This policy applies to individuals, groups, organisations and all individuals that come into contact with Heritage Charity London. This policy details rights and obligations in relation to your personal data and the personal data of third parties. Ensuring that all data is secure and properly dealt with is of paramount importance to Heritage Charity London, and we have this policy in place ensure we conform fully with General Data Protection Regulations (GDPR) and Data Protection.
Scope and definitions
Personal data means any information relating to an identified or identifiable natural person (a “data subject”).
Processing should be taken to mean any operation defined in law, i.e. collection, recording, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Special categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or political beliefs, trade union membership, health, sex life or sexual orientation and biometric data.
This Data Protection Policy applies to all Personal Data processed by Heritage Charity London.
Data protection principles
Heritage Charity London processes personal data in accordance with the following data protection principles:
Intention of the policy
The intention of this policy is to set out how Heritage Charity London collects, uses and protects personal data from any individual or organisations that interact directly with us.
The Policy prescribes the following:
Your entitlements
Data protection legislation prescribes the way an organisation may collect, retain and handle personal data. Heritage Charity London will comply with all data protection legislation and requirements as we recognise the right that people have with regards to their personal data and we have a responsibility under law to uphold those rights.
Under UK data protection legislation, you have certain right over personal information that we hold about you. Your rights are summarised below and all enquiries with regards to your
personal data, how we handle use and collect data can be made by contacting our General
enquiries team at: info@heritagecharity.org. Please explain your request or concern and clearly specify the type and nature of the data concerned. In order to process your request we may need to request further information and/or request proof of identity.
Heritage Charity London will inform individuals of the reasons for processing their personal data, how it uses such data and the legal basis for processing it when we do so – we will not process personal data about individuals or organisations for other reasons.
Heritage Charity London will update personal data promptly if an individual advises that their information has changed or is inaccurate.
Different categories of data will be retained for different periods of time, depending on legal, operational and financial requirements. Any data which Heritage Charity London decides it does not need to hold for a particular period of time will be securely destroyed.
Your rights
Your rights in relation to our processing of your personal information , include: – (please note that exceptions may apply to a number of these rights, and not all rights will be applicable in all circumstances)
If you are not happy with how we have handled your request or complaint, you can contact the Office of the Information Commissioner, which oversees the protection of personal data in the UK.
Alternatively, you may choose to contact the Information Commissioner directly about your complaint, regardless of whether you have raised it with us first.
(b) Legislation empowering data protection
There are several laws that empower data protection and regulate its use – it allows us to process your data safely and effectively.
Our data policy takes into account several laws including:
Generally, our processing of your personal information as described in this policy is allowed
by these laws based on one or more lawful grounds, including:
subject. For example, we may rely on this basis where we are obliged to share your personal
information with a regulator or HMRC.
We rely on legitimate interests for activities such as marketing and communication by post or telephone unless you have expressed your desire not to be contacted in this method.
In any event, where we are relying on legitimate interests to process your personal information, we will consider any potential impact on you (positive or negative), your rights under data protection laws, and will not use your personal information for activities where the impact on you overrides the legitimate interests in the processing. Where we process sensitive personal data (as mentioned above), we will make sure that we only do so in accordance with one of the additional lawful grounds for processing that type of data, such as where we have your explicit consent or you have made that information manifestly public.
(c.) Methods of Data Collection
Any interactions with Heritage Charity London may result in Data collection, we may also receive information about you from third parties with whom we work (e.g. donations through a third party site that you have given permission to share information with us). We may supplement information that we know about you with information is that readily available to the public. In oder to ensure effective and efficient data collection we may supplement data from readily available public sources either directly or through a third party subscription service provider to provide the best data analysis collection.
We may collect aggregated or anonymous information when you visit our website or interact with our content. For example, we may collect information about the services you use and how you use them, like when you watch a video on YouTube, visit our website or view and interact with our ads and content. Please see our Cookies section for more detail.
We may also collect and process information about your interactions with us, including details about our contacts with you through email, SMS, post, on the phone or in person (i.e., the date, time, and method of contact), details about donations you make to us, events or activities that you register for or attend and any other support you provide to us. We may also collect and record any other relevant information you share with us about yourself, including your interests or your affiliations with other charities, community groups, your employer or a Heritage Charity London corporate partner. If you are a minor, we may collect the name and contact details of a parent or guardian and, where appropriate, the name and location of your school.
In order to ensure that our communication with you is relevant and tailored to your background and interests, we may supplement what we know about you with information that is available to the public. This allows us to better understand your interests, preferences, and level of potential engagement and/or donation, so that we can contact you in the most appropriate way and to ensure that we do not send you unwanted communications. The information we collect and process about you from publicly-available sources may include demographic information associated with your postcode or your address and an estimate of your age. We may collect this information ourselves or through third-party service providers.
Where we have identified that you may have the capacity or affinity to support Heritage Charity London at a higher level, we may use the information we hold about you to identify connections between you and our existing circle of key supporters. We may review other information about you that is available to the public through internet searches, social networks, such as LinkedIn, subscription services, news archives or public databases (e.g., Companies House, the electoral, political and property registers), such as information about corporate directorships, shareholdings, published biographic information, employment and earnings, philanthropic interests and networks, charitable giving history and motivations and relevant media coverage, so that we can engage with you in a more personalised way.
(d.) What Data is collected
The Data that we collect ranges and can be sourced either directly through channels at Heritage Charity London or through Third party subscription services we work with. The type of data may include the following:
(e.) Browsing and Cookies
We at Heritage Charity London do not use cookies to collect Data. All online financial transactions are encrypted by TLS (Transport Layer Security). However we may collect information detailing your interactions with our website.
(f.) Personal Sensitive Data
Data protection Legislation recognises certain categories of data as sensitive. This can include information about health, race, religion and political opinion. In the rare case that we are required to collect such sensitive data from you, we would only collect the sensitive data if there was a clear reason for doing so such as to ensure that we provide appropriate facilities or support to enable you to participate in a specific capacity e.g. in an athletic event like a marathon.
When you register with us, you are stating that you are 18 years of age or over. You agree that any information you provide to us about yourself upon registration or at any time is true.
If you use your credit or debit card to donate to us, buy something or make a booking online, we pass your card details securely to our payment processing partner as part of the payment process. We do this in accordance with the Payment Card Industry Security Standard and don’t store the details on our website or databases for payment.
Data relating to unsuccessful job applicants will only be retained for a period of one year and after consent has been obtained from the job applicant to process their personal data.
(g.) Data Analysis and use
We may use your information in a number of ways, including:
We may contact you via the information that we have collected for marketing purposes by email or text message if you have agreed for this method of marketing communication. We may also send you email communication or text communication where you have placed an order for goods or services through our website. Providing a donation through our website is another example of where we would use data to communicate with you.
If you have provided your postal address or telephone number we may send you information about our work unless you have expressed your desire not to be contacted this way.
Data combination, analysis & use
We at Heritage Charity London, in our “supporters promise” committed ourselves to communicating with you using an approach that is right and ethical. This means that we manage the commutations we send to ensure that we are selecting the most appropriate approach to contact you. We do this to also ensure that we do not send you unwanted communication. To facilitate this we may combine the information that we collect about you and cross analyse your interests, preferences and level of potential engagement or donation. We may use statistical analysis to organise the data to understand the likelihood that you will be interested or responsive to a particular message or campaign. We may use third party service providers to assist us in this process.
The process of data combination and analysis assists us to engage with the community in a more personalised way. You may opt out of your data being combined and analysed for marketing purposes at any time by contacting our General Enquires team on info@heritagecharity.org
In accordance with our legal and regulatory obligations and our internal policies and procedures, we may also use personal information to carry out due diligence on potential or actual donors. If you opt out of analysis of your data for due diligence purposes, we may not be able to accept donations from you.
(h.) Disclosure of Data to third parties
Heritage Charity London may provide your information to our service providers. Subject to your communication preferences and our internal policies and procedures, this would include providing your information to third parties that work with us to deliver on our charitable purposes, and other entities that act as fundraisers for Heritage Charity London, sell Heritage Charity London products or provide Heritage Charity London with marketing information and services.
Where you have agreed to receive email or SMS marketing communications from us, we may provide your email address or mobile phone number in an encrypted format to social media companies, such as Facebook, Instagram, Twitter or YouTube, or to digital advertising networks that are providing services to us by displaying our advertising to you on those social media platforms and other websites, as well as identifying audiences with interests similar to yours. You can opt out of your data being used to display advertising to you by contacting our General Enquiries team on info@heritagecharity.org
However, this will not prevent our advertisements being shown to you on a randomised basis or based on cookie data and may mean that you stop receiving marketing communications from us more generally.
We may enter into contracts with certain service providers that would require them to comply with data protection laws and to ensure that they have appropriate controls in place to protect the security of your information.
We will never sell your details. We will only share your details with third parties (who are service providers working at our direction) as indicated in this Policy or if you have consented or we have another legal basis to do so. We will not make cold telephone calls to members of the general public for individual support and, therefore, will not purchase your data in order to do so.
We may disclose your personal information if we are requested or required to do so by a regulator or law enforcement or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect Heritage Charity London, for example in cases of suspected fraud or defamation, or in order to comply with any other applicable legal obligation.
(i.) Access and changes to personal data
You have the right to make a subject access request. If you wish to access a copy of any personal data being held about you, you must make a written request for this to the General Enquiries team using the email address: info@heritagecharity.org
Note that Heritage Charity London will always check the identity by ID or passport before making the request and before processing it.
If you make such a request,
Heritage Charity London can identify:
(j.) Duration of personal Data
We will keep and delete your information according to our internal policies and will keep it no longer than reasonably necessary for the purposes for which we hold it, taking into account relevant legal and regulatory retention requirements (e.g. tax or health and safety requirements) and operational considerations.
(k.) Accuracy of personal data
Heritage Charity London will encourage individuals to notify us of any inaccuracies by contacting the General Enquiries email: info@Heritagecharity.org . Heritage Charity London will respond to requests for rectification of data in a timely manner. Heritage Charity London will implement staff training to assist with implementation of this principle regularly.
(k.) Security of personal data
Heritage Charity London will ensure that personal data is not processed unlawfully, lost or damaged. Appropriate technical and organisational measures will be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, data. Personal data will not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection relation to the processing of personal data.
(l.) Data Breaches
Heritage Charity London will record all data breaches regardless of their effect. If we discover that there has been a breach personal data that poses a risk to the rights and freedoms of individuals, we will report it to the Information Commissioner within 72 hours of discovery. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will tell affected individuals that there has been a breach and provide them with information about the likely consequences of the breach and the mitigation measures we have taken.
(m.) Other websites
We cannot be held responsible for the privacy of data collected by websites not owned or managed by Heritage Charity London, including those linked through our website.
(n.) Emails and terms of use
Emails are not a secure form of sending information. They may be intercepted, altered or changed to benefit others. Heritage Charity London does not accept liability for the loss or damage as a consequence altered emails.
The contents of emails reflect their author’s views and not necessarily those of Heritage Charity London as a whole. Please do not send Heritage Charity London any financial data through email.
The information in emails is confidential, so if you have received one by mistake, please delete it without copying, using, or telling anyone about its contents.
Policy Review
This policy was last reviewed and agreed by the board of trustees and seeks to be reviewed and updated annually. Any queries arising regarding this policy should be addressed to Mrs Fruzsina Marjan
January 2022