Chatterbus Data Privacy Policy
Data Privacy Policy
The Chatterbus CIO want to be completely transparent about why we need the personal information we request when you sign up for our newsletter or become a supporter, volunteer or express an interest in participating in one of our events. Developing a better understanding of our supporters through their personal information allows us to make better decisions, communicate more efficiently and ultimately helps us to meet our charitable aims.
We are totally committed to protecting your information and using it responsibly. Please read our policy carefully to understand how we collect, use and store your information.
The processing of your information is carried out by or on behalf of the Chatterbus CIO (Charitable Incorporated Organisation) charity number: 1173907.
Contacting us:
If you have any questions about this privacy policy and how we use your information you can contact us by writing to us at:
Chatterbus CIO
18 Lockhart Road
COBHAM
KT11 2AX
or
By emailing us at dataprivacy@chatterbus.org.uk
Policy Contents
1. Why we use your information,
2. How we use your information
3. How we use your information to tell you about our work
4. Keeping your details up to date
5. Sharing your information with other organisations
6. Transferring your information outside the EEA
7. How long we keep your information
8. Your rights
9. Complaints
10. How we keep your information secure
11. Changes to the Privacy Policy
12. Cookies used on our Websites
1. Why we use your information
1.1 We will only use your information where we have a legal basis to do so and will always respect your rights.
1.2 Where we use your information, it may be because you have consented to us doing so or because we consider we have a legitimate interest to do so. Where we do rely on a legitimate interest to use your information, we will always ensure that this is done in a way so as not to be intrusive or cause distress, and that respects your rights. Other reasons may include using information because we have a legal obligation to do so or because we must fulfil contractual obligations.
Some examples can be found below:
- You have given us your consent to use the information for a specified purpose, such as sending you our Newsletter either by post or by email.
- We have a legal obligation to use your information, for example to claim Gift Aid.
- We are using your information in pursuit of a legitimate interest, for example:
- To pursue our charitable purpose to deliver our mission and vision
- To raise vital funds for our work
- To ensure we meet our regulatory requirements as a charity
- To manage our ongoing relationship with our supporters and anyone we work with
- To manage our financial transactions and prevent fraud
2. How we use your information
2.1 To respond to or fulfil any requests for information, complaints or queries you make to us. If you contact us directly, we will use the information you give to us to handle your enquiry or request for information. We may also keep a record of conversations we have with you, the feedback you provide and any marketing materials we send out to you. This can help us to handle queries more efficiently.
2.2 To process any donations you make, claim any relevant Gift Aid and maintain a record of your past or potential future financial contributions. This includes keeping a record of any pledges, gift agreements or any other indications that you are planning to donate to the Trust. We keep a record of any donations we receive for audit purposes, and as we are legally required to keep information related to Gift Aid. We may need to use your information to prevent fraud.
2.3 To provide you with information and support for any events, fundraising and campaigning activities or volunteering opportunities you sign up to. If you have completed a form to register for our newsletter or enquire about an event or activity, or to sign up to one of our campaigns, we will consider this as a request to send you details about the Chatterbus service, event, activity or campaign.
Where you provide contact details, we will provide information and support by email, post or phone depending on the contact preferences you provided. When you have asked for details of an event, we will send you information including, where relevant, ideas for fundraising and reminders on key information about the activity.
Where appropriate, we will use the information you provide to identify any help we can offer, specific to the activity you have signed up for and to provide necessary information to event organisers.
We may also receive information through event organisers or through third party websites such as JustGiving or VirginMoneyGiving so we know you are fundraising for us.
3. How we use your information to tell you about our work
3.1 To send you marketing communications by email, where you have agreed to receive this. Where you have provided an email and consented to being contacted in this way, we will send you information by email about the Chatterbus service and covering ways to give or raise money for us, to campaign for us or volunteer for us. This may include promoting the work of a partner organisation that we believe will benefit us and our charitable cause.
3.2 To contact you by phone and post
Where it is appropriate and relevant, and you have provided us with a telephone number or a postal address, we may occasionally call or write to you to tell you about the Chatterbus service and ways to give or raise money for us, to campaign for us or volunteer for us. We do this as we consider it is a legitimate interest to promote our charitable cause and communicate with you about ways you can support us.
3.3 To manage your contact preferences
You can tell us to stop contacting you, or change the way in which we do so, by getting in touch with us using the details in the “Contacting us” section. We will keep a record of any requests to stop receiving marketing from us to ensure that we do not communicate with you in the future, unless you tell us you want to hear from us again.
All email newsletters include an unsubscribe option which allows you to opt-out of receiving any further newsletter emails. Unsubscribing from a newsletter may not result in your email address being removed from our records entirely as we may need to contact you individually via email because of your interest in volunteering or participating in one of our events. To remove your email address entirely please contact us using the details in the “Contacting us” section.
3.4 To make sure we speak to you in a way that is relevant to you, and to understand our supporters more broadly, we try to ensure that our communications are as effective as possible so that we make the best use of the money we spend on them. This means communicating with people in different ways, appropriate to them.
On occasion, we will use information you have given us directly, for example the record of your previous donations to us and the type of activity you have been involved with, to tailor our communications with you about future activities.
We will also use information about how you use our website or interact with our emails so we can make them more effective.
3.5 Use of images, videos, or other information you share with us.
If you share information about the fundraising or campaigning activities you have done for us, or your personal experiences, by post, email or over social media, we may want to use this to help us promote our events and activities in the future. We will obtain the necessary permission to use this information.
3.6 To undertake our campaigning activity
We maintain a record of information related to MPs and other holders of public office, to enable us to undertake our campaigning activity to help reach our charitable goals. This will include keeping a record of contact details such as address, telephone number and email address as well as publicly available voting records and committee and group memberships.
4. Keeping your details up to date
4.1 We will always try to ensure the information we hold is accurate and up to date. However, we do rely on you to inform us of any change of details such as postal address, email address or phone numbers.
4.2 You can let us know if you move house or your details change by contacting us using the details in the “Contacting us” section.
5. Sharing your information with other organisations
5.1 We will never share your information with third parties for their own purposes unless this is explained to you at the time we collect your information, you give us your permission to, or we are legally required to do so. For example, we are legally required to provide your data to HMRC if you have agreed to us claiming Gift Aid on your behalf.
5.2 We may also use suppliers known as ‘data processors’ to process data on our behalf, for example, to send out mailings. When enlisting the services of such suppliers we ensure that they are under a contractual obligation to only use your information in accordance with our instructions and for no other purposes.
6. Transferring your information outside the EEA
6.1 Sometimes organisations who work on our behalf may manage information outside the European Economic Area (EEA). In those circumstances, we will make sure that we have a valid reason for doing so under current Data Protection Legislation.
7. How long we keep your information
7.1 As a general rule, if you have subscribed to our newsletter or have expressed an interest in being a volunteer or participating in one of our events, we will hold your information for a period of up to five years from the end of your relationship with us in accordance with our data retention policy. This enables us to contact you if you have been unable to volunteer or participate in one of our events for a significant time.
You have the right to ask us to delete your data at any time from the end of your relationship with us by getting in touch with us using the details in the “Contacting us” section. We will keep a record of any requests to delete your data to ensure that we do not communicate with you in the future, unless you tell us you want to hear from us again.
8. Your rights
8.1 Under the General Data Protection Regulations (GDPR) you have the following rights:
- Information Right – the right to receive the information contained in this policy, our data collection forms and about the way we process your personal data.
- Personal Data Access Right – the right to know that we are processing your personal data and, in most circumstances, to have a copy of the personal data of yours that we hold. You can also ask for certain other details such as what purpose we process your data for and how long we hold it.
- Personal Data Correction Right – You have the right to request that we correct inaccurate data or complete incomplete data that we hold on you.
- Personal Data Erasure Right – Known as the Right to be forgotten. In certain circumstances, you may request that we erase your personal data held by us.
- Personal Data Restriction Right – You have the right to restrict the way we process your personal data in certain circumstances, for example: if you contest the accuracy of the data, if our processing is unlawful, to pursue legal claims, where we are relying on legitimate interests to process data.
- Data Processing Objection Right – You have the right to object to us processing your data for (i) direct marketing purposes (ii) scientific or historical research or statistical purposes and (iii) purposes of profiling related to direct marketing or based on our legitimate interests or on the performance of a task in the public interest
- Data Portability Right – you have the right to receive a copy of certain personal data or to have it transferred to another organisation in some circumstances.
8.2 Right to Withdraw Consent at any time
Where we use your personal information based on your prior consent to send you information or marketing communications by email, mobile messaging and by direct message on social media, you can withdraw your consent at any time by contacting us.
9. Complaints
9.1 If you have any complaints about how we handle your personal data, please contact us so we can resolve the issue, where possible. You also have the right to lodge a complaint about any use of your information with the Information Commissioners Office (ICO), the UK data protection regulator. Where you have a complaint about the way in which we have used your personal information in our fundraising, you can also complain to the Fundraising Regulator.
10. How we keep your information secure
10.1 We take such measures as are appropriate to ensure the confidentiality, integrity and availability of our systems. See the Data Protection Policy for more details.
11. Changes to the Privacy Policy
11.1 We may update this policy to reflect changes in how we use your information. You may wish to check this policy each time you provide Chatterbus CIO with your information. Where appropriate, we will provide you with notice of any significant changes to how we use your information.
12. Cookies used on our Websites
12.1 A “cookie” is a small data file that a website like www.chatterbus.org.uk can store on your system. Chatterbus uses cookies throughout the site to improve the user experience and to provide information to us on how many visitors and how our visitors use the website. We use this information to improve the users experience and the effectiveness of the website. We do not use cookies for marketing purposes or to target online advertisements. The data stored within these cookies contain no personal information about you. When you first visit our websites on a device (e.g. PC or Tablet) you will be given the option to decline the use of cookies (unless your device itself already blocks cookies) but this may adversely affect your user experience and function of the website.
12.2 How do you know if you have accepted cookies and how do you change my mind?
Near the bottom of the website, page is an area which shows you if you have accepted or declined cookies. If you have already declined cookies you will be given the option to reconsider and choose again. If you have already accepted cookies you will have the option to remove cookies and choose again.
Published: 20th May 2018
END OF POLICY
Chatterbus Data Protection Policy
1. Data protection principles
The Chatterbus CIO (the Charity) is committed to processing data in accordance with its responsibilities under the General Data Protection Regulation.
Article 5 of the GDPR requires that personal data shall be:
a. processed lawfully, fairly and in a transparent manner in relation to individuals;
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2. General provisions
a. This policy applies to all personal data processed by the Charity.
b. The Responsible Person shall take responsibility for the Charity’s ongoing compliance with this policy.
c. This policy shall be reviewed at least annually.
d. As the Charity is a ‘not for profit’ organisation it is exempt from registering with the Information Commissioner’s Office as an organisation that processes personal data. The exemption applies to processing which is only for the purposes of:
- supporting a not-for-profit body or association; or
- providing or administering activities for either those who use the Chatterbus service or those who have regular contact with it.
3. Lawful, fair and transparent processing
a. To ensure its processing of data is lawful, fair and transparent, the Charity shall maintain a Register of Systems.
b. The Register of Systems shall be reviewed at least annually.
c. Individuals have the right to access their personal data and any such requests made to the charity shall be dealt with in a timely manner.
4. Lawful purposes
a. All data processed by the charity must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
b. The Charity shall note the appropriate lawful basis in the Register of Systems.
c. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
d. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Charity’s systems.
5. Data minimisation
The Charity shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
6. Accuracy
a. The Charity shall take reasonable steps to ensure personal data is accurate.
b. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
7. Archiving / removal
a. To ensure that personal data is kept for no longer than necessary, the Charity shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
b. The archiving policy shall consider what data should/must be retained, for how long, and why.
8. Security
a. The Charity shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
b. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
c. When personal data is deleted this should be done safely such that the data is irrecoverable.
d. Appropriate back-up and disaster recovery solutions shall be in place.
9. Breach
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Charity shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO.
Published: 20th May 2018
END OF POLICY