The provision of your personal information to us is voluntary. However, without it your use of our services or your interaction with us may be limited.
- When we collect personal information about you
- What personal information do we use?
- How and why will we use your personal information?
- Communications for marketing / fundraising
- Children’s personal information
- How long do we keep your personal information?
- Will we share your personal information?
- Lawful bases
- Security / storage of and access to your personal information
- International transfers of your personal information
- Your legal rights
- Changes to this Policy
- Links and third parties
- How to contact us
We collect personal information about you
a) When you give it to us directly
For example, personal information that you submit through our website when applying for funding, making a donation or by signing up for our email newsletter, or personal information that you give to us when you communicate with us by email, phone or post.
b) When we obtain it indirectly
Your personal information may be shared with us by third parties including, for example, our business partners (such as the 12 society lotteries who provide the Trust with funding and The Health Lottery); sub-contractors in technical, payment and delivery services; analytics providers and search information provided. If we have not already done so, we will notify you when we receive your personal information from them and tell you how and why we intend to use that personal information.
c) When it is available publicly
Your personal information may be available to us from external publicly available sources. For example, fundraising pages on third-party websites; and depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as Facebook, Instagram or Twitter).
d) When you visit our website
When your visit our website, we automatically collect the following types of personal information:
i. Technical information, including:
- Internet protocol (IP) address used to connect your device to the internet, the location from which you are accessing our site;
- Type and version of your browser;
- Operating systems and platforms.
ii. Information about your visit to our website, including:
- How you reach, navigate and leave the website (including date and time);
- Services you viewed or searched for;
- Page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks);
- Methods used to browse away from the page.
We also collect and use your personal information by using cookies on our website. Cookies are small text files that sites transfer to your computer (or phone or tablet). They mean that a website will remember you and make interacting with a website faster and easier. Please see our cookie notice for more information
We may combine your personal information from these different sources for the purposes set out in Section 3
What personal information do we use?
We may collect, store and otherwise process the following types of personal information:
- Your name and contact details including postal address, telephone number, email address and, where applicable, social media identity;
- Your financial information, such as bank details, account holder name, sort code and account number.
- Information about your computer / mobile device and your visits to and use of our website, including, for example, your IP address and geographical location;
- Details of your organisation and your role there;
- Your interests / the reasons why you are interacting with us, for example why you are applying for funding on behalf of your organisation;
- Details of previous donations made to us;
- Information about our services which you use / which we consider may be of interest to you; and / or
- Any other personal information which we obtain as set out in section 1 of this Policy.
Do we process special catagories of your personal information?
The UK General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health or sexual orientation.
In the normal course of our operations, we do not intend to collect special categories of personal information. However, there may be circumstances where we will do so only if it is reasonable in the circumstances and if applicable law allows us to do so. We will only collect this information with your permission and we will always take extra care of it.
How and why will we use your personal information?
Your personal information, however provided to us, will be used for the purposes set out in this Policy. In particular, we may use your personal information:
- To provide you with services, products or information you have requested;
- To provide funding or other services to you;
- To provide further information about our work, services, activities or products (where necessary, only where you have provided your consent to receive such information);
- To allow you to participate in events, activities or projects which the Trust has organised and funded;
- To administer your donation or support your fundraising, including processing Gift Aid;
- For publicity purposes (for example, by including your personal information in news updates on our website);
- To give you access to our publications;
- To allow you to participate in our consultations and campaigns;
- To answer your questions / requests and communicate with you in general;
- To manage relationships with our partners, supporters and beneficiaries;
- To further our charitable aims in general, including for fundraising activities;
- For internal record keeping purposes;
- To analyse and report on the impact and effectiveness of our work;
- To administer our website, keep it safe and secure and ensure that content is presented in the most effective manner for you and for your device;
- For training and / or quality control;
- To audit and / or administer our accounts;
- To satisfy legal obligations which are binding on us, for example in relation to regulatory, government and / or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering initiatives);
- For the prevention of fraud or misuse of services; and / or
- For the establishment, defence and / or enforcement of legal claims.
Communications for marketing / fundraising
We may use your contact details to provide you with information about our work, events, services and / or products which we consider may be of interest to you (for example, funding opportunities, information about our achievements as an organisation or information about our services which you have previously used).
Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so by applicable law, section section 8).
Where you have provided us with your consent previously but no longer wish to be contacted by us about our work, events, services and / or products, please let us know by using the contact details in section 14 below. You can opt out of receiving emails from the Trust at any time by clicking the “unsubscribe” link at the bottom of our emails.
You can change your mind at any time. It is not a requirement of receiving funding from us, or otherwise interacting with us, that you are subscribed to any of our mailing lists. If you wish to opt-out of any or all marketing communications from us, your grant and relationship with us will not change.
Children’s personal information
When we process children’s personal information, where required we will not do so without their consent or, where required, the consent of a parent / guardian. We will always have in place appropriate safeguards to ensure that children’s personal information is handled with due care.
How long do we keep your personal information?
We only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any operational, legal or reporting requirements. However, we will remove it from our records at the relevant time before that date if:
i. We are no longer lawfully entitled to process it, or
ii. You exercise your legal right of erasure (please see section 11 below).
If you request to receive no further contact from us, we may keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
Will we share your personal information?
We do not share, sell or rent your personal information to third parties for marketing purposes. However, we may disclose your personal information to selected third parties in order to achieve the purposes set out in section 3.
Those parties include (but are not limited to):
a) Our partners with whom we work to achieve our charitable aims and ideals, such as the 12 society lotteries or The Health Lottery;
b) Organisations which run campaigns which the Trust supports;
c) Organisations which sponsor the Trust’s events or initiatives;
d) Parties who assist us to analyse the effectiveness and impact of our work, such as Ecorys and the New Economics Foundation;
e) Suppliers and sub-contractors for the performance of any contract we enter into with them, for example grants databases, IT service providers such as website hosts or cloud storage providers;
f) Parties assisting us with the provision of our funding (for example banks);
h) External fundraising entities / platforms;
i) Social media platforms;
j) Regulatory authorities, such as tax authorities; and /or
k) Analytics and search engine providers.
In particular, we reserve the right to disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal information to the (prospective) seller or buyer of such business or assets;
- If substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
- If we are under any legal or regulatory duty to do so; and / or
- To protect the rights, property or safety of the Trust, its personnel, users, visitors or others.
a) The GDPR requires us to rely on one or more lawful bases to use your personal information. We collect your information under the following legal bases Consent - Where you have provided your consent for us to use your personal information in a certain way (for example, we will ask for your consent to use your personal information to send you our monthly newsletter or funding alerts, and we may ask for your explicit consent to collect special categories of your personal information).
b) Legal obligation - Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
c) Contract - Where necessary for the performance of a contract (for example, if you apply for funding or if you apply to work for / volunteer with us).
d) Vital interests - for example, in case of medical emergency suffered on our premises or at one of our events).
e) Legitimate interest - This means the interests of running the Trust as a charity and pursuing our aims and ideals; for example analysing and addressing underlying structural causes of health inequality and seeking to promote diversity and equality.
When we collect and process your personal information for our legitimate interests we make sure that we consider and balance any potential impact on you and your rights under data protection laws. We will always ensure that your personal data will not be used where our interests are overridden by the impact on you, unless we have your consent or are required by law.
Security / storage of and access to your personal information
We are committed to ensuring that your personal information is kept safe and secure. We have in place appropriate and proportionate security policies and organisational and technical measures to help protect your information. For example, in order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers with features enacted to prevent unauthorised access.
International transfers of your personal information
Given that we are a UK-based organisation, we will normally only transfer your personal information within the UK or the European Economic Area (“EEA”), where all countries have the same level of data protection law as under the GDPR.
However, because we may sometimes share your personal information with third parties, for example using agencies and / or suppliers to process your personal information on our behalf, it is possible that personal information we collect from you will be transferred to and stored in a location outside the EEA.
Please note that some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and / or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses which have been approved by the European Commission) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Policy. If you have any questions about the transfer of your personal information, please contact us using the details in section 14 below.
Your legal rights
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time. You also have the following rights:
a) Right of access: you can ask us for confirmation of what personal information we hold on you and request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
b) Right of erasure: at your request we will delete your personal information from our records as far as we are required by applicable law to do so.
c) Right of rectification: if you consider that our records of your personal information are inaccurate, you have the right to ask us to update those records. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate / up to date.
d) Right to restrict processing: you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate use.
e) Right to object: you have the right to object to processing where we are (i) processing your personal information on the lawful basis of legitimate interests; (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.
f) Right to data portability: you have the right to receive personal data you have provided in a structured, commonly used and machine readable format. You also have the right to request that we transmit this data directly to another controller. The right to data portability only applies when: our lawful basis for processing this information is consent or for the performance of a contract; and we are carrying out the processing by automated means (i.e. excluding paper files).
We may ask you for additional information to confirm your identity and / or for security purposes, before exercising any of these rights.
Please note that some of these rights only apply in limited circumstances. For more information, please contact us using the details in section 14 below.
You are entitled to make a complaint about us or the way we have processed your personal information to the Information Commissioner’s Office, the data protection authority for the UK (www.ico.org.uk). For further information on how to exercise this right, please contact us using the details in section 14 below.
Changes to this Policy
The Trust may update this Policy from time to time. We will notify you of significant changes by contacting you directly if you are on our mailing list and by placing an update notice on our website. We also recommend that you check this Policy from time to time for details of any such updates. This Policy was last updated on 22 April 2020.
Links and third parties
Our website may contain links to other websites which are outside our control and are not covered by this Policy. If you access other websites, these sites may collect your personal information which will be used in accordance with their own privacy policies and data processing practices. These may differ from our Policy and practices, and we therefore encourage you to read the privacy policies of relevant organisations when visiting any external websites via links on our website.
How to contact us
Please do not hesitate to contact us if you have any questions about this Policy or the ways in which we process your personal information by using the following channels:
Post: People’s Health Trust, 2 Bath Place, Rivington Street, EC2A 3DR
Phone: 020 4548 0939