Last Update: 22.12.18.
The General Data Protection Regulations came into operation on 25th May 2018 (GDPR), and it has become necessary for the Charity to obtain explicit permission for contact with our supporters. Before the implementation date we contacted all of our existing supporters, to obtain their approval.
Data protection is important, and we do need to ensure that we are in full compliance with the new regulations, particularly as we could be subject to a fine of 4% of our turnover if we do not, which would be a serious blow to all the fundraising work done.
The notes below review why we started the Charity, and how we currently handle and safeguard data. This will be expanded and developed in the light of experience with operation of the legislation and any changes in the the requirements that may become necessary for full compliance.
We would like to make the following Privacy Statement:
- The Founder set up the Charity because he was appalled at the costs of operation of some charities, and a business model was designed such that there are no administration costs. Every penny donated goes to directly help the children.
- As a result, we have no employees. All of our work is carried out on a voluntary basis by the Trustees, so we are able to maintain close control of any data we hold as only the Trustees have any access.
- We do not send out any unsolicited mail, or use the postal system to raise funds from potential donors (otherwise we would incur costs).
- We welcome requests to be added to our email list, in which case you will receive a report once every quarter, Donation receipts, Tax receipts and Thank you letters (where applicable) and no other correspondence, unless very exceptional circumstances arise.
- You have the right to unsubscribe from our email contact list at any time, by submitting an email request, and we will respond within 24 to 48 hours.
- We do not send out unsolicited emails to raise funds.
- We do not pay any organisation to raise funds for us, we do not reveal our list of donors, or their email addresses, to anyone, and we can state that we will never sell, trade, exchange or reveal any information that we hold to any person other than the Trustees.
- We take great care with any data we hold. We do not use an internal computer network, any data is only stored on the hard drive of one computer which is a stand alone unit. We do not store any data externally (ie we do not use the "Cloud" or any other external system), which is all designed to protect the small amount of data we need to hold in order to operate the Charity.
- We do not transfer personal data between the computer systems of individual trustees. Any information exchange, which usually relates to discussions on decisions on grant applications, is managed so that the level of detail is such that the applicant can never be identified, and we do not transfer any specific identifiable data, relating to applicants or supporters, by email.
- If you are able to complete a Gift Aid form, so that we can reclaim the tax, a paper copy is kept for any requirements of HMRC for inspection, and is never revealed to anyone else.
- Any Standing Order Mandates, for regular donations are always requested to be sent directly to your Bank, so that we never see them, or have any information concerning your Bank Account.
- We never request the Bank details of any of our donors, so we do not store any information of any possible use to a third party.
- If you wish to donate online to us, there is a facility on our Donations page, which is linked to Everyclick. This has the option of allowing donations to be made anonymously, if you wish, although we would prefer to know the donor, so that we may thank them. If the "anonymous" option is selected we have no way of tracking the source of the donation, as we receive no details relating to it's origin.
- You have the right to request details of any information we hold on you, and you have the right to request that that information, or any part of it, to be removed from our records, provided that the request is submitted by post or email, and we will endeavour to reply within 7 working days.
- We are not a member of any Fundraising Board (eg FRSB), as this would involve costs, which our specific objective is to avoid.
The specific reasons that we hold data are:
- We hold the necessary personal data to claim gift aid on donations, where applicable, but only when donors have completed and submitted a gift aid claim form to us.
- We need to retain copies of the gift aid declaration forms submitted to support our claims, and to provide the information to HMRC if requested.
- We wish to retain contact, by regular emailed quarterly reports, with donors and anyone else who has requested information, provided that they have either requested or consented to receive information from us.
- To assess the circumstances of individual applicants, particularly in relation to where they live (compliance with the Charity’s area requirements), their housing (we may use publicly available information, but we never pay for any form of research or profiling of any person), the medical condition of the child/young person involved, and the advantages of providing the funding.
- To confirm to individual applicants by letter/email/telephone, whether or not we will provide support, and the actions that need to be taken from that point onwards, and if we are providing funding payable by cheque to a supplier, the family address to where the cheque, grant letter and associated paperwork are to be sent.
- To maintain records of applicants so that we can ensure fairness of treatment with support in similar cases, and monitor the extent of support that might already have been offered (we do consider cases where we support a child/young person on a number of occasions, but we need to be able to make suitable checks on the amount of funding provided).
Conclusions from an Assessment of further requirements:
- In view of the limited data handling carried out, and our strict control of access, we do not consider that the Charity is required to appoint a DPO (Data Protection Officer).
- Data use will continue to be monitored by the Chairman, and reported to the Trustees, as an agenda item, at their six monthly review meetings.
- This will be kept under review, and later revised if necessary.
We need the support of our donors, and their confidence in us, to enable us to do our work. We respect and greatly appreciate their efforts, and we will always safeguard any information in our possession.
We hope that the above clarifies our approach to the control, and safeguarding, of data that we find necessary to handle in our daily operations.