We know that your privacy is important so we are committed to safeguarding your data. This policy notice outlines what data we collect, how we may use it, how we will protect it, your rights, and how you can exercise those rights. This notice applies to all the ?information we collect about:
- Visitors to our website
- Individuals/households that we work with and provide services for
- Supporters and donors
- Individuals who make enquiries or raise complaints
If you have any questions about this policy, please contact us at [email protected]
We collect personal data for many reasons, including the proper provision of services and to better communicate with individuals engaged with our work. Depending on how you interact with us, we may process data for the following reasons:
- to process personal details required in the administration of our services;
- to process job applications or volunteer placements;
- to provide support and advice, as well as any other services that you have requested or have been referred to;
- to record personal details shared during conversations with our staff (the term staff ?represents paid employees and volunteers)
- to communicate with you regarding our services work when you have opted-in to this;
- to manage your communication preferences;
- to process donations and administer Gift Aid information for any donation you make to Thanet Iceberg;
- to record and contact you regarding donations you make to the us;
- to provide you with information about and to administer events;
- to conduct surveys, research and gather feedback;
- to obtain information to improve our services and user experiences;
- to provide third parties (such as grant providers) anonymised aggregated information of our yearly outcomes;
- to deal with any enquiries or complaints;
- to comply with applicable laws and regulations, and to comply with requests from statutory agencies;
- to verify compliance with the terms and conditions governing the use of our website;
Before you disclose to us the personal information of another person, you must obtain that person?s consent to both the disclosure and the processing of that personal information in accordance with this policy.
We have never supplied nor will ever supply your personal information to any third party for the purpose of their or any other third party?s direct marketing.
We may ask you for the following personal information:
- your full name
- Your contact details ? including postal address, telephone number(s), and email address
- Your date of birth
- Your gender
- Any details of your case when providing you with advice or services;
- Your National Insurance Number, CV?s and ID documents that you have asked/given permission for us to hold;
- your bank details when administering a donation or regular gift;
- donation history and Gift Aid details;
- records of your correspondence and engagement with us;
- your communication preferences;
- other personal information you share with us;
If you visit our website or social media pages we may automatically collect the following information:
- which pages you visit;
- your IP address;
- the amount of time you spend on our website;
- whether you are a new visitor;
- how you came to our website;
- geographical location;
- the type of device and browser you use;
Blocking or deleting cookies will have a negative impact on the usability of our website.
Sensitive Personal Data
We may sometimes need collect sensitive and personal data about individuals who access our services. This may include information about an individual?s ethnicity, religion, health, sexuality, political or philosophical beliefs and criminal record. We will only record this data if we either have the individual?s explicit written consent, or if we can provide an alternative legal basis for processing this data in the interest for the proper and safe administration of our services (see section on the legal basis for processing information). For example, where a service user poses a particular risk, especially if the person?s record suggests he or she may pose a risk to a certain group (e.g.: women), we would record that information irrespective of consent to ensure the safety of staff, other service users and volunteers. We will still seek consent and explain that this data is being recorded and the reasons for it, where it is safe to do so. Likewise, we may also record sensitive data without consent if we assess someone as not having the mental capacity to consent and it is necessary for their accessing our support.
In all cases, the collection of sensitive personal data will be an explicit decision, which is recorded with its reasoning in the case notes of our database, and no more data than is necessary for the specific purpose (safety, support etc.) will be recorded. All data remains subject to our procedures on data retention etc. ?
We would only collect sensitive, personal information on other individuals when we have a legitimate interest for the efficient management of volunteers or fundraising of our services.
Data on individuals may be collected via:
- any paper forms that are completed
- Any telephone conversations with staff or volunteers
- Any email communications
- Any face-to-face interactions
- Any digital forms completed via our website (including CV?s and applications), or online surveys
- Any third-party companies and websites such as MailChimp and Just Giving,
- Any digital communication (eg: social media and email)
Please let us know if the personal information that we hold about you needs to be corrected or updated. Please find information on how to contact us later in this policy.
Because of the different uses we have for different types of data, we handle data on individuals who use our services differently than individuals who volunteer at or support Thanet Iceberg. ?
Crossroads Project and support
If you are receiving advice, guidance or support from us, we will need to process your data because of your specific relationship with us.
We will keep all your case information ? including notes, letters, documents and information given to us about you ? in a confidential record that is specific to you. Any hard data (paper copies) will be held in a locked filing cabinet. ?Online data will be securely stored in our customer relationship management system (CRM) We can keep the information you provide us so that we can see the relevant details and history of your case(s). This ensures that we provide appropriate and accurate advice or support.
We take information security very seriously. No one is allowed access to our system or files unless they need the information in order to effectively provide our services.
Any advocacy done on your behalf to any external agency will be done with your prior written or verbal explicit consent. Information or emails exchanged with these services will be over a secure network with the appropriate levels of encryption considered.
We may use your data for statistical reports however we will not include any information that could be used to identify any individual.
Direct marketing including Fundraising and campaigning
We would love to keep you up to date with our fundraising, marketing and campaign activity.
We use a range of marketing activities and channels to contact our supporters ? including our website, face-to-face fundraising, direct mail and email.
We will obtain your consent to contact you by email for marketing purposes.
Thanet Iceberg Project does not engage in telephone campaigning with its supporters. We will only call you if we encounter any issues with your donation, Gift Aid or sign-up.
We send digital and print marketing materials on the following activities:
updates about our work and future plans to inform you of how your involvement is making a difference in the lives of the people who turn to us for support
appeals and fundraising activities ? including requests for donations and how you can raise money on our behalf, attend or take part in a fundraising event; and updates on the impact that your fundraising activities have had on our work
volunteering ? information about how you can help support us by donating time or using your influence to progress our aims, along with updates on the impact of your involvement and invitations to training and networking opportunities.
We will never share or sell your personal data to a third-party organisation for its marketing, fundraising or campaigning purposes.
Administrative communications to supporters
In addition to the fundraising and marketing communications that you receive from us, we will also communicate with you by either post, telephone, or email in relation to administrative and transactional matters. For example, we will email you after you have set up a Direct Debit or to confirm your details. There may also be other occasions where we need to contact you about your donation ? for example, if there is a problem with a payment or in relation to your gift aid declaration.
Volunteers will be contacted by either post, telephone, or email for administrative reasons.
As mentioned above, we may still need to communicate with you for administrative purposes even where you have opted out of marketing communications from us.
You can withdraw your consent, unsubscribe or update your marketing preferences at any point using the details in the ?Contact us? section of this page.
Electronic marketing communications, such as e-newsletters, will have a link to unsubscribe, so you can manage your own communication preferences.
If you make any changes to your consent, we will update your record as soon as we possibly can. It may take up to 60 days for our systems to update and stop any postal communications from being sent to you. Email communications will, however, be stopped immediately.
If you tell us you do not wish to receive marketing, fundraising or campaign communications, you may still receive transactional and service-based communications confirming and servicing other relationships you have with us.
We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Three of these are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:
1. a person?s consent (for example, to send you direct marketing by email or to allow us to advocate on your behalf to external services)
2. processing that is necessary for compliance with a legal obligation (for example to process a Gift Aid declaration, for Health & Safety of volunteers in the shelter and carrying out due diligence on large donations)
3. Thanet Iceberg Project?s legitimate interests (please see below for more information)
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, if its use is fair and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:
Charity Governance: including delivery of our charitable purposes, statutory and financial reporting and other regulatory compliance purposes.
Administration and operational management: including responding to enquires, providing information and services, and the administration of volunteers
Fundraising and Campaigning: including administering campaigns and donations, and sending direct marketing by post, sending thank you letters,and targeting and segmentation to develop communication strategies
If you would like more information on our uses of legitimate interests, or to change our use of your personal data in this manner, please get in touch with us using the details in the ?Contact us? section of the website.
We do not sell or share personal data to third parties for the purposes of marketing.
For instance, when you give consent to receive our e-communications, we use MailChimp to send email newsletters. We occasionally use other service providers to send surveys (eg: SurveyMonkey) or invitations (eg: EventBrite). These agents store your data to the extent that it is necessary to perform these functions, in using their service you agree to their T&Cs.
We may share anonymised data on volunteers and guests of our services with organisations who are supportive of our aims, for example funders, partners, volunteers and supporters. No individual is able to be identified from this data.
We may disclose data where it is necessary to protect the vital interests of an individual.
Police or Social Services: there are exemptions within data protection regulations that mean we are under legal obligations to share limited data. ?This includes the prevention and detection of crime or to prevent benefit fraud.
All of our data is held in either our offices or on a firewall and password protected server. We (and our service providers) use appropriate technical, organisational measures and precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data. Only employees that need access to a portion of data will be granted it,
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. However, once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will retain your personal information for the period necessary to fulfil the purposes in this Notice. Different types of information are held for different periods of time in accordance with the law or regulations that the information falls under, such as financial regulations, Limitations Act, Health and Safety regulation etc.
Subject to the above, we will typically store data relating to donors and people who have taken campaign actions for seven years after their last donation or interaction, and service users to whom we provide services to for six years after the final communication.
We will not store your credit card details once we have processed a one-off donation.
Once the retention period has expired, the information will be confidentially disposed or permanently deleted. For service user case data, we will anonymise the data under ICO guidance so that no individual is identifiable.
You can request deletion of your personal information at any time, by contacting us via the contact us section of the website.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list to avoid sending you unwanted materials in the future.
Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data:
to the extent that we are required to do so by law;
if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
You have many rights under data protection (GDPR) legislation. These include:
Right of Access
You have the right know what information we hold about you and to ask, in writing, to see your records.
We will supply any information you ask for that we hold about you as soon as possible, but this may take up to 30 days. We will not charge you for this other than in exceptional circumstances. You will be asked for proof of identity as the person dealing with your request may not be the staff member you have met before. We need to be sure we are only releasing your personal data to you.
This is called a Subject Access Request (SAR), and can be done by:
Emailing: [email protected]
Writing to us at Thanet Iceberg Project, The Kitchen, 3 Cliff Terrace, Margate, Kent, CT9 1RU
Right to be informed
You have the right to be informed how your personal data will be used. This policy, as well as any additional information or notice that is provided to you either at the time you provided your details, or otherwise, is intended to provide you with this information.
Right to withdraw consent
Where we process your data based on your consent (for example, to send you marketing emails), you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us at [email protected]
Right to object
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by post). To do this, or to discuss this right further with us, please contact us at [email protected]
Right to restrict processing
In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
Right of erasure
In some cases, you have the right to be forgotten (i.e. to have your personal data deleted from our database). Where you have requested that we do not send you marketing materials, we will need to keep some limited information to ensure that you are not contacted in the future.
Right of rectification
If you believe our records are inaccurate, you have the right to ask for those records concerning you to be updated. To update your records please get in touch with us using at [email protected]
Right to data portability
Where we are processing your personal data because you have given us your consent to do so, you have the right to request that the data is transferred from one service provider to another.
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Updates to this policy
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
External links to other websites