Hello. We are Child.org, charity number 1118528.
If we're collecting data about you, we want you to be clear on how we'll use it, and why we've collected it. This notice should clear things up. If you have any further questions, don't hesitate to drop us an email at firstname.lastname@example.org or call 07751768207.
This notice applies to Child.org International Ltd and all of its subsidiaries in the UK and Kenya.
Child.org's Privacy Notice
What data do we hold?
- If you interact with our charity, we record data about you in a database. This data might include your name, email, phone number, address.
- It will also include info about ways you’ve interacted or worked with Child.org. For example, if you were a Charity Concierge Volunteer for us, your record would have a note that says “Charity Concierge Volunteer, Latitude, 2015” and how much money you raised.
- If you donate to us, we’ll also keep a record of when you donated, how much and why.
- For some activities, you might have submitted additional data such as your height if you're a Ride Africa participant.
Why do we need to store data?
- The reason we keep your data pretty much depends how and why you provided it! If you signed up to Child.org Core, we store the data to provide you with the communications you have signed up for, like your annual report. If you’ve signed up to be a Charity Concierge, we keep the data so we can run the service effectively (put you in a team, let you know when your shifts are). We will never use your data for purposes beyond the one you have provided it to us for, such as marketing, unless you ask us to.
- To protect Child.org's customers, beneficiaries, volunteers and reputation, we may, in extreme cases, store your data to insure us against working with you in future. For example, if you commit to volunteering with us at a festival and fail to turn up with no notice or behave in a matter that is inappropriate, illegal or dangerous at the event, we will store your details to ensure we do not approve you to work as a Charity Concierge again.
- If you ring us up or get in touch, whoever you speak to, we want to be able to remember the awesome things you have done for Child.org so far, and offer you relevant help and advice.
- We might use your records, in an aggregated and anonymous way, to check out how well a campaign or event went. (For example: How many people came to The Shindig this year, compared to last year? Which story on our website encouraged the most people to donate to our Baby Box programme?)
- If you have opted to receive different newsletters and marketing, we might use the data we have to make sure the emails and messages we send are useful and relevant to you.
- We also use data to distinguish whether gift aid can be claimed on donations, and to provide information relating to these donations if requested by HMRC when claiming gift-aid.
Under what legal basis do we hold your data?
- This will depend on where you have submitted your data. You can see a full list at the bottom of the page, but here is a summary to give you an idea.
- Often, we hold it in order to carry out a contract (e.g. when you have purchased something on one of our sites, and we require your details to carry out the order)
- We may also hold your data under ‘legitimate interest’. This is how we hold your information if you have signed up to take part in something - charity concierge, to host a supper club, to take part in harvest fundraising - or if you make a donation to us in any capacity. This legal basis means we only use your data in ways you would reasonably expect and which have a minimal privacy impact. We hold your data in order to support you, and only hold a minimal amount of data, so the privacy impact is minimal. For example, if you held an awesome Supper Club and raised £400 to support our work, you’d reasonably expect us to know who you were when you next emailed us!
- Lastly, we will sometimes hold your data with your specific consent. For example, we will have this when you have signed up to receive a newsletter from us.
Child.org will never:
- Update or complete the information we hold on you by looking up further information on social media or the internet
- Share or sell your data without asking you first (if we have to share your data in order to process the service you have signed up for, this is detailed below)
Where did we get your data?
Child.org do not use any third party sources of personal data. All the data we hold is collected by us personally and directly - when people voluntarily submit their information to Child.org for various different purposes. If we've got your data, it's because at some point you filled in a form and gave it to us.
How long will we keep your data for?
We don’t aim to keep any data for longer than we need to. However, if you do something really great for Child.org, we may need to remember this further down the line, so that we know the part you played in changing the world. Also Child.org would like to be able to recall aspects of our collective story, like who were the amazing people who volunteered at the first ever Charity Concierge festival, for a long time! We think that you'd reasonably expect us to keep your data for these reasons for 50 years, so that's our general retention period. After this point, we will keep the data but remove any and all the identifiable information. (Of course, we'll also happily delete all your data whenever you get in touch and ask us to!)
There is some information which it isn't necessary for us to keep for that long, so we will remove or anonymise it before the 50 years is up. You can see in the final section if your data falls into this category.
Is my data secure?
Yes. Child.org pledge to take all appropriate technical and organisational measures against unauthorised or unlawful processing of your personal data. We also do all we can to protect personal data against accidental loss, destruction or damage.
Who is it shared with?
- Child.org staff and volunteers in the UK and Kenya have access to our database where necessary to do their jobs. They all adhere to our data protection policy and the General Data Protection Regulations due to come into force in May 2018.
- For transfers with anyone outside the EEA (for example, staff accessing in Kenya) - they sign a contract to adhere to GDPR rules, to ensure the highest standard of data protection.
- Data may be accessible by contractors working on our database, who also adhere to our data protection policy & all relevant legislation.
- Child.org will only share your data with third parties if this is clearly and expressly necessary because of the service you have asked up to provide. These instances are listed below.
- If you apply to work at a festival as a Charity Concierge we will share your details with the festival organisers and the local council
- If you make a donation on a fundraising page and request that we give the owner of the page access to your contact details in order to thank you, we will let them access your name and email address.
- If you apply to take part in Charity Concierge Hitch in collaboration with East Africa Playgrounds, we will pass on your contact details to the charity East Africa Playgrounds, who are running the hitchhiking challenge, so they can organise this with you.
- If you are taking part in Ride Africa we will share your relevant medical information with our qualified nurse on the support team, in strictest confidence (we'll remind you of this when you provide the information to us).
- You can request to see all information we hold about you, or for us to remove all of your personal data, at any time by contacting us via email@example.com or 07751 768207.
- You have the right to object to processing if it causes unwarranted and substantial damage or distress, and we will stop any processing.
- If at any point you want to stop receiving direct marketing (if you have opted in for this - we will not automatically send anything to you), just let us know and we’ll remove you from all lists.
- You have the right to correct any incorrect data.
- You also have the right to complain to the relevant supervisory authority, which in this case is the Information Commissioners Office (ICO).
Data processing for different groups - the details
We want to be as transparent as possible about the data we hold, so in this section is more detail about the nature and prupose of any data processing we carry out, based on the groups you may be a part of.
As explained above,we will record some information about everyone we consider a supporter. This is anybody who has had an interaction with us. By virtue of being a supporter, we will hold some or all of hte following categories of data: your name, contact information, event registrations, activities, contributions (donations and event fees), notes about interactions you've had with us or how we know you, gift aid information, and any emails you have received from us.
Generally, and by virtue of being a 'supporter', the nature of the processing will be holding your data on the system, using it in an aggregate way to monitor our p[rojects and campaigns, and viewing and analysing event registrations and activities. Individually we may also use it to contact you (in a non-marketing capacity, unless you have consented to marketing emails) and to ensure we support you as best we can.
You can have a look at this table for a full breakdown of the categories, nature and purpose of data processing above these general points.