DEC Privacy Policy 2.7

Contents

1. Overview

1.1 Summary

1.2 Use of this Policy

1.3 Changes to This Policy

2. Your Data

2.1 What Personal Data we hold on you

2.2 The Purpose for having it and our legal reason for doing so

2.3 How Long we keep it for

2.4 How we secure and maintain it

2.5 Necessary Processors

2.6 Who we share it with and how

2.7 International Transfer of Personal Data

3. Your Rights & Accessing Your Data

4. Donating on behalf of someone

5. Technical

5.1 First Party Cookies

5.2 Third Party Cookies

5.3 IP Address

6. Contacting DEC

 

 

1.OVERVIEW

1.1. SUMMARY

  • The DEC is committed to protecting and respecting your privacy and complying with the principles of the Data Protection act and E.U General Data Protecton Act (GDPR). This policy sets out the basis on which any personal data we collect from you, or that you provide to us through your use of our website, will be processed by us.
  • Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
  • The data controller is the Disasters Emergency Committee, Ground Floor, 43 Chalton Street, London, NW1 1DU, United Kingdom. This means that DEC alone determines how your personal data will be used in relation to services we provide to you.
  • We are committed to processing information about you fairly and in a transparent manner and the aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data. If you are unsure how we are handling information about you or you think we could improve our privacy information please let us know.

 

1.2. USE OF THIS POLICY

This Privacy Policy describes how DEC collects, uses and discloses information, and what choices you have with respect to the information.

Updates in this version of the Privacy Policy reflect changes in data protection law. In addition, we have worked to make the Privacy Policy clearer and more understandable by:

  1. Arranging into sections
  2. Providing clear examples to show how the policies may be implemented by DEC
  3. Outlining what your rights are around these policies

 

1.3. CHANGES TO THIS POLICY

We may change this privacy policy from time to time but if we change it in a way which significantly alters the terms upon which you have agreed to use our website, we will post notice of the change on our website and you will be deemed to have accepted such changes. This privacy notice was last updated April 2018.

 

2.YOUR DATA


2.1. WHAT PERSONAL DATA WE HOLD ON YOU

Depending on the services you interact with, we may hold the following personal data on you;

  • Names
  • Addresses
  • E-mail addresses
  • Telephone number
  • Gift aid status
  • Encrypted Credit Card details in the form of a secure token (this can not be used to make payments)
  • Details of your visits to the DEC website and the resources that you access using cookies. See 5.1 for further information about our use of cookies.
  • General communication we may have with you
  • Marketing Preferences you have for our services
  • Relationships, including organisations and affiliations
  • Information on your social media profiles where you follow us
  • Data acquired by third parties that we share data with, for more info please see 2.6

 

2.2. THE PURPOSE FOR HAVING IT AND OUR LEGAL REASON FOR DOING SO

We will use all the information provided to build a profile of you to be used in delivering our services.

What we use your information for

Our Reason for Having your personal data

Our Legitimate Interest

Marketing our appeals

 

Updating you on the work Member Agencies are doing with your funds

Your consent to marketing

Your consent to cookies

 

Keeping our records up to date, working out which of our services may interest you and telling you about them.

Developing new services and ideas

Defining types of supporters for appropriate campaigns.

Seeking your consent when we need it to contact you.

Being efficient about how we fulfil our legal duties.

Sending paper based marketing

Building up a profile regarding you

Having appropriate security and safeguards

 

Processing your donation

Fulfilling your donation

Legal obligations surrounding gift aid

 

Having appropriate security and safeguards

 

Responding to Queries

To provide the best possible customer service and answer your queries quickly

Our need to respond to concerns

Wealth Screening

To ensure we do not contact you about services un-necessarily

Developing new services and ideas

Defining types of supporters for appropriate campaigns.

 

 

2.3 HOW LONG WE KEEP IT FOR

  • We will hold information about you in our database for no more than is necessary. This means if you have supported one of our last five appeals, we hold your data.
  • Supporting an appeal will refresh this time period.
  • The same applies for any consent you give when donating. We keep consent for five appeals since it is given
  • If you have gift aided your donation we will keep your gift aid declaration for seven years to comply with Her Majesty's Revenue and Customs (HMRC).
  • We may also need to keep your records for longer to comply with any other legal obligation.
  • Once your records exceed the necessary time we will anonymize them through pseudonymization.
  • Pseudonymization is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field.
  • This means all your personal data is deleted and we keep your transaction information for compliance and record keeping.
  • We may also contact you where we have consent or legitimate interest before we anonymize your record to see if you would still like to be kept informed about DEC appeals and services.
  • DEC will hold the data on the above schedule unless:                
    • a) you ask us to remove it
    • b) we believe that you are no longer interested in our business
    • c) we no longer need it for the purposes it was collected.   
  • We always think about your best interests when we apply retention rules to our systems and are always happy to remove you at your request.
  • If you have any questions on how long we keep your data please contact us here - https://www.dec.org.uk/article/contact-us

 

2.4 HOW WE SECURE AND MAINTAIN IT

  • We will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is treated securely and protected from unauthorised and unlawful access and use and in accordance with this privacy policy. 
  • Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data transmitted to us via the internet we cannot guarantee the security of your data transmitted to the DEC Website from your device: any transmission is at your own risk. 
  • Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone

 

2.5 NECESSARY PROCESSORS

  • The DEC is a small team of less than 20 people, who launch uk wide appeals, processing donations of up-to 600,000 different people a year. In order to achieve this we work with some of the best third parties to allow you to make donations as effectively as possible.
  • This means the donations we receive from you may pass through a third party platform to get to us
  • Each partner is carefully reviewed and maintains the same security and standards towards the data protection act as we do.
  • These are outlined below

Names of Organisation

Purpose

Stripe

Online Donation Processing

Valldata 

Postal Donation Processing

Spoke

Phone Donation Processing

Angels

Call Centre Phone Donation Processing

Openmarket

SMS (TXT) Donation Processing

 

 2.6 WHO WE SHARE IT WITH AND HOW

We may disclose your personal information to third parties:

  • If we are under a duty to disclose or share your personal data to comply with any legal obligation;
  • To fulfil any service that you request from us (e.g. enquiry via our website etc.);
  • To enforce or apply our terms of use and other agreements; 
  • To protect the rights, property, or safety of the DEC, our customers, or others including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We will share information about you with government agencies and some of our suppliers who process data on our behalf to help us to provide services to you. The purposes of sharing your information with these government agencies and suppliers is to notify you of our overseas disaster appeals, to provide you with information that you have requested from us, for administration purposes and to comply with the law.

Names / Categories of Organisation

Purpose

HMRC

Submission of applications for Gift Aid funding

Paragon

Direct Mail Printers

Salesforce

Central database and marketing

Zendesk

Customer service enquiries

Experian

Data Cleaning, Removing out of date addressess, Deceased

Open Creates

Targeting via Direct Mail

Organisations who run focus groups

Sometimes we run small 10 people focus groups to help streamline our appeals, if you have opt-in to communication we may contact you to see if you would like to attend

 
 

 2.7 INTERNATIONAL TRANSFER OF PERSONAL DATA

If the DEC transfers data outside of the European economic area, we will take measures to ensure all adequate safeguards are in place that matches the EU Data Protection standards, in accordance with legal requirements.

 

 

3.YOUR RIGHTS & ACCESSING YOUR DATA

 

Right of access.

You have the right of access to information we hold about or concerning you.  If you would like to exercise this right you should contact us online at https://dechelp.zendesk.com/, or email us at support@dec.org.uk.

For example; we could provide a copy of all your information in a .csv file or .pdf or let you know how many times you have donated / gift aided your donations.

Right of rectification or erasure.

If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it.  You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. 

Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will shall take all reasonable steps to inform those with whom we have shared your data about your request for erasure.

Right to restriction of processing.

You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.

Right to Portability.

You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.

Right to Object.

You have a right to object to our processing of your personal data.

This includes the right to object to any direct marketing we may undertake and to any automated decisions based on profiling which we may carry out. This also includes the right to object to any processing based on legitimate interests, such as wealth screening.

Right to Withdraw Consent.

You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.

You can do so by contacting our support care team and they will immediately mark our records accordingly, this will then take effect as soon as possible.

Please be aware that some activities may already have left our system at time of consent withdrawal.

Right of Complaint.

You also have a right to lodge a complaint about any aspect of how we are handling your data with the UK’s Information Commissioner’s Office who can be contacted at www.ico.org.uk.

If you would like to find out more about your rights please contact us online at https://dechelp.zendesk.com/, or email us at support@dec.org.uk.

 

 

4.DONATING ON BEHALF OF SOMEONE 

You are responsible for informing and obtaining the consent of any third parties whose data you enter in to our website.

If we would like to process your personal data for any other purpose incompatible with the purposes listed above, we will provide you with appropriate additional privacy information at the point where you come across those additional purposes.  Our commitment to you is that we will not process your data for any purpose other than those listed, or similar to those listed in this privacy policy.  If you interact with another part of the DEC, we will provide you with additional privacy information relating to those other uses.

 

 

5.TECHNICAL

5.1 FIRST PARTY COOKIES

Site

Cookie Name

What does it do

dec.org.uk

SESS...

This is a session cookie, used to track logged-in status. The cookie name is usually suffixed with a random ID. Eg. ESS1234abc

dec.org.uk

NO_CACHE

This cookie holds cache lifetime information for users’browsers. The shorter the cache lifetime, the more frequently your browser will request page content from the server. For example, rather than saving a particular image on the page every time you visit the page, the browser will only re-download that image once the period specified by this cookie has elapsed.

The value held in this cookie overwrites any other cache lifetime settings of content on the site.

 

5.2 THIRD PARTY COOKIES

Site

Cookie Name

What does it do

.facebook.com

c_user

Facebook tracking cookie

.facebook.com

fr

Facebook tracking cookie

.facebook.com

xs

Facebook tracking cookie

.facebook.com

Datr

Facebook tracking cookie to track login attempts

.facebook.com

Lsd

Facebook authentication
cookie

.facebook.com

Reg_ext_ref

Cookie tracking the immediate referrer to Facebook. In this case, the referrer will be www.dec.org.uk

.facebook.com

Reg_fb_gate

Tracking cookie Facebook sets when you arrive at a login page for Facebook tracking functionality

.facebook.com

Reg_fb_ref

Cookie containing internal Facebook referrers

.facebook.com

wd

A cookie set by Facebook, needed for Facebook use. It is not a known invasive or unsafe cookie

.m.stripe.com

m

Stripe tracking cookie

.twitter.com

guest_id

Twitter buttons or widgets. 

.twitter.com

personalization_id

Twitter buttons or widgets.

.twitter.com

_twitter_sess

Session cookie used to track logged in status

.twitter.com

External_referer

Cookie tracking the immediate referrer to Twitter. In this case, the referrer will be

.twitter.com

Guest_id

Session cookie used to track non-logged-in users’ settings

.twitter.com

Original_referer

Cookie containing information on the original referrer. This will be the site you originally came from; in this case, www.dec.org.uk

.zendesk.com

__zlcmid

Zendesk Customer Support

.zendesk.com

_gat

Zendesk Customer Support

.zendesk.com

zte2095

Zendesk Customer Support

bat.bing.com

MUIDB

Bing Tracking Cookie

collector-1339.tvsquared.com

_pk_uid

TV Squared Tracking cookie

dechelp.zendesk.com

_help_center_session

Zendesk Customer Support

dechelp.zendesk.com

_zendesk_session

Zendesk Customer Support

dechelp.zendesk.com

_zendesk_shared_session

Zendesk Customer Support

m.stripe.network

nsr

Stripe Tracking Cookie

pool.admedo.com

tuuid_last_update

Marketing Tracking Cookie

google.co.uk

__utma, __utmb, __utmc,

Google Tracking Cookie

dec.org.uk

NO_CACHE

This cookie stores the users’ language settings for Flickr.

Flickr.com

localization

This cookie stores the users’ language settings for Flickr.

Yahoo.com

 

A tracking cookie for Yahoo.This cookie is related to Flickr

YouTube.com

VISITOR_INFO1_LIVE

Use_hitbox

These cookies are used by YouTube to track usage of its services

 

5.3 IP ADDRESS

We may collect information about your computer, including where available your IP address, geographic location (if you allow when prompted by your browser), operating system and browser type, for system administration when you access our website. We use this information for statistical data about our users' browsing actions and patterns when they access our website.

 

 

6.CONTACTING DEC

If you would like to find out more info about this policy or ask us any questions please contact us at https://dechelp.zendesk.com.

Disasters and emergency committee have appointed a data protection officer, if you would like to contact them please email via - support@dec.org.uk, or call our Switchboard on 0207 387 0200 and ask to speak to the data protection officer.

Please be aware it may be quicker to contact DEC help and support for withdrawing consent or enabling your rights as a data subject