This Privacy Notice sets out information on how and why Enham Trust (company number 00173199) of Enham Place, Enham Alamein, Andover, Hampshire, SP11 6JS ("we") processes personal information about the people who engage with us in relation to our Marketing and fundraising activities("you"). It also sets out your rights in relation to that information. Under data protection laws we are the "data controller" of this personal information.
It is important that you read this privacy notice to understand your rights. This privacy notice supplements the other notices and is not intended to override them.
How we manage your data
There are 6 key principles under data protection laws which govern how we must deal with your personal information. We must:
- hold and use it lawfully, fairly and in a transparent way
- only use it for specific and lawful purposes that have been explained to you
- make sure that it is adequate, relevant and limited to what is necessary for those purposes
- make sure that it is accurate and up to date
- make sure that we only keep it for as long as is necessary for those purposes
- make sure that it is kept securely
We must also ensure that we comply with relevant privacy legislation that governs how we can send marketing materials to you or tell you about fundraising activities.
What information do we collect about you and how we collect it?
We may collect, use, store and transfer different kinds of personal information about you in order to provide your chosen services to you, which we have grouped together as follows:
· Identity Data includes first name, maiden name, last name, marital status, title, date of birth, next of kin and gender.
· Contact Data includes home address, email address and telephone numbers.
· Financial Data includes bank account and payment card details, financial needs and circumstances, details about payments to and from you, bursaries or grants obtained by you and tax details relating to Gift Aid nominations.
· Services Data includes information relating to your donations and/or fundraising activities and your preferences for getting updates about how our funds are used and future activities for you to get involved with
We do not collect special category data within Marketing and Fundraising.
We collect information via a variety of methods. For Marketing and Fundraising it includes via our website, by telephone, by email or by hard copy form.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
On what grounds do we process your personal information?
We will only use your personal information when the law allows us to. We will rely on your consent in order to contact you regarding our news and events, opportunities to support Enham Trust and to tell you how the amounts you raise are being used by us. You are free to withdraw any consent you have given us at any time by contacting us using the details set out above.
We will also rely on your consent in order to take photographs of activity participants and prepare case studies for the purpose of Marketing and Fundraising. You are free to withdraw this consent at any time by contacting us using the details set out above.
Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us if you need details about the specific legal grounds we are relying on to process your personal information.
Who will we share your information with?
We may have to share your personal information with the parties set out below:
· Service providers who provide IT and system administration services (including cloud based systems), maintenance services or utility services on our behalf
· Professional advisors who are advising us including lawyers, bankers, auditors and insurers
· HM Revenue & Customs, the Care Quality Commission, the Charity Commission, Police, Ofsted or the Health and Safety Executive and other authorities who require reporting of processing activities or access to personal information in certain circumstances
· Third parties to whom we may choose to sell, transfer, or merge parts of our charity or our assets. Alternatively, we may seek to acquire other charities or merge with them. If a change happens to our organisation, then the new owners may use your personal data in the same way as set out in this privacy notice.
· Pictures and fundraising activities may be shared with our wider audience through our Marketing and Fundraising forums, including social media, where your specific consent has been gained.
This list is not exhaustive as there are other circumstances where we may also be required to share information, which we have yet to envisage. In all cases, we will do so in compliance with the GDPR and all applicable laws and contractual obligations which we hold with you
We require all third parties who process personal information on our behalf to respect the security of your information and to treat it in accordance with the law. We do not allow our third-party service providers that are processing your information on our behalf to use your personal information for their own purposes and only permit them to process your information for specified purposes and in accordance with our instructions. Where we disclose information to third parties who are data controllers in their own right, they must comply with all relevant data protection laws and you can exercise your rights against them direct.
Google will use this information for the purposes of evaluating your use of our sites, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
We do not currently transfer your personal information outside the European Economic Area (EEA) other than to those countries approved as having adequate protection for the rights and freedoms of individuals' data by the European Commission. If data is transferred to any other countries we will ensure that we put in place appropriate measures to ensure that we comply with the requirements set out in the General Data Protection Regulation 2016 ("GDPR") for overseas transfers.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, trustees and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will we keep your personal information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Within Marketing and Fundraising we keep personal information for 1 year. Any financial or tax fundraising or donation information is kept for the required length of time in line with HMRC guidelines. We also keep certain information that is provided to us for historical archiving purposes.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your legal rights
Under the GDPR, you have a number of important rights free of charge. These include rights to:
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you (we do not currently carry out any such decision making)
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstance
For further information on each of those rights, including the circumstances in which they apply, see the detailed guidance available from the ICO (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)
Please note that not all of these rights apply in all circumstances – we will explain this to you if applicable when you make a request.
Access to your information
If you would like to exercise any of those rights, please email, call or write to using the contact details set out below and provide us with proof of your identify with the request. You also need to let us know the specific information that you are requesting.
If you make a request, we will respond to you within one month. We will not charge you a fee for dealing with your request (unless your request is manifestly unfounded or excessive, such as where you make repeated requests).
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact them via firstname.lastname@example.org or 01264 345800 (asking for the data privacy manager).
You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
This version was last updated on 24th May 2018
Do you need extra help?
If you would like this notice in another format (for example: audio, large print, braille) please contact us via email@example.com or on 01264 345800 and asking for the Data Protection Manager.