2. Who we are
We are the Bendrigg Trust, a registered charity (no. 508450) and also a company limited by guarantee (no. 01396557). Our aim is to promote inclusion, encourage independence and build self-confidence through the safe provision of residential courses for disabled and disadvantaged people of any age or ability, throughout the UK.
3. How we collect and use your data
We collect and process personal data to allow us to make better decisions, fundraise and market more efficiently, service your bookings and, ultimately, to help us fulfil our charitable purpose. When we collect your personal data, we aim to be clear about our reasons for doing so, and not to do anything that people would not reasonably expect. There are a number of ways that we collect information. Most often this will be directly from you, for example, if you register to attend one of our courses.
We currently collect and process the following information:
If you contact us for any reason, we normally collect your:
- Phone Number
- Email Address
If you are a course participant, we may also collect your:
- Date of birth
- Next of kin
- Previous booking history
- Medical and dietary information, including any allergies you may have
- Any other information you provide that helps us to look after you
Any sensitive data is treated in the strictest confidence. We may need to keep this data, and any relevant information from your attendance on one of our courses, for legal purposes.
If you came to us from a school or other institution, we may need to ask staff of that institution for their help in supplying the data we need for you to attend one of our courses.
We may collect and record information relating to people who participate on our courses and their experience with us to create a case study. Individuals’ explicit permission (consent) will be gained before we do this. We do this to improve our marketing and to help attract other participants and supporters. On some occasions this may also be required by grant funders.
If you or your school or institution are not yet a course applicant, we may have found some basic information about you from publicly available sources. We use this information to evaluate your potential interest in our courses and to get in touch with you. We use this information in our legitimate interest as a charity.
During or after your course, we may also collect:
- Your feedback on the course and your responses to any impact evaluation
We use this information to help us improve our courses and the way we work with you or to evaluate and report on the impact of our work. This is done in our legitimate interest as a charity. We will always ask your permission to use your name in one of our case studies or for our marketing materials.
If you donate, we normally collect your:
- Bank account details (name, sort code and account number) when you set up a regular gift (for example, a direct debit) or you send us a cheque.
Where appropriate, we may also collect:
- Credit/debit card details for processing card payments. These details will not be stored by Bendrigg. Any details taken over the phone will be inputted immediately into the card payment system and will not be recorded elsewhere.
- Tax-payer status for claiming Gift Aid
- Your donation history
- Data that may be required for legacy administration when a supporter leaves a legacy gift to the Bendrigg Trust
- Correspondence between supporters and ourselves (whether by postal mail, email or by phone)
- Your contact preferences
- Information when you complete a form on our website
- Your posts and messages when you interact with us by social media (for example, Facebook, Twitter, Instagram or LinkedIn)
- Information through your use of our website, for example, the IP address and details of pages visited.
We may collect and record any other relevant information you share with us about yourself. If you are not yet one of our donors, we might have obtained some information that is in the public domain. This may include published biographical information, philanthropic interests, open postings on social media sites and data from Companies House. We do this to evaluate what support we should ask you for and to help us to engage you in activities that are relevant to your known interests. We use this information in our legitimate interest as a charity that depends on fundraising. We will not use third parties to conduct wealth screening. We will not retain publicly available data relating to donors without their consent, which will be sought at the earliest practical opportunity.
If you attend one of our events where we take photographs or videos, please be aware that your image may be used in digital or print communications about that event.
If your personal details change, or you would like to update your communication preferences please notify us at: firstname.lastname@example.org
4. How we use personal data
We will only process personal data for the following purposes:
- To provide and administer the appropriate courses and care for our visiting groups
- To use people’s information and their experience with us to create a case study, if they consent to do so
- To provide you with information about our work, to seek your financial support and to tell you about the impact of your support
- To ensure we know how individuals prefer to be contacted
- To keep records of donations made
- To claim Gift Aid where applicable
- To contact you for administrative or donation processing reasons
- To maintain our accounts to fulfil our administrative purposes
- To respond to requests for information about our work
- To invite you to attend events we are holding
- To analyse the personal information we collect about you, including information in the public domain, to help us understand better your interests and the level of your potential donations, so that we can contact you in the most appropriate way
- To improve our website to ensure that it is kept secure, and that content is presented effectively
- To recruit and manage our staff and volunteers.
Sensitive information may be obtained for children, young people and vulnerable adults when it is needed to ensure their safety and wellbeing while attending one of our courses. When appropriate, consent from a parent, guardian or carer will be obtained before collecting this information.
If you decide you do not wish to be contacted by us, or if you have preferences about how often you would like to hear from us, please email: email@example.com or call us on 01539 723766.
All our email newsletters have unsubscribe links at the bottom to make it easy for you to opt-out of receiving them.
5. How we will share your personal data
We will never sell your data to any third party, nor will we share your data with any other charity, commercial organisation or public body for marketing purposes.
If you make a Gift Aid donation to us, we will share data with HM Revenue and Customs to enable us to claim Gift Aid.
We will only share your data with carefully selected service providers and sub-contractors, for example for fulfilling donations in line with our charitable purposes. These data processors have access to personal information needed to perform their functions, but they may not use it for other purposes. In addition to our supporter database, your data may be loaded into other software such as email marketing platforms.
We may disclose your personal information if we are under a duty to do so to comply with any legal obligation, for example to government bodies and law enforcement agencies.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
6. How we keep personal data safe
The storage of all of our data is managed by our ‘Data Protection Officer’, Nick Liley (Centre Director). Most data will be stored electronically on a secure, encrypted, cloud-based storage solution.
All booking information will be stored within our secure cloud-hosted database and/or secure cloud-hosted storage. We keep do not keep this data for longer than necessary and data will be destroyed after the following time periods:
Booking form – 7 years
Medical & consent forms – 12 years
Financial records e.g. invoices – 7 years (legal requirement)
Donor records – 7 years after last donation (Details concerning major donations (greater than £2,000) will be held indefinitely. Records of donors who have expressed an interest in leaving a gift in their Will, will be retained until they expressly state they will not be leaving such a gift or until four financial years have elapsed from our notification of their death).
Supporter data is entered and stored within a secure, encrypted, cloud-hosted database. We do not keep personal information for any longer than absolutely necessary.
We undertake regular reviews into who has access to information we hold to ensure that your information is only accessible by appropriately trained staff and volunteers.
Our online giving platform offers secure payment processing which is conducted by providers who specialise in the secure capture and processing of online transactions. We do not retain any card payment information.
While we make every effort to keep your data safe, no data transmission over the internet is totally secure. We cannot guarantee the security of any information you send us and you do so at your own risk.
We review the data protection policies of any external companies we use to store and process data, for example, Cinolla, MailChimp and Donorfy.
Emails are not always secure, and they may be intercepted or changed after they have been sent. We do not accept liability if this happens. The contents of our emails reflect their author’s views and are not necessarily those of the Bendrigg Trust.
We would report any serious data breach to the Information Commissioner’s Office (ICO) within 72 hours. In the event of your sensitive data being breached we will notify you of this at the earliest opportunity.
The administration team will process and manage any personal data that Bendrigg receives. All Bendrigg staff have a responsibility to adhere to the policies and procedures in relation to Privacy and Data Protection. Overall responsibility of the data lies with our ‘Data Protection Officer’, Nick Liley (Centre Director).
8. Your data protection rights
You have the right to ask us to stop processing your personal data.
You also have a right to ask us for a copy of the information we hold about you.
If you would like to access the information held by us, please send a description of the information you want to see and proof of your identity by post. We will provide this information within one month from receiving the request. We do not accept these requests by email to ensure that we only provide personal data to the right person. We do not levy a charge for these requests unless they are unfounded or repetitive.
You have a right to instruct us to stop processing your data and delete any information we have on you from our database. We would do this within one month of a request.
For any more information on the above please write to Bendrigg Trust, Bendrigg Lodge, Old Hutton, Kendal LA8 0HW, contact firstname.lastname@example.org or call us on 01539 723766.
You also have the right to lodge a complaint with the data protection regulator, the Information Commissioner’s Office (ICO). For further information on your rights and how to complain to the ICO, please refer to the ICO website – https://ico.org.uk
You can write to the Information Commissioner’s Office at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or phone: 0303 123 1113.
What is a cookie?
Cookies are small text files placed on your computer, mobile or tablet by websites that you visit. Cookies recognise a computer or mobile device when a user returns to a website it has visited previously.
Why are cookies used?
Cookies help improve the performance of websites and provide website owners with information about how the site is being used. Cookies can also help to improve your user experience.
We may use session cookies to understand how you navigate around our website. We consider these necessary to the working of the website. If they are disabled, the website may not function correctly.
We do not use persistent cookies (cookies which remain on your hard drive after you have closed down your web browser) which could track and report on your subsequent browsing patterns.
Other third-party cookies
If we make any significant changes in the way we treat personal information, we will make this clear on our website or by contacting individuals directly.
Last updated January 2022