At TheTrustedSave, we are committed to respecting your data privacy. The Data Protection Act 2018 (“DPA”) and Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (“GDPR”)) require that we provide you with information about how and why we use personal data. We aim to process information about you fairly, lawfully, and in a transparent manner and the aim of this document is to provide you with sufficient information for you to understand what we are doing with your personal data. This policy also explains our commitment to protecting your personal data and your rights towards those data. Please read it carefully to understand our views and practices regarding your personal data and how we will use it.
Our Data Protection Advisor oversees our compliance with this policy. They can be contacted using the contact details below.
Personal Information we may collect about you
We collect information about you in the following ways:
Personal data you provide to TheTrustedSave directly
You may provide us with information about you when you submit an enquiry form on our website, write to us, call us, or when you make or enquire about making a donation, fostering or adoption. This may include your name, address, email address, telephone number, payment details, appeal you wish to support, gift aid status etc. and information you provide in any correspondence with us. You may also provide us with marketing and communications preferences and in some cases an indication of your consent for us to perform certain processing activities on your personal data.
How and when we collect information about you
We may collect and store information about you when you interact with us. For example, this could be when you:
- support our work through a donation
- fundraise on our behalf
- register for an event
- tell us your story
- buy goods from our online shop
- submit an enquiry
- register for or use our services
- participate in our training
- give us feedback
- make a complaint
- use one of our apps
- apply for a job
- register as a volunteer
- enter into a contract with us
- are captured by CCTV recording.
Information from other sources
We may receive information from our sub-contractors providing services to us such as payment services in order to process any donation you may make. We will collect information about you from other sources such as professional fundraising agencies, data cleansing companies, event organisers, data brokers and sources such as Companies House and the Electoral Register who are able to provide us with information about you such as your forwarding address if you move house, your charity affiliations to help us to understand you more as an individual.
How and why we use your information
We will use your personal information for the following purposes:
- Donation processing: We will process personal information you provide in order to administer any one-off or on-going donations you make and claim Gift Aid.
- Responding to a request: If you contact us with a query, we may use your personal information to provide you with a response.
- Fundraising or direct marketing: We will only send you marketing information by email, SMS, or phone if you have given us specific consent. If you withdraw your consent and then subsequently opt in to receive marketing information again, then your most recent preference may supersede. If you make a donation, you may also receive fundraising appeals by post, which you can opt out of at any time.
- Monitoring and Evaluating: We may use your information in order to improve current and future delivery of our services.
- Co-production: We may invite you to participate in projects or initiatives that enable you to help develop or review our services, or shape our research, media, policy, and advocacy activity. Participation is always voluntary. Your decision whether to participate will not affect you accessing a TheTrustedSave service. No individuals will be identified as participating in co-production projects unless they explicitly consent to this.
- Family Reunion: As part of our International commitment to reuniting families separated by armed conflict or other situations of violence; natural or man-made disasters; migration; we may review the data we already hold on our systems in order to establish a link. Once identified we will only share this information if we have your explicit consent.
- Processing an application to work with us and obtaining/providing references: If you apply to work with us, we will need to process your personal data, including, for example, identification data (e.g., name, nationality, national insurance number and bank details), contact details, education and work experience, information collected as part of your interview process, background check information and/or other application data. We may also need to process sensitive personal data about you such as health and medical data, criminal records data, and race/ethnicity data.
Depending on your settings or the privacy policies of the social media platforms and messaging services you use (e.g. Facebook, YouTube, Twitter, Instagram, WhatsApp etc.) you may allow us to access information from those services for example if you publicly “like” or “follow” us we may be able to collect information from your social media profile. We strongly advise you to check the privacy settings on your social media accounts to ensure that you know what information is shared with us and others.
Some of our premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Penny Appeal. CCTV will only be viewed when necessary (e.g. to detect or prevent crime). Unless it is flagged for review, CCTV footage will be recorded over.TheTrustedSave complies with the ICO’s CCTV Code of Practice, and we put up notices so you know when CCTV is in use.
Lawful basis for processing
Data Protection laws require that a controller that processes personal data must do so based on one of the following lawful legal basis:
- Contractual obligation: the processing is necessary for the performance of a contract or taking steps to enter into a contract between the controller and the data subject.
- Legal Obligation: the processing is necessary for the controller to comply with the law or a legal requirement (not including contractual obligations).
- Vital Interests: the processing is necessary to protect someone’s life
- Legitimate interests: the processing is necessary for the controller’s legitimate interests, or the legitimate interests of a third party however, such interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of the personal data
- Consent: the data subject has given consent for the processing for one or more specific reasons
- Public task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Who do we share your information with?
We will only use your information for the purposes for which it was obtained. We will not, under any circumstances, sell or share your personal information with any third party for their own purposes, and you will not receive marketing from any other companies, charities, or other organisations as a result of giving your details to us.
We will only share your data for the following purposes:
- Third party suppliers: We may need to share your information with data hosting providers or service providers who help us to deliver our services, projects, or fundraising activities and appeals. These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses.
- Where legally required: We will comply with requests where disclosure is required by law, for example, we may disclose your personal information to the government for tax investigation purposes, or to law enforcement agencies for the prevention and detection of crime. We may also share your information with the emergency services if we reasonably think there is a risk of serious harm or abuse to you or someone else.
We always aim to ensure that personal information is only used by those third parties for lawful purposes in accordance with this Privacy Notice.
How we protect your information
We use technical and corporate organisational safeguards to ensure that your personal information is secure. We limit access to information on a need-to-know basis and take appropriate measures to ensure that our people are aware that such information is only used in accordance with this Privacy Notice.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers, and contractors.
Our online forms are always encrypted, and our network is protected and routinely monitored.
If you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partners. We do this in accordance with industry standards and do not store the details on our website.
However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data (including personal information) disclosed or transmitted over public networks.
How long will we keep your information?
We will keep your personal information in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which may be up to six years after a particular transaction).
If you request that we stop processing your personal information for the purpose of marketing, we may in some instances need to add your details to a suppression file to enable us to comply with your request not to be contacted.
In respect of other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.
Transferring your data internationally
- Where we transfer your personal data or use service providers that are located outside the EEA, we will ensure that the country where the organisation operates from is one where the European Commission has issued an opinion which approves the adequacy of the data protection laws of that country. We will also ensure that under GDPR and DPA 2018 requirements, that we have a signed data processing agreement and service contract with them, which contains the “model clauses” approved by the European Commission for an agreement of this nature. Additionally, we will also ensure that the third-party is signed up to an approved transfer mechanism such as the EU-US Privacy Shield where the organisation is based in the United States of America.
We use MailChimp to send emails and newsletter. MailChimp is based in the U.S.A. and subscribes to the EU-US Privacy Shield meaning that MailChimp has adopted work practices that are approved by the EU in relation to data protection practices. The MailChimp registration on the Privacy Shield is available to review on the Privacy Shield website www.privacyshield.gov/list
Your right to lodge a complaint with the ICO
If you wish to complain about the way Penny Appeal is managing your personal information (including a complaint about fundraising activity), we would like you to give us the opportunity in the first instance, to address your concerns. Please contact us using the details using this email [email protected]
If you remain unhappy with the outcome of your complaint, you have the right to complain to the UK Information Commissioner’s Office (ICO).
Changes to This policy