SFAC does not and will not share or sell any personal information onto any third party, unless required to do so for law enforcement or statutory regulatory procedures and requests.
SFAC commit to storing information securely and safely as we can in accordance with national regulations. We will only use the information you provide to us for its intended purpose and will provide information about how we use your data and what data we hold on you at all times.
If you have concerns regarding SFAC’s compliance with Data Protection laws and regulations, or queries regarding these statements and policies, or wish to make a complaint please contact the Data Protection officer for SFAC at firstname.lastname@example.org Alternatively, you can make a complaint to the Information Commissioner’s Office.
If you wish to know what information SFAC holds on you then a request can be made to SFAC via email@example.com
You can contact us at any time to change your information we have on you that may be inaccurate and to ask for information about you to be erased or to no longer be used. You are free to withdraw consent for SFAC or any third-party on behalf of SFAC at any time. Please contact firstname.lastname@example.org or if you have donated via a third-party please contact that organisation to withdraw your consent or information from their records.
SFAC can hold information on individuals under the basis of the Data Protection Act 2018, Privacy and Electronic Communications (EC Directive) Regulations 2003 and General Data Protection Regulation (EU) 2016/679. SFAC information is held on the basis of consent by the individual.
What information do we hold and how do we use it?
Personal Information Provided to SFAC by donors
We receive information from individuals or organisations in the following way:
- Third-party sources such as CAF, MyDonate, VirginGiving, Payroll services including GivingOnline.
- Requests for newsletters/e-bulletins/updates about SFAC
- Email and snailmail communication directly with SFAC
- Information about Standing Orders into SFAC bank account
- Social Media
- Direct from donors and supporters
SFAC is granted access to the following information about a donor, if the donor has provided consent for it to be shared. Such third-party sources include donations via CAF, MyDonate, Virgin Giving, Giving Online, ACCI:
- Email Address
- Telephone number
- Donation details (i.e. amount, date, if Gift Aid is being claimed etc.)
SFAC obtains this information from CAF, MyDonate, ACCI, GivingOnline and Virgin Giving on password protected sites located on their websites. We are provided access to this information (with your consent) by these platforms for accounting purposes and do not sell this information on. We may at times print copies of statements off for accounting purposes. This information is stored under locked files and is available to SFAC Director, Head of Operations, Finance Officer and Trustee for Finance only. Otherwise, all information is stored on the site of the donor giving platform and is not held by SFAC.
If you have provided CAF, MyDonate or Virgin Giving with permission to pass on your information to SFAC for the purposes of being kept informed of our work (newsletters or e-bulletins), SFAC will store the information provided on our password protected MailChimp database for the purpose of keeping you informed of our work and fundraising opportunities.
For information about how CAF, MyDonate, VirginGiving, GivingOnline, ACCI and any other donor platform organisation record your details please see their respective privacy policies. SFAC is not responsible for how they record, store or use your information.
On occasion, individuals or organisations will raise money for SFAC through online sites such as above. SFAC promotes that Virgin Giving is used for this purposes however individuals/organisations can use any site of their choice. SFAC cannot access the information.
Requests for updates/newsletters/e-bulletins
Requests for updates and further information about SFAC can be received through our website, written consent (email, letter, completed form, or messages through social media). Information is then stored on our MailChimp newsletter page. This is password protected and retains the following information:
- Email Address
At any time a person can unsubscribe from receiving information from SFAC and have their details removed from the MailChimp (email) lists. A un-subscription option is on all bulletins and you can email: email@example.com to request your details are removed at any time or write to us via our postal address below.
Where an individual or organisation provides a Standing Order donation to SFAC we only receive the name, donation amount and bank details of the person provided by their bank to Reliance Bank and included in our account records.
Bank statements are kept for 6-7 years for auditing purposes. This information is stored electronically by Reliance Bank and any printed statements are kept under locked file by SFAC.
Where an individual completes a gift aid form and sends this to SFAC this will be scanned and stored electronically on a password-protected site. This information will be used to process gift aid from HMRC only.
Where an address is updated and changed SFAC will retain the previous address for our auditing records for that financial year. After that, the address will be erased.
Where you withdraw consent for gift aid or are no longer eligible SFAC will erase records in accordance with statutory requirements which may include retaining information for auditing and tax purposes.
SFAC will receive notifications and will see people that comment, like or join our pages, articles, content or other on our Facebook, Twitter and YouTube accounts. SFAC does not message people on these sites directly other than to ‘Like’ our page or in response to a comment or direct message.
SFAC does not use information about people on these sites for further marketing or communication purposes.
Emails sent to SFAC
Please do not send SFAC any financial data through the post.
The information in letters is confidential, so if you’ve received one by mistake, please return it to sender without copying, using, or telling anyone about its contents.
Postal addresses and correspondence will be stored in a password-protected online site and/or locked file until we are informed you wish the address to be deleted or there has been no correspondence for a significant period of time.
Using your information
- We will keep and delete your information according to our internal policies and will keep it no longer than reasonably necessary for the purposes for which we hold it, taking into account relevant legal and regulatory retention requirements (e.g. tax or health and safety requirements) and operational considerations.
- To provide you with information about our work or our activities;
- To invite you to participate in interactive features on our website;
- To process donations we may receive from you;
- To fundraise in accordance with our internal policies and procedures;
- For administrative purposes (for example, we may contact you regarding an event for which you have registered, to provide information requested from us or with a query regarding a donation you may have made to us);
- For internal record keeping relating to any donations, feedback, or complaints;
- To analyse and improve the content and operation of our website;
- Where we are required by law to disclose or otherwise use your information.
Storing your information
We will endeavour as best we can to secure safely all of the information we have about you. We do this by storing information on password protected sites online, in lock cupboards and information is restricted to only those staff that need sight of it. Please note that we will not be liable for any breach of security unless we have been negligent.
Under UK data protection law, you have certain rights over personal information that we hold about you. These rights are summarised below. Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances.
You can assert your rights, raise a concern, or make a complaint about how we process your personal data by contacting our Data Protection Officer or Trustee at firstname.lastname@example.org using the title Data Protection Complaint. It will assist us if you explain your request or concern and describe the personal information you are referencing as specifically as possible. In order to take action on your request, we may need further information or request that you provide proof of identity.
Your rights in relation to our processing of your personal information, include:
- Right to have inaccurate or incomplete personal information corrected or completed - if you believe our records of your personal information are inaccurate or incomplete, you have the right to ask us to correct or complete those records.
- Right of erasure - in certain circumstances, you have the right to request that we delete your personal information from our records.
- Right of access - you can write to us to ask for confirmation of what information we hold relating to you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exceptions that apply.
- Right to receive your personal information in a portable format – in limited circumstances, where we are processing information you provided to us because you gave us your consent or because it is necessary for the performance of a contract and the processing is carried out by automated means, you may ask us to provide it to you in a portable format.
If you are not happy with how we have handled your request or complaint, you can contact the Office of the Information Commissioner, which oversees the protection of personal data in the UK.
Alternatively, you may choose to contact the Information Commissioner directly about your complaint, regardless of whether you have raised it with us first.
When you visit our website we hold some information about your usage. This does not identify you as a person but details your usage which helps us understand how our website is being used.
What are cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device and to target the content displayed to the user’s interests.
You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu for a video about cookies visit www.google.co.uk/goodtoknow/data-on-the-web/cookies
There are two broad types of cookies - 'first party cookies' and 'third party cookies'. First party cookies are cookies that are served directly by the website operator to your computer, and are often used to recognise your computer when it revisits that site and to remember your preferences as you browse the site. Third party cookies are served by a service provider on behalf of the website operator, and can be used by the service provider to recognise your computer when you visit other web sites. Third party cookies are most commonly used for web site analytics or advertising purposes. In addition, cookies may be either 'session cookies' or 'persistent cookies'. Your computer automatically removes session cookies once you close your browser. Persistent cookies will survive on your computer until an expiry date specified in the cookie itself, is reached.
We do not use other cookies. You can change your cookie setting so we do not receive any cookie information from you.
In summary Cookies help us know which areas of the site the areas of the website you visit; the amount of time you spend on the site; whether you are new to the site, or have visited it before; the country, region, city and/or borough associated with your IP address or device; how you came to our website – for example, through an email link or a search engine; the type of device and browser you use; how you use the website and the quality of your experience – for example we may track your bandwidth when viewing videos; how you interact with our donation and sign up forms – for example what you select as your communication preferences; and any error messages that you receive on the site. Cookies do not store information that identifies you personally.
Some of our pages contain embedded content such as YouTube video, Twitter feed, Facebook likes and you may receive cookies delivered from these websites. SFAC does not govern the publication of third-party cookies. To understand more about their cookies and privacy statements, please visit their sites.
For Terms and Conditions about using our Website and Social Media Sites please click here
For Fundraising information and information about donations please see our Fundraising Information page