Caring For Life
1.1 Privacy and Security
Caring For Life is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact us by emailing firstname.lastname@example.org, writing to, Caring For Life, Crag House Farm, Otley Old Road, Leeds, LS16 7NH, or calling us on 0113 2303600. If you receive information regularly via email, there will always be a link that you can click to remove you from the regular email lists.
We never sell your personal information, and only ever hand it to companies we work with who’s role it is to solely facilitate providing you with information that has been agreed to be sent and only with companies who guarantee its’ privacy and security.
1.2 Contacting us
We are always very open about what information we hold and how we gather it and how we use it. If you have any questions, concerns or queries regarding information about your personal information, or would like to discuss this policy, please do contact us.
1.3 The Data Controller & Data Processor
Caring For Life is the controller of all information obtained that identifies you. Caring For Life uses a Data Processor to help maintain and manage Caring For Life’s IT services. A contract is in place to protect the rights and legal requirements as a Data Processor to ensure GDPR requirements are all adhered to.
1.4 About us
For the purpose of this policy all entities will be included under the umbrella name of Caring For Life and Social Enterprise.
Information where deemed appropriate, may be provided between Caring For Life, Caring For Life Trading, and Caring For Life Properties, but will always be subject to this policy.
Caring For Life policies and practices are in line with policies and requirements as set out by The Charity Commission, Companies House, ICO, Fundraising Regulator, HMRC and the Institute of Fundraising.
2. WHAT INFORMATION WE COLLECT
2.1 Personal data you provide
We collect data that you provide for us. This includes information you give when enquiring about our services, donating, registering for an event, or communicating with us, benefiting from services, or receiving offers. For example:
• personal details (name, date of birth, email, address, telephone etc.) when you join as a supporter;
• financial information (payment information such as credit/debit card or direct debit details, and whether donations are gift-aided. Please see section 8 for more information on payment security);
• receiving offers and information for the social enterprise business
• general communication notes
2.2 Information created by your involvement with Caring For Life
Your activities and involvement with Caring For Life will result in personal data being created. This could include details of how you’ve helped us by volunteering and attendance or participation in our events.
If you kindly decide to donate to Caring For Life then we will keep records of when and how much you give to a particular cause.
2.3 Information we generate
We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you. Section 6 (Research and profiling) contains more information about how we use information for profiling and targeted advertising.
2.4 Information from third parties
We do not collect personal information from third parties, however we may have access to it, such as Facebook. Whilst we have access to person information from third parties, we will not collect and use that information to create any profiling or do any unsolicited direct marketing.
2.5 Supporter, or interested donor sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health, beliefs) about supporters. However, there are some situations where this will occur (eg if you volunteer with us or if you have an accident on one of our sites or events). If this does occur, we’ll take extra care to ensure your privacy rights are protected.
2.6 Accidents or incidents If an accident or incident occurs on our property, at one of our events or involving one of our staff (including volunteers) then we’ll keep a record of this (which may include personal data and sensitive personal data).
2.7 Volunteer If you are a volunteer (or if you are helping us for other reasons, for example you are part of a fundraiser on site for Caring For Life,) then we may collect extra information about you (eg references, criminal records checks, details of emergency contacts, medical conditions etc). This information will be retained for legal reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
2.8 Loyalty Customers & Customer information for Caring For Life Social Enterprise Information is collected to understand the patterns and trends of customers in the uptake of offers and events that are hosted by the social enterprises. Information is also used to enable a personalised experience for bespoke marketing purposes. For example emailing loyalty customers about loyalty card holder only offers.
We use photographs in a range of ways
• update and inform supporters of events
• advertise appeals or fundraisers
• communicate current issues being faced
• highlight products or services
• promote social enterprise entities
Consent for images that is focussed on any one individual will always be sought. If photos contain group shots of large audiences, such as open days, or dining in the restaurant, a statement will be clearly placed on literature requesting that people inform Caring For Life, or its social enterprise marketing team, if images are not allowed to be used. Privacy of individuals is important to us, and we will honour any requests not to use images.
Use of Children or vulnerable people, who are not being cared for by Caring For Life, comes under section 7 of this policy.
If an image is used that you do not feel has been approved, or if you feel that an image has been taken from Caring For Life and used in others places without Caring For Life’s permission, please contact email@example.com as soon as possible to have the picture removed.
3. HOW WE USE YOUR INFORMATION
We only ever use your personal data with your consent, or where it is necessary in order to:
• enter into, or perform, a contract with you;
• comply with a legal duty;
• protect your vital interests;
• for our own lawful interests, provided your rights don’t override these
• supply you with agreed information
In any event, we’ll only use your information for the purpose or purposes it was collected for (or closely related purposes).
We use personal data to communicate with people, to promote Caring For Life and to help with fundraising. This includes keeping you up-to-date with our news, updates, events and fundraising information. For further information on this please see Section 5 (Marketing).
Social Enterprise keeps separate systems to the Charity databases for the purpose of communicating any offers and deals to its customer base.
We use personal data for administrative purposes (ie to carry on our charity work). This includes:
• receiving donations (eg direct debits or gift-aid instructions);
• maintaining databases of our volunteers and supporters;
• fulfilling enquiries;
• helping us respect your choices and preferences (eg if you ask not to receive information material, we’ll keep a record of this).
3.3 Internal reviews
We carry out reviews on our supporters, donors and volunteers, to determine the success of appeals, better understand behaviour and responses and identify patterns and trends. This helps inform our approach towards fundraising and makes Caring For Life a stronger and more effective organisation. Understanding our supporters, their interests and what they care about also helps us provide a better experience (eg through more relevant communications).
3.4 Supporter and customer analysis
Caring For Life is very sensitive to how it reviews information on supporters and customers of the Social enterprise, or interested parties, that personal information is held on. Caring For Life has taken care in ensuring only information that has been requested will be sent, and that communications will only be what has been agreed to. In the event that you feel unwanted material has been sent without permission we would want you to contact us as soon as possible so that we are sensitive to your privacy. Further information on profiling can be found in Section 6 (Research and profiling).
3.5 Supporter and Customer Relationship Management
We keep track of communications, which may include, personal information for the sole purpose of being able to sensitively deal with Caring For Life’s relationship with supporters and customers. An example is noting the circumstance of the passing of a loved one so that we may firstly update our records and be sensitive to information sent, but also to enable us to sensitively write with best wishes.
Information will not be used to manipulate or extort information, and communication is carefully managed internally with the ‘Fundraising Policies in a Nutshell’ which is mirrored with the Fundraising Regulator Code of Practice.
4. DISCLOSING AND SHARING DATA
We will never sell your personal data. If you have opted-in to receiving information from Caring For Life, we may contact you with information about products and ministries, including information from other groups related to Caring For Life, such as the social enterprises at Crag House Farm, but these communications will always come from Caring For Life and are usually incorporated into our own materials, either printed or email (eg advertisements in our newsletters).
We may supply personal data with subcontractors or suppliers who provide us with services. For example, if you receive newsletters from Caring For Life, your name and address will be given to the print company for them to package and send any agreed literature. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure, and to be removed once the work has been completed.
5. KEEPING IN TOUCH
Caring For Life has always sought permission from supporters before sending information on news, update or appeals. This includes all our communications via email, post and telephone. However, you always have the choice as to whether you want to receive these communications and be able to select how you want to receive them (email, post, phone). You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact us by emailing firstname.lastname@example.org, writing to, Caring For Life, Crag House Farm, Otley Old Road, Leeds, LS16 7NH, or calling us on 0113 2303600. If you receive information regularly via email and wish to stop, there will always be a link that you can click to remove you from the regular communication lists.
5.1 What does ‘marketing’ mean?
Marketing does not just mean offering things for sale, but also includes news and information about:
• our charity and the work with our beneficiaries;
• Caring For Life events;
• volunteering opportunities;
• appeals and fundraising (including donations, competitions and etc.);
• our events, activities and local groups;
• products, services and offers (of third parties which may interest you); and
• leaving a legacy; When you receive a communication, we may collect information about how you respond to or interact with that communication, and this may affect how we communicate with you in future.
5.2 Prayer Newsletters, Bulletins and Updates
Caring For Life in its literature will always be sensitive to what it sends, and whilst the main focus of Caring For Life newsletters, bulletins and updates will be pastoral, there may be other fundraising and other information included in those publications. If you are unhappy to receive these publications, please contact us and let us know.
As a charity, we rely on donations and support from others to continue our vital work. From time-totime, we may include fundraising challenges and appeals in our regular news updates and other communications with supporters.. This might be about an appeal, a newsletter, an invitation to an event or to suggest ways you can raise funds.
We’ll only contact you if you’ve opted in to receiving materials from us (you can, of course, unsubscribe at any time).
5.4 Social Enterprise marketing
The Granary, Coffee Shop, Gift and Farm shop and Garden Nurseries rely on customers to generate income to meet its running costs and provide much needed income to the Charity. Offers, Events, Incentives and general communications are sent to people who give explicit permission to inform of relevant information.
The loyalty card customer scheme only provides information about the offers and deals via email, so careful protocols are in place to enable specific, agreed information to be sent to offer the benefits of this scheme. Terms and conditions of this scheme are available upon request from email@example.com.
6. RESEARCH AND PROFILING
This section explains how and why we use personal data to build profiles which enable us to understand our supporters, improve our relationship with them, and provide a better supporter experience.
6.1 Analysis and grouping
We analyse our supporter interests and may communicate directly in connection to any relevant trends, or activities that any given supporters may show interest in. This may include volunteers, and requesting support of other volunteering opportunities, or may include reviewing gifts from people who may find interest in specific fundraising projects that have been supported previously.
This may also include informing customers who have previously taken up an offer in the social enterprise and informing them of a similar activity that they may be interest in.
6.2 Helping us understand our supporters and customers
We profile supporters in terms of financial and practical support. For example, we keep track of the amount, frequency and value of each person’s support. This information helps us to ensure communications are relevant and timely.
If, based on information that has been provided to us (such as geographical location, history on previous donations), it appears an individual might be willing and able to provide more support we may contact them to see if they wish to do so.
We might also use geographical information to inform supporters of local support groups that may be of interest. We would not send information about support groups unless requested.
The social enterprise analyses geographical information to understand where certain advertising has been successful to ensure better use of resources for future marketing placements.
6.3 Anonymised data
We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as general trend reviews, and general understanding of geographical areas of support, this may help us understand where the best areas of fundraising or relationship development might be best to focus resources towards.
7. CHILDREN, YOUNG PEOPLE & VULNERABLE ADULTS
7.1 Information for parents/guardians/carers We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children and vulnerable adults. If your child is under 18, we’ll only use his or her personal data with your consent. This means that, for example, if your child wants to have his or her name or picture featured in one of our newsletters, we’ll need you to confirm you’re happy for us to do so.
7.2 Vulnerable Adults In the event of personal information being provided from a vulnerable adult wishing to receive communications from the charity, or to receive information from the social enterprise, including the loyalty scheme, reasonable steps shall be taken to identify and record if additional consent is required to ensure appropriate correspondence. For example, if a person has an appointee who supports the financial affairs of a vulnerable adult, advice ought to be obtained to ensure that the vulnerable adult is only sent information that does not include financial commitments.
7.3 Marketing and fundraising We won’t send marketing emails, letters or call any individual we know to be under 18 years old. We might hold the child’s name on the database, but the salutation and all correspondence will be directed to the parent or guardian
8. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have personnel are required to follow specific protocols when handling personal data.
8.1 Payment security
Caring For Life uses various third party companies to process credit card payments or manage Direct Debit Donations for our online payments. These companies use Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
For credit card donations taken onsite through our PDQ’s, credit card details are securely passed to our payment provider. Other payment methods are handled in a similar manner. Caring For Life complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
In the social enterprises, the card details will not be held on any till device, and the payment is transmitted through the servers without being directly handled by the till management server.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (eg information provided by email or our website) are at the user’s own risk.
Some of Caring For Life premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Caring For Life. CCTV will only be viewed when necessary (eg to identify or prevent crime) and footage is only stored for temporarily. Unless it is flagged for review CCTV will be recorded over.
Caring For Life complies with the Information Commissioner’s Office CCTV Code of Practice, and we put up notices so you know when CCTV is in use.
Caring For Life have a remote monitoring station to assist in the security of the premise. A contract is in place, in line with GDPR requirements and no information is taken or removed from the CCTV unless it is for legal purposes or at the request of Caring For Life to identify or prevent crime.
9.1 Where we store information
Caring For Life’s operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do so if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).
9.2 How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).
We continually review the information we hold and we ensure that when information is no longer required we thoroughly delete it. We never store payment card information.
It may be that we are required to store certain personal information for statutory reasons, even if at the supporters request we cease to send information, such as Donations, Names and Postcodes for the purpose of HMRC tax reviews.
10. KEEPING YOU IN CONTROL
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
• the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
• the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
• the right to have inaccurate data rectified;
• the right to object to your data being used for marketing or profiling; and
• where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to firstname.lastname@example.org or in writing to, Caring For Life, Crag House Farm, Otley Old Road, Leeds, LS16 7NH, or calling us on 0113 2303600.
You can complain to Caring For Life directly by contacting our Data Protection Officer using the details set out above. If you wish to make a complaint (including a complaint about fundraising activity) which does not directly relate to your data protection and privacy rights, you can do so in writing directed to the Executive of Caring For Life.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk.
11. COOKIES AND LINKS TO OTHER SITES
11.2 Links to other sites
Our website may include hyperlinks to other websites. We are not responsible for the content or functionality of any of those external websites, but please let us know if a link is not working, or if you feel one of the linked websites is not abiding by legal requirements by emailing us email@example.com.
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with Caring For Life.
Last review date: 24th May, 2018
Reviewed by: Executive Director
Agreed by Trustees: 24th May, 2018