We take data privacy seriously. This is how we use supporters' personal information
1.1 Footsteps International is a Charity registered in England and Wales with charity number 1091026 and registered address 79 Lynwood Grove, Orpington BR6 0BQ.
1.2 We are committed to protecting your privacy and will only use the information that we collect about you lawfully. This policy is intended to give you an understanding of how and why we use the information you give us. The legal basis for processing your data is our Legitimate Interest (Article 6(1)(f) of the General Data Protection Regulation); our Legitimate Interest is operating and managing our charity efficiently.
1.3 If you have any questions about this policy, please contact the Chairman of Trustees at email@example.com or by writing to Footsteps International at the above address or calling 01689 828166.
1.4 Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By providing us with your personal information you agree to your personal information being used and stored in the manner set out in this policy. We may update this policy from time to time without notice to you, so please check it regularly.
2. How we collect information about you
2.1 We may collect information from you in the following ways:
(a) You make a donation to us (which may be financial or non-financial/ in-kind), offer other support, or respond to our mailings and appeals;
(b) You contact us in relation to volunteering for us or to fundraise on our behalf;
(c) You attend an event;
(e) You request and/or receive a copy of Footsteps News or any other materials from us; or
(f) You contact us with enquiries or other correspondence (including via social media) or become involved with us in another way (e.g. by indicating to your organisation would like to hear more from us, or you would like to make a donation to us).
2.2 If you interact with us in one of the ways listed above, we may collect and process personal information about you such as:
(a) Your name, address, email address, telephone number;
(b) Information you enter onto our website or in other hard copy forms at an event;
(c) Records of your correspondence with us, if you have contacted us;
(d) Financial information such as your bank or card details;
(e) Whether you have a relationship to another supporter (e.g. husband/wife) or organisation.
2.3 We may also collect sensitive personal information about you, such as details about diet, a health condition or disability if you plan to visit the projects we work with overseas.
3. Why and how we use your information and on what basis
3.1 We will process your personal information in accordance with this policy and our obligations under applicable data protection laws and regulations, for one or more of the following reasons:
(a) To administer your donation or support your fundraising, including processing Gift Aid;
(b) To provide you with the services, activities or information you have indicated you are happy to receive or which you have asked for;
(c) To comply with applicable laws and regulations, and requests from statutory agencies;
(d) For our own internal administrative purposes and to keep a record of your relationship with us;
(e) For marketing purposes, to provide you with information about us, our fundraising campaigns, our events, and any other information, products, activities or services that we provide (e.g. supporter updates);
(f) To provide you with details about our projects;
(g) To manage your communication preferences with us generally;
(h) To notify you about changes to our service and/or donor/sponsorship opportunities;
(i) To ensure that content from our website is presented in the most effective manner for you.
3.2 Whilst generally we will seek consent to process your data at the point we collect it, in some cases we may process data without consent where we are legally allowed to do so, and where we have legitimate reasons for doing so (e.g. to process a donation you have made or in accordance with this policy), provided we respect your legal rights.
3.3 If you request to receive no further contact from us, we will keep some basic information in order to avoid sending you unwanted materials in the future, and to ensure that we do not accidentally store details for the same person multiple times. If we did not retain this information then this could result in us contacting you again as we would no longer have a record of your request not to be contacted.
3.4 We will keep your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our internal policies.
4. Where your information is stored
4.1 The information we collect from you is stored on personal computers held by the trustees and treasurer. Back-up copies are stored both on secondary hard-drives and secure cloud storage. By submitting your details you agree to this use of your data.
4.2 Online payment transactions are processed through third parties such as CAF, Wonderful, Stewardship and PayPal.
4.3 The transmission of information via the internet is not completely secure (though note that online payment transactions are securely encrypted). Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
5. Who has access to your information
5.1 Where it is necessary for us to do so, we sometimes share your data with third parties including our trustees and other volunteers acting on our behalf for the purposes for which you have provided it to us (e.g. to deliver mailings, to analyse data and to process payments) or for purposes set out in this policy.
6. Information retention
6.1 We keep records relating to any donation you make for 6 years following the end of the financial year in which you made your donation, in accordance with our legal obligation to keep records for accounting purposes.
7. International partners
7.1 We may need to disclose your information to our international partners on projects we work with. For example, if you sponsor a specific child, elements of your personal data necessary to fulfil the activity (e.g. your name) will be shared with relevant international partner in accordance with this policy, data protection laws and regulations and where we have your consent to do so.
8. Data breach
8.1 The ICO defines a personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. This also means that a breach is more than just about losing personal data.
8.2 Recording a breach: In accordance with guidance from the ICO (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/) we will keep a record of any personal data breaches.
8.2 Procedure and timing: Should a breach occur, our Chairman of Trustees will investigate the likelihood and severity of any risk to people’s rights and freedoms. If there is a risk, we will notify the ICO; if it’s unlikely then we may choose not to report it in accordance with guidance offered by ICO.
8.3 If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, we will also notify those affected individuals as soon as possible.
8.4 All breaches that need to be reported will be reported to the ICO within 72 hours. Should we need to notify affected individuals, this will take place as soon as possible after reporting to the ICO
9. Your rights
9.1 You may notify us of changes to your personal data at any time by emailing firstname.lastname@example.org or writing to the registered address, 79 Lynwood Grove, Orpington, BR6 0BQ. We aim to amend our records within 28 days..
9.2 All contacts Footsteps holds data on have the right to see what data is held about them, and to request it be amended or deleted. Please inform us at email@example.com.
9.3 Instructions for unsubscribing from emails are included in each email communication we send.
9.4 Under the General Data Protection Regulation, which became law in the UK in May 2018, you are also granted a number of additional rights. These include:
(a) The right to rectification;
(b) The right to erasure;
(c) The right to restrict processing;
(d) The right to data portability;
(e) The right to object;
(f) Rights in relation to automated decision making and profiling.
9.5 For more information on these rights please read the relevant guidance issued by the ICO: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
9.6 If you are unhappy with the way we have processed your personal data, please contact our Chairman of Trustees first using the contact details set out in the introduction to this policy. If you are still not satisfied with how your complaint is dealt with you should contact the Information Commissioner’s Office (https://ico.org.uk/).
Alternatively, you are entitled to make a complaint to the Information Commissioner’s Office without first referring your complaint to us (https://ico.org.uk/make-a-complaint/ ).
From within UK: 0870 765 4633
From outside UK: +44 1689 828166
79 Lynwood Grove, Orpington,BR6 0BQ, UK
We welcome feedback. If you would like to make a positive comment about our work, or you have a complaint or concern, just let us know. We are always looking to improve what we do.