References to you, or your, are references to any person accessing this internet site (http://www.handinhandinternational.org/) (the Website).
We may change this policy from time to time by updating this page, so please check it from time to time.
For the purpose of the Data Protection Law (which shall be, up to and including 24 May 2018, the Data Protection Act 1998 and, on and after 25 May 2018, the General Data Protection Regulation (EU) 2016/679, together with any national implementing laws in the UK or any equivalent UK legislation), the data controller is Hand in Hand International, registered charity in England and Wales no. 1113868, whose registered office is Caparo House, 101-103 Baker Street, London, W1U 6LN.
Information we collect
- Information you give us
- information you provide when you make a donation, volunteer, register for an event, register on the Website or correspond with us by phone, email or otherwise. This information may include your name your contact details, including your email address (unless you have stated you would like to remain anonymous; and
- where appropriate, your reason for donating us.
- Information we collect about you
This information may include:
- demographic and other information (which helps us understand donor interests, as well as donor preferences around methods of communication); and
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our office.
- Information we receive from third parties
This includes data we may obtain from the Charity Commission, Companies House, on social media or in newspapers/magazines independent, fundraising sites such as Just Giving, independent payment providers such as PayPal and media intelligence sites such as Meltwater.
How we may use your personal data
We will use this information for our own legitimate business purposes including:
- administration of the charity
- to keep a record of your relationship with Hand in Hand;
- to operate, administer and improve the services and products we provide to you;
- to administer your donation or support your fundraising (processing gift aid, for example);
- to ensure that content from our site is presented in the most effective manner for you and for your computer;
- to detect and prohibit fraud/credit risk;
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- as part of our efforts to keep our site safe and secure;
- market research
- to build a profile of supporters*;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- communication with supporters
- to provide you with information, services or products you requested (including monthly ‘flash’ emails containing news and figures from across the Hand in Hand network; annual and semi-annual reports; and invitations to Hand in Hand events);
- for direct marketing with your consent we will contact you with updates about our progress and to ask for further support (it is possible that we will include information from partner organisations in these correspondences. We will never share your name, email address or any other personal information with any third party for marketing purposes other than in the context of a transfer of our organisation or a reorganisation. You can unsubscribe from email services here. Alternatively please email us at email@example.com or write to us at 101-103 Baker Street, London, W1U 6LN, United Kingdom to unsubscribe).
- to notify you, on occasion, about other relevant news; and
- to ensure that we know and employ your preferred contact methods.
We may combine information we receive from third parties with information you give to us and information we collect about you.
*Building profiles of supporters: We employ profiling to help Hand in Hand make sure our communications are timely and relevant, and to provide our supporters with an improved experience. Additionally, profiling allows us to target our resources effectively – a key priority for many donors. Supporter profiles allow Hand in Hand to understand more about our supporters and, where appropriate, help us make requests for further support. In short, it allows us to raise funds quicker and more effectively.
We will only retain your personal data while we require it for the purposes outlined above or to comply with any statutory retention requirements. Any personal data we retain will be subject to our data retention and destruction policy. Under our data retention and destruction policy all personal data we hold is subject to review and is deleted once it is no longer required for a lawful purpose.
Data security and transfer of information
Please note that transmission of information via the internet is not completely secure. We use a secure server software (SSL) is used to encrypt financial and personal information before we receive it however we cannot guarantee the security of your personal data while it is transmitted to our Website. Any transmission is at your own risk. We are committed to ensuring that your personal data is secure. We have put in place suitable physical and electronic procedures and appropriate technical controls to safeguard and secure the information we collect online.
We store information on computers located in the UK and we may also store information in paper files at our UK office. We take care to keep your personal data confidential and only allow members of Hand in Hand staff, volunteers and contractors who have signed non-disclosure agreements to access personal data. From time to time we may transfer information to other Hand in Hand offices inside or outside the European Economic Area (the EEA). The level of personal data protection in countries outside the EEA may be less than that offered within the EEA however where such transfer and storage occurs we will take steps (which may include us entering into data transfer agreements with the entity outside the EEA based on the model clauses approved by the European Commission) to ensure the protection of your information in accordance with the Data Protection Law.
We will not share your personal data with any third party.
Links to other websites
Under the Data Protection Laws, you have the right to ask us to provide details of the personal data we hold about you free of charge at reasonable intervals. If you believe that any of your personal data that we are holding is incorrect or incomplete, you have the right to request that we rectify the personal data relating to you. You also have the right to request the erasure of your personal data, a right to obtain and reuse your personal data for your own purposes or have the personal data transferred directly to another data controller and the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO at ico.org.uk) about our data processing activities. These rights may be executed by sending an email to firstname.lastname@example.org or writing to us at 101-103 Baker Street, London, W1U 6LN, United Kingdom.
Reporting a data breach
Any and all breaches of the DPA, including a breach of any of the data protection principles shall be reported as soon as it is discovered, to the Head of Finance and Compliance. In their absence, it must be reported to another member of the Senior Management Team
Once notified, the Head of Finance and Compliance shall assess:
- the extent of the breach;
- the risks to the data subjects as a consequence of the breach;
- any security measures in place that will protect the information;
- any measures that can be taken immediately to mitigate the risk to the individuals.
Unless the Head of Finance and Compliance concludes that there is unlikely to be any risk to individuals from the breach, it must be notified to the Information Commissioner’s Office within 72 hours of the breach having come to the attention of the Charity. The Information Commissioner shall be told:
- details of the breach, including the volume of data at risk, and the number and categories of data subjects;
- the contact point for any enquiries (which shall usually be the Head of Finance and Compliance or the CEO);
- the likely consequences of the breach; and
- measures proposed or already taken to address the breach.
If the breach is likely to result in a high risk to the rights and freedoms of the affected individuals then the Head of Finance and Compliance shall notify data subjects of the breach without undue delay unless the data would be unintelligible to those not authorised to access it, or measures have been taken to mitigate any risk to the affected individuals. Data subjects shall be told:
- the nature of the breach;
- who to contact with any questions; and
- measures taken to mitigate any risks.
The Head of Finance and Compliance shall then be responsible for instigating an investigation into the breach, including how it happened, and whether it could have been prevented. This may include hiring an external consultant if required. Any recommendations for further training or a change in procedure shall be reviewed by the trustees and a decision made about implementation of those recommendations.
Changes to this policy
If you have any questions, comments or suggestions, please let us know by contacting us at Caparo House, 101-103 Baker Street, London, W1U 6LN or email email@example.com.