DEC PRIVACY POLICY 2.8 

About this privacy information 

This notice has been written to provide you with information about how we are handling or intend to handle personal information.  This policy is effective from 10th October 2018. 

Introduction 

The Data Protection Act 2018 (“DPA”) and Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (“GDPR”)) require that we provide you with information about how and why we use personal data.  This privacy information relates to personal data being processed or intended to be processed by the Disasters Emergency Committee, Ground Floor, 43 Chalton Street, London, NW1 1DU, United Kingdom (“the DEC”) which is collected and/or created and used as set out in this privacy notice.  The DEC is committed to protecting and respecting your privacy and complying with the principles of the Data Protection Act.  If you are unsure how we are handling information about you or you think we could improve our privacy information please let us know.  We have appointed a Data Protection Officer (DPO) to oversee our processing of personal information whose contact details are

Data Protection People Limited, 
Dilek.Koluman@dataprotectionpeople.com, 
07516726916 

 

We aim to process information about you fairly, lawfully, and in a transparent manner and the aim of this document is to provide you with sufficient information for you to be able to understand what we are doing with your data.   

Scope of Policy 

This policy sets out the basis on which any personal data we collect from you, or that you provide to us through your use of our website, or that we create about you in the course of operations will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. 

 

Information we collect about you 

We collect information in the following ways: 

Information you provide to us directly 

You may provide us with information about you when you submit a query on our website, write to us or call us, or when you make or enquire about making a donation.  This may include your name, address, email address, telephone number, amount of donation, payment details, appeal you wish to support, gift aid status etc. and information you provide in any correspondence with us.  You may also provide us with marketing and communications preferences and in some cases an indication of your consent for us to perform certain processing activities on your personal data. 

Information we collect about you indirectly 

When you use our website we will collect personal information about you using cookies and other digital media technologies details of which are contained in our Cookies Policy. We will receive and store information about the type of device you use to access our website, what operating system you have, some of your device settings and your IP address.  We will record details of your visits to our website, which pages you view, how long you dwell on them, the website you came to our site from and the website you leave our site to. 

Information from other sources 

We may receive information from our sub-contractors providing services to us such as payment services in order to process any donation you may make.  We will collect information about you from other sources such as professional fundraising agencies, data cleansing companies, event organisers, data brokers and sources such as Companies House and the Electoral Register who are able to provide us with information about you such as your forwarding address if you move house, your charity affiliations to help us to understand you more as an individual.  We may also undertake wealth-tagging whereby we compare the records in our database with those contained in a third-party database to allow us to flag individuals thought to be wealthy.  If you click on any of our appeals adverts our digital marketing agencies will tell us. 

Social Media 

Depending on your settings or the privacy policies of the social media platforms and messaging services you use (e.g. Facebook, YouTube, Twitter, Instagram, WhatsApp etc.) you may allow us to access information from those services for example if you publicly “like” or “follow” us we may be able to collect information from your social media profile.  We strongly advise you to check the privacy settings on your social media accounts to ensure that you know what information is shared with us and others. 

 

 

How we use the personal data we collect 

The main uses of personal data we collect, create and hold are set out in the table below along with information about the lawful grounds for processing.  The DEC will not use personal data for any purpose that is incompatible with one or more of these uses. 

 

Purposes for processing personal data 

Lawful basis 

Data retention 

Processing donations including handling card payments, cheques and other payments. 

Legitimate interests of the DEC, the donor, and the appeal to which we transfer funds.  Our processing activities are necessary to fulfil the wishes of the donor making a donation and to enable the transfer of funds to the appeal of their choice. 

We retain information about donors and donations for no longer than 7 years from the date of donation for taxation and financial record-keeping. 

Responding to queries. 

Legitimate interests of the DEC and those making requests.  We use information provided by individuals to respond to questions they may raise with us in a timely, accurate and professional manner. 

We retain information about queries and/or contact from individuals for as long that it is needed for us to respond to the query and/or maintain records of queries for our internal management purposes. 

Creating and maintaining a database of donors and potential donors. 

Legitimate interests of the DEC and our Member Agencies*.  We use information collected from donors to create a database of donors and their relationship with us, respond to complaints, queries etc.  We use information we collect from people who make enquiries about our appeals (e.g. abandoned baskets) to create a database of potential donors and to help us to run an efficient organisation. 

We retain records of donors and potential donors for as long as we feel you may be interested in making donations.  Donor records are automatically archived once a donor fails to support five consecutive appeals.  Archived donor records are reactivated if an archived donor recommences supporting our appeals. 

Marketing our appeals through traditional direct marketing activities. 

Legitimate interests of the DEC and our appeals.  We contact our database of previous and prospective donors from time to time through traditional direct mail (e.g. postal) to ask if they would like to make a donation to an appeal.  

Records of our marketing activities are kept in accordance with our donor records above. 

Marketing our appeals through digital direct marketing activities. 

Consent.  We contact our database of previous donors through a range of digital methods from time to time such as SMS and email and through social media channels to ask if they would like to make a donation to an appeal.  Each communication will allow or provide information for you on how to opt-out of receiving marketing related materials. 

Records of our digital marketing activities and how individuals interact with them are kept in accordance with our donor records above. 

Updating you on the work Member Agencies are doing with your funds 

Legitimate interests of our appeals, Member Agencies and the DEC.  We contact those who have made donations from time to time to inform them of how their donation was is being used and the success of our appeals. Each time we communicate with you we will provide you with the option to opt-out of such activity. 

Records are kept in accordance with our donor records above. 

Optimising our website and other digital marketing activities 

Legitimate interests of the DEC.  We use cookies and other digital technologies on our website, in our emails, and in other digital interactions with you to allow us to understand traffic to our website, and how well our website and outbound digital communications perform. 

Records of our digital marketing activities and how individuals interact with them are kept in accordance with our donor records above. 

Profiling, wealth screening, and segmenting our database(s). 

Legitimate interests.  We use the information that we have about each person on our database to understand their interests, donation patterns and to predict if an appeal is likely to be of interest to them.  We also use this information to identify and target individuals with whom we do not have a relationship through tools such as Facebook “lookalike” audiences. 

Records are kept in accordance with our donor records above. 

Developing new services and ideas. 

Legitimate interests.  We use the information we collect and create to develop new ideas relating to fundraising. 

 

 

* Please note that the DEC does not disclose any personal data about those who support our campaigns to our Member Agencies. 

If we would like to process your personal data for any other purpose incompatible with the purposes listed above, we will provide you with appropriate additional privacy information at the point where you come across those additional purposes.  Our commitment to you is that we will not process your data for any purpose other than those listed or similar to those listed in this privacy policy.  If you interact with another part of the DEC, we will provide you with additional privacy information relating to those other uses. 

 

 

Data retention 

DEC will hold the data on the above schedule unless:  

a) you ask us to remove it or stop processing it for specific purposes; 

b) we believe that you are no longer interested in our organisation and our appeals; 

c) we no longer need it for the purposes it was collected. 

We always think about your best interests when we apply retention rules to our systems and are always happy to remove information about individuals on request.  If you have any questions regarding the length of time we retain personal data please contact us here

https://www.dec.org.uk/article/contact-us 

Donating on behalf of someone else 

If you provide us with any personal information other than your own you are responsible for ensuring they know that you have done this and for providing them with access to this privacy policy.  We reserve the right to contact any such individual and inform them when, where and how we obtained their personal data including citing you as the source. 

Keeping data up-to-date 

We may use information from external sources such as the post office national change of address database and/or the public electoral roll to identify when we think you have changed address so that we can update our records and stay in touch.  We do this so we can continue to contact you where you have chosen to receive marketing messages from us and contact you if we need to make you aware of changes to our terms or assist you with problems with donations.  This activity also prevents us from having duplicate records and out of date preferences, so that we don’t contact you when you’ve asked us not to. You may object to any data processing we undertake which involves direct marketing. 

Information security 

We will take all steps reasonably necessary including implementing policies, procedures and security controls to ensure that personal data is treated securely and protected from unauthorised and unlawful access and is used in accordance with this privacy notice.  Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect personal data transmitted to us via the internet we cannot guarantee the security of any information transmitted to the DEC Website from any device: any transmission is made is at the users own risk.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone 

 

Sharing personal data 

We will share personal data that we hold with the following categories of organisations/people as necessary in order to undertake our processing activities. This list is not exhaustive and may change from time to time.  If we add a different category of those we disclose personal data to we will update this privacy notice.  Please contact us if you would like an up-to-date list of our data processors, or data sharing activities. 

Payment platform providers 

The DEC is a small team of less than 20 people, who launch UK-wide appeals processing donations of up-to 600,000 different people a year.  In order to achieve this we work with some of the best third-parties to allow you to make donations as efficiently, effectively and securely as possible.  This means the donations we receive may pass through a third-party platform to get to us. Each organisation we appoint is carefully reviewed and maintains the same security and standards towards data protection as we do.  Examples of the disclosures we make in this category are set out below: 

 

Names of Organisation 

Purpose 

Stripe 

Online Donation Processing 

Valldata  

Postal Donation Processing 

Spoke 

Phone Donation Processing 

Angels 

Call Centre Phone Donation Processing 

Openmarket 

SMS (TXT) Donation Processing 

Official Organisations and our advisors 

We share personal data from time to time with: government agencies and official authorities such as HMRC (e.g. for Gift Aid processing); our professional advisors (e.g. to enforce or apply our terms of use and other agreements; protect the rights, property, or safety of the DEC, our customers, or others including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; if we are under a duty to disclose or share personal data to comply with any legal obligation; or fulfil any service that you request from us (e.g. enquiry via our website ). 

Other type of organisation 

We employ specialist companies to host our website, database(s), fulfil direct mailings, and provide facilities for our email marketing social media presence.  These organisations are data processors and governed by legal obligations set out in the GDPR.  Examples of the disclosures we make in this category are set out below: 

 

Names / Categories of Organisation 

Purpose 

HMRC 

Submission of applications for Gift Aid funding 

Paragon 

Direct Mail Printers 

Salesforce 

Central database and marketing 

Zendesk 

Customer service enquiries 

Experian 

Data Cleaning, removing out-of-date addressesand deceased 

Open Creates 

Targeting via Direct Mail 

Organisations who run focus groups 

Sometimes we run small 10 people focus groups to help streamline our appeals, if you have opt-in to communication we may contact you to see if you would like to attend 

 

International transfers of personal data

We do not envisage transferring personal data to a country outside of the European Economic Area. In the event that we are required to transfer personal data internationally we will only do so in the following circumstances: 

  • the European Commission has issued an opinion approving the adequacy of that country’s data protection laws; 
  • the third party and the DEC sign an appropriate contract approved by the European Commission or the UK’s Information Commissioner’s Office (often referred to as “model clauses”);  
  • the third party is signed up to an approved transfer mechanism such as the EU:US Privacy Shield; or in exceptional circumstances through another lawful mechanism set out in the GDPR or DPA. 

If you would like to know more about any international transfers and the safeguards in place, please contact us online via our contact form or email us at support@dec.org.uk

 

 

Your rights 

 

You have certain rights set out in the data protection law as set out below: 

 

Right of access. 

You have the right of access to information we hold about or concerning you.  If you would like to exercise this right you should contact us online at https://dechelp.zendesk.com/, or email us at support@dec.org.uk. 

Right of rectification or erasure. 

If you feel that any data that we hold about you is inaccurate you have the right to ask us to correct or rectify it.  You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data.  Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will shall take all reasonable steps to inform those with whom we have shared your data about your request for erasure. 

Right to restriction of processing. 

You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your data anymore but you need us to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data. 

Right to Portability. 

You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request. 

Right to Object. 

You have a right to object to our processing of your personal data. 

This includes the right to object to any direct marketing we may undertake and to any automated decisions based on profiling which we may carry out. This also includes the right to object to any processing based on legitimate interests, such as wealth screening. 

Right to Withdraw Consent. 

You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.  You can do so by contacting our support care team and they will immediately mark our records accordingly, this will then take effect as soon as possible.  Please be aware that some activities may already have left our system at time of consent withdrawal. 

Right of Complaint. 

You also have a right to lodge a complaint about any aspect of how we are handling your data with the UK’s Information Commissioner’s Office who can be contacted at www.ico.org.uk. 

 

If you would like to find out more about or exercise any of your rights please contact us online at https://dechelp.zendesk.com/, or email us at support@dec.org.uk. 

 

Profiling and automated decision making

We use email monitoring services to monitor the emails which we send. In doing this, we obtain information such as but not limited to: 

  • Time of receipt; 

  • Time of opening; 

  • Device user to open; 

  • Location it was opened in; 

  • Which parts of the email you interacted with. 

We use systems that enable us to link your social media accounts to our database records if registered with the same email address. This enables us to tailor our promotions, communications, products and services as best as possible.  Our database systems undertake segmentation of our database moving people in and out of different segments as they interact with our digital marketing activities.  Our marketing agencies can use this information to determine which adverts to show to you. You may opt-out of this through your browser settings.  We use this information to identify and approach potential supporters through social media platforms and their tools such as Facebook “look-alike” audiences and Facebook communicator. 

We may also undertake profiling based on information we collect such as wealth tagging, and your interests, which may mean we target you with specific promotions and for specific appeals.  We undertake this with the best of intentions to reduce the amount of irrelevant contact you might receive and also to try to maximise our support. 

 

Privacy Policy History

 This privacy policy was lasted updated on 9th October 2018.  

 

Change History 

Policy 2.8 Removal of Cookie information to a stand-alone Cookie Policy, re-writing data processing purposes and lawful grounds for processing, expansion of information about international transfers, re-structure and expansion of information about what personal data we collect and why, expansion of information about data retention, insertion of information about profiling and automated decision making, insertion of change history.