Privacy Notice FOR Supporters Data controller: SANDS Lothians
  1. Introduction
Held In Our Hearts is a “data controller”.  This means that we are responsible for deciding how we hold and use personal information about you. Held In Our Hearts “The Charity” collects, stores and processes personal data relating to our supporters in order to manage our relationship with them. This privacy notice sets down how the Charity collects and uses personal information about you during and after your supporter relationship with us. This privacy notice applies to current and former supporters. The Charity is committed to protecting the privacy and security of your personal information. The Charity is committed to being clear and transparent about how it collects and uses that data and to meeting its data protection obligations.
  1. Data Protection Principles The Charity will comply with data protection law. This means that the personal information we hold about you must be:
  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have explained to you clearly and not used in any way that is incompatible with these purposes;
  • Relevant to the purposes we have told you about and limited to those purposes only;
  • Accurate and kept up to date;
  • Kept only for such time as is necessary for the purposes we have told you about; and
  • Kept securely.
  1. What Information Does The Charity Collect And Process?
The Charity collects and processes a range of personal information (personal data) about you. Personal data means any information about an individual from which the person can be identified. This includes:
  • Personal contact details, such as your name, title, address and contact details, including email address and telephone number;
  • Date of birth;
  • Bank or credit/debit card details for donations and Gift Aid processing
  • Your relationship to other individuals or organisations
  • Connections to our charity and your motivations for fundraising with us.
The Charity collects this information in a variety of ways. For example, data is collected through sites like JustGiving, EverydayHero and Virgin Giving Money. Data is stored in a range of different places, including the charity’s CRM system, Donorfy and is secured and password protected (including the Charity’s email system). Any paper records are always stored in a locked cupboard.
  1. Why Does The Charity Process Personal Data?
The Charity needs to process data to maintain an accurate audit trail and comply with HMRC legal obligations on Gift Aid. In other cases, the Charity has a legitimate interest in processing personal data during and after the end of the supporter relationship. Processing your data allows us to maintain accurate and up-to-date records and contact details.
  1. Situations In Which We Will Use Your Personal Information
Situations in which we will process your personal information are detailed below: In order to:
  • process any donations you have given
  • contact you about an event or challenge you are taking part in and send any necessary materials
  • send thank you correspondence after you have finished your fundraising or to thank you for your donation/s
  • send you our e-newletter if you have given consent for us to contact you this way
  • process any Gift Aid claims related to your giving
  1. Change of Purpose
The Charity will only use your personal information for the purpose for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If we need to use your personal information for an unrelated purpose, we will advise you of this and explain the legal basis which allows us to do so. You should be aware that we may process your personal information without your knowledge or consent where this is required or permitted by law.
  1. For How Long Do You Keep Data?
The Charity will only hold your personal data for as long as is necessary to fulfil the purposes we collected it for, including any legal, accounting or reporting requirements. The Charity will hold your personal data for a maximum of seven years after your last donation unless there is a legal requirement for us to retain it longer.
  1. Who Has Access to Data?
Your information will be shared internally, including with other members of the team, as required for them to do their job roles. The Charity shares your data with third parties where required by law, where it is necessary if we have another legitimate interest in doing so. The Charity will not transfer your data to countries outside the European Economic Area.
  1. How Does The Charity Protect Data?
The Charity takes the security of your data seriously. The Charity has internal policies and controls in place to prevent your data being lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. Details of these measures [are available on request] OR you can read more here:
  1. Your Duty to Inform Us of Changes
It is important that the personal information we hold about you is accurate and current.  Please be sure to keep us informed if your personal information changes during your time working with us.
  1. Your Rights
As a data subject, you have a number of rights. You can:
  • access and obtain a copy of your data on request (known as a “data subject access request”);
  • require the Charity to change incorrect or incomplete data;
  • request erasure of your personal information. This enables you to ask the Charity to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the Charity is relying on its legitimate interests as the legal ground for processing; and
  • ask the Charity to suspend the processing of your personal data for a period of time if data is inaccurate or there is a dispute about its accuracy or the reason for processing it.
[If you would like to exercise any of these rights, or you have any questions about the privacy notice, please email or call the office on 0131 622 6263] If you believe that the Charity has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office. Updated: November 2020