SHINE is committed to a policy of protecting the rights and privacy of beneficiaries, donors, supporters and others in accordance with the General Data Protection Regulation and the Data Protection Act 2018.
This Privacy Statement sets out how we collect, use and store the personal information of beneficiaries, donors, and supporters, and their rights in relation to the use of their data.
Who are we?
SHINE: Support and Help IN Education is incorporated and registered in England and Wales with company number 04053509 and our registered office is at Princes Exchange, 2 Princes Square, Leeds, England, LS1 4HY is a ‘controller’ under the General Data Protection Regulation and the Data Protection Act 2018.
What data will we collect?
We will only collect information from you that is relevant and not excessive. In particular, we may collect the following information from you which is defined as ‘personal data’:
- Personal details
- Financial details
- School data
Basis for processing personal data
The basis on which we process your personal data is one or more of the following:
- It is necessary for the performance of our contract with you
- It is necessary for us to comply with a legal obligation
- You have given us your consent (this can be withdrawn at any time by advising us)
How will we use your data?
We may use your information for the following purposes:
- Promotion of our services to funders / donors
- Provision of our services to beneficiaries
- Provision of education and training to beneficiaries
- Maintaining accounts and records
- Supporting and managing staff
- Providing access to our website and personalising visits
- Dealing with enquiries and requests for information or services
- Maintaining information as a reference tool or general resource
We always provides beneficiaries, donors, supporters and others with the choice to opt in to marketing from SHINE (which includes email updates, invites to events, fundraising appeals and the Annual Impact Report).
Furthermore, you can opt-out of receiving any promotional materials at any time by contacting us by email on email@example.com or by calling 0113 280 5872.
Who may we share your information with?
- occasional external consultants
- IT service providers
We will not share your personal information with any other third parties. We will share personal information with law enforcement or other authorities if required by applicable law.
Who may we receive information from?
We may receive information about you from the following sources:
Please be assured that this information will be treated confidentially at all times and will only be used where necessary.
Data gathered by our website
We do not collect any personally identifiable information from the visitors to our website, apart from information you have given us when filling in an online form such as signing up for regular updates from SHINE, funding application forms or our online donation page.
We may also collect information about your usage of the website (for example, the URL you came from, IP address, domain types like .co.uk and .com, your browser type, type of device, your age and location and the pages of our website that were viewed during your visit). However, all this information will be stored in an anonymised format.
“Cookies” are small text files created and stored on your hard drive by your internet browser software, in order to hold relevant information about the web page you are currently viewing. They help us to improve the website and to deliver a better and more personalised service.
Most browsers have a facility that will allow you to disable cookies altogether; please refer to your browser’s help menu to find out how to do this. Whilst you will still be able to browse most of our website with cookies disabled, certain features may not be available.
The transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to the website; any transmission is at your own risk.
Please note that this website contains links to third party websites and we are not responsible for the data protection or privacy policies of those third parties.
As part of SHINE’s major donor fundraising activities we undertake research and profiling of supporters and prospective supporters who may have an interest in, and financial ability to, support SHINE’s mission.
For this reason, we may gather information about you from publicly available sources – for example, Companies House, the Electoral Register and the media – to help us to understand more about you as an individual and your ability to support the Charity. We may also use publicly available sources to carry out due diligence on donors to meet money laundering regulations. However, we do not carry out wealth screening and we do not conduct research beyond paywalls.
In undertaking this research, we aim to focus conversations we have with you and your support of SHINE in the most effective way, and ensure that we provide you with an experience as a donor or potential donor which is appropriate for you.
Carrying out research and processing in this way allows us to conduct high value fundraising, which is essential for our legitimate interests – in this case, our ability to run SHINE’s grant making programmes. We will always endeavour to do so with great care and in a way that does not unduly impact your rights and freedoms.
We are committed to working in a transparent, ethical, responsible and honest way. To reflect this commitment, we are registered with the Fundraising Regulator and are committed to the Regulator’s Code of Practice.
You can opt out of your data being used for profiling by contacting us at any time by emailing firstname.lastname@example.org
How long will we keep your information for?
- We will normally keep your information throughout the period of time that we are providing services to you or receiving support from you and afterwards for a period of six years as we are required to do by law and also by the regulations that apply to us
- More information is set out in our data retention policy which is available on request from us
Transfers to third countries
- We may from time to time transfer your personal data to a country outside of the EEA; for the purposes of cloud storage and Mailchimp usage.
- Normally this will be necessary for the performance of your contract with us or for the exercise or defense of legal claims on your behalf
- Sometimes we may transfer for other reasons and we will ensure that appropriate safeguards are in place at all times
What rights do you have?
The General Data Protection Regulation gives you rights in relation to the data we store and use.
- The right to be informed. This means that we must tell you how we use your data, and this is the purpose of this Privacy Notice
- The right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
- The right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
- The right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- The right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- The right to portability. You may transfer the data that we hold on you for your own purposes
- The right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
These are not absolute rights and only apply in specific scenarios depending on the context and the reason we are processing your personal data.
If you wish to exercise any of the rights explained above, please contact us by email on email@example.com or call 0113 280 5872.
Who can you complain to?
- If you are unhappy about how we are using your information or how we have responded to your request then initially you should contact us by email on firstname.lastname@example.org or call 0113 280 5872.
- If your complaint remains unresolved or you think that your data protection rights have been breached by us then you can contact the Information Commissioner’s Office, details available at ico.org.uk
Changes to this privacy statement
This privacy notice was last updated in October 2020. We may change this Privacy Statement from time to time. You should check this statement occasionally to ensure you are aware of the most recent version.
How to contact us
If you have questions about this Privacy Statement or require further information please contact us by email on email@example.com or call 0113 280 5872.