The County Air Ambulance Trust is a data ‘controller’ of the information we hold about you (‘personal data’). We are a privacy conscious organisation and strongly committed to safeguarding the privacy of your information. This privacy notice describes how we protect and process your personal information. The word ‘process’ covers most things that can be done with personal data including collection, use, storage and destruction.
We will always comply with the law that sets rules for processing personal information which may be held on structured paper records or on computers as well as other media.
When you provide personally identifiable information it will be held for processing and is subject to certain legal safeguards specified in the EU General Data Protection Regulation (GDPR) and equivalent UK Data Protection Act 2018 (DPA) and we may use it to provide you with information only about County Air Ambulance Trust news and events.
We will ensure that we have appropriate security measures to protect your information regardless of where it is held.
County Air Ambulance Trust,
PO Box 999, Green Lane, Walsall, WS2 7YX
Telephone: 0800 389 8999
Registered Charity in: (England & Wales 1057063) (Scotland SC045963)
We may update this privacy notice from time to time so please check back periodically as we will notify you of significant changes by placing a notice on our website: www.countyairambulancetrust.co.uk
Your personal data
‘Personal data’ is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you.
It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can be processed.
We are committed to protecting your personal data, whether it is ‘special categories’ or not, and we only process data if we need to for a specific purpose and providing we have a legal basis, as explained below.
How do we collect personal information?
We collect information mainly when you interact with us and when you use our service in the following ways:
When you generally first make a donation, tell us your story, sign up for one of our events, buy our merchandise or products or volunteer with us.
Sometimes when you support us your information is collected by an organisation working for us (e.g. a professional fundraising agency), but we are responsible for your data at all times. When you give details to us indirectly
- Your information may be shared with us by independent event organisations, for example fundraising sites like Just Giving or Virgin Money Giving. These independent third parties will only do this if you’ve indicated you’re happy for them to do so.
When you use our websites.
- Like most websites, we use “cookies” to help us make our sites, and the way you use it better. A cookie will help us gather statistics on the use of our website anonymously. They are small text files that make interacting with a website faster and easier.
We may also collect information about how our website is used and track which pages users visit. We use this information to monitor and improve the user’s experience of our website, temporarily store data and understand the parts of the website that users are visiting.
Where possible we use anonymous or aggregated data that does not identify individuals. This helps us understand how people are using our websites and how to make it better.
You can set your browser to not accept cookies, but this may affect the functionality of the website.
What personal information we collect
The personal information we collect about you depends on how and why you
are providing it. For example, making a donation, fundraising, sign up for an event or buying something from us it could include where it is appropriate (but is not limited to):
- Your name, postal address, telephone number, e-mail address, gender, date of birth, motivation for supporting us and your contact preferences.
- Your bank account details, debit or credit details and other payment information such as payroll number for Give As You Earn donors.
- Parental consent if you are under 16
- Next of kin details
- Other information you provide to us from time to time which is relevant and necessary for us to collect and process. For example, the events you have participated in.
- We may also collect information about your activity online when you visit our website and when we send you an email.
- We do not collect sensitive personal data about you and only ask for information that is relevant and necessary to provide the service, or administration you have requested.
Why we use your personal information
We will only collect and use your personal information where we have a legal basis to do so and will always respect your rights.
Where we use your information, it may be because you have consented to us doing so or because we consider we have a legitimate interest to do so. Where we do rely on a legitimate interest to use your information, we promise never to do it in an intrusive way or to cause distress, and to always respect your rights. Other reasons may include using information because we have a legal obligation to do so or because we have to fulfil contractual obligations.
Examples of why we use your personal information are described below:
- to enable your donation to be processed
- to acknowledge receipt of your donation
- to process Gift Aid
- to support your fundraising
- to send you details about our fundraising campaigns and activities
- to look into any complaints or questions which may arise
- to send you feedback or a compliment
- to comply with legal and regulatory obligations
- to detect and reduce fraud and credit risk
- to help us know how you prefer us to keep in touch
- to ask about your experiences with us and ways we can make things better in future
We may apply our legitimate interest wherever we believe it is appropriate but we promise that we will never do this in an intrusive way and will always respect your rights and freedoms when doing so. Some examples of when we would rely on our legitimate interest include:
- To pursue our charitable objectives
- To fundraise (both now and in the future) to fund our work
- To ensure we meet our regulatory requirements as a charity.
- To manage our on-going relationship with our supporters and anyone we work with.
- To manage our financial transactions and prevent fraud.
We are committed to keeping your personal information safe and secure and we have appropriate policies and measures in place to help protect your personal information. We undertake regular reviews of who has access to information that we hold, to make sure that your information is only accessible by appropriately trained staff and agents.
We will put in place procedures to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to third parties that process your personal information on our behalf (i.e. data ‘processors’) if they are approved by us and agree to comply with these procedures and policies, or if they put in place adequate security measures.
All our employees and the employees of any subcontractors who process data on our behalf are obliged to comply with our strict information security procedures.
Access to your personal information will always be limited to appropriate individuals with a legitimate interest in providing you with a service. We will not keep your information for any longer than is reasonably necessary.
Who we share your personal information with
We will never give or sell any personal information to any other charities or organisations. However, there are some circumstances where we would share your data with a small number of trusted partners (third parties) for some of the purposes outlined above. Where we use third parties, we require them to adhere to appropriate controls to protect personal information.
Some people choose to tell us about their experiences to help further our work; this might include information about their health and family, as well as photographs. We will always make sure we have explicit and informed consent from the individuals, and keep this information safe and secure.
This information may be shared at events, in promotional materials or fundraising campaigns, on our websites and in documents such as our annual report but only if we have your consent to do so.
Right of Access and Complaints
You have a number of legal rights in relation to the information that we hold about you.
You can ask us for a copy of the personal information or ask us to change it if you think it is wrong. Please contact us – if you wish to exercise any rights set out in this section. If your personal details change, we’d really appreciate it if you let us know.
In certain circumstances, you also have a right to ask us to object or restrict to the processing your personal data (the right to be forgotten) and delete the information.
If we are relying on your consent to processing your personal data then you may contact us to withdraw your consent at anytime.
If you are unhappy with our use of your personal data, you have the right to make a complaint to the Information Commissioner’s Office (ICO). www.ico.org.uk we would encourage you to contact us in the first instance so we can attempt to resolve any concerns.
Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to firstname.lastname@example.org
How we protect your personal Information
We maintain the highest standards of data privacy and security to protect your personal details and other information about you because we want you to feel completely confident about engaging with us. We regularly review our processes and procedures to protect your information from unauthorised access and use, accidental loss and/or destruction.
Sometimes we use other organisations (known as ‘data processors’) to process your personal information on our behalf. We don’t allow them to use this information for their own purposes and they have to follow our strict instructions whilst complying with appropriate security measures. We constantly assess their security measures when we bring them on board and we continue to monitor their compliance throughout the time we use their services.
- We will only collect and use information where we have lawful grounds and legitimate business reasons to do so.
- We will be transparent in our dealings with you and will tell you about how we will collect and use the information.
- If we have collected your information for a particular purpose, we will not use it for anything else unless you have been informed and, when relevant, your permission obtained.
- We will not ask for more information than we need for the purposes for which we are collecting it.
- We will update our records when you inform us that your details have changed.
- We will not disclose, distribute or sell your personally identifiable information to other organisations or third parties unless we have your permission or if the law explicably requires us to do so.
- We will observe the rights granted to you under applicable privacy and data protection laws, and will ensure that queries relating to privacy issues are promptly and transparently dealt with.