Our privacy commitment
MSB is absolutely committed to respecting and protecting your data whilst it is in our care. We have strict policies and procedures in place to protect your data and we are committed to the General Data Protection Regulations and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and abide by its requirements. Processing of your Personal Data as described in this policy is allowed by one or more lawful grounds including:
- With your consent. For example, we only use your information to send you marketing communications by email or text with your consent. We also may ask for your explicit consent if you share sensitive personal information with us.
- To perform our contractual obligations to you. For example if you are a party or to take steps at your request prior to entering a contract. We may rely on this basis where you apply to work for us.
- To comply with our legal obligations. For example, we may rely on this basis where we are obliged to share your personal information with a regulator or HMRC.
- To pursue our legitimate interests. Where the processing is reasonably necessary for the purpose of a legitimate interest pursued by us or a third party and your privacy rights do not override the legitimate interest. Our “legitimate interests” include pursuing the aims and ideals of MSB through our work and fundraising through direct marketing campaigns and special events. However, “legitimate interests” can also include your interests, such as when you have requested information from us, and those of third parties, such as our beneficiaries.
What personal data will we collect.
Depending on your activity (i.e. if you are volunteering or donating) the information we collect from you directly or from third parties whom we work with, may include:
- Email address
- Postal address
- Telephone number
- Contact preference
- Bank account details for setting up a regular direct debit
- Credit card details for processing a payment
- Date of birth
- Gender, where appropriate
- Taxpayer status for Gift Aid
- If you are a minor, we may collect the name and contact details of a parent or guardian and, where appropriate the name and location of your school
How we will use your information
We will use your information for a number of purposes, including the following:
- To process your donations including to Claim Gift Aid (if applicable)
- To tell your story to promote our fundraising and charity aims ,ONLY if you have agreed
- To process your referral
- To send you fundraising packs
- To help us run and fulfil prize draws, competitions, auctions or events
- To reply to any questions, suggestions, issue or complaints you have contacted us about
How do we process ‘sensitive’ personal information
Under data protection law, certain categories of personal information is clause as sensitive. This includes health information, information regarding race, religious beliefs, and political opinion (‘Sensitive Persons Data’). We only collect this information if there is a clear reason for us doing so, such as in relation to a referral and this will be made clear on the referral form.
Security of the information we collect.
The servers we use are protected using HTTP and SSL technology, so whilst your data is in our care we know it’s as secure as it can be. Our staff are trained in data security, and our staff policies and procedures help our staff to understand what is required of them under their obligations to us, and also their responsibilities under the General Data Protection Regulation and other privacy legislation. When we ask another organisation to provide a service for us, we ensure that they have appropriate security measures in place. If we or our service providers transfer any information out of the European Economic Area (EEA), it will only be transferred on the basis of an agreement with the service provider, designed to protect your data in the appropriate form in accordance with data protection laws.
How will we collect and use your personal data
We may collect information about you directly when you interact with us such as collect when you register on one of our websites; make a donation to us via our online fundraising platforms or text donate facilities. You may be referred to us or provide information in person at one of our events. Or indirectly when you interact with a third party who we work with, for example where you have made a donation to us through a third-party website (e.g. Just Giving or Virgin Money Giving) and have given them permission to share your information with us.
With regard to each of your visits to our website we may automatically collect technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; to process personal information for the purposes of customer analysis and direct marketing to help us with our activities and to provide you with the most relevant information.
We are legally required to hold some personal information to fulfil statuary obligations, for example the collection of Gift Aid or to support certain financial transactions. We also hold information about your details so that we can respect your preferences for being contacted by us.
Will we share your data with other companies?
We do not rent or sell your personal information to other organisations for use by them in their own direct marketing activities.
How long will we keep your personal information?
We will retain your Personal Data in accordance with our retention policy and will keep it no longer than reasonably necessary for the purposes for which we hold it, taking into account relevant legal, regulatory, tax and accounting requirements. Where personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by us on a day to day basis. For further information you can contact us via email firstname.lastname@example.org
How can I opt out of Marketing?
If you receive a marketing email from one of us, you will have the option to “opt-out” by replying to our email with ‘STOP’. If you receive a marketing call from us, please let the call operator know you do not wish to receive any further calls.
If you have indicated that you do not wish to be contacted for marketing purposes we will maintain your details in a suppression list to ensure that we do not contact you again for marketing purposes. However, we may still need to contact you for administrative purposes, such as:
- Processing a donation you have made and any related Gift Aid.
- Providing you with information you need to relation to an event you have registered for.
Leaving our website and moving on to third party websites
Cookies and how we use them
- To provide you with a more personal and interactive experience on our site.
- For statistical purposes to track how many users we have and how often they visit our websites.
- We use organisations to collect anonymous user information so they can analyse how the website is being used and the number of visitors.
What are your rights?
Under GDPR, you have a number of rights, which are aimed at giving you control about how your personal data is used by us.
Access your personal data
You have the right to see what information we hold about you and the purposes for which we are using it. This is known as a Subject Access Request(SAR). In responding to such a request, we may ask for proof of your identity, to ensure that we do not send you personal data to another person. We will respond to any requests as soon as possible, but at least within 30 days. To make a SAR please email this to us email@example.com
Amend or delete your personal data
You may ask us to make any changes that you consider necessary to make the information accurate, please let us know and we will rectify this as soon as possible. Please email us the changes to firstname.lastname@example.org. We will require that you satisfactorily identify yourself to demonstrate your entitlement to view this data.
If you wish for your personal data to be deleted we will review any request on a case-by-case basis. We will respond to you as soon as possible, at least within 30 days of receiving your request.
Where we rely on legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Where processing is carried out based upon your consent, you have the right to withdraw this consent.
Complaints will be responded to within 30 days. If you are not satisfied with the response you should refer your complaint to the ICO https://ico.org.uk/concerns/