Privacy Notice For Website Users And Supporters

The name of the data controller to which this Privacy Notice refers is Barnabus (Manchester), 45 Bloom St, Manchester, M1 3LY. Barnabus (Manchester) is registered with the Information Commissioner for the United Kingdom and is governed by the Data Protection Act 2018 (DPA 2018) and General Data Protection Regulation 2018 (GDPR 2018) in relation to the retention and processing of personal data.

Barnabus (Manchester) is committed to safeguarding the privacy of our website visitors and supporters. This Privacy Notice explains how we collect information and how we will treat your personal information.

This Privacy Notice covers personal data collected or processed via the website of Barnabus (Manchester), which is located at www.barnabus-manchester.org.uk, and of ReNu (our furniture up-cycling project) at www.renu-barnabus.com.

This Privacy Notice also covers personal data provided by our supporters at any of our sites, over the telephone, by email or at any events organised or attended by Barnabus (Manchester). It does not cover third party websites to which there are links within our website. We use the term ‘supporter’ to mean any member of the public or individual within a corporate supporter who supports or follows our work by way of material or financial donation, fundraising, request for mailings or purchases or other similar involvement.

The Data to which this Notice Applies
The type and amount of information we collect depends on how you use the website or how and why you provide us with information. We collect some data, for example regarding website usage or number of participants at an event, which is anonymous. Some anonymous data regarding website usage is also collected on our behalf by a third party, namely Google Analytics. Because this data is anonymous, it is not linked or linkable to any individual and is therefore not covered under the scope of this Notice.

This Privacy Notice covers the use of personal data, as defined by s.2-3 Part I DPA 2018. We may obtain personal data about our website users and supporters in the following circumstances:

  1. Data voluntarily provided by website visitors in order that we can add their details to our mailing list;
  2. Data voluntarily provided by website visitors via a third party processor, namely Mailchimp, in order that we can add their details to our mailing list;
  3. Data voluntarily provided by website visitors in order to make a donation. This data will be processed by Barnabus (Manchester) where a donation is made via the on-line giving platform which is embedded on our website. Where a donor chooses to use a third party giving platform such as PayPal, Squarespace or IZettle, Barnabus (Manchester) does not act as the data processor. Where we provide links to these platforms through on the Barnabus (Manchester) website, we will take reasonable steps to ensure that these organisations are compliant with all aspects of DPA 2018 and GDPR 2018 and will review on-going compliance at regular intervals. Website users are directed to the Privacy Notices of these 3rd party data processors;
  4. Data voluntarily provided by website visitors in order to make a purchase from the Barnabus (Manchester) or ReNu shop. This data will be processed by a third party processor, namely Paypal. We will take reasonable steps to ensure that Paypal is compliant with all aspects of DPA 2018 and GDPR 2018 and will review on-going compliance at regular intervals. Website users are directed to the Privacy Notices of these 3rd party data processors;
  5. Data voluntarily provided by supporters in order to upload or administer a guest blog or fundraising page on our website;
  6. Data voluntarily provided by applicants for volunteering posts through the volunteer section of our website;
  7. Data voluntarily provided by supporters or other members of the public at events in order for us to add their name and postal or email address to our mailing list, or in order for us to process a financial donation;
  8. Data voluntarily provided by supporters who visit the Support Office to make a financial or material donation, in order that we can add their details to our mailing list or to send a letter or certificate of thanks;
  9. Data obtainable from public sources, which we may occasionally use to ensure that the personal data that we store is accurate.

How we Use Your Personal Data

Barnabus (Manchester) will never collect and process your personal data without your knowledge and consent.

We use the personal information we hold about websites users and supporters only for the following purposes:

  1. To contact you about the charitable work of Barnabus (Manchester) and ReNu. This contact will be by way of our periodic newsletter, in addition to occasional events bulletins, donations requests and e-mail updates. Where this contact is in electronic form, we need your consent to do this. Where we contact you by post because you have consented in the past, even if that consent was verbal, we will continue to contact you by this method unless you object to us doing this;
  2. To administer the guest blog and fundraising pages on our website. The basis for processing this data is consent;
  3. For the purposes of promoting the charity, its causes or fundraising activities of the charity or its supporters through social media. This processing will be by way of consent, except where the data has already been made public by the data subject by way of our fundraising page or guest blog on our website, or through social media, in which case the basis for processing will be our legitimate interest;
  4. If a disclosure is required by law, for instance in order to comply with a search warrant or court order or to comply with our obligations regarding Gift Aid. Disclosure in this case will not exceed the extent required by the applicable law;
  5. In order to fulfil a contract, for instance if you make a purchase from ReNu then we need to process your data in order to arrange a delivery of the goods;
  6. If we have a legitimate interest in processing your data, where we have considered any detrimental impact of this on you and consider that on balance it is reasonable for us to do this. For instance, we have a legitimate interest in processing your data in order to process a donation that you have made. Or if you make a purchase through ReNu, we may contact you after delivery to ensure that you were happy with the purchase and with the service in general. We do this in order to make sure that we are operating effectively and that we maintain good relationships with our supporters by ensuring their satisfaction and dealing with any problems;
  7. If we have a legitimate interest in processing your data in order to process an application for volunteering. This may include contacting 3rd parties where you have given their details and consented to them being contacted to act as a referee in support of your application.

How we Protect your Personal Data
Your personal data will be kept by the Barnabus (Manchester) in a secure environment. Personal data will only be used as set out in this Privacy Notice. Where a 3rd party such as Paypal, Mailchimp or Charity Choice is used to process personal data on our behalf, we will regular review their Privacy Notices and the terms of our contract with them to ensure that they remain compliant with the GDPR 2018.

How Long We Retain Your Personal Data

We will retain your personal data whilst it is still required for the purposes set out above and whilst we still have your consent to do so, or where consent is withdrawn, there is another ground for retention of your data. You can make a request for us to delete your personal data at any time, as detailed below.

 

Your Rights In Relation To Your Data

The GDPR 2018 sets out the way in which we can collect, store and process your personal data. They also gives you (the ‘data subject’) various rights in relation to your data. These include:

  1. The right to be informed: You have the right to be informed in a clear and accessible way of how your personal data is collected, stored and processed. This Privacy Notice is designed to do this, however, please let us know if you need further information about this.
  2. The right of access: You can request access to an electronic copy of the data that we hold about you and details of how that data is processed. We normally need to provide this to you free of charge within 1 month;
  3. The right to rectification: You are entitled to have your personal data corrected if it is inaccurate or incomplete. We normally need to comply with this request within 1 month;
  4. The right to erasure: You have the right to request deletion of your data, We must comply with this if the reason for processing your data is consent and there are no other lawful grounds for retaining your data. We normally need to comply with this request within 1 month;
  5. The right to restrict processing: You have the right to ask us not to process information for certain purposes. This may be for example because you disagree with some information that we hold and do not want it used until it is rectified. If you request this, we are entitled to retain the data but not to process it for a period of time whilst the issue in question is resolved. We must comply with such a request within 1 month, and must give you reasons if we decide to refuse the request. If we restrict processing as a temporary measure and then wish to resume processing, we must let you know in writing before we resume processing.
  6. The right to object: You have the right to object if you disagree with the specific way in which we are using your personal data. We normally need to comply with this request within 1 month. If the objection relates to direct marketing, including fundraising activities, then we must comply with this request.

 

What Happens In The Event Of A Data Breach

A data breach is a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.

 

Where we become aware of a breach that may result in a risk to your rights and freedoms of individuals, we will report this to the Information Commissioner’s Office within 72 hours, as required by the GDPR. If the nature of the breach is likely to result in a high risk to your rights and freedoms of individuals then we will also try to notify you of the breach.

How To Contact Us About Your Data

All email correspondence and contacts via Mailchimp will carry an unsubscribe option. Emails sent by Barnabus (Manchester) will also carry an unsubscribe option. Any request to unsubscribe via these methods will be dealt with promptly.

Additionally, you can write to us at [email protected] if you have any questions about this Privacy Notice, or want to exercise any of your rights as detailed above. You can also write to us at Barnabus (Manchester), 45 Bloom St, Manchester, M1 3LY or ring us on 0161 237 3223. Please mark any correspondence or email for the attention of the Data Protection Compliance Manager.

Simple requests such as correcting an error in your data or recording a change of circumstances can often be carried out by any staff member. If you would like to request access to the personal data that we hold about you, we need this request in writing (including email) and we will need to verify your ID.

Once we receive a request from you, we will deal with it in the timescales listed above and will contact you to confirm that your request has been processed. If we need longer to comply with your request, or we are unable to do so for any reason, we will let you know in writing together with reasons.

In the event that you wish to make a complaint about the use of your personal data, please make this complaint in writing for the attention of the Data Protection Compliance Manager. We will aim to deal with any complaint within 28 days and will write to you to notify the outcome or to let you know if we need more time to deal with your complaint.

If you make a request to exercise any of your rights, or make a complaint, please ensure that you provide your full name and email or postal address to enable us to respond to you.

In the event that you are not satisfied with our conduct or the outcome or any decision that we have made in relation to your data, you have the right to complain to the Information Commissioner’s Office. You can do this online at www.ico.org.uk, by phone on 0303 123 1113, or in writing to Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

10th October 2018

Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behavior of our users and supporters to help us gain a better understanding of them to enable us to improve our services.  This may include connecting data we receive from you on the website to data available from other sources.  Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us.  In the case of this activity the following will apply:

  1. Your data will be made available to our website provider
  2. The data that may be available to them include any of the data we collect as described in this privacy policy.
  3. Our website provider will not transfer your data to any other third party, or transfer your data outside of the EEA.
  4. They will store your data for a maximum of 7 years.
  5. This processing does not affect your rights as detailed in this privacy policy