Privacy Statement (updated May 2018)
Explaining the legal bases we rely on use your data
The law on data protection [General Data Protection Regulation (2016/679 EU) (GDPR)] sets out a number of different reasons for which a company may collect and process your data, including:
- Legitimate Interest - in some situations we will process your data to pursue our legitimate interests as a charity, in ways which might reasonably be expected as part of running the charity and which do not materially impact your rights, freedom or interests. For example, one of our charitable activities is to bring together members of voluntary and community sector organisations in the pursuit of our charitable objects, and we will use data you provide to us to contact you with the latest news about our forums and meetings, by email, post, or phone.
- Legal compliance - if the law requires us to, we may need to collect, store and process your data. For example, we pass on your contact details to HMRC if you claim Gift Aid on your donation to us.
- Consent - in specific situations we may process your data with your consent. For example, if we need to pass your details on to a third party as part of the service we offer you, we will only do so with your consent.
When we collect information about you
- When you sign up to volunteer
- When you request services from us
- When you donate to us
- When you sign up to our newsletter
- When you sign up to attend an event
- When you email us
- When you contact us by post
- When you contact us by phone
- When you engage with us via our website or social media
- When you respond to one of our questionnaires
What information we collect about you
- We collect personal data, including name, email address, postal address, post code and telephone number
- If you offer to volunteer, use one of our service, or offer pro-bono services, we maintain a record of this so we can contact you if required.
- We may collect dietary requirements for certain events
- We may collect accessibility requirements for certain events
- We may collect sensitive personal data on diversity - including age, disability, sexual orientation, race and gender during recruitment, in the follow ups to events, or when you use one of our services. This data anonymised and analysed so we can plan to reach as diverse an audience as possible in order to achieve our charitable objectives and/or fulfil our Equal Opportunities Policy and as such, will not be stored with your personal data.
- We occasionally email optional questionnaires in order to learn more about our contacts and supporters. We may collect and analyse sensitive personal data such as views or opinions.
- We collect information about your engagement with our emails - if you have opened them and if you have clicked on the links in the email.
How and why do we use your personal data?
- We use your personal data in order to achieve our aims as a charity - our key charitable objects are the advancement of education, the protection of health, and the relief of poverty, distress and sickness
- We use your personal data to inform you of ways in which you can get involved, and ways in which you can support us - including fundraising.
- We use your personal data to process donations to us.
- We use your personal data to find out how engaged our contacts and supporters are in the content that we email them, so we can modify as necessary in order to better achieve our charitable objectives.
- We use anonymised personal data to measure the impact of content on our website, mailings, and service, to learn how we can more effectively communicate digitally.
- We use anonymised personal data to detect trends in the demographics and interests of those who support us.
- If you have applied for a paid or volunteer role, we will use the information provided to us to assess your suitability for the role.
- The data privacy law allows this as part of our legitimate interest in maintaining our operations to work towards achieving our charitable objectives.
- You are free to opt out of communications with us at any time - please email firstname.lastname@example.org
We do not store your credit or debit card details or bank account details
Credit and debit card donations to Southampton Voluntary Services are processed by BT MyDonate and your card details are not stored by us and cannot be seen or used by our staff. Card information is only used for the purpose of taking donations.
How long do we keep your information?
- If you donate to us, we will keep your information for 6 years after the financial year in which you make your last donation.
- If you are on our mailing list, we will keep your information for 5 years after your last engagement with one of our mailings.
- If you have emailed us, we will keep your information for 3 years after your last engagement with a member of our staff.
- If you have applied for a paid or volunteer role, we will keep your information for a maximum of 12 months.
- If you use one of our services, we will keep your information for 2 years after you last engaged with the service.
- If you are a current volunteer, we will keep your information for up to 7 years after your placement ends.
- At the end of the period, your data will be deleted or anonymised.
- Any paper records will be securely shredded and disposed of.
How do we store your data?
- All transactional areas of our website use secure 'https://' technology, which encrypts any data sent to us.
- We store your data in a password protected, encrypted CRM system (Salesforce) which only staff have access to.
- We store any sensitive data on paper securely in our locked office.
- We store all email communications on Microsoft Office 365 and Salesforce, both protected by their own robust security.
- We store documents on our own in-house servers, which are security protected digitally by Healthcare Computing Ltd, and are physically locked secure room within the SVS building.
Who do we share your personal data with?
- We only share your data when necessary to perform the task you expect us to perform. We will only share your data with trusted third parties who take data protection seriously. Depending on why you have provided your data to us, we may share this with:
- our banks (RBS)
- our financial auditors (BDO Ltd)
- a delivery service (e.g. Royal Mail or other courier service)
- our IT company (Healthcare Computing Ltd)
- Event venues
- Our email and cloud storage (Salesforce, Office 365)
- Web analytics software (Google Analytics)
- Occasionally we will ask for your consent to share your contact details with someone else who engages with our charity. For example, if you are interested in collaborating in your local area, we may ask if we can share your contact details with other activists in your local area.
- We never share data with third parties for their own purposes.
What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you
- The correction of your personal data when out of date, incorrect, or incomplete
- That we stop using your personal details for marketing and communications (including our newsletter and fundraising)
- That we stop any consent based processing when you withdraw that consent
- The right to have your data removed completely from our systems.
- The right to ask how we process your data.
You can contact us at any time email@example.com tel: 023 8022 8291 and speak to Rob Kurn, deputy Chief Executive. If the request is manifestly unfounded, excessive or repetitive, we reserve the right to charge a 'reasonable fee', as per the Information Commissioner's Office guidance.
How can you stop the use of your personal data for legitimate interest direct marketing?
- click the 'unsubscribe button' at the end of all our mailings or reply to email stating “unsubscribe”.
- email firstname.lastname@example.org
- write to Southampton Voluntary Services, Kingsland Square, St Mary Street, Southampton, SO14 1NW.
How can you contact the regulator?
If you feel that we have not handled your data correctly, or you are unhappy with the response to any of the requests you have made to us about how we handle your data, you have the right to contact the Information Commissioner's Office. You can call them on 0303 123 1113 or via their website.
Please email email@example.com or call 023 8022 8291 and ask to speak to Rob Kurn, Deputy Chief Executive.
Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website, or another website, to recognise your device the next time you visit.
Using cookies helps us to provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You have the ability to prevent your computer from accepting cookies but, if you do, certain functionality on the website may be impaired. Information on how to manage cookies within your browser can be found below.
Managing your browser cookies
Changes to this statement
Any changes to our Privacy Statement will be placed here and will supersede this version of our Policy. We will take reasonable steps to draw your attention to any changes in our Policy. However, to be on the safe side, we suggest that you read this document each time you use the web site to ensure that it still meets with your approval.
If you wish to be removed from our mailing list please contact firstname.lastname@example.org