WhatsApp us +44 (0)7716 756677

 

Privacy Policy

Iron Aid Foundation / Privacy Policy

Iron Aid Foundation Privacy Notice

We do not share personal data with another organisation for their own marketing purposes and we do not sell personal data.

We have written this privacy statement to inform you about why we collect and use your personal
data, in what circumstances we may share your personal data with another organisation, and your individual rights with regard your personal data.

We are committed to being fully open and honest to you about why we collect and use your personal data. This is the right thing to do and it will also help you understand and exercise your
rights over your personal data.

This privacy notice is categorised into the following sections for ease of reference:

If you have any questions about this privacy statement or information we hold about you, please contact our Data Protection Lead:
07917 050 050   sohailsyed050@gmail.com
Data Protection Officer, Iron Aid Foundation, Unit 13, The Metro Centre, Dwight Road, Watford, WD18 9SB United Kingdom


Who We Are

We are a registered charity. Charity number 1134493
Our registered address is: Unit 13, The Metro Centre, Dwight Road, Watford, WD18 9SB United Kingdom

Your rights over your personal data

  • Right to withdraw consent: If we ask for your consent to use your personal data, you always have the right to withdraw your consent at any time. You can expect that any direct marketing materials that you receive from us will include clear and easy instructions on how to withdraw your consent. For example, any marketing emails we send you will include an ‘unsubscribe’ link at the end. If you want to stop the processing of your personal data for any marketing purpose (including post), please contact our Data Protection Officer
  • Right of access (also known as subject access): You have the right to ask what personal data we hold about you and to request a copy of that information.
  • Right to object and / or restrict processing: You have the right to know why your personal data is being collected and used and to request that this is restricted or stopped.
  • Right of data portability: You have the right to request that a copy of your personal data that we hold is transferred directly to another organisation.
  • Right of erasure: (also known as right to be forgotten): You have the right to request that your personal data that we hold is erased.
  • Right of rectification: If you believe your personal data that we hold is inaccurate, you have the right to request that it is corrected or updated. If you want to exercise any of these rights or want to find out more information please contact our Data Protection Officer. You have the right to expect a confidential and professional service and to receive a full response.

Privacy statement for our supporters

If you are a volunteer, please see our ‘Privacy statement for our employees’ section.

When do we collect your personal data:

  • When you make a donation to us
  • When you sign up to a campaign with us.
  • When you register for, or attend one of our events, or enter one of our prize draws.
  • When you contact us by email, telephone, letter or through our website.
  • When you visit and use our website (See ‘Use of cookies’ section).
  • When you interact with us on our social media platforms.

Why do we collect and use your personal data:

  • To process your donations and gift aid declarations.
  • To keep you informed about our activities and ways to support us. Please note:
  • To deal with your queries, requests and responses to our projects and campaigns.
  • To send you a confirmation of your donation and event registration.
  • To personalise our services, for example, we may use personal data you have given us and
    your interactions with our services to help us predict your interests and to send you marketing
    materials that we think might be of most interest to you.
  • To improve our services, for example, if we are allowed, we may send you a survey to seek
    your feedback on our services

In what situations do we collect personal data from other sources:

  • When you agree to support us through a third party fundraising site such as Just Giving.
  • When we receive significant donations or support we may run a background check using publicly  available sources and a third party screening and due diligence service. We carry out background checks in accordance with our due diligence policies and procedures in order to protect our charitable interests.

In what situations do we share personal data with other organisations:

  • If we receive gift aid from you, we may be required to share your personal data with Her Majesty’s Revenues & Customs (HMRC) to receive the tax rebate.
  • With law enforcement agencies if we receive a valid legal instruction.
  • If you register for one of our events or challenges, we may be required to share your personal data with event organisers for health and safety purposes.
  • If you use a debit or credit card to make a donation or purchase, we will share your personal data with a payment processing partner.
  • If we are allowed to send you marketing materials, we may share your personal data with a marketing company (such as a mailing house) to help us prepare and send out marketing materials on our behalf.
  • If we receive a significant donation or support we may run a background check using a third party screening and due diligence service. We carry out background checks in accordance with our due diligence policies and procedures in order to protect our charitable interests.
  • We contract a limited amount of third parties to store data on our behalf. This may include your personal data. Types of third parties we use include cloud storage, website hosting and software providers.
  • If we are required by law, we may share your personal data with data cleaning companies to
    ensure that the data we hold about you is accurate and up-to-date.

We only share personal data with another organisation if we have a legal basis to do so.

In all the above situations, we will ensure that we have a written contract (or valid legal instruction) in place with the organisation that includes data protection clauses to ensure that they do not use personal data for their own marketing purposes, and have security requirements in place to protect your personal data.

What is our legal basis for collecting and using personal data

Where we have your consent. For example, we will only send you emails, make telephone calls or send you SMS text messages with your consent. You can withdraw this consent at any time (See ‘Your rights over your personal data’ section).

Where the processing is necessary to enter into or fulfil the terms and conditions of a contract. For example, processing your donation made to us. Where the processing is required under the law. For example, disclosing your personal data to a law enforcement agency if we receive a valid legal instruction.

Where the processing is in our legitimate interests. For example, we will send you communications and marketing materials via email or social media unless you tell us to stop. (See ‘Your rights over your personal data’ section). We will only rely on this legal basis if your interests and fundamental rights do not override our interest.

Privacy statement for our employees

This section includes our privacy statement to staff, volunteers, interns, apprentices and contractors (including prospective employees).

When do we collect your personal data

  • You apply for a position with us or contact us in relation to volunteering for us, or fundraising on our behalf.
  • As part of the everyday administration and management of your contract with us. For example:
    • You let us know if there is a change to your personal data.
    • You apply for or notify us of leave.
    • You complete your appraisal.
    • You make a formal complaint or raise a concern about your work with us.

Why do we collect and use your personal data

  • To recruit and select employees, volunteers and other support worker.
  • To enable payment of salary, tax, pension contributions and expenses.
  • To manage your contract with us. For example, processing leave requests and maintaining appropriate levels of conduct and performance etc.
  • To meet legal obligations. For example, we may process your personal data (including sensitive data such as physical or mental health) to protect your health and safety and to fulfil our equal opportunities obligations etc.
  • To take appropriate action in the event that a formal complaint or concern is raised, including safeguarding.
  • To run background checks in accordance with our due diligence policies and procedures.
  • To plan staffing levels and necessary cover.
  • To keep you informed of, and to improve our strategy, plans, activities and services. For example, we welcome and encourage your feedback, and in some cases might actively seek this.

Other employees might access your personal data where this is required for work purposes. Where this is the case, the organisation relies on all employees to access and use personal data in accordance with their obligations under our data protection policy.

In what situations do we share personal data with other organisations

  • With Her Majesty’s Revenues & Customs (HMRC) for taxation purposes.
  • With law enforcement agencies if we receive a valid legal instruction.
  • If you are involved in an insurance claim, we might share your personal data with insurance companies / brokers.
  • As part of our recruitment and selection processes, we might run a background check on you. This may include sharing your personal data with employment agencies, previous employers, the Disclosure & Barring Service (DBS), the Driver and Vehicle Licensing Authority (DVLA) and our third party screening and due diligence service provided.
  • We contract a limited amount of third parties to store data on our behalf. This may include your personal data. Types of third parties we use include cloud storage, website hosting and software providers.

We only share personal data with another organisation if we have a legal basis to do so.

In all the above situations, we will ensure that we have a written contract (or valid legal instruction) in place with the organisation that includes data protection clauses to ensure that they do not use personal data for their own marketing purposes, and have security requirements in place to protect your personal data.

What is our legal basis for collecting and using personal data

Where the processing is necessary to enter into or fulfil the terms and conditions of a contract. For example, to enable payment of your salary, tax, pension contributions and expenses.

Where the processing is required under the law. For example, collecting your medical information to protect your health & safety.

Where the processing is in our legitimate interests. For example, using your leave details to plan staffing levels and necessary cover. We will only rely on this legal basis if your interests and fundamental rights do not override our interest.

Where the processing is in your vital life interest. For example, sharing your personal data with emergency services in the event of a medical emergency.

Use of Cookies

We may use cookies, in the future. Cookies are small text files that are stored on your device when you visit certain websites. Internet browsers normally accept cookies by default.

We may use cookies to provide you with a smooth and efficient experience while using our services. For example, we may use cookies to enable the donation process, to statistically analyse site usage, and to customise our site’s content, layout, and services.

By using our website, you consent to our potential use of cookies. If you do not accept our use of cookies, please set your internet browser to reject cookies (this may impair your ability to use our website so that some features may not work) or opt-out using the National Advertising Initiative.

There are several types of cookie that we may use on our website:

  • Session Cookies: We use these cookies to keep track of your online donations in the shopping cart. We do not store credit card details in the cookies we create. You need to have cookies enabled to make donations to us using our website.
  • Google Analytics: We may use this common cookie to collect anonymous information about how you use our website. This helps us improve your experience, for example, by helping us identify and resolve errors, and to determine relevant information to show you when you’re browsing.
  • Youtube: We may use this common cookie to collect anonymous information about how you use our website. This helps us improve your experience, for example, by helping us identify and resolve errors, and to determine relevant information to show you when you’re browsing.
  • Advertising: We sometimes advertise on third party websites. Cookies are used to help us and our advertisers see which advertisements you interact with. Each advertiser will uses their own tracking cookies.
  • addthis.com: This is a common social sharing tool that is owned and operated by Clear spring Technologies.

How long we keep personal data

We keep personal data in line with our data retention policy. The length of time we keep each category of personal data will depend on the reason it was collected and our statutory and contractual requirements, for example, we are required to keep a record of donations subject to gift aid for at least seven years to comply with HMRC rules.

For more information about our data retention policy including how long we keep your personal data, please contact the Data Protection Lead.

Changes to our privacy statement

We keep our privacy statement under regular review and we will place any updates on this web page. If material changes are made we will place a prominent notice on our website.

This privacy statement was last updated on 5 September 2018.

How to make a complaint

If you are unhappy about how we have processed your personal data or have a privacy concern, we want to know about it. To make a complaint or raise a concern please contact our Data Protection Officer.

If you are unhappy with how we deal with your complaint or concern you should contact the UK data protection authority, the Information Commissioner’s Office (ICO). The ICO can be contacted at: https://ico.org.uk/global/contact-us/ You also have the right to make your compliant to the ICO direct. However, they may advise you to contact us to see if the matter can be resolved in the first instance.