How we respect privacy when we deal with personal information collected by our organisation
1. Why we collect your data
We collect personal data for many reasons, including to provide you with advice or support, communicate with you, send you information you have requested and administer fundraising campaigns and donations. Depending on how you interact with us, we may process data for the following details:
- To provide you with advice or support that you have been referred to or have requested
- To record personal details shared during telephone conversations with our staff or volunteers
- To administer housing support services AHAG is providing to you
- To communicate with you regarding AHAG’s work and fundraising activities
- To process donations and administer Gift Aid information
- To manage your communication preferences
- To process job applications/volunteer applications
- To comply with applicable laws and regulations, and requests from statutory agencies
2. Information we collect
We collect the following personal information:
- Your full name
- Contact details – including your postal address, telephone numbers and email address
- Date of birth
- Details of your case when providing you with housing advice or services
- Your payment details
- Records of your correspondence and engagement with us
- Donation history and Gift Aid details
- Biographical information
- Other information you share with us
This information may be collected by:
- Paper forms completed by yourself or AHAG staff or volunteers
- Telephone conversations or face to face conversations with AHAG staff or volunteers
- Email communication with AHAG staff
- Third party companies and websites such as BTMyDonate
- Communication via social media
We sometimes also collect sensitive, personal data about individuals. This includes information about health, religion, sexuality, ethnicity and criminal records. We will normally only record this data where we have your explicit consent, unless we are permitted to do so in other circumstances under data protection law.
3. Using your personal data
AHAG support and advice services
If you are receiving advice, guidance or support from us, we will need to process your data because of your specific relationship with us.
We will keep all your case information – including notes, letters and information given to us about you – in a confidential record that is specific to you. We use a spreadsheet system to support our advice and support. This means that we can keep the information you provide us, so we are able to see the history and relevant details of your case(s). This ensures that we provide appropriate and accurate advice or support. We take information security very seriously. No one is allowed access to our system or files unless they need this to provide the service to you, or one of the other purposes discussed in this notice.
We may use your data for statistical reports. These statistics will not include any information that could be used to identify any individual.
Fundraising and marketing
We would like to keep you up to date with our fundraiisng and marketing activities.
We use a variety of channels to contact our supporters, including our website, face to face fundraising, social media and email.
We will obtain your consent to contact you by email for marketing purposes.
We send the following marketing materials:
- Updates and newsletters about AHAG’s work
- Appeals and fundraising activities – including requests for monetary donations or donations of goods
- Volunteering opportunities
We will never share or sell your personal data to a third-party organisation.
You can withdraw your consent or update your communication preferences at any point by contacting us at firstname.lastname@example.org or by calling us on 01296 435026
In addition to the fundraising and marketing communications that you receive from us, we may also communicate with you by post, telephone, and email in relation to administrative and transactional matters. For example, there may also be occasions where we need to contact you about your donation – for example, if there is a problem with a payment or in relation to your gift aid declaration.
4. Applying for a job/volunteering opportunity with AHAG
When you apply for a job with us, your personal data will be collated to monitor the progression of your application, and the effectiveness of the recruitment process through the statistics collected. Where we need to share your data – such as for gathering references or obtaining a Disclosure and Barring Services check (depending on the role) – you will be informed beforehand, unless the disclosure is required by law. These checks/reference requests are only done after a position has been offered only to the successful candidate.
Personal data about unsuccessful applicants are held for 12 months after the recruitment exercise is complete for that vacancy. You, as an applicant, can ask us to remove your data before this time if you do not want us to hold it.
Once you have taken up employment with AHAG, we will compile a file relating to your employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to your employment. Once your employment with us has ended, we will retain the file in accordance with the requirements of our Data Retention Policy and then delete it from our files.
5. Cookies policy
A ‘cookie’ consists of a small piece of information downloaded onto your computer and stored in the user’s web browser. This data is sent back to the website every time the user accesses the website. Users may disable cookies or delete any individual cookie through controls in their web browser. In these circumstances, the site may not work as intended.
6. Our legal basis for processing personal data
We are required to have a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:
- A person’s consent (for example, to send you direct marketing by email)
- Processing that is necessary for compliance with a legal obligation (for example to process a Gift Aid declaration)
- Legitimate interests (please see below for more information)
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, if its use is fair and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:
- Charity Governance: including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes
- Administration and operational management: including responding to solicited enquires, providing information, the administration of volunteers and employment, and recruitment requirements
- Fundraising and marketing: including administering fundraising campaigns and donations, sending thank you letters and maintaining communication suppressions and preferences
If you would like more information on our uses of legitimate interests, or to change our use of your personal data in this manner, please get in touch with us using the details in the ‘Contact us’ section below.
7. Disclosure of your personal data
We will only pass your data to third parties in the following circumstances:
- You have provided your explicit consent for us to pass data to a named third party;
- It is necessary to protect the vital interests of an individual;
- We are using a third party purely for the purposes of processing data on our behalf and we have in place a data processing agreement with that third party that fulfils our legal obligations in relation to the use of third party data processors; or
- We are required by law to share your data.
In addition, we will only pass data to third parties outside of the EU where appropriate safeguards are in place as defined by Article 46 of the General Data Protection Regulation.
We will never share or sell your personal data to a third-party organisation for marketing, fundraising, or campaigning purposes.
8. Security of your personal data
We use appropriate technical and organisational measures and precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
9. Retention of your data
Whatever your relationship with us, we will only store your information for a specified amount of time, as set out in our internal data retention policy.
The length of time that data will be kept may depend on the reasons for which we are processing the data and on the law or regulations that the information falls under, such as financial regulations or any contractual obligations we might have – such as with grant funders.
Subject to the above, we will typically store data relating to donors for seven years after their last donation or interaction, and people to whom we provide advice and support services to for seven years after completion of those services. Personal data about unsuccessful applicants are held for 12 months after the recruitment exercise is complete for that vacancy.
Once the retention period has expired, the information will be confidentially disposed of or permanently deleted.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future.
10. Rights you have over your data
You have a range of rights over your data, which include the following:
- Right of Access
You have the right know what information we hold about you and to ask, in writing, to see your records.
We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this other than in exceptional circumstances. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you.
This is called a data subject access, and can be done by:
- emailing email@example.com
- writing to the Data Protection Manager, c/o Aylesbury Homeless Action Group, 2, Rickfords Hill, Aylesbury, HP20 2RX
- Right to be informed
You have the right to be informed how your personal data will be used. This policy, as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
- Right to withdraw consent
Where we process your data based on your consent (for example, to send you marketing texts or emails), you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
- Right to object
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so. To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
- Right to restrict processing
In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
- Right of erasure
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials, we will need to keep some limited information to ensure that you are not contacted in the future.
- Right of rectification
If you believe our records are inaccurate, you have the right to ask for those records concerning you to be updated. To update your records, please get in touch with us using the details in the ‘Contact us’ section below.
- Right to data portability
Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
A full summary of your legal rights over your data can be found on the Information Commissioner’s website here: https://ico.org.uk/
If you would like to access the rights listed above, or any other legal rights you have over your data under current legislation, please get in touch with us.
Please note that relying on some of these rights, such as the right to deleting your data, will make it impossible for us to continue to deliver some services to you. However, where possible we will always try to allow the maximum access to your rights while continuing to deliver as many services to you as possible.
11. Contact Us
If you have any questions about this policy or want to exercise any of the rights set out in section 10 above, you can get in touch with us in the following ways:
- 01296 435026
|Last updated||22 May 2018|