Disaster AID UK & Ireland (“we”) promise to respect the confidentiality of any personal data you share with us, or that we have access to through Disaster Aid International or its other Country Partners, to keep it safe, and always take every effort to protect your privacy.
We pride ourselves on our honesty and openness and will always be clear how, when and why we collect and process your information; we promise we will never do anything with your details that you would not reasonably expect.
Developing a better understanding of our members, volunteers, and donors is crucial, and your personal data allows us to do that.
We collect information in the following ways:
When you give it to us DIRECTLY
There are many ways you may give us your information. For example: when you join as a member, apply to be a Disaster Aid Response Team (DART) volunteer, make a donation, communicate with us either by phone, in writing, including email or in person, or when we provide you with a service. We are responsible for your data at all times.
When you give it to us INDIRECTLY
Your information may be shared with us by independent organisations, for example: websites such as JustGiving or BT MyDonate; or other service providers. These independent third parties will only share your information when you have consented. You should check their Privacy Notice when you provide your information to understand fully how they will process your data.
Via Social Media
Depending on your settings or the Privacy Notices for social media such as Facebook, WhatsApp, Instagram or Twitter, you might give us permission to access information from those accounts or services.
Via information available publicly
This may include information found in places such as websites, Companies House, and information that has been published in articles/newspapers.
Like most websites, we use “cookies” to help us make our site, and the way you use it, better. We do not store any personal data in the cookies that we use.
“Cookies” mean that a website will remember you. They are small text files that websites transfer to your computer (or phone or tablet). They may identify the type of device you are using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you are using, what your device settings are. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
The type and quantity of information we collect and how we use it depends on why you are providing it. You should be able to control what cookies are placed on your device through your browser settings.
We analyse the use of our website by generating statistical and other information. Details captured during your visit to our website will include, but are not limited to, traffic data, location data, and other communication data and the resources you access. However, all data collected is anonymous and will not identify you as an individual.
What personal information we collect and how we use it
We will only ever capture the minimum amount of information that we need in relation to your membership, DART volunteer status, donation, or services we provide to you and we promise to keep your information secure. The personal data we will usually collect is dependent on your relationship with us:
- Your name
- Your contact details
- Your date of birth (as relevant to DART Volunteer status)
- Your bank or credit card details (as relevant to the service provided)
- Details of the enquiry, service or product
Where it is appropriate, we may also ask for additional information
How we will use your data
We will use your personal data for the legitimate interest of conducting core business activities, which will include:
- Administering your membership or donation, including processing Gift Aid
- Providing you with the services, products or information you asked for
- Disclosure and Barring Service checks on DART Volunteers
- Communicating organisational messages and information
- Facilitating conference, training seminars, meetings and other events
- Preparation of Handbooks
- Presenting our website and its contents to you, and to allow you to participate in interactive features on our website
- HR/Employment records for staff
- Keep a record of your relationship with us
- Understanding how we can improve our services, products or information
- In any other way we may describe when you provide the information
- For any other purposes with your consent
We do not collect any personal information classified as ‘sensitive’ under General Data Protection Regulations (GDPR).
We will collect all personal information required to comply with employment legislation, including where necessary sensitive information. This may include medical information and where additionally appropriate we will institute a criminal record search. To prevent discrimination and to ensure diversity, we will request information from the employee on religion, sexuality and ethnicity.
For the purposes of creating minutes of meetings, we may use either a voice-telephony system or Internet based system such as Zoom to provide clarification and confirmation of information given or received.
If a meeting is to be recorded, callers will be informed of the fact either by the invitation to join the meeting or by a pre-recorded opening-greeting message when they join the meeting.
Data recorded by the telephone voice recording system will only be used for the purposes set out above. The data will be held securely and accessed by authorised users only. Within the scope of usage described above, we may export data from the voice recorder. Exported data will be stored in secure locations and deleted within 12 months of capture.
1) Our service/host providers
In the course of our legitimate business activities, there may be a need for us to share, or give access to, your personal data to third parties that provide us with services or host our applications/software that you may access, for instance:
- Banking organisations – those that provide our banking/payment services
- HMRC – for Gift Aid, tax and employment details
- Go Daddy and/or Mail Chimp – our website and communication mailing software service providers
We will ensure that data processing agreements, compliant to GDPR, are in place before sharing with, or giving access to, your data with any of our service/host providers.
2) Sharing within the Disaster Aid International organisation
The Disaster Aid organisation is made up of Country Partners, like ourselves, in other countries around the world.
When you give information to us it may be shared within the wider organisation on a need to know basis as follows:
- Members: contact information
- DART Volunteers: contact information and personal information provided by you as part of the application process including Disclosure & Barring Service checks
3) Sharing with third parties
We will never sell your personal data to anyone else.
We will only ever share your personal data in other circumstances, not listed above, if we have your explicit and informed consent at the time of collection. However, we may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
How we keep your information safe and who has access to it
We ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, confidential paper records are securely stored, and our network is protected and routinely monitored. Confidential paper waste is shredded prior to disposal.
We undertake regular reviews of who has access to information that we hold to ensure that your personal information is only accessible by appropriate persons.
We have a duty to report certain types of personal data breaches to the relevant supervisory authority, and where feasible, we will do this within 72 hours of becoming aware of the breach. If a breach is detected and likely to result in a high risk of adversely affecting you, we will inform you without undue delay.
Where we store your information
Your personal information will be hosted securely by ourselves and our service providers.
How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it to assist you with your enquiry, your membership, DART Volunteer application, donation, event registration or other services. There are statutory timescales on how long we should keep your information, for example, gift aid transactions must be retained indefinitely, employment records for 6 years after an employee leaves, financial records for 7 years, information associated with Health & Safety for three years after an event. We will delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
Individual members are responsible for keeping their own personal data up to date. In addition, where necessary, we will keep your information accurate and up-to-date.
GDPR gives you certain rights and some of these are listed below for your convenience. Further clarification of your rights is available on the Information Commissioners website (www.ico.org.uk).
- You have a right to be informed when your personal data is being collected, what is collected and how it will be used or shared.
- You have a right of access to your personal data: the right of access allows you to be aware of and verify the lawfulness of the processing of your personal data. You can request a copy of the information that we hold on you. This information will be provided free of charge, unless the request is found to be manifestly unfounded or excessive, in which case a reasonable fee will be charged. The application should be made in writing, by letter or email, and addressed to the Chairman, contact details shown below, enclosing two proofs of identification. Applicants should be aware that where requests are manifestly unfounded or excessive, in particular because they are repetitive, we can:
– charge a reasonable fee taking into account the administrative costs of providing the information; or
– refuse to respond.
- You have a right in certain circumstances to have inaccurate personal data rectified, blocked (restrict processing), erased (right to be forgotten), or destroyed.
- You have a right in certain circumstances to object to the processing of your personal data for such reasons as direct marketing, automated decision making, profiling; although we can confirm we make no decisions on you using an automated process.
- You have a right in certain circumstances to data portability.
In certain situations, these rights may not apply, for example if you are a member or a DART Volunteer we will need to communicate with you about your relationship with us.
We collect and process your personal data through legitimate interests or because you have provided it to us to enable us to deliver a service to you. We will only process your personal data as you would reasonably expect us to. You can opt out of our general member mailings at any time.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Changes to this privacy notice
We may change this Privacy Notice from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website (www.disasteraiduk.org) or by notifying you directly.
Our contact details
Disaster Aid UK & Ireland
PO Box 209
Tel: 0161-336 9528
If you are unhappy with how we have processed your personal information, please firstly contact our Chairman, details above. If you are still unhappy you may contact the following:
Information Commissioner’s Office
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or +44 (0)1625 545 745
[This privacy notice was last reviewed and updated June 11, 2018]