1. Who is responsible for protecting your data?
2. How we collect your information
3. What information we collect and how we use it
4. Marketing and Communications
5. Sharing your information
7. How long will you keep my data?
8. What are my rights?
12. Privacy Notice for Job Applicants
- We will only send you marketing information by email if you expressly agree to us doing so.
- You can change your marketing preferences at any time by emailing firstname.lastname@example.org, calling us on 020 3758 7700 or writing to All We Can, 25 Marylebone Road, London, NW1 5JR.
- If you ask us to stop sending marketing information, we will update our records to stop further mailings as quickly as we can. However, you may still receive further mailings which were already in progress prior to you asking us to stop. (If you are a church contact, you will still receive communications relevant to your role.)
- We may send you marketing information by post for marketing purposes unless you have previously opted out or said that you do not want to be contacted.
- We collect personal data, e.g. your name, postal, email addresses, and telephone number when you give them to us for various purposes, such as donating, signing up for an event, or applying for a job.
- We use the information you give us for segmentation of our database, for example, by analysing data such as the postcodes of supporters, names, addresses and previous gifts. This enables us to tailor our communications to you and, in a fundraising context, enables us to raise more funds.
- If we rely on consent to process your data, you can withdraw your consent at any time.
Your details are stored, maintained and protected by All We Can. This makes us a ‘data controller’ for the purposes of the Data Protection Act 2018 ‘Data privacy law’. This means that we are legally responsible for, and control the processing of, your personal information.
If you have any questions about your personal data, you can contact us via email, phone or post. Please note our regular office hours are Monday to Friday 9:00 am to 5:00 pm, excluding UK bank holidays.
Telephone: 020 3758 7700
Address: All We Can 25 Marylebone Road, London, NW1 5JR
We want to make sure you receive the communications that are most relevant to you, be it by visiting our website, receiving emails or via the post. We want to make sure you receive the best possible experience when volunteering, attending an event or making a donation.
We collect information from you in the following ways:
- When you interact with us directly: This could be when you donate to our work and/or, sign-up to receive our e-news, take part in one of our live streams, apply for a job or volunteering opportunity or otherwise provide us with your personal information. This includes when you email us, visit our website, attend an event, or get in touch by post, or over the phone.
- When you interact with us through third parties: This could be if you provide a donation through a third party such as Just Giving or Charities Aid Foundation and provide your consent for your personal information to be shared with us.
- When you visit our website: we gather general information which might include which pages you visit most often and which services, events or information are of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use ‘cookies’ to help our site run effectively.
What types of personal data do we collect?
With your knowledge and permission, we may collect your personal information, which may include your name, address, email address, phone number, bank account or credit card details when donating or setting up regular donations, as well as information you provide in any communications between us. This will be collected when you sign up to our website, make a donation or any of the other ways in which you interact with us. Images and video clips are also recognised as personal data – and so if you send us photographs, or take part in one of our live streams, this data is also gathered. Occasionally, we may also need to record additional information such as dietary requirements to ensure your best care at events. These details are always collected with your express permission and are deleted when no longer needed.
Why do we collect this?
- To comply with the Charities (Protection and Social Investment) Act 2016 and follow the recommendations of the official regulator of charities, the Charity Commission, which require us to identify and verify the identity of supporters who make major gifts so we can assess any risks associated with accepting their donations.
- All We Can will process your data to maintain up to date records of regular donations, gifts and our relationships with supporters of our charity.
- We keep up to date records of your regular donations or gifts to manage our relationship with you and for our own accountancy purposes, such as to claim Gift Aid on your donations and verify any financial transactions.
- To provide the Extraordinary Gifts purchases or materials that you have requested.
- To update you with important administrative messages about your donation, an event or Extraordinary Gifts purchases or materials you have requested.
- To keep a record of your relationship with us.
- To keep you updated on general All We Can news, events, and appeals.
Data privacy law requires us to have one or more lawful grounds to process your personal information. The following grounds are relevant to our use of your data:
- Consent. In many cases, we will seek consent to process your personal information, for example, to send you marketing and fundraising emails. Where we do rely on consent, you are entitled to withdraw it at any time.
- To protect your vital interests. For example to ensure you get urgent medical assistance if needed when travelling abroad with All We Can.
- Where we have a contractual relationship with you. Though the majority of our relationships are voluntary, if we enter into a contract with you we will process information to administer that contract.
- Legal obligations. We will sometimes pass on personal information to comply with legal obligations such as providing tax and Gift Aid information to HMRC.
- ‘Legitimate Interests’. Where it is appropriate, we rely on the processing being in our legitimate interests, provided we are confident that such processing is not likely to override your own legitimate interests or rights and freedoms. For example, sending you marketing and fundraising post provided this is done in an unobtrusive manner, or if you choose to appear in one of our livestreams.
All We Can’s legitimate interests are ultimately in pursuit of our charitable objectives, including:
- Governance, operational and financial management, such as processing donations, claiming Gift Aid, statutory reporting, and employee and volunteer administration and management.
- Publicity and income generation, such as marketing and fundraising, events, and supporter analysis so we can continue to raise awareness and generate income enabling us to work with and support local organisations in some of the world’s poorest communities to end the suffering caused by inequality and injustice.
We promise to never sell or swap your details, and you can change your preference at any time using the contact details below.
Telephone: 020 3758 7700
Address: All We Can 25 Marylebone Road, London, NW1 5JR
However, we may share your information with our trusted partners and suppliers who work with us to deliver our services. Processing of this information is always carried out under our instruction, and we make sure that they store the data securely. Data is only shared for a specific purpose, such as distributing a postal campaign. We ensure that they delete all shared data when they no longer need it and that they never use it for any other purposes beyond that which has been contractually agreed between All We Can and the trusted partners and suppliers.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Unfortunately, the transmission of information using the internet is never completely secure. Although we do our best to protect your personal information sent to us this way, we cannot guarantee the security of data transmitted to our site.
Our website may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. This privacy statement does not cover the information practices of those websites or advertisers.
All We Can needs to keep some details, such as financial information from donations, for an extended period to ensure we meet requirements for annual audits. We only keep your data for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid).
All We Can will be happy to give you access to your personal information stored in our filing system should you request it. We are only able to share information relating to yourself. If you would like us to erase your data, we will do so upon request (except for information that is required by law for financial audits). We are keen to make sure the data we maintain is up to date so please do let us know if you move, change phone number or get a new email address.
- To see the personal information we store about you
- To change your personal information if it is inaccurate or incomplete
- To be forgotten – as long as this doesn’t contradict our legal obligations.
- To limit the ways we process your data – so we can store it but not use it any further.
- To access and move your data – to another company, etc.
- To object to legitimate interest processing, direct marketing or processing for statistics.
Can I take back my consent once it’s given?
You have the right to withdraw your consent at any time. We will be very sorry to see you go, but all you have to do is call us on 020 7467 5173. Alternatively, you can write to All We Can, address 25 Marylebone Road, London, NW1 5JR or email at email@example.com. When writing to us, please tell us you wish to withdraw your consent. We will immediately update our records, and you will no longer be contacted by All We Can. If you are happy to receive communications in some ways, e.g. you would like to receive emails but don’t want letters through the post, you can let us know this at any time, and we will make sure only to contact you in your preferred way. Please understand that if you are a church contact, you will still receive communications relevant to your role.
I would like to make a complaint, what should I do?
If you are ever concerned about the ways, All We Can is handling your data, then you have the right to lodge a complaint with All We Can directly, or with the Fundraising Regulator and/or Information Commissioner’s Office. Simply get in touch with us at firstname.lastname@example.org or call us on 020 7467 5173.
Am I under any legal obligation to provide my personal data?
The decision to donate to All We Can is entirely your choice. However, in order for us to process your gift and meet certain legal obligations, such as financial auditing and Gift Aid, we will require your bank details and some personal information such as your name and address which we require to claim Gift Aid.
There are two broad types of cookies – ‘first party cookies’ and ‘third party cookies’:
First party cookies are cookies that are served directly by the website operator to your computer, and are often used to recognize your computer when it revisits that site and to remember your preferences as you browse the site. Basically, these are our cookies. Third party cookies are served by a service provider on behalf of the website operator, and can be used by the service provider to recognize your computer when you visit other web sites. Third party cookies are most commonly used for web site analytics or advertising purposes.
In addition, cookies may be either ‘session cookies’ or ‘persistent cookies’. Your computer automatically removes session cookies once you close your browser. Persistent cookies will survive on your computer until an expiry date specified in the cookie itself, is reached. We use both session and persistent cookies.
Categories of cookies we use:
1. Strictly necessary cookies: These cookies are essential for the user to move around the website and to use its features, e.g. shopping baskets and e-billing. This also includes the PHP Session ID cookie which is used to identify each unique user of the website anonymously and is used by the server to provide a continuous service. It expires when the browser is closed.
2. Performance cookies: These cookies collect information about how the user makes use of the site, e.g. which pages the user visits most. These cookies do not collect information that identifies the user. This includes traffic log and Google Analytics cookies. These provide anonymous statistics on website usage and identify which pages are being used and which resources are being downloaded. This helps us analyse data about web page traffic and improve our website in order to tailor it to the needs of users. We only use this information for statistical analysis purposes.
3. Marketing cookies: These cookies collect information about the users’ browsing habits. This may also include your use of social media sites, e.g. Facebook, etc. or how you interact with our website which then shows you relevant content elsewhere on the internet. NB. These may also be used to choose the advertisements that are displayed to you on our website and other websites. This also includes Add This cookies. The Add This button on our web pages enables you to share the page through a range of social networks. The Add This widget makes use of a core group of cookies for bookmarking and a group of third party cookies which are generally used for target advertising and appear after a few page loads where the Add This widget appeared. You can read more about cookies used by Add This, and how to opt out of them, here.
What information do we collect using cookies?
We may collect some, or all, of the information available from cookies when you visit our website, depending on how you use it. We monitor how people use our website so we can improve it. We collect this information anonymously. However, you can choose to use our website anonymously without giving us any information. Please see ‘Changing your cookie preferences’ below.
- the areas of the website you visit;
- the amount of time you spend on the site;
- whether you are new to the site, or have visited it before;
- how you came to our website – for example, through an email link or a search engine;
- the type of device and browser you use;
- how you interact with our donation and sign up forms – for example what you select as your communication preferences; and
Although not through cookies, we do measure the success of the emails we send – so we know what subject lines and stories people liked the most. We receive this information anonymously, we don’t share this information.
Website statistics analytics, testing and personalisation:
Our website currently uses two types of web analytics services:
1. Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses ‘cookies’, which (as discussed above) are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
You can always opt-out of Google Analytics cookies by Google’s opt-out tool.
2. Facebook Pixel, this first-party cookie is provided by Facebook. It enables All We Can to measure, optimise and build audiences for advertising campaigns served on Facebook. In particular, it enables All We Can to see how our users move between devices when accessing the All We Can web site and Facebook, to ensure that All We Can’s Facebook advertising is seen by our users most likely to be interested in such advertising by analysing which content a user has viewed and interacted with on the All We Can web site. For further information about the Facebook Pixel please see: https://en-gb.facebook.com/business/help/651294705016616
Other third-party cookies
You may notice some other cookies that are not related to the All We Can’s website whilst visiting www.allwecan.org.uk. Some of our pages contain embedded content such as YouTube video, Twitter feed, Facebook likes or Google plus share, and you may receive cookies delivered from these websites. All We Can does not govern the publication of third-party cookies. To understand more about their cookies and privacy statements, please visit the relevant sites.
Some of our cookies will remind you about our work and how you can help after you have left the website. These are the targeting/advertising cookies we use. It is a useful tool for us to keep public awareness of our campaigns and how they can be supported.
If you do not want cookies to be stored on your PC it is possible to disable this function without affecting your navigation around the site. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
It is possible to stop your web browser accepting cookies from one website or all websites through built-in cookie controls. If you do this, you may find that some aspects of this website and others stop working, or stop working as well (for example, login facilities and shopping carts may stop working entirely).
All modern browsers allow you to change your cookie settings. The following links provide details on how to do this in a range of popular web browsers:
Cookie settings in Microsoft Edge
Cookie settings in Microsoft Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari
To ensure that we are sending you engaging communications, we do monitor the success of our marketing emails. This tells us who chose to open an email, how many other emails they have opened and whether they have clicked on any links within. This shows us which emails you are enjoying and which you are not, helping us to improve the quality of what we send you in future. You can unsubscribe from these emails at any time.
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as prospective employees/trustees/volunteers of All We Can, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
A) DATA PROTECTION PRINCIPLES Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
a) processing is fair, lawful and transparent
b) data is collected for specific, explicit, and legitimate purposes
c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing
d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
e) data is not kept for longer than is necessary for its given purpose
f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
g) we comply with the relevant GDPR procedures for international transferring of personal data
B) TYPES OF DATA HELD We keep several categories of personal data on our prospective employees in order to carry out effective and efficient processes. We keep this data in recruitment files relating to each vacancy and we also hold the data within our computer systems, for example, recruitment logs.
Specifically, we hold the following types of data:
a) personal details such as name, address, phone numbers;
b) name and contact details of your next of kin;
c) your photograph;
d) your gender, marital status, information of any disability you have or other medical information;
e) right to work documentation;
f) information on your race and religion for equality monitoring purposes;
g) information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter;
h) references from former employers;
i) details on your education and employment history etc;
j) driving licence;
k) criminal convictions.
C) COLLECTING YOUR DATA You provide several pieces of data to us directly during the recruitment exercise.
In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies.
Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.
D) LAWFUL BASIS FOR PROCESSING The law on data protection allows us to process your data for certain reasons only.
All We Can March 2018
The information below categorises the types of data processing we undertake and the lawful basis we rely on.
E) SPECIAL CATEGORIES OF DATA
Special categories of data are data relating to your:
b) sex life
c) sexual orientation
e) ethnic origin
f) political opinion
h) trade union membership
i) genetic and biometric data.
We carry out processing activities using special category data:
a) for the purposes of equal opportunities monitoring
b) to determine reasonable adjustments
Most commonly, we will process special categories of data when the following applies:
a) you have given explicit consent to the processing
b) we must process the data in order to carry out our legal obligations
c) we must process data for reasons of substantial public interest
d) you have already made the data public.
F) FAILURE TO PROVIDE DATA
Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment, or administer contractual benefits.
G) CRIMINAL CONVICTION DATA
We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role. We rely on the lawful basis of performance of the contract and our legitimate interest to process this data.
H) WHO WE SHARE YOUR DATA WITH
Employees within our company who have responsibility for recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processing in line with GDPR.
Data is shared with third parties for the following reasons: administration of HR, payroll, pensions, training, IT, facilities management, health and safety.
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
We do not share your data with bodies outside of the European Economic Area.
I) PROTECTING YOUR DATA We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
J) RETENTION PERIODS We only keep your data for as long as we need it for, which, in relation to unsuccessful candidates, is six months to a year.
If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable vacancies, we will keep your data for six months once the recruitment exercise ends. If we have sought your consent to keep your data on file for future job/trustee/volunteer vacancies, and you have provided consent, we will keep your data for nine months once the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.
If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.
K) AUTOMATED DECISION MAKING Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
L) YOUR RIGHTS You have the following rights in relation to the personal data we hold on you:
a) the right to be informed about the data we hold on you and what we do with it;
b) the right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly;
c) the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
d) the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
e) the right to restrict the processing of the data; All We Can March 2018
f) the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
g) the right to object to the inclusion of any information;
h) the right to regulate any automated decision-making and profiling of personal data.
In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact our designated lead on data protection activities Steve Adams, Public Engagement Director, on email@example.com
M) MAKING A COMPLAINT If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
N) DATA PROTECTION COMPLIANCE
1. Graeme Hodge, Chief Executive Contact: firstname.lastname@example.org
2. David Fletcher, Finance Director Contact: email@example.com
3. Steve Adams, Public Engagement Direct Contact: firstname.lastname@example.org
4. Angela Zamaere, Programmes Director Contact: email@example.com
5. Dean Gillespie, Digital and Data Manager Contact: firstname.lastname@example.org
6. Katie Kurilecz, Direct Marketing & Supporter Care Manager Contact: email@example.com
7. Patti Tobin, Office Manager Contact: firstname.lastname@example.org
Contact address for all Compliance Leads: All We Can, 25 Marylebone Road, London, NW1 5JR, UK