Positive Activities Charity – Known as “The Company”
General Data Protection Regulation (GDPR)
We are committed to protecting the privacy of your data. We wish to respect any personal data you share with us and keep it safe. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.
Why we collect information
We collect information to allow us to provide you with the information or service you have requested from us; to provide you with information which we think you will be interested in; to understand how ponies use the information we provide on our Website; to tailor information and services we provide to ensure they are relevant to you; to improve how we communicate with you and to other relevant organisations / agencies, how we fundraise, and how we operate more generally.
How we collect information
We collect information about you:
- When you give it to us directly
You may give us your personal data to receive further information or products / services in relation to Positive Activities for example; if you wish to receive our e newsletter, volunteer with us or take part in any youth, family or community based projects. When you give us information in this manner, we may collect and store this information.
- When you visit our Website
We may collect information about you when you use our Website. Whenever you input information into our Website (for example, if you create a profile or use any of our interactive features), we will collect the information that you give to us.
We use “cookies” to identify you when you visit our Website and to enable us to remember your log in details. Amongst other things this helps us to understand our Website users and may enable us to improve the Website experience for you and/or other users. We may collect other information from your use of the Website, such as your IP address and access times.
3rd party website links
We may link our Website directly to other sites. This privacy notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit.
What personal data we hold and how we use it
We will typically hold the following information about you:
- Your full name and your title or an indication of the gender that you are most closely associated with;
- Birth year (but not birth date) or alternatively a relevant age range
- Postal address;
- Telephone number(s);
- Email address;
- Records of your correspondence with us;
- Donation and gift aid details (if you donate to us);
- Photos and digital images of individuals where you provide them to us;
- Information you enter onto the Website.
But we may request other information where it is appropriate and relevant, for example:
- Details of why you have decided to support/contact us;
- Details of how you would like to be involved and what you intend to do with the information we provide; and
- Information about you that will enable us to be more precise in what we send you or how we approach you.
We will only process sensitive personal data (e.g. in relation to your health), with your explicit consent.
We will use your data to:
- Provide you with the information, products or services that you request from us (for example, newsletters or guidance on our projects etc);
- Provide you with other information, products or services which we feel may interest you, when we have your consent to do so. This may include newsletters, tips, updates, information in relation to specific campaigns, voluntary surveys or questionnaires for you to complete, details of relevant volunteering opportunities, and details of any promotions and competitions we are running. We may also send you details of events we think you may be interested in attending;
- Provide you with information about carefully selected third-party events, products, campaigns and competitions, where we have your consent to do so;
- Personalise our communications with you (for example, to ensure that our communications are tailored considering your age, location and previous involvement with “the company”;
- Personalise our Website with your preferences and to reflect your previous interaction with the Website (for example, to ensure that our Website is relevant to your location);
- Keep a record of your relationship with us and, where you agree, communicate details of Positive Activities that you may have participated in to others (for example by publishing stories and photos on our Website);
- Allow you to participate in interactive features on our Website when you choose to do so;
- Notify you about changes to our service;
- Comply with applicable laws and regulations and requests from statutory agencies; and
- Carry out any obligations or provide you with any other services, functionality or content which you specifically agree to on our Website.
Communications and Marketing
We may contact you by post and telephone, and where you have provided consent, by e-mail, to let you know about the work of “the company” more generally; and to request donations and provide you with information about and the opportunity to participate in our fundraising activities. We provide the opportunity for you to opt-out from receiving our marketing communications every time we contact you.
You can opt-out from receiving our marketing communications, or update your contact preferences at any time by emailing: firstname.lastname@example.org
We may collect and manage information from children in some circumstances, such as when a child uses any of our services. Those aged 12 or under are unable to receive our newsletter or enter any competitions with us. We will have no other direct contact with those aged 12 or under.
Where consent is required, if it is possible and appropriate, we seek consent from a parent or guardian in the process of collecting information about children, and we only hold information about children that is necessary for the event/programme that they are applying for or participating in.
Where a parent gives consent on behalf of a child, we may contact that child after their 16th birthday, to check if they wish to maintain their relationship with us.
How we keep your data safe and who has access to it
We are committed to ensuring that there are appropriate technical controls in place to protect your personal details including from misuse and unauthorised access. For example, our network is protected and routinely tested.
We do not sell or share your personal details with third parties for them to use for marketing purposes.
We work with service providers and other third parties who help us to operate and to provide and improve our information, products and services, and we may share information with them for this purpose.
Digital Media / Images
As part of our delivery programmes especially the media provision we may also take and use photographic images at sessions which could be used as evidence to our funders or to market or promote one or more of our services through any of our digital media platforms. We will always ask at sessions for parental / guardian permissions where appropriate. If this is not possible, suitable images may be taken and used as above however we will minimise any close facial or any obvious bodily features which may easily identify that pony/s identity. If we caption the image for promotional / marketing purposed it will never have full name, or street location of that pony.
We are delighted to send any images to any authorised parent at any stage as we believe media images demonstrate active participation and help us to promote that event to future users.
Should there be a specific request to remove any images from any form of media that we may use, the parent / guardian must write to: email@example.com and we will remove within 24 hours or sooner and destroy the image/s as requested.
We may allow our staff, consultants and/or external providers acting on our behalf to access and use your information for the activities we have described above (e.g. to deliver mailings, to analyse data and to process payments). We only permit them to use it to deliver the relevant service, and if they apply equivalent levels of protection that we do.
Disclosure of your data / information
We may need to disclose your personal information upon request to regulatory and government bodies, law enforcement agencies and suppliers we engage to process data on our behalf. We may also merge or partner with other organisations and in so doing, acquire or transfer information.
The information we collect from you may be transferred to, shared and/or otherwise processed at a destination outside the European Economic Area (“EEA”). If we do we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
Corrections to your information
Except in limited circumstances, you have the right to obtain details of the information that we hold about you. If you would like to do so please: firstname.lastname@example.org
We want to make sure that your personal information is accurate and up to date. Please let us know if your details change. You may also ask us to correct or remove information which is inaccurate.
Opting out at any stage
You can also opt-out of receiving all or some of our marketing / fundraising communications or request that we stop processing data about you for certain purposes at any time by contacting: email@example.com
Alternatively, you may click to unsubscribe on any future e mail correspondence we may send you.
If you are unhappy with the way in which we have handled your personal data please contact us using the details below.
In certain circumstances you have a right to require us to stop processing your personal data in a way, or for your data to be erased from our database. If it is not necessary for the purpose you provided it to us for (e.g. providing you with a service or item you have requested) or we do not otherwise require the data to be archived for future reference, we will do so.
The legal basis that we rely on for processing your data is either where:
- You have provided your consent to us using your data in a certain way;
- It is within our legitimate interests, or
- It is necessary about the performance of a contract with you; or
- It is necessary to for compliance with a legal obligation to which we are subject.
You have a right to ask for a copy of the information we hold about you. If you want to access your information, please send a description of the information you want to see and proof of your identity to firstname.lastname@example.org
Please let us know if you have any queries or concerns about the way that your data is being processed by contacting us on the details below. You are also entitled to make a complaint to the Information Commissioner’s office, and for further information see the Information Commissioner’s guidance here https://ico.org.uk/for-the-public/personal-information.
We keep data for as long as there is a need to keep it about the purposes for which it was collected.
We may keep your personal data after a matter or exchange has concluded but purely for record keeping purposes and to be able to respond to queries. In some cases, we are also obliged to retain your personal data to comply with legal or statutory obligations (for example, to keep records of contractual or financial matters, for insurance purposes, for monitoring purposes and for surveys we may carry out from time to time to improve our services etc.).
Whilst the specific time periods vary depending on the circumstances, in general we will not keep records that include personal data for more than 6 years after a matter or exchange has concluded. If you ask us to stop sending you marketing communications, we will retain certain details, such as your name, to help us ensure that you are not contacted again.
Questions, comments and requests regarding this privacy statement are welcomed and should be addressed to email@example.com
Data Protection – Mark Fenty.
Data Controller – Elspeth Kasem
Data processor – Elspeth Kasem
Compliance & CPD – Steve Bown