Updated 1st March 2019
This privacy statement covers the use of our website and how we process the personal information of the people who support our work. We’ve included the information that we think you’d like to know about our website, internal record keeping and marketing communications, such as our e-mail newsletter for supporters.
Your privacy is important to us and we are committed to ensuring that your personal information (this means any information that identifies or could identify you) is secure and used and stored in a fair, open and transparent manner.
Should we ask you to provide information by which you can be identified then you can be assured that it will be used in accordance with this privacy statement and current UK data protection legislation. We may update this Privacy Statement from time to time so please check this page regularly to make sure you are happy with any updates.
This version was last updated on 4th February 2019.
If you use one of our services, we will talk to you directly about how we collect and process your information for that service. For more information please speak to your service manager or email firstname.lastname@example.org
- Who we are
For the purposes of this website, our supporter communications and our related internal record keeping, we are a ‘data controller’ relating to the Data Protection Act 1998 and from 25th May 2018 the EU General Data Protection Regulation 2016/679 (‘Data Protection Law’). This means that we are responsible for and control the processing of your personal information.
If you would like to further information about our privacy practices, please contact our Data Protection Officer by:
- Writing to The Benjamin Foundation, 23-27 St Andrews St, Norwich, Norfolk, NR2 4TP
- Calling us on 01603 615670
- Emailing to email@example.com
- How we collect information about you
We collect information from you in the following ways:
- When you interact with us directly: This could be if you register with us for an event, make a donation to us, fundraise for us, support us with gifts in kind or donations, volunteer, apply for a job or otherwise provide us with your personal information. It could also include if you work in professional services who we or our service users engage with. This includes when you phone us, or get in touch through email, post, or in person or access any of the services that we provide.
- When you interact with us through third parties: For example if you fundraise for us through a third party such as Virgin Money Giving or use one of the other third parties that we work with, such as Mailchimp, the email marketing platform that we use for our supporter communications, and event management platform Eventbrite and give your permission for your personal information to be shared with us.
- When you visit our website: Through tools such as Google Analytics, we collect anonymous information which does not identify individual visitors to our website. We gather general information which might include those pages that are visited most often and we use this information to make improvements to our website and to ensure we provide the best service and experience for you. We also use ‘cookies’ to help our site run effectively. Please also see 13. Cookies.
- We may also track which pages you visit when you click on links in marketing emails from us.
- The information we collect and why we use it
Personal information we may collect includes details such as your name, date of birth, email address, postal address, telephone number, photographs/film as well as information you provide in communications between us. You will have given us this information whilst making a donation, registering for an event, or any of the other ways to interact with us.
Why we use this information:
- To process your donations or other payments, to claim Gift Aid on your donations and verify any financial transactions. We will collect your credit/debit card details if you are making a purchase on our website. We do not store your card details; all payments via our website are securely passed to our payment processing partners, PayPal and SagePay according to the Payment Card Industry Security Standards.
- To process details of the support you have provided to us, including volunteering or fundraising for us for internal record keeping.
- To provide services that you have requested.
- To update you with important administrative messages about your donation, an event or services you have requested.
- To comply with charity legislation and follow the recommendations of the official regulator of charities, the Charity Commission.
- To keep a record of your relationship with us. We may process personal information to ensure we have a record of your relationship with us on our database and use this for analytical purposes to help us understand our supporters, and to promote support for our charity.
- To understand how you use our website.
We may also use your personal information to contact you about our work and how you can support us (see section 8 on ‘Marketing’ below for further information) or to invite you to participate in surveys or research to help us improve our service to you, for example by inviting you to provide feedback about services or events, but only if you give us your permission to do so.
We keep your personal information secure in line with the Data Protection Bill/General Data Protection Regulations. We only allow authorised staff to access your information we hold when they have a legitimate business need.
- Legal basis for using your information
In most cases, we will only use your personal information where we have your permission or because we need to use it in order to fulfil a contract or an obligation.
However, there are other lawful reasons that allow us to process your personal information and one of those is called ‘legitimate interests’. This means that the reason that we are processing information is because there is a legitimate reason for us to do so, for example there may be a direct and appropriate relationship or individuals have a reasonable expectation that their data will be processed. For example if you register for one of our events, we will have a record that you are attending/attended and will contact you to give you the information you need relating to or arising the event, or if you make an online purchase from our website.
Whenever we process your Personal Information under the ‘legitimate interest’ lawful basis we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
Some further examples of where we have a legitimate interest to process your personal information are where we use it for analytical purposes, conducting research to better understand who our supporters are to improve our service, for our legal purposes (for example, dealing with complaints and claims), or for complying with guidance from the Charity Commission and financial reporting.
- Marketing Communications
We will only send you our marketing communications if you have agreed to receive these from us. We will only contact you by the method(s) by which you have specified, for example by email or telephone. We will only send you communications about subjects you have told us you want to hear about.
You can update your preferences or unsubscribe from these communications at any time by contacting firstname.lastname@example.org or clicking the unsubscribe/update your preferences link on our communications.
- Sharing your Information
We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web browsing activity.
The personal information we collect from you will be used by our staff and a small number of approved volunteers so that we can support you or keep a record of the support you provide and your relationship to us.
We may however share your information with our trusted partners and suppliers who work with us or on our behalf to deliver our services, such as Mailchimp for supporter communications and SagePay for our website shop function. The processing of this information is always carried out under our instruction. We make sure that they store data securely, delete it when they no longer need it and never use it for any other purposes. We enter into contracts with these service providers that require them to comply with UK Data Protection Laws and ensure that they have appropriate controls in place to secure your information.
- Legal disclosure
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our conditions of sale and other agreements.
- Keeping your information safe
We take the security of your information very seriously. We’ve implemented appropriate physical, technical and organisational measures to protect the personal information we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.
However the transmission of information using the internet is not completely secure therefore we cannot guarantee the security of data transmitted to/via our website.
Our website may contain links to other websites. However you should note that we do not have control over any other website therefore we accept no responsibility for the protection and privacy of any information which you provide while visiting other sites and such sites are not governed by this privacy statement.
- How long we hold your information for
We hold personal information for as long as is reasonable and necessary, which may be to fulfil statutory obligations (for example, the collection of Gift Aid), to help us understand our supporters and to keep a record of our relationship with you.
We review our practices regularly to ensure we do not hold personal data for longer than it is required.
- Your rights
You have the right to choose to restrict the collection or use of your personal information.
If you have previously agreed to us using your personal information to send you marketing communications, such as receiving our supporters e-mail newsletter, you may change your mind and unsubscribe at any time by any of the following:
- Clicking ‘unsubscribe’ in our email newsletter
- By emailing email@example.com
- Writing to us at The Benjamin Foundation, 23-27 St Andrews St, Norwich NR2 4TP.
We may keep a record to say that you do not wish to hear from us and a date against your basic details so we don’t email you by mistake, but we will delete all other records we use for marketing purposes that we do not have a legal obligation to keep.
If you believe that any information we are holding on you is incorrect or incomplete, or if you have any concerns about how we hold or use your personal information, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect or take the necessary action in line with our data protection policy to safeguard your personal information.
You may request details of personal information which we hold about you under the Data Protection Act 1998 and General Data Protection Regulations 2018. If you would like a copy of the information held on you please write to The Benjamin Foundation, 23-27 St Andrews St, Norwich, Norfolk, NR2 4TP.
You have the right to request to see all the information we hold on you which we will provide within 30 days, free of charge. This is called a Subject Access Request. To do this please email firstname.lastname@example.org If you have additional needs, we will offer you the appropriate support for you to access the information you require.
If you have concerns about how we manage or keep your data, you can contact our Data Protection Officer on email@example.com who will work with you on ensuring that we follow our internal processes and address your concerns.
You can report us directly to the Information Commissioner’s Office https://ico.org.uk/ who are the governing body for data protection. They will ask you for our registration numbers:
The Benjamin Foundation Registration Number is Z8712524
Ben’s Social Enterprise Ltd Registration Number is Z3504600
- Our website:
We use a third party service, WordPress Content Management System (CMS) to host The Benjamin Foundation website. Our website search function is powered internally by WordPress. Search queries and results are logged anonymously to help us improve our website and search functionality. No personal data is collected through this search function by us, WordPress or any third party.
Keep in touch link: If you choose to receive our supporter communications, you can opt in through our Keep in Touch page, through a widget to our secure Customer Record Management system, Donorfy. We collect and store your personal information securely in Donorfy. More information about Donorfy can be found here.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
- People who feature on our website:
If we wish to use your photograph, film, case study or event on our website prior to publishing it we will seek your explicit permission. We will explain what we will do with your case study, photograph or event and you can tell us where we can and can’t use it.
If you change your mind in the future, you can ask us to remove the information. Please contact firstname.lastname@example.org and we will remove it within 7 days of your request, sooner if possible. Please note that in the context of printed materials, such as our annual review, it may not be possible to remove your photograph/case study but we will ensure it is not reprinted in the future.
We reserve the right to remove any photo, event, case study or article from our website or social media at any time without prior notice. We will also not use case studies that are older than two years on our website.
A cookie is a small file of letters and numbers that is downloaded onto your computer when you visit a website. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Cookies are used by many websites and can do a number of things, such as remembering your preferences, recording what you have put in a shopping basket, and counting the number of people looking at a website. They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can’t be used to identify you.
For guest users of the website, WordPress will not set any cookies.
The cookies we use:
On our website, we use Sharethis, which uses one standard first-party cookie.
Our website shop uses WooCommerce. To keep track of cart data, WooCommerce makes use of 3 cookies:
The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie (wp_woocommerce_session_) contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
More information can be found here: https://docs.woocommerce.com/document/woocommerce-cookies/
We embed YouTube videos on our website, which use 3rd party cookies
Learn more about cookies:
You can find out how to control and delete cookies in your browser. Please note if you change your cookie preferences our website may not function for you as we would like it to. For further information about cookies please visit www.allaboutcookies.org
- Social Media
We have Facebook, Twitter, Instagram and YouTube social media accounts.
You should always exercise caution and discretion in deciding what information you disclose on social media. If you contact us via social media please consider the information you share, as these are third party platforms and you should be mindful of their terms and conditions when you registered.
If you message us via these platforms, we may need to pass the details to another department or manager within our organisation in order to deal with your query appropriately. Once we have dealt with your question or concern, we will delete your message.
- People who email us:
When you email us, whether via our website or otherwise, you need to be aware that this may not be secure and that any emails we send or receive may not be protected in transit, therefore you may wish to limit the information you provide. Should you prefer to contact us by telephone, you can do so by contacting our Head Office on 01603 615670.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
- Supporter Communications:
If you choose to receive marketing communications from us, this would usually be in the form of our Supporters ‘News at Ben’ email newsletter. However there may be some circumstances where we use other methods to contact you if you give us your permission to do so.
If you give us permission to send you our supporter marketing communications, we will send you information which we think you may find interesting, including events and news from our charity using the email address you have provided. You may opt out of this or change your preferences at any time by clicking the unsubscribe or update your preferences link on email, or by contacting us on 01603 615670 or email@example.com
We will collect the personal data which you choose to provide us with, which may include your name, address and email address and your preferences about how you would like to be contacted to ensure we act in accordance with your wishes.
We use email marketing platform Mailchimp to deliver our supporters newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our supporters’ newsletter.
We monitor the success of our email marketing communications with supporters by tracking information such as open rates and link clicks. From this, we can see which supporters are engaging with our newsletters and what they are interested in. We only want to send you information which is of interest and this helps us to do just that and shape our future emails to you.
By choosing to receive our supporter communications by email you are agreeing that we can transfer and store your personal identifiable data (such as your name, email address and preferences) outside of the EU to Mailchimp’s United States data centre. Mailchimp are registered as part of the Privacy Shield, which enables the EU to transfer data to the US. We have a Data Protection Addendum in place requiring that, in relation to The Benjamin Foundation’s Mailchimp account, they agree to Data Protection laws in the EEA.
We use third party event management platform, Eventbrite when organising events. Any personal details that you provide to Eventbrite, such as your name, address, email address or financial information will be transferred outside the EEA to the United States. Eventbrite are ISO27001 compliant in addition to being registered with the US Privacy Shield.
Supporters who do not wish to use Eventbrite, can still register for our events by contacting firstname.lastname@example.org
- Marketing and Fundraising database/CRM of supporter information
For our Marketing and Fundraising purposes, we store personal information on our Customer Relationship Management (CRM) platform managed by a third party, Donorfy. Donorfy is hosted in Microsoft Azure’s secure cloud platform in European data centres in the Republic of Ireland and The Netherlands. Only authorised personnel within Donorfy or their approved partners have access to your data. The Benjamin Foundation restricts access to the information we hold about you to authorised personnel who have legitimate business needs to process your information.
You can read Donorfy’s security policy here https://donorfy.com/security/
We use third party platforms which integrate with Donorfy – Mailchimp and Eventbrite. In order to perform the integration it transfers data from Donorfy’s European Azure Centre in the European Economic Area (EEA) to their servers in the United States.
We will hold information on Donorfy to help us understand and manage our relationships and activity with, for example:
- Donors and Fundraisers
- Charitable Trusts and Foundations
- Event Attendees
- Supporters who have subscribed/unsubscribed to marketing communications
We may also collect and store additional data provided by you to us to help us to cater for your needs. For example if you have a disability, book onto one of our events and require some additional support.
- Making a complaint
For our full complaints procedure, please see http://benjaminfoundation.co.uk/complaints
To make a complaint, please contact us at:
The Benjamin Foundation,
23-27 St Andrews Street,
Telephone: 01603 615670 | Email: email@example.com
If you have any questions about any aspect of this privacy statement, please contact us on 01603 615670 or email firstname.lastname@example.org