At Bendrigg we take personal information, security and communication preferences seriously. We aim to be clear when we collect personal data and to not do anything that people wouldn’t reasonably expect.
Developing a better understanding of our visitors and supporters through their personal data allows us to make better decisions, fundraise and market more efficiently and, ultimately, helps us to achieve our charitable objective. We have made improvements to this policy to make it more understandable to our visitors and supporters.
Where do we collect information from?
- When people give it to us DIRECTLY
- When people give it to us INDIRECTLY: e.g. group leaders who have received information from parents or carers of the participants
- When people give permission to OTHER ORGANISATIONS to share or it is available publicly
- Information available publicly – newspaper articles, social media and other websites
- When people visit our Website which will include cookies
What personal data do we collect and how do we use it?
- Personal data collected
We collect data from our staff, trustees, volunteers, participants and our supporters and donors. We usually collect:
- Name, Contact details, Date of birth, Bank or Credit Card details
- Where it is appropriate or necessary we may also ask our visitors and staff for information relating to your health
- We may also collect data and record any correspondence we have with people.
- How we use it
- To provide the appropriate courses and care for our visiting groups
- To administrate bookings and donations
- To keep a record of individuals relationship with us
- To ensure we know how individuals prefer to be contacted
- To see how we can improve our services
- To help with our marketing and fundraising
- To use peoples information and their experience with us to create a case study. Individual’s explicit permission will be gained before we do this.
We include information of how people can opt out when we send marketing or fundraising material.
We will only contact people if we believe we have a legitimate interest to do so. However, if people do not wish to be contacted by us please they can email us email@example.com or call us on 01539 723766.
How do we manage children, young people or vulnerable adult’s data?
- Sensitive information will be obtained for children, young people and vulnerable adults when it is needed to ensure their safety and wellbeing whilst at Bendrigg Trust.
- Where appropriate consent from a parent/guardian or carer will be obtained before collecting this information
How do we keep personal data safe and who has access to it?
- The storage of all of our data is managed by our ‘information security officer’.
- Most data will be stored electronically on a secure and protected server
- All booking information will be secured in a locked cupboard and will be destroyed within five year
- Medical forms/data will be secured in a locked cupboard or will be stored electronically on our secure server and will be destroyed within 10 years
- We undertake regular reviews into who has access to information we hold to ensure that your information is only accessible by appropriately trained staff and volunteers
- We review the data protection policies of any external companies we use to store and process data e.g. E-Tapestry and Mail Chimp on an annual basis. Your data will not be sold or passed on to any third party for marketing or fundraising purposes
- We may need to disclose your personal details to the emergency services if this is required
- We will only ever share your data in other circumstances if we have your explicit and informed consent
- We would report any serious data breach to the ICO within 72 hours. In the event of your sensitive data being breached we will notify you of this without undue delay.
How do we keep your information up-to date?
- We would appreciate it if individuals would let us know if their contact details change
- We may contact individuals if we need to ensure we have your correct details on file.
The administration team will process and manage any personal data that Bendrigg receives. All Bendrigg staff have a responsibility to adhere to the policies and procedures in relation to Privacy and Data Protection. Overall responsibility of the data lies with our ‘Information Security Officer’, Nick Liley (Principal).
How do people find out what we know about them and how do we make changes?
Anyone has a right to ask us to stop processing their personal data
- People have a right to ask us for a copy of the information we hold about them.
- If individual want to access their information held by us, they must send a description of the information they want to see and proof of their identity by post. We will provide this information within one month from receiving the request. We do not accept these requests by email so that we can ensure that we only provide personal data to the right person. We may charge £10 to cover any administration costs involved
- For all questions email firstname.lastname@example.org or call us on 01539 723766.
Asking us to delete your data
Individuals have a right to instruct us to stop processing their data and delete any information we have on them from our database. We would do this within one month of a request. Please contact email@example.com or call us on 01539 723766.
When we make changes to this policy
- We may change this policy from time to time. If we make any significant changes in the way we treat personal information, we will make this clear on our website or by contacting individuals directly
- All questions, comments or suggestions should be directed to firstname.lastname@example.org or call us on 01539 723766.
Last Updated January 2021