of their rights to access information
- Ensure that the rights of people about whom information is held can be fully exercised under the General Data Protection Regulation
These rights include:
- The right to be informed
- The right of access to personal information
- The right to request a correction
- The right to request data to be deleted
- The right to restrict processing in certain circumstances
- The right to receive personal data in an easily-usable format
- The right to object to processing
By using our website, our social media pages (such as Facebook, Twitter, YouTube, Google+ and Instagram), subscribing to our services, and/or donating to us, you agree that, unless you have set your computer’s browser to reject them, we can place the types of cookies set out below on your device and use that data in accordance with this policy.
HOW DO WE COLLECT YOUR INFORMATION?
We may collect information about you directly whenever you interact with us. For example, when you contact EachOther regarding our activities, register as a supporter, send or receive information, engage with our social media or make a donation to us, you may provide us with your personal information.
We may also receive information about you when you interact with third parties with whom we work. For example, where you’ve made a donation to us through a third-party website (eg Stripe or IndieGogo) and given them permission to share your information with us.
We may supplement what we know about you with information that is available to the public. For example, in order to ensure that our communication with you is relevant and tailored to your background and interests, we may collect information about you from publicly-available sources either directly or through third-party subscription services or service providers. See ‘How will we combine and analyse the information we collect about you?’
WHAT INFORMATION DO WE COLLECT?
The information we collect from you directly or from third parties with whom we work, may include:
- email address,
- telephone number,
- contact preferences,
- bank account details for setting up a regular direct debit,
- credit card details for processing credit card payments,
- employer details for processing a payroll gift,
- taxpayer status for claiming Gift Aid, and
- date of birth, age, and/or gender, where appropriate (eg where registering for an event).
We may also collect and process information about your interactions with us, including details about our contacts with you through email, SMS, post, on the phone, or in person (i.e., the date, time, and method of contact), details about donations you make to us, events or activities that you register for or attend, and any other support you provide to us.
We may also collect and record any other relevant information you share with us about yourself, including your interests or your affiliations with other charities, community groups, your employer or a corporate partner. If you are a minor, we may collect the name and contact details of a parent or guardian and, where appropriate, the name and location of your school.
In order to ensure that our communication with you is relevant and tailored to your background and interests, we may supplement what we know about you with information that is available to the public. This allows us to better understand your interests, preferences, and level of potential engagement and/or donation, so that we can contact you in the most appropriate way and to ensure that we do not send you unwanted communications. The information we collect and process about you from publicly-available sources may include demographic information associated with your postcode or your address and an estimate of your age. We may collect this information ourselves or through third-party service providers.
Where we have identified that you may have the capacity or affinity to support RightsInfo at a higher level, we may use the information we hold about you to identify connections between you and our existing circle of key supporters. We may also review other information about you that is available to the public through internet searches, subscription services, or public databases (eg, Companies House, the electoral register, or the land registry), such as information about corporate directorships, shareholdings, published biographic information, employment and earnings, philanthropic interests and networks, charitable giving history and motivations and relevant media coverage, so that we can engage with you in a more personalised way.
DO WE PROCESS ‘SENSITIVE’ PERSONAL INFORMATION?
Under data protection law, certain categories of personal information are recognised as sensitive, including health information and information regarding race, religious beliefs, and political opinions (‘sensitive personal data’). In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so, such as where we need this information to ensure that we provide appropriate facilities at an event.
HOW DO WE USE YOUR INFORMATION?
We may use your information in a number of ways, including:
- To provide you with information, products or services that you have requested from us or that we feel may be of interest to you;
- To provide you with information about our work or our activities;
- To invite you to participate in interactive features on our website;
- To process donations we may receive from you;
- To fundraise in accordance with our internal policies and procedures;
- For administrative purposes (for example, we may contact you regarding an event for which you have registered, or with a query regarding a donation you may have made to us);
- For internal record keeping relating to any donations, feedback, or complaints;
- To invite you to participate in voluntary surveys or research;
- To contact you where you have been identified as a contact person for an organisation, such as a school (if we obtain your contact details in this way, we will only use them to contact you in your capacity as a representative of that organisation);
- To analyse and improve the content and operation of our website;
- To analyse and improve our internal business processes;
- To analyse the personal information we collect about you and use publicly available information to better understand your interests, preferences and level of potential donations so that we can contact you in the most appropriate way and to ensure that we do not send you unwanted communications;
- To tailor advertising that is presented to you on the Internet according to your interests, preferences and other characteristics (as described below);
- To direct advertisements and other communications to other people who may have similar interests or other characteristics to yours (as described below);
- To assess your personal information for the purposes of credit risk reduction or fraud prevention; and
- Where we are required by law to disclose or otherwise use your information.
In particular, we may contact you for marketing purposes by email if you have agreed to be contacted in this manner. We provide information about how you can change your marketing preferences below.
HOW WILL WE COMBINE AND ANALYSE THE INFORMATION WE COLLECT ABOUT YOU?
We are committed to communicating with you using an approach that is right for you. This means that we carefully manage the communications we send you to ensure that we are contacting you in the most appropriate way and that we are not sending you unwanted communications. In order to do this, we may combine the information that we collect about you and analyse what we know about your interests, preferences and level of potential engagement or donation. We may also use statistical analysis to analyse this data and understand the likelihood that you will be interested in or responsive to a campaign or message. We may use third party service providers to assist us in this process.
Where we have identified that you have the capacity or affinity to support EachOther at a higher level, we may collect additional information about you (see ‘What information do we collect?’) and combine and analyse that information in a profile of you that will assist us in engaging with you in a more personalised way.
You can opt out of your data being combined and analysed for marketing purposes by contacting our Supporter Care Team or our Data Protection Officer as described below. However, this may mean that you stop receiving marketing communications from us more generally.
In accordance with our legal and regulatory obligations and our internal policies and procedures, we may also use personal information to carry out due diligence on potential or actual donors. If you opt out of analysis of your data for due diligence purposes, we may not be able to accept donations from you.
HOW WILL WE DISCLOSE THE INFORMATION WE HAVE COLLECTED TO OUTSIDE PARTIES?
RightsInfo may provide your information to our service providers. Subject to your communication preferences and our internal policies and procedures, this would include providing your information to third parties that work with us to deliver on our charitable purposes, and other entities that act as fundraisers for RightsInfo, or provide RightsInfo with marketing information and services.
Where you have agreed to receive email marketing communications from us, we may provide your email address in an encrypted format to social media companies, such as Facebook, Instagram, Twitter or YouTube, or to digital advertising networks that are providing services to us by displaying our advertising to you on those social media platforms and other websites, as well as identifying audiences with interests similar to yours. You can opt out of your data being used to display advertising to you by contacting our Data Protection Officer as described above. However, this will not prevent our advertisements being shown to you on a randomised basis or based on cookie data and may mean that you stop receiving marketing communications from us more generally.
We enter into contracts with all of these service providers that require them to comply with data protection laws and to ensure that they have appropriate controls in place to protect the security of your information.
We will never sell your details and, except as indicated below, will only share your details with third parties (who are not service providers working at our direction) if you ask us to. We will not make cold telephone calls to members of the general public and, therefore, will not purchase your data in order to do so.
We may disclose your personal information if we are requested or required to do so by a regulator or law enforcement or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect RightsInfo, for example in cases of suspected fraud or defamation, or in order to comply with any other applicable legal obligation.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary.
Although we use appropriate security measures once we have received your personal information, the transmission of information over the internet is never completely secure. We do our best to protect personal information, but we cannot guarantee the security of information transmitted to our website, so any transmission is at the user’s own risk. However, any payment card details (such as credit or debit cards) we receive on our website are passed securely to our payment processing provider according to the Payment Card Industry Security Standards.
HOW CAN YOU CHANGE YOUR MARKETING PREFERENCES OR UPDATE THE INFORMATION WE HOLD ABOUT YOU?
If you do not wish us to use your personal data for marketing purposes as outlined above, you can use the relevant box on the online form on which we collect your data to indicate your preference.
You can also change any of your marketing preferences at any time (including telling us that you don’t want us to contact you for marketing purposes) by:
- Indicating that you do not wish to receive our marketing emails by clicking the ‘unsubscribe’ link in at the end of our marketing emails;
- Contacting us by email at firstname.lastname@example.org or by phone on 020 7580 0804;
If you have indicated that you do not wish to be contacted for marketing purposes, we will maintain your details on a suppression list to help ensure that we do not continue to contact you for marketing purposes. However, we may still need to contact you for administrative purposes, including (but not limited to):
- Processing a donation you have made and any related Gift Aid;
- Providing you with the information you need in order to participate in an activity or event for which you have registered; and
Explaining and apologising where we have made a mistake.
Similarly, if your contact details have changed or you think any information we have about you is incorrect or incomplete, you can always update or correct the information we hold about you by contacting us.
WHAT OTHER DATA PROTECTION RIGHTS DO YOU HAVE?
You can make a complaint or raise a concern about how we process your personal data by contacting our Data Protection Officer. In some circumstances, you have the right to object to our processing of your personal data or to stop us from continuing to make active use of personal data that we retain in our records.
If you are not happy with how we have handled your complaint, you can contact the Office of the Information Commissioner, which oversees the protection of personal data in the UK, or the Fundraising Regulator, which is responsible for overseeing fundraising activities carried out by charities in the UK.
Alternatively, you may choose to contact either the Information Commissioner or the Fundraising Regulator directly about your complaint, regardless of whether you have raised it with us first.
You also are entitled to request a copy of the personal information relating to you which is kept on file by RightsInfo (a Subject Access Request or SAR) by contacting our Data Protection Officer.
WHY ARE WE ALLOWED TO PROCESS YOUR PERSONAL INFORMATION?
Our Privacy and Cookie Policies take into account several laws, including:
- the Data Protection Act 1998
- the Privacy and Electronic Communications (EC Directive) Regulations 2003
- General Data Protection Regulation (EU) 2016/679, which will come into force in the UK in May 2018 and replace the Data Protection Act 1998.
- Generally, our processing of your personal information as described in this policy is allowed by these laws because we have a legitimate need to carry out the processing for the purposes described above. Some processing may also be necessary so that we can perform a contract with you or because it is required by law. We only use your information to send you marketing communications by email with your consent.
JOB AND VOLUNTEER APPLICANTS AND CURRENT AND FORMER EMPLOYEES
If you apply to work or volunteer at RightsInfo, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside the RightsInfo – for example, if we need a reference, plan to use an external supplier to run background checks or need to get a ‘disclosure’ from the Disclosure and Barring Service (DBS) – we will make sure we tell you beforehand, unless we are required to disclose this information by law. If you apply for a job or volunteering opportunity we may also collect information so we can assess your suitability for the role.
If you are unsuccessful in your job or volunteering application, we will hold your personal information for 6 months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information.
If you begin employment with us, we will put together a file about your employment. We keep the information in this file secure, and will only use it for matters that apply directly to your employment.
Once you stop working for us, we will keep this file for 6 months. You can contact us to find out more about this.
YOUR CREDIT OR DEBIT CARD INFORMATION
If you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard (PDF download), and don’t store the details on our website or databases.
When you register with us, you are stating that you are 16 years of age or over, or are a minor acting with parental consent. You agree that any information you provide to us about yourself upon registration or at any time is true.
We cannot be held responsible for the privacy of data collected by websites not owned or managed by RightsInfo, including those linked through our website.
Emails aren’t always secure, and they may be intercepted or changed after they’ve been sent. RightsInfo doesn’t accept liability if this happens. The contents of emails reflect their author’s views and not necessarily those of RightsInfo.
Please do not send RightsInfo any financial data through email.
The information in emails is confidential, so if you’ve received one by mistake, please delete it without copying, using, or telling anyone about its contents.
RightsInfo’s data controllers will notify data breaches to the DPA without undue delay and within 72 hours of awareness.
Data controllers will communicate data breaches to the data subject without undue delay, where the breach is likely to result in a high risk to the rights and freedoms of individuals. Any data processor we may use will report personal data breaches to RightsInfo’s data controllers without undue delay after becoming aware.
PRIVACY POLICIES OF VENDORS WE USE
We gather and process data with the help of a number of different software vendors. Here are links to each of their Data Protection/Privacy Policies: